similar to: sshd: Allow more directives in Match-Block

Some time ago, Ben wrote about a PrintLastLog patch: > If the person who originally submitted it wants to write a complete > patch and submit it. Then we would be happy to debate if it will be > included. Well, here it is, because: "You Asked For It!" PS: I'm tired of maintaining my own version of Debian's ssh just to have this option available, so I hope you find

Hey everyone, I wanted to add support for denying PTY allocation through OpenSSH. I'm not certain if this is quite thorough enough for all cases, but for me it might work for the moment. I know that you can currently do this through authorized_keys, but as far as I know that only works for an actual key. In my use case, I wanted a user with no password which is forced to run a specific

Wonder if you guys could help me out...have a security problem with sshd wich enables a user to do a password login tough the sshd_config states PasswordAuthentication no My config works fine in both gentoo and openbsd 3.3 but users are able to login with tunneled clear text passwords in both 4.9 and 5.1 Im lost.tried everything I can think of. Here is the config:

Hi, I am not sure this is a bug in Openssh or not. I am running Openssh 4.1p1. with openssl 0.9.7g Scenario: Due to audit enabled on the system, I will need to set Uselogin to yes so that audit will track system call. But when try to login to system with a LDAP user. I get the following. eg: [n113839 at r3ent15pc ~]$ ssh tfstst1 -l ntesting1 ntesting1 at tfstst1's password: Login incorrect

https://bugzilla.mindrot.org/show_bug.cgi?id=2278 Bug ID: 2278 Summary: 'configure --disable-lastlog' should mark PrintLastLog as unsupported in servconf.c Product: Portable OpenSSH Version: 6.6p1 Hardware: All OS: Solaris Status: NEW Severity: minor Priority: P5

I have setup an OpenSSH_3.5p1 ssh/sftp server on my SunOS 4.1.4 box. I can ssh to it just fine. The problem is SFTP from certain clients. I can SFTP to it using my OpenSSH_3.5p1 sftp client. I can SFTP to it from MacSFTP from MacSSH.org, version 1.0.5. However, I have several clients that cannot connect. I have had them try CuteFTP Pro v2, v3, WS_FTP Pro v7.62, PuTTy pSFTP. None are able to

Can anybody help me with this : ? I first generated rsa key with this : ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key then I went on to generate the DSA key too....(just incase my SSHD does not like RSA). ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key and then I ran root at 00_00_09_PECA_NP1:/usr/bin# sshd -d -d -d -d -d -d -d -d -d debug3: RNG is ready, skipping seeding debug2:

Greetings, I am using OpenSSH 4.7 and trying to use a middle machine to do reverse shell. The error I run into is the destination says getsockopt TCP_NODELAY: Connection reset by peer. The setup: 3 machines (we can call them A,B,C) with QNX Neutrino I would like machine C to be the destination. So we have A can talk to B, and B can talk to C, but A can not talk to C directly. What I am

Hello Centos, I am getting an error that I am not familiar with when I restart ssh. [root at virtcent01:~] #service sshd restart Stopping sshd: [ OK ] Starting sshd:WARNING: initlog is deprecated and will be removed in a future release [ OK ] [root at virtcent01:~] # I was just

https://bugzilla.mindrot.org/show_bug.cgi?id=1490 Summary: sshd -T reports a string of UNKNOWNs Classification: Unclassified Product: Portable OpenSSH Version: 5.1p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: minor Priority: P2 Component: sshd AssignedTo: unassigned-bugs at

https://bugzilla.mindrot.org/show_bug.cgi?id=1490 Summary: sshd -T reports a string of UNKNOWNs Classification: Unclassified Product: Portable OpenSSH Version: 5.1p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: minor Priority: P2 Component: sshd AssignedTo: unassigned-bugs at

Hello, Our campus environment would find it very useful to pass user- environment variables for certain login ssh connections, but of course want to avoid the security problems with LD_PRELOAD and PermitUserEnvironment as described in sshd_config manpages. Would the best answer be a patch that adds PermitUserEnvironment support inside match blocks? Are there technical or other reasons

http://bugzilla.mindrot.org/show_bug.cgi?id=738 Summary: OpenSSH 3.7.1p2 Password Authentication Failure Through NIS+ on Non-Master Server Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: PAM support

Hi there ! I have an issue with my OpenSSH + PAM configuration on a RedHat Advanced server 2..1 I want to authenticate users connecting to a server using ssh against a radius server. The radius client/server part works ok when I test it with some utilities. I think I have a problem with my ssh which does not pass the username/password to my pam sshd module. I have upgraded to openssh-4.2p1.

We have a system on which users are given a very restricted environment (their shell is a menu) where they should not be able to run arbitrary commands. However, because their shell is not statically linked, ld.so provides a nice clutch of holes for them to exploit. The patch below adds a new configuration option to sshd which quashes their attempts to set LD_PRELOAD etc. using ~/.ssh/environment

I have a curious situation with four OpenBSD 3.3 hosts. Each of these has public/private keys on each other for inter-host authentication using RSA2 keys. For instance, they're called hostA-to-hostBCD, hostB-to-hostACD, hostC-to-hostABD, and hostD-to-hostABC. The sshd_config files, on each host, look as follows... #; #; /etc/ssh/sshd_config #; Port 22 Protocol 2 ListenAddress

Hi all, It looks like a bug for me, but I'd like to ask if someone has the same problem. We are using OpenSSH 4.3p2 from Debian 4.0 (stable), but the same problem is with original OpenSSH 4.3p2. When root logins with his kerberos ticket and then logout, his ticket remains on the machine. I found in source (sshd.c) in privsep_postauth function, that if root logins then use_privsep is set to 0

Vesion 3.8.1 of OpenSSH has been compiled on a Solaris 8 host. I am having difficulties in enabling password aging to work from reading /etc/default/passwd and /etc/shadow. # passwd -f < user-id > works satisfactorily however once a password ages through due course from the settings in /etc/default/passwd and /etc/shadow the users are not prompted to change passwords and the user is logged

Without trying your suggestions, I know that a domain user cannot login via ssh. Neither of these work: > [bob at dn-pc ~]$ ssh tuser16 at 192.168.16.220 > tuser16 at 192.168.16.220's password: > Permission denied, please try again. > tuser16 at 192.168.16.220's password: > Permission denied, please try again. > tuser16 at 192.168.16.220's password: > tuser16 at

[ Sorry for the length of this; I felt it better to provide potentially too much info, rather than not enough. I've probably missed something that's important, though! ] I have an odd problem with 5.1p on RHEL3 if "UsePAM yes" and "UsePrivilegeSeparation no" is set. The code detects that the user password is aged (according to shadow) but then fails to let me