similar to: Safe Anonymous SFTP

We are using openssh with backup software to transport data back and force between clients and backup server. Common sense and some testing suggest that the data transfer rate is significantly slower when the ssh native encryption is used. For the backup applications it's probably OK to use ssh without encryption. Unfortunately, it looks like the recent versions including 3.0.2p1 do not

I'm using OpenSSH's ssh and scp to back up some remote machines, roughly as follows : ssh remote-host "tar up a few dirs" scp remote-host:tarfile local-repository On the whole, as I'd expect, this works just fine. But .. sometimes the link is a bit dodgey (for lack of a more explicit term, this being a polite list :) ) Can anyone tell me how ssh and scp timeout and retry,

Am Di, 20. Feb 2018, 23:13:16 -0800 schrieb Dan Kaminsky: > Date: Tue, 20 Feb 2018 23:13:16 -0800 > From: Dan Kaminsky <dan at doxpara.com> > To: J? Fahlke <jorrit at jorrit.de> > Cc: openssh-unix-dev at mindrot.org > Subject: Re: Is there socksify script for dynamics forwardings to unix > domain sockets? > > Whoa. That's pretty cool. > >

Hello, I'm trying to find very indepth documentation of OpenSSH, so far I have found nothing of much use, if anyone could direct me to some advance texts on openssh it would be greatly appreciated.

On Tue, 24 Mar 2015, Dan Kaminsky wrote: > Hmm. Feels a little aggressive for ssh client. Support heartily for sshd. People who need it can build their own, or OS vendors might supply a non-default v.1 capable client binary themselves. IMO it's time to apply some selection pressure to a protocol that can't be secured. -d

It is nice to see that the development of openssh suddenly seems to have a boost of activity. However I am fairly dissapointed to see that nobody is actually trying to fix the ssh hanging problem which I am mainly seeing on Solaris and AIX in conjunction with rsync. Has anybody from the development team got an ETA of the official fix for this problem? Regards Hubba

That's a good point. DHCP allows you to set DNS search parameters. So as long as each location sets different search, "ssh fishbowl" will in fact resolve to the proper local FQDN. On Monday, December 22, 2014, Nico Kadel-Garcia <nkadel at gmail.com> wrote: > On Mon, Dec 22, 2014 at 4:26 AM, martin f krafft <madduck at madduck.net > <javascript:;>> wrote:

Protocols and ciphers are sunsetted all the time, this is a regular thing, but there are announcements before breaking changes are inserted. You assume people are slow to update anyway; some are, some aren't, what you're doing is wildly rewarding the slow updaters and punishing the fast ones. That has negative effects elsewhere. What would it hurt to announce the release in 3-6 months

Before I get too far in my attempts... Has anyone already implemented support in scp for larger buffers/windows that would take advantage of wscaled TCP windows? Paul Hyder NOAA Forecast Systems Lab Boulder, CO FYI: Linux 2.4.20, 30-80ms RTT, data rates 100-1000Mbps, and a need to fill TCP windows of 2-8MBytes. (Existing limits appear to be about 256KB.)

HD Moore from MetaSploit has noted that, given a pubkey (and not the corresponding private key, as might be found in authorized_keys), he can determine if he'd be able to log into an account. It's a small thing, but he's using it for very interesting recon/deanonymization. He'll be releasing a paper shortly, not overplaying the characteristic, but certainly showing it can be used

Hi, Using OpenSSH 2.9p2 (2.5.2 was also bad), I've noticed data loss on Linux when: 1) ssh -n flag is used, and 2) ssh jobs are run from cron (effectively causing the same as above). What is done, is a command basically like: ssh [-n] -c blowfish -p 722 -i rsakey -l pwget passwdserver passwd > passwd.tmp 2> /tmp/log ie, retrieve dynamically created passwd-file from passwdserver

Hello! I would really appreciate any hints to a little puzzle that has been gnawing at me about remote sessions with ssh... (and likely all connectivity programs...) Because network connections can only talk in ASCII, there is no way to tell the difference between TAB and "Ctrl-i" (i.e. pressing Ctrl and i keys together). BOTH are transmitted as same ASCII code. Likewise, Ctrl-m and

Greetings; I've been reading the OpenSSH source code and have a question about the des_ssh1_setiv function in cipher.c. (cut-n-pasted here from cipher.c v1.47) : static void des_ssh1_setiv(CipherContext *cc, const u_char *iv, u_int ivlen) { memset(cc->u.des.iv, 0, sizeof(cc->u.des.iv)); } This doesn't use the *iv parameter. Compare with: static void

For those who don't know, Greg Houlette sent in a request from an address that doesn't conveniently accept replies. If people can't be bothered to read our replies, we shouldn't be bothered by their requests. Just a note. Maybe a request for a killfile. --Dan

Am 07.01.2018 um 19:41 schrieb halfdog: > Hello list, > > I created a page to demonstrate, what would happen when chroot > root directory is writeable. In fact, code execution is possible > already, when only /etc and /bin are writable. I also tried to > escape the chroot jail, but that did not work for non-root users. > > As the 2009 CVE activities mention, that creating

Hi! I noticed that `ssh -D /tmp/socket $myhost` will actually provide a socks server listing on the unix domain socket /tmp/socket (this does not appear to be documented, though it is semi-documented for -L and -R). Do you know of any "socksification" script to go along with it, in the spirit of tsocks of socksify (from dante)? Those do not seem to support socks servers running on

maybe this is a silly question ;-) But why is it possible to login on a machine with a locked account (passwd -l ) via pubkey-authentication (authorized_keys) ? I use OpenSSH3.01p1on Solaris8 with PAM support so I thought this should not happen. If this is the normal behaviour and built in intentionally what would be the easiest way to lock an account without deleting the users authorized_keys ?

I'm searching for a simple solution to allow access to only one directory of an existing user (that may not login) via sftp-server and authorized_keys file using the extended syntax command="/usr/lib/openssh/sftp-server --root /data/exchange",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty ssh-rsa AAA...keydata Is something like that already possible, is there a

On Fri, Jan 05, 2018 at 09:42:18PM +1030, David Newall wrote: > On 05/01/18 20:06, Jakub Jelen wrote: > > if the confined user has write access to the chroot directory, > > there are ways how to get out, gain privileges and or do other > > nasty things. > > I'm not inexperienced with UNIX and unix-like operating systems (30+ years), > and I can't think what

Markus and Damien, here is a more detailed explanation about BUG report at "http://bugzilla.mindrot.org/show_bug.cgi?id=592" concerning "bad decrypted len" error in OpenSSH: If anyone wants to do a private key sign, and the key is located in a device or the Microsoft certificate store in which the private key cannot be accessed directly ( you cannot access the private key