similar to: Auth_Banner question

I looked around for a while, but couldn't find any code for requiring multiple authentication mechanisms in openssh. So I wrote an implemention. I thought at first I should change the PasswordAuthentication, PubkeyAuthentication, etc. keywords to allow no/yes/required. But there's some funky stuff in auth2.c with respect to keyboard interactive auth that would make this kind of

Hello my name is Derek Bodin. ? As a personal side project I am trying to create a java SSH2 server.? I have so far been able to work my through the transportation protocol and the user authentication protocol.? My question is when the authentication protocol starts OpenSSH will sit and hang waiting for the server to send a SSH_MSG_USERAUTH_FAILURE packet and a list of appropriate authentication

https://bugzilla.mindrot.org/show_bug.cgi?id=2053 Bug ID: 2053 Summary: Add option to allow skipping userauth_banner (patch) Classification: Unclassified Product: Portable OpenSSH Version: 6.1p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: ssh

I need a way to make sshd require S/KEY authentication to succeed before allowing either password or public-key authentication. Currently, we can only have S/KEY+password, by using PAM for authentication, and configuring PAM accordingly. But PAM of course can't handle SSH public keys. I thought for a while that ideally we could actually use PAM to tell sshd what methods of authentication to

http://bugzilla.mindrot.org/show_bug.cgi?id=707 Summary: missing banner file now prints empty line Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: trivial Priority: P5 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy:

In AIX, whenever a root user or a member of the security group changes a user's password, the ADMCHG attribute is set which means that the next time the user logs in, he will be forced to change his password. However, ssh is currently ignoring ADMCHG. I havn't seen any mention of this on the mailing list or Bugzilla, so I'm considering writing a patch to correct this problem. Has

Philipp Marek wrote: > An easy workaround is to use a password manager (a plain file as a minimum) If you can/want to use a file then consider using a key instead. publickey authentication is non-interactive on the wire and the key is already unlocked so packet timing leaks nothing about your passphrase. //Peter

Hi All. Attached is a patch against OpenBSD, based in part on the owl-always-auth patch. The idea is that the only way out of auth_passwd for the failure case is the "return 0" at the bottom. I don't know if this is a good way to do it or not, it's presented for discussion. Also, I don't think 3.6.1p2 is quite right WRT these timing issues (eg, you get a fast failure

Here are some patches to re-enable support for AIX's authenticate routines. With them, ssh will honor locked & unlocked accounts, record successful and unsuccessful logins, and deny accounts that are prohibited to log in via the network. Tested with AIX 4.3. It also includes a fix for handling SIGCHLD that may be needed for other platforms (HP-UX 10.20, for example). If I get the time

sorry, Darren. Long over due comments. [..] >+/* Record a failed login attempt. */ >+void >+record_failed_login(const char *user, const char *host, const char *ttyname) >+{ >+#ifdef WITH_AIXAUTHENTICATE >+ loginfailed(user, host, ttyname); >+#endif >+#ifdef _UNICOS >+ cray_login_failure((char *)user, IA_UDBERR); >+#endif /* _UNICOS */ >+} I like the

I have been using OpenSSH clients against a number of embedded SSH servers with no problem up till now. Starting with version 6.4p1 password authentication has stopped working against such servers. What happens is that the client enters an infinite loop during the authentication phase. I built OpenSSH 5.9p1 and 6.4p1 in a Linux box so that the client prints out to the screen all of the SSH

https://bugzilla.mindrot.org/show_bug.cgi?id=2058 Bug ID: 2058 Summary: SSH Banner message displays UTF-8 multibyte char incorrrectly Classification: Unclassified Product: Portable OpenSSH Version: 6.1p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5

Team - I'm running Solaris 9 and gcc 3.1 on a Blade 1000, named jefferson. I built OpenSSH_3.3. I can use the client to connect out, but cannot use the client to connect to localhost (nor can I use a Linux box with OpenSSH_3.2.3 to connect to it). I *can* use F-Secure 3.0.0 on a Windoze box to get into it. I've tried configurations both with and without privsep enabled but get the same

Dear all, For my thesis, I've been working on automatic inference of state machines for SSH servers. I ran into a couple of particularities regarding OpenSSH's inferred state machine, and was hoping some of you might be interested. Maybe you can even shed some light on it. Setup: I'm using LearnLib's (Java) version of the L* learning algorithm [1] to come up with sequences of

http://bugzilla.mindrot.org/show_bug.cgi?id=1087 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Group|Portable OpenSSH | ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

Hello, I am a R beginner and I have a question about a litte function I found. Here is the code: # Gambler's Ruin Problem. # seed capital: k # rounds: n # probability of success: p # number of trials: N # graphical output (yes/no): draw # Wait for new graphic (yes/no): ask ruin<- function( N = 1, n = 10, k = 1, p = 1 /

Hello all, I'm trying to use liboggz to parse and display Ogg media files. I'm wondering what the return value of oggz_tell() actually is and how is one supposed to use it. The documentation says that oggz_tell() returns "the current offset of oggz". This sounds like it would be basically the file position indicator, and could be used to seek within the Ogg file to a

Cleanup make system so that all noninstalled headers are put to noinst_HEADERS. This quarentees that header will be present in tar ball but not installed with make install. CC: nouveau at lists.freedesktop.org Signed-off-by: Pauli Nieminen <suokkos at gmail.com> --- Makefile.am | 6 +++--- intel/Makefile.am | 10 ++++++---- nouveau/Makefile.am | 4 +++- 3 files changed,

ARB_sampler_object is very simple software only extension to support. I want to make it mandator extension for Mesa drivers to allow meta module to use it. This patch add support for the extension to nouveau. It is completely untested search and replace patch. I hope someone with old NV hardware could give a try that there is no regressions and ARB_sampler_object tests passes. Signed-off-by:

I have been looking into this over the weekend, and what I have found might be of interest to OpenSSH developers. First, the bug that triggers the problem is in the embedded system. Second, such as things were changed in 6.4p1, the OpenSSH client seems to be open to a potential DoS attack. The infinite loop described in my previous post is embodied in the last four messages of the 6.4p1 traces.