Displaying 20 results from an estimated 400 matches similar to: "[Bug 2167] New: Connection remains when fork() fails."
2008 Apr 21
3
FIPS 140-2 OpenSSL(2007) patches
Hi,
I am happy to (re)send a set of patches for compiling OpenSSH 4.7p1 with
FIPS 140-2 OpenSSL.
These are based on previously reported patches by Steve Marquess
<marquess at ieee.org> and Ben Laurie <ben at algroup.co.uk>,
for ver. OpenSSH 3.8.
Note that these patches are NOT OFFICIAL, and MAY be used freely by
anyone.
Issues [partially] handled:
SSL FIPS Self test.
RC4,
2020 Mar 11
6
[PATCH 0/1] *** SUBJECT HERE ***
Hi,
sifting through my system's logs, I noticed many break-in attempts by
rogue ssh clients trying long lists of common passwords. For some time
now I pondered different approaches to counter these, but could not come
up with a solution that really satisfied me.
I finally reached the conclusion that any countermeasures required
support in sshd itself, and created the attached patch. If
2011 Jun 02
2
preauth privsep logging via monitor
Hi,
This diff (for portable) makes the chrooted preauth privsep process
log via the monitor using a shared socketpair. It removes the need
for /dev/log inside /var/empty and makes mandatory sandboxing of the
privsep child easier down the road (no more socket() syscall required).
Please test.
-d
Index: log.c
===================================================================
RCS file:
2003 Jul 06
10
[Bug 585] sshd core dumping on IRIX 6.5.18 with VerifyReverseMapping enabled
http://bugzilla.mindrot.org/show_bug.cgi?id=585
------- Additional Comments From dtucker at zip.com.au 2003-07-07 00:32 -------
dmalloc (http://dmalloc.com/) claims to work on IRIX. It's likely to increase
the CPU and memory load, though.
I've built with dmalloc on Linux thusly:
LDFLAGS=-ldmalloc ./configure && make
eval `dmalloc -l /path/to/log high`
./sshd [options]
2002 Jun 26
5
[PATCH] improved chroot handling
There are a couple of niggles with the sandboxing of the unprivileged
child in the privsep code: the empty directory causes namespace pollution,
and it requires care to ensure that it is set up properly and remains set
up properly. The patch below (against the portable OpenSSH, although the
patch against the OpenBSD version is very similar) replaces the fixed
empty directory with one that is
2014 Apr 12
4
[Bug 2225] New: sshd core dumps when used in high scaled environments.
https://bugzilla.mindrot.org/show_bug.cgi?id=2225
Bug ID: 2225
Summary: sshd core dumps when used in high scaled environments.
Product: Portable OpenSSH
Version: 6.2p1
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: P5
Component: sshd
Assignee: unassigned-bugs at
2003 Jun 03
15
[Bug 585] sshd core dumping on IRIX 6.5.18 with VerifyReverseMapping enabled
http://bugzilla.mindrot.org/show_bug.cgi?id=585
Summary: sshd core dumping on IRIX 6.5.18 with
VerifyReverseMapping enabled
Product: Portable OpenSSH
Version: -current
Platform: MIPS
OS/Version: IRIX
Status: NEW
Severity: major
Priority: P2
Component: sshd
AssignedTo:
2017 Feb 20
3
[Bug 2681] New: postauth processes to log via monitor
https://bugzilla.mindrot.org/show_bug.cgi?id=2681
Bug ID: 2681
Summary: postauth processes to log via monitor
Product: Portable OpenSSH
Version: 7.4p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-bugs at
2019 Jun 30
2
Possibly Missing Syscalls from Seccomp Filter
Hi!
I'm investigating the seccomp filter in openssh and I wanted to know
whether the following system calls should be added to the filter:
1. getgroups
-
do_authentication2->dispatch_run_fatal->sshpkt_fatal->logdie->cleanup_exit->do_cleanup->temporarily_use_uid->getgroups
2. setgroups
-
2005 Mar 16
1
openssh-3.8.1p1, with pthreads enabled, hung in pthread_join.
I connect to my OpenSSH 3.8.1p1 server and when the password dialog
shoes up I wait a min or so, long enough for the "Timeout before
authentication for %s" alarm to trigger. If at that point I enter my
password ssh will just sit there:
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
debug3: packet_send2: adding 32 (len 18 padlen 14 extra_pad
2012 Jan 28
1
PATCH: Fix memory leak in sshd
Hello,
The below patch fixes a memory leak I noticed in monitor_read_load() when the child's log pipe is closed.
Thanks,
Zev Weiss
--
diff --git a/monitor.c b/monitor.c
index a166fed..6464eec 100644
--- a/monitor.c
+++ b/monitor.c
@@ -510,6 +510,7 @@ monitor_read_log(struct monitor *pmonitor)
debug("%s: child log fd closed", __func__);
close(pmonitor->m_log_recvfd);
2001 May 11
1
Problems with OpenSSH2.9p1 on Linux/Sparc
Let me start this with the disclaimer that I am a Linux lover that only
pretends to
have any clue about coding.
I grabbed the latest version of OpenSSH (v2.9p1) and went to install it
on my Sparc
(RH 6.2, v2.4.2). Unlike OpenSSH 2.5.2p2, however, when I tried to
compile it
I got the following error:
... <compiling away> ...
gcc -g -O2 -Wall -I. -I. -I/usr/local/ssl/include
2006 Jan 08
3
Allow --without-privsep build.
I've been trying to cut down the size of openssh so I can run it on my
Nokia 770. One thing which helps a fair amount (and will help even more
when I get '-ffunction-sections -fdata-sections --gc-sections' working)
is to have the option of compiling out privilege separation...
Is it worth me tidying this up and trying to make it apply properly to
the OpenBSD version? Does the openbsd
2013 Aug 07
29
[Bug 2140] New: Capsicum support for FreeBSD 10 (-current)
https://bugzilla.mindrot.org/show_bug.cgi?id=2140
Bug ID: 2140
Summary: Capsicum support for FreeBSD 10 (-current)
Product: Portable OpenSSH
Version: -current
Hardware: All
OS: FreeBSD
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-bugs at
2013 Jun 25
1
RFC: encrypted hostkeys patch
Hi,
About a year and a half ago I brought up the topic of encrypted hostkeys
and posted a patch
(http://marc.info/?l=openssh-unix-dev&m=132774431906364&w=2), and while the
general reaction seemed receptive to the idea, a few problems were pointed
out with the implementation (UI issues, ssh-keysign breakage).
I've finally had some spare time in which to get back to this, and I've
2013 Oct 23
1
ProxyCommand brokent in recent snapshots
Hello,
While testing recent snapshots (20131023 and 20131024) I encountered a
problem with ProxyCommand. The regression tests all passed, but the use
of ProxyCommand's in my ~/.ssh/config resulted in name resolution
errors; even if CanonicalizeHostname was explicitly set to "no."
The patch included inline below fixed the issue:
Index: ssh.c
2001 May 03
1
[PATCH]: Workaround a security leak on Windows
The attached patch should solve the following problem:
ssh-agent creates a temporary directory under /tmp with '600'
permissions. The actual socket file is created in that dir using
the default umask. That's no problem in U*X systems since nobody
but the owner of the directory can read the socket file.
Unfortunately, Windows has a user privilege called "Bypass traverse
2014 Sep 08
1
possible deadcodes in sources
Hello,
we've run a coverity scan on the openssh sources and it found several
issues. Although the scan was run on patched rhel sources, some results are applicable to vanilla sources
too.
* servconf.c:1458:dead_error_line ? Execution cannot reach this statement "*intptr = *intptr + 1;"
--- a/servconf.c
+++ b/servconf.c
@@ -1451,12 +1451,8 @@
2018 Nov 29
2
Where to implement user limit settings ?
Hello,
I'm trying to implement setting of user limits (ulimit) in sshd. I'm
not using PAM so I need it in the sshd itself. The task is very simple -
just to put one line calling setup_limits(pw); and link with -lshadow.
But the problem is, where to put this line. I did it in session.c,
in do_child(), like this:
#ifdef HAVE_OSF_SIA
session_setup_sia(pw, s->ttyfd == -1 ? NULL
2014 Jul 16
1
ssh - Connection closed by UNKNOWN
Hi,
ssh clients shows "closed by UNKNOWN" message when a socket is closed by a
remote side while ssh is waiting for user's password:
$ ssh user at localhost
user at localhost's password:
Connection closed by UNKNOWN
When the packet_read_seqnr() calls get_remote_ipaddr(), a connection's
socket is already closed and there's not been any other call of this function
yet