similar to: [Bug 2236] New: ssh-agent: fix unintended UNIX-domain socket removal

Let me start this with the disclaimer that I am a Linux lover that only pretends to have any clue about coding. I grabbed the latest version of OpenSSH (v2.9p1) and went to install it on my Sparc (RH 6.2, v2.4.2). Unlike OpenSSH 2.5.2p2, however, when I tried to compile it I got the following error: ... <compiling away> ... gcc -g -O2 -Wall -I. -I. -I/usr/local/ssl/include

This adds support for systemd socket-based activation in the ssh-agent. When using socket activation, the -a flag value must match the socket path provided by systemd, as a sanity check. Support for this feature is enabled by the --with-systemd configure flag. --- Something tells me upstream would not be interested in this patch, but as it may be useful on linux, I'm submitting it here.

When the ssh-agent service is configured to be launched under systemd socket-activation, the user can inspect the status of the agent with something like: systemctl --user status ssh-agent.service If the user does: systemctl --user stop ssh-agent.service it causes the `systemd --user` supervisor to send a SIGTERM to the agent, which terminates while leaving the systemd-managed socket

https://bugzilla.mindrot.org/show_bug.cgi?id=3670 Bug ID: 3670 Summary: [ssh-agent] 100% CPU spin in cleanup_handler signal handler Product: Portable OpenSSH Version: 9.6p1 Hardware: amd64 OS: Mac OS X Status: NEW Severity: enhancement Priority: P5 Component:

https://bugzilla.mindrot.org/show_bug.cgi?id=3660 Bug ID: 3660 Summary: Prevent disastrous unintended local copying Product: Portable OpenSSH Version: 9.6p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: scp Assignee: unassigned-bugs at

Please, help me understand if 'use chroot' option in daemon config is secure enough. Rsync manual has following lines: As an additional safety feature, you can specify a dot-dir in the module's "path" to indicate the point where the chroot should occur.  This allows rsync to run in a chroot with a non-"/" path for the top of the transfer

My keys are secured with a passphrase. That's good for security, but having to type the passphrase either at every login or at every invocation of ssh(1) is annoying. I know I could invoke ssh-add(1) just before invoking ssh(1), if I keep track of whether I invoked it already, or write some hacky scripts; but the rest of OpenSSH is wonderfully usable without any hacks. Hence, this patch.

It seems that users may be disclosing unintended public key info when logging into remote hosts. Use of the words keypair/keyid/etc have been bastardized. Signature is likely better. Note also, the author may be without clue. Setup: [g] - refers to an administrative group of hosts [n] - refers to a host within that group ws[g][n] - management workstations [trusted] User ssh-add's keys for

On Fri, Dec 20, 2024 at 09:25:11AM +1100, Damien Miller wrote: > On Thu, 19 Dec 2024, Dmitry V. Levin wrote: > > > > We could potentially allow-list some variables, but I'd like to get > > > some input from people who (for example) maintain PAM for distributions > > > on what is acceptable. > > > > With my Linux-PAM hat on, the most essential

Hi! I'm investigating the seccomp filter in openssh and I wanted to know whether the following system calls should be added to the filter: 1. getgroups - do_authentication2->dispatch_run_fatal->sshpkt_fatal->logdie->cleanup_exit->do_cleanup->temporarily_use_uid->getgroups 2. setgroups -

Hello, I noticed a problem recently when running some test code against the OpenSSH 7.6p1 ssh-agent. These tests ran fine against OpenSSH 7.5p1 and earlier, but with OpenSSH 7.6p1, they were suddenly causing ssh-agent to exit. The request being made was a ?sign? request, and the point of the test was to have the sign operation fail. To trigger this, I was passing in an invalid key blob

Hello there, drivers/gpu/drm/nouveau/nvkm/engine/dma/usernv04.c:124:18: warning: this statement may fall through [-Wimplicit-fallthrough=] Source code is switch (dmaobj->base.access) { case NV_MEM_ACCESS_RO: dmaobj->flags0 |= 0x00004000; break; case NV_MEM_ACCESS_WO: dmaobj->flags0 |= 0x00008000; case NV_MEM_ACCESS_RW: dmaobj->flags2

Hey all, In troubleshooting a failing test for MetaSearch against 3-0-stable, I came across some undesirable (from my side, anyway) behavior in http://github.com/rails/rails/commit/bf87528b53f1422708ec0188d126cfca824ddc5c. A simple one-liner, it would appear, but AR::Base implements before_remove_const to do a bit of scoped method cleanup... It''s the only thing I can see that might

The dataset package is being loaded apparently by one of the packages that I am using. The loading of the datasets takes a long time and I would like to eliminate it. I thought the datasets were effectively examples so don't understand why they would be required at all. 1) How can I determine what is causing the datasets to be loaded? 2) How can I stop them from doing so? I am using the

Hello all, I''ve got the problem about the following simple application using autostart and repeat_every. A thread(?) is forked for processing task at first, but at sencond time two threads seem to be forked. My simple application code is... - In worker class class FooWorker < BackgrounDRb:Rails repeat_every 2.minutes first_run Time.now def do_work puts Time.now.to_s +

https://bugzilla.mindrot.org/show_bug.cgi?id=2225 Bug ID: 2225 Summary: sshd core dumps when used in high scaled environments. Product: Portable OpenSSH Version: 6.2p1 Hardware: All OS: All Status: NEW Severity: major Priority: P5 Component: sshd Assignee: unassigned-bugs at

The attached patch should solve the following problem: ssh-agent creates a temporary directory under /tmp with '600' permissions. The actual socket file is created in that dir using the default umask. That's no problem in U*X systems since nobody but the owner of the directory can read the socket file. Unfortunately, Windows has a user privilege called "Bypass traverse

On Thu, 19 Dec 2024, Dmitry V. Levin wrote: > > We could potentially allow-list some variables, but I'd like to get > > some input from people who (for example) maintain PAM for distributions > > on what is acceptable. > > With my Linux-PAM hat on, the most essential difference between the > authenticated user code that currently gets the environment variables >

on FreeBSD, gcc complains that %d is used for sig_atomic_t Casting to (int) as a solution ? Index: serverloop.c =================================================================== RCS file: /cvs/openssh/serverloop.c,v retrieving revision 1.172 diff -u -p -r1.172 serverloop.c --- serverloop.c 2 Dec 2012 22:50:55 -0000 1.172 +++ serverloop.c 4 Dec 2012 11:46:33 -0000 @@ -708,7 +708,7 @@

https://bugzilla.mindrot.org/show_bug.cgi?id=1213 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #2536|0 |1 is obsolete| | --- Comment #54 from Damien Miller <djm at mindrot.org>