similar to: [Bug 2236] New: ssh-agent: fix unintended UNIX-domain socket removal

Let me start this with the disclaimer that I am a Linux lover that only pretends to have any clue about coding. I grabbed the latest version of OpenSSH (v2.9p1) and went to install it on my Sparc (RH 6.2, v2.4.2). Unlike OpenSSH 2.5.2p2, however, when I tried to compile it I got the following error: ... <compiling away> ... gcc -g -O2 -Wall -I. -I. -I/usr/local/ssl/include

This adds support for systemd socket-based activation in the ssh-agent. When using socket activation, the -a flag value must match the socket path provided by systemd, as a sanity check. Support for this feature is enabled by the --with-systemd configure flag. --- Something tells me upstream would not be interested in this patch, but as it may be useful on linux, I'm submitting it here.

https://bugzilla.mindrot.org/show_bug.cgi?id=3670 Bug ID: 3670 Summary: [ssh-agent] 100% CPU spin in cleanup_handler signal handler Product: Portable OpenSSH Version: 9.6p1 Hardware: amd64 OS: Mac OS X Status: NEW Severity: enhancement Priority: P5 Component:

https://bugzilla.mindrot.org/show_bug.cgi?id=3660 Bug ID: 3660 Summary: Prevent disastrous unintended local copying Product: Portable OpenSSH Version: 9.6p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: scp Assignee: unassigned-bugs at

Please, help me understand if 'use chroot' option in daemon config is secure enough. Rsync manual has following lines: As an additional safety feature, you can specify a dot-dir in the module's "path" to indicate the point where the chroot should occur.  This allows rsync to run in a chroot with a non-"/" path for the top of the transfer

My keys are secured with a passphrase. That's good for security, but having to type the passphrase either at every login or at every invocation of ssh(1) is annoying. I know I could invoke ssh-add(1) just before invoking ssh(1), if I keep track of whether I invoked it already, or write some hacky scripts; but the rest of OpenSSH is wonderfully usable without any hacks. Hence, this patch.

It seems that users may be disclosing unintended public key info when logging into remote hosts. Use of the words keypair/keyid/etc have been bastardized. Signature is likely better. Note also, the author may be without clue. Setup: [g] - refers to an administrative group of hosts [n] - refers to a host within that group ws[g][n] - management workstations [trusted] User ssh-add's keys for

Hi! I'm investigating the seccomp filter in openssh and I wanted to know whether the following system calls should be added to the filter: 1. getgroups - do_authentication2->dispatch_run_fatal->sshpkt_fatal->logdie->cleanup_exit->do_cleanup->temporarily_use_uid->getgroups 2. setgroups -

Hello, I noticed a problem recently when running some test code against the OpenSSH 7.6p1 ssh-agent. These tests ran fine against OpenSSH 7.5p1 and earlier, but with OpenSSH 7.6p1, they were suddenly causing ssh-agent to exit. The request being made was a ?sign? request, and the point of the test was to have the sign operation fail. To trigger this, I was passing in an invalid key blob

Hello there, drivers/gpu/drm/nouveau/nvkm/engine/dma/usernv04.c:124:18: warning: this statement may fall through [-Wimplicit-fallthrough=] Source code is switch (dmaobj->base.access) { case NV_MEM_ACCESS_RO: dmaobj->flags0 |= 0x00004000; break; case NV_MEM_ACCESS_WO: dmaobj->flags0 |= 0x00008000; case NV_MEM_ACCESS_RW: dmaobj->flags2

Hey all, In troubleshooting a failing test for MetaSearch against 3-0-stable, I came across some undesirable (from my side, anyway) behavior in http://github.com/rails/rails/commit/bf87528b53f1422708ec0188d126cfca824ddc5c. A simple one-liner, it would appear, but AR::Base implements before_remove_const to do a bit of scoped method cleanup... It''s the only thing I can see that might

The dataset package is being loaded apparently by one of the packages that I am using. The loading of the datasets takes a long time and I would like to eliminate it. I thought the datasets were effectively examples so don't understand why they would be required at all. 1) How can I determine what is causing the datasets to be loaded? 2) How can I stop them from doing so? I am using the

https://bugzilla.mindrot.org/show_bug.cgi?id=2225 Bug ID: 2225 Summary: sshd core dumps when used in high scaled environments. Product: Portable OpenSSH Version: 6.2p1 Hardware: All OS: All Status: NEW Severity: major Priority: P5 Component: sshd Assignee: unassigned-bugs at

Hello all, I''ve got the problem about the following simple application using autostart and repeat_every. A thread(?) is forked for processing task at first, but at sencond time two threads seem to be forked. My simple application code is... - In worker class class FooWorker < BackgrounDRb:Rails repeat_every 2.minutes first_run Time.now def do_work puts Time.now.to_s +

The attached patch should solve the following problem: ssh-agent creates a temporary directory under /tmp with '600' permissions. The actual socket file is created in that dir using the default umask. That's no problem in U*X systems since nobody but the owner of the directory can read the socket file. Unfortunately, Windows has a user privilege called "Bypass traverse

on FreeBSD, gcc complains that %d is used for sig_atomic_t Casting to (int) as a solution ? Index: serverloop.c =================================================================== RCS file: /cvs/openssh/serverloop.c,v retrieving revision 1.172 diff -u -p -r1.172 serverloop.c --- serverloop.c 2 Dec 2012 22:50:55 -0000 1.172 +++ serverloop.c 4 Dec 2012 11:46:33 -0000 @@ -708,7 +708,7 @@

https://bugzilla.mindrot.org/show_bug.cgi?id=1213 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #2536|0 |1 is obsolete| | --- Comment #54 from Damien Miller <djm at mindrot.org>

Under AIX there are three security settings: expires = a fixed date at which an account is no longer valid maxage= weeks before a password expires maxexpires=max weeks during which a password can be changed by a user after expiration AFTER WHICH ACCESS IS NOT ALLOWED Beauty of maxage with expires is, that no manual intervention is required to block inactive users. With maxage=5 and expires=1 an

Greetings! According to documentation, "-x" and "-X" options of ssh-keygen designed to work only with DSA keys. It means that key_type_name variable have to be initialized to "dsa" if any of these options were specified. Regards, Dmitry +-------------------------------------------------------------------------+ Dmitry V. Levin mailto://ldv at fandra.org

Hi, At the n2k10 OpenBSD network hackathon, I finally got some time to clean up and rewrite the ssh(1) client multiplexing code. The attached diffs (one for portable OpenSSH, one for OpenBSD) are the result, and they need some testing. The revised multiplexing code uses a better protocol between the master and slave processes and I even bothered to write it up :) It tracks the control sockets