similar to: [Bug 2317] New: sshd_config man page not clear on PermitUserEnvironment

Hello, Our campus environment would find it very useful to pass user- environment variables for certain login ssh connections, but of course want to avoid the security problems with LD_PRELOAD and PermitUserEnvironment as described in sshd_config manpages. Would the best answer be a patch that adds PermitUserEnvironment support inside match blocks? Are there technical or other reasons

https://bugzilla.mindrot.org/show_bug.cgi?id=1800 Summary: PermitUserEnvironment accepting pattern of allowed userenv variables Product: Portable OpenSSH Version: 5.5p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo:

https://bugzilla.mindrot.org/show_bug.cgi?id=1800 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #2113|0 |1 is obsolete| | CC| |dtucker at

We have a system on which users are given a very restricted environment (their shell is a menu) where they should not be able to run arbitrary commands. However, because their shell is not statically linked, ld.so provides a nice clutch of holes for them to exploit. The patch below adds a new configuration option to sshd which quashes their attempts to set LD_PRELOAD etc. using ~/.ssh/environment

[Not subscribed to this list, so please respond directly if you need to speak to me] In man5/sshd_config.5, a permissible keyword in a 'Match' block is missing. It currently lists only: AllowTcpForwarding, Banner, ForceCommand, GatewayPorts, GSSApiAuthentication, KbdInteractiveAuthentication, KerberosAuthentication, PasswordAuthentication, PermitOpen, PermitRootLogin,

Hi , I have two problems when i went through a) the man page of sshd_config and b) the comments quoted in sshd_config file itself. They are given below. a) >From the man page of sshd_config: "If UsePAM is enabled, you will not be able to run sshd(8) as a non-privileged user." I changed the permission of the hostkeys to a non-privileged user and tried to run sshd alongwith

https://bugzilla.mindrot.org/show_bug.cgi?id=3165 Bug ID: 3165 Summary: man sshd_config does not define order of includes when using globbing Product: Portable OpenSSH Version: 8.2p1 Hardware: amd64 OS: Linux Status: NEW Severity: trivial Priority: P5 Component: sshd

https://bugzilla.mindrot.org/show_bug.cgi?id=1587 Summary: [man] sshd_config(5) provide examples of keyword 'Match' Product: Portable OpenSSH Version: 5.2p1 Platform: Other OS/Version: Other Status: NEW Severity: enhancement Priority: P2 Component: Documentation

https://bugzilla.mindrot.org/show_bug.cgi?id=3193 Bug ID: 3193 Summary: Add separate section in sshd_config man page on Access Control Product: Portable OpenSSH Version: 8.3p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component:

https://bugzilla.mindrot.org/show_bug.cgi?id=2663 Bug ID: 2663 Summary: [man] sshd_config(5) AuthenticationMethods segment clarification, proposal and questions Product: Portable OpenSSH Version: 7.2p2 Hardware: Other OS: Linux Status: NEW Keywords: low-hanging-fruit

https://bugzilla.mindrot.org/show_bug.cgi?id=1408 Summary: Remove references to login.conf from sshd_config man page on Mac OS X. Classification: Unclassified Product: Portable OpenSSH Version: 4.7p1 Platform: Other OS/Version: Mac OS X Status: NEW Severity: normal Priority: P2

On 3 February 2015 at 12:09, Always Learning <centos at u64.u22.net> wrote: > As for security, the cess pit is weak security not on Linux, BSDs and > others etc. but on M$. It seems to be incredibly easy for one malicious > person to launch attacks from machines they control all over the world - > and those machines just happen to be running M$. Breaking into M$ > machines

On Tue, 2015-02-03 at 12:20 +1100, Kahlil Hodgson wrote: > On 3 February 2015 at 12:09, Always Learning <centos at u64.u22.net> wrote: > > As for security, the cess pit is weak security not on Linux, BSDs and > > others etc. but on M$. It seems to be incredibly easy for one malicious > > person to launch attacks from machines they control all over the world - > >

https://bugzilla.mindrot.org/show_bug.cgi?id=1800 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |2130 --- Comment #20 from Damien Miller <djm at mindrot.org> --- Retarget to openssh-6.4 -- You are

https://bugzilla.mindrot.org/show_bug.cgi?id=1800 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |2188 --- Comment #22 from Damien Miller <djm at mindrot.org> --- Retarget incomplete bugs / feature requests

https://bugzilla.mindrot.org/show_bug.cgi?id=1800 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |2226 --- Comment #24 from Damien Miller <djm at mindrot.org> --- Retarget to 6.7 release, since 6.6 was mostly

https://bugzilla.mindrot.org/show_bug.cgi?id=1800 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |2266 --- Comment #26 from Damien Miller <djm at mindrot.org> --- Retarget incomplete bugs to 6.8 release. --

https://bugzilla.mindrot.org/show_bug.cgi?id=1800 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks|2266 | --- Comment #28 from Damien Miller <djm at mindrot.org> --- OpenSSH 6.8 is approaching release and closed for

https://bugzilla.mindrot.org/show_bug.cgi?id=1800 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |2360 --- Comment #29 from Damien Miller <djm at mindrot.org> --- Retarget to 6.9 -- You are receiving this

https://bugzilla.mindrot.org/show_bug.cgi?id=1800 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks|2360 |2403 -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching