similar to: hackers celebrate this day: openssh drops security! was: Re: heads up: tcpwrappers support going away

Displaying 20 results from an estimated 2000 matches similar to: "hackers celebrate this day: openssh drops security! was: Re: heads up: tcpwrappers support going away"

2018 Jan 02
2
Legacy option for key length?
On 2 January 2018 at 17:08, Marc Haber <mh+openssh-unix-dev at zugschlus.de> wrote: > On Tue, Jan 02, 2018 at 04:03:34PM +1030, David Newall wrote: >> On 02/01/18 03:29, Michael Str?der wrote: >> > How high is the risk that this unmaintained device is added to >> > yet-another-bot-net in the Internet-of-shitty-devices or is used to >> > enter parts of your
2023 Aug 10
4
RT/Linux SCHED_RR/_FIXED to combat latency?
Good morning! We're experiencing rather very bad latency spikes on busy Linux systems, for example if one machine is the jumphost (ssh -J) for a few hundred connections, while at the same time handles CPU intensive tasks. Would RT/Linux SCHED_FIXED or SCHED_RR be of help in such a case, e.g. put all ssh processes into the SCHED_FIXED scheduling class, with a priority higher than the
2023 Aug 10
1
RT/Linux SCHED_RR/_FIXED to combat latency?
On Thu, 10 Aug 2023, Cedric Blancher wrote: >We're experiencing rather very bad latency spikes on busy Linux >systems, for example if one machine is the jumphost (ssh -J) for a few >hundred connections, while at the same time handles CPU intensive >tasks. > >Would RT/Linux SCHED_FIXED or SCHED_RR be of help in such a case, e.g. Did you already check the old and tried method
2014 Apr 22
2
heads up: tcpwrappers support going away
Hi, This is an early warning: OpenSSH will drop tcpwrappers in the next release. sshd_config has supported the Match keyword for a long time and it is possible to express more useful conditions (e.g. matching by user and address) than tcpwrappers allowed. Removing it reduces the amount of code in the 'hot' pre-authentication path in sshd and rids us of a dependency. -d
2014 Apr 23
1
VETO! Re: heads up: tcpwrappers support going away
On Tue, Apr 22, 2014 at 9:33 AM, Damien Miller <djm at mindrot.org> wrote: > Hi, > > This is an early warning: OpenSSH will drop tcpwrappers in the next > release. sshd_config has supported the Match keyword for a long time > and it is possible to express more useful conditions (e.g. matching > by user and address) than tcpwrappers allowed. > > Removing it reduces the
2016 Feb 04
3
Evaluating a port to RTEMS (embedded OS with single address space and no processes)
Hello, I am searching a SSH server for remote administration of an embedded application running on RTEMS (https://www.rtems.org). This environment has neither virtual memory nor user and kernel space. So this is like an application running in kernel mode only. Would it be possible to run (a very basic version of) OpenSSH in such an environment using e.g. threads instead of forking new
2018 Jan 02
3
Legacy option for key length?
On Fri, 29 Dec 2017, Daniel Kahn Gillmor wrote: > On Thu 2017-12-28 21:31:28 -0800, Dan Mahoney (Gushi) wrote: > > Why not make minimum key length a tunable, just as the other options are? > > Because the goal of building secure software is to make it easy to > answer the question "are you using it securely?" This is a nice summation of our approach. It's the
2024 Mar 08
1
Call for testing: OpenSSH 9.7
Hi, /bin/sh can be very different.... Ubuntu 22.04: :; ls -hal /bin/sh /bin/bash -rwxr-xr-x 1 root root 1,4M Jan 6 2022 /bin/bash lrwxrwxrwx 1 root root 4 Mar 23 2022 /bin/sh -> dash OpenIndiana (old OpenSolaris reincarnation) :; ls -hal /bin/sh /bin/bash -r-xr-xr-x 1 root bin 1,4M Jan 25 09:42 /bin/bash lrwxrwxrwx 1 root root 9 Apr 6 2021 /bin/sh -> i86/ksh93 On
2023 Nov 11
2
OpenSSH on Windows, ssh cannot |bind()| localport to port < 1023
Hi! ---- I'm doing some testing with the ssh client OpenSSH on Windows 10 (10.0-19045) but due to firewall restrictions I need to run my experiments from a local port < 1024 (not negotiable). I thought that this was no problem... but ssh |bind()| fails with "address in use" (yes, I checked netstat, no one is there) for any port < 1023. Then I checked $ netstat # and $ netsh
2018 Jan 02
3
Legacy option for key length?
On 02/01/18 03:29, Michael Str?der wrote: > How high is the risk that this unmaintained device is added to > yet-another-bot-net in the Internet-of-shitty-devices or is used to > enter parts of your network. I think that is what is called a straw-man argument.? If a device can be compromised in the way you suggest, then I am sure it will be replaced, but it will be replaced because it
2016 Sep 20
4
[PATCH] Allow scp to copy files that start with a Windows drive name.
On Windows, ?scp C:/foo/bar remotehost:? will attempt to connect to a remote host ?C? and access file ?/foo/bar?. There is currently no syntax or flag to allow copying files that start with a drive name. This patch changes the behaviour (only on Cygwin) by considering that a single letter followed by a colon is a Windows drive name and thus an absolute path. This is also more consistent with the
2008 Apr 24
3
TCPWrappers + Sendmail = not working
I have set up entries in /etc/hosts.allow and /etc/hosts.deny as follows: /etc/hosts.allow sendmail : 10.0.0.0/255.0.0.0 sendmail : LOCAL /etc/hosts.deny sendmail : ALL When I try to connect to port 25 from an Internet host via telnet, the server still responds as usual. The only difference I see is this in my /var/log/maillog: Apr 24 15:41:49 server sendmail[20691]: m3OKfna20691: tcpwrappers
2007 Sep 25
1
Samba and TCPWrappers
Good Morning, I have a Centos 4.5 (x86_64) server running samba to share data with windows users. We've been going through a security audit and the following log entries were noted: [2007/09/24 09:37:29, 0] rpc_server/srv_util.c:get_alias_user_groups(206) get_alias_user_groups: gid of user bendew doesn't exist. Check your /etc/passwd and /etc/group files [2007/09/24 09:37:29, 1]
2011 Jul 27
1
dovecot and tcpwrappers
Hi, I used dovecot 1.x for quite a while and it worked fine. However, I used it through inetd and used hosts.allow/deny to restrict access to only certain groups of systems. Since yesterday I have dovecot 2.0.13. But in version 2.0.13 it seems that starting using inetd doesn't work anymore : I only get a strange error message if I try to connect using telnet : telnet localhost imap
2012 Jun 22
2
Custom CentOS DVD, isolinux.bin, and isohybrid...
I was given a custom CentOS 5.4 DVD, containing some Digium software for one of our customers. I need to turn this burned DVD into an image that can be written to a USB thumb drive. First, I ripped the DVD to an ISO image. That part works OK, my testing VM can load and run the custom kickstart script on the image. After totally frying my unetbootin install, I decided to try and use isohybrid
2013 Jul 03
1
tcpwrappers
hi everybody having I believe sort of plain-vanilla config with section in 10-tcpwrapper.conf as per docs login_access_sockets = tcpwrap service tcpwrap { unix_listener login/tcpwrap { group = $default_login_user mode = 0600 user = $default_login_user } } /etc/hosts.deny contains: ALL: given_host and yet dovecot logins IMAP client in whereas other tcpwrapper aware
2012 Oct 09
1
Asterisk 1.4.13 Now Available
The Asterisk Development Team has announced the release of libpri 1.4.13. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/libpri The release of libpri 1.4.13 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following are the issues resolved in this release: * --- Outgoing
2005 Sep 23
1
ChanSpy performance sub-optimal
I'm trying to get ChansSpy to work. It works, in the pass/fail sense, but it is difficult to understand the various speakers. I can hear users on our end just fine, but the other end sounds like their going through a vocoder, if I can understand them at all. Otherwise it is just garbled. We are using the following setup: all of our phones are SIP phones; for our outgoing calls we make use of a
2007 Feb 12
0
tcpwrappers hosts.allow netmask problem
I can't seem to get netmask notations to work in /etc/hosts.allow on my Centos 4.4 systems. The docs seem to indicate that network specifications like 192.168.100.0/24 or 192.168.100.0/255.255.255.0 should work. However, I can only get networks specified like 192.168.100. to work. Anyone know what I'm missing? Thanks, Tom
2017 Sep 26
0
CentOS 7 & TCPWRappers & spawn ..
Hello there ! Has anyone managed to make work on tcp wrappers on hosts.allow the swpan command in order to check the ip if it is on the permitted one ..? __________ Information from ESET Endpoint Antivirus, version of detection engine 16143 (20170926) __________ The message was checked by ESET Endpoint Antivirus. Email message - is OK http://www.eset.com