similar to: [PATCH] Link count attribute extension

In sshconnect.c there are two global variables for server_version_string client_version_string. These are used just in a few functions and can easily be passed as parameters. Also, there is a strange construct, where their memory is allocated to the global pointers, then copies of these pointers are assigned to the kex structure. The kex_free finally frees them via cleanup of the kex

I was recently looking at verifying the attestation data (ssh-sk-attest-v00) for a SK key, but I believe the data saved in this structure is insufficient for completing verification of the attestation. While the structure has enough information for U2F devices, FIDO2 devices sign their attestation over a richer "authData" blob [1] (concatenated with the challenge hash). The authData blob

I've architected this in a way that looks future proof at least to the openssl provider transition. What will happen in openssl 3.0.0 is that providers become active and will accept keys via URI. The current file mechanisms will still be available but internally it will become a file URI. To support the provider interface, openssl will have to accept keys by URI instead of file and may

Engine keys are private key files which are only understood by openssl external engines. ?The problem is they can't be loaded with the usual openssl methods, they have to be loaded via ENGINE_load_private_key(). ?Because they're files, they fit well into openssh pub/private file structure, so they're not very appropriately handled by the pkcs11 interface because it assumes the private

OK, with this additional information I can now reproduce it. Based on some quick experiments it seems to be triggered when sshd is built --with-ssh1 and the config does not *load* a Protocol 1 host key. Works: Protocol=1,2 + Hostkey not specified Protocol=1,2 + Hostkeys for both protocols specified. Doesn't work: Protocol=2 + Hostkey not specified. Protocol=1,2 + Hostkeys specified only for

Engine keys are keys whose file format is understood by a specific engine rather than by openssl itself. Since these keys are file based, the pkcs11 interface isn't appropriate for them because they don't actually represent tokens. The current most useful engine for openssh keys are the TPM engines, which allow all private keys to be stored in a form only the TPM hardware can decode,

On RHEL5, dovecot 1.0.7, I have set up sendmail to use `deliver` for my local mda. It keeps giving me this error for the root user though: Jul 12 12:51:29 mail sendmail[4105]: o699225f001348: to=<root at localhost.localdomain>, ctladdr=<root at localhost.localdomain> (0/0), delay=3+08:49:26, xdelay=00:00:00, mailer=local, pri=7502879, dsn=4.0.0, stat=Deferred: local mailer

nlink should be also checked in ocfs2_inode_revalidate(). before setting flag OCFS2_INODE_DELETED ip_flags (between unlink and delete vote), the nlink may be 0. the patch is against 1.4 git. 1.2 svn should has the same patch with different line number. Signed-off-by: Wengang wang <wen.gang.wang at oracle.com> -- diff --git a/fs/ocfs2/inode.c b/fs/ocfs2/inode.c index 591e693..6b5a83e

https://bugzilla.mindrot.org/show_bug.cgi?id=2509 Bug ID: 2509 Summary: Unexpected change in tcpip-forward reply message in OpenSSH 6.8 Product: Portable OpenSSH Version: 6.8p1 Hardware: All OS: All Status: NEW Severity: major Priority: P5 Component: sshd

Hello, For several years I've been experiencing an intermittent Samba error when running a very intense, highly parallel build/compile jobset. A file is reported as "not found" even though it most certainly exists and re-running the compile jobset always succeeds. Samba version is 3.6.4 running on CentOS 5.8 with 64-bit kernel 2.6.18-308.4.1.el5. Windows side is 64-bit Window

This patch adds all the missing commonly used UNIX attributes: st_dev, st_ino, st_nlink, st_rdev, st_blocks, st_blksize, st_ctime. In addition it extends st_atime and st_mtime to 64bits, and adds nanosecond resolution to all three timestamps. This is implemented as an extension to the ATTR message. This patch alone is sufficient for SSHFS to be able to use these attributes. The following two

Stephen, OK, I can now reproduce this hang at will, purely by pulling the plug on my desktop when logged in and then rebooting - its a gnome desktop box with few partitions and ext3 on all of them, so I guess its getting a pile of gnome or ssh related sockets kept in /tmp which is on root To recap, when the machine is suffering from this, it hangs at the point of mounting the root filesystem

Items in dmesg when FAT share's are accessed from web browser: CIFS VFS: bogus file nlink value 0 When accessed from FC/L (OFM (orthodox filemanager)): CIFS VFS: illegal date, month 0 day: 0 When the share is initially mounted: CIFS: Attempting to mount //hostname/E Use of the less secure dialect vers=1.0 is not recommended unless required for access to very old servers CIFS VFS: Send error

Hi, We are trying to create a jail with FreeBSD 5.3 but it's fails with this error: cc -O -pipe -I/usr/obj/usr/src/i386/legacy/usr/include -c /usr/src/games/fortune/strfile/strfile.c make: don't know how to make /j/usr/lib/libc.a. Stop *** Error code 2 We are excuting those command in /usr/src: export D=/j make world DESTDIR=$D Are there any problem with FreeBSD 5.3? We have ever

Hi, I have a question regarding the binary format of the certificates generated with ssh-keygen, in particular when the critical options of source-address or force-command are present and the correspondence to the certificate format specifications such as http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.certkeys?rev=HEAD . It appears that the string values of the source-address

https://bugzilla.mindrot.org/show_bug.cgi?id=3591 Bug ID: 3591 Summary: Introduction of "users-groups-by-id at openssh.com" causes nlink to be lost with long view Product: Portable OpenSSH Version: 9.1p1 Hardware: All OS: All Status: NEW Severity: normal Priority:

Add support to load additional certificates for already loaded private keys. Useful if the private key is on a PKCS#11 hardware token. The private keys inside ssh-agent are now using a refcount to share the private parts between "Identities". The reason for this change was that the PKCS#11 code might have redirected ("wrap") the RSA functions to a hardware token. We don't

Hi we had one of our mail servers , going on kernel panic mode ( not syncing fatal exception) ... cause /var/queue/postfix was on reiserfs part .. it has not been giving us any isssue quite some time , but yesterday and today it went on Kernel panic mode , when we hashed out the reiserfs part it booted properly .. we formated the part^ on ext3 later and things working fine now . Could any one

Make sure the pod checker script can deal with the newer additions of podwrapper.pl. Followup of commit 46e59e9535c2fcd1c188464b5249a249f22af1a0. --- podcheck.pl | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/podcheck.pl b/podcheck.pl index 527a2e47d..795fe0e9b 100755 --- a/podcheck.pl +++ b/podcheck.pl @@ -83,6 +83,15 @@ used where the POD includes

Report access, modification, status update and creation time in Unix format. Report number of links pointing to a given entry. If the entry is a symbolic link, report the path of its target. If the filesystem supports native/transparent compression, report compressed files with dedicated flag (DIRENT_COMPRESSED 0x04). Matteo Cafasso (2): filesystem_walk: more information into tsk_dirent