similar to: OpenSSH-Client without reverse tunnel ability

On Apr 4 13:58, Nico Kadel-Garcia wrote: > On Wed, Apr 4, 2018 at 11:43 AM, Alexander Wuerstlein > <snalwuer at cip.informatik.uni-erlangen.de> wrote: > > On 2018-04-04T17:27, mlrx <openssh-unix-dev at 18informatique.com> wrote: > >> Le 04/04/2018 ? 13:32, Jan Bergner a ?crit : > >> > Good day! > >> > > >> > Is it possible to

On 2018-04-04T17:27, mlrx <openssh-unix-dev at 18informatique.com> wrote: > Le 04/04/2018 ? 13:32, Jan Bergner a ?crit?: > > Good day! > > > > Is it possible to achieve this without nasty workarounds like wrapper > > scripts monitoring the very-verbose output of SSH or doing DPI? > > Alternatively, would it be possible to add a config option, allowing an

On Thu, Apr 5, 2018 at 7:13 AM, Jan Bergner <jan.bergner at indurad.com> wrote: > Hello all. > > First of all, I want to extend my sincere thanks to all the people who > came to the rescue so quickly. > > In any case, there is obviously room for clarification on my part, so I > will try to describe the situation we had in more detail. > > In short: > Employees

Hello Damien, Brian and all, thanks for the suggestions. I actually had not considered host-based authentication and looked it up. As I understand from my first quick reading, I would need to specify the clients which are allowed to use host-based auth on the server with a DNS name or an IP, which would not work for a client behind a CG NAT or in a cellular network. Or did I get this wrong?

Am 05.04.2018 um 14:11 schrieb Alexander Wuerstlein: > On 2018-04-05T14:07, Nico Kadel-Garcia <nkadel at gmail.com> wrote: >> How difficult would it be to leave a scheduled security check to >> look for "ssh[ \t].*-R.*" expressions with "pgrep", and file a >> security abuse report if such processes are seen? It could be >> worked around, but

Hello all, in order to connect to my SSH servers from untrusted devices like company computers or my smartphone, I set up 2FA with google-authenticator hooked into PAM. However, this is not really 2FA at least for the smartphone, since I use the same device for generating the TANs and it is also at least inconvenient to always require a new TAN for each connection. I do not want to solely rely

https://bugzilla.mindrot.org/show_bug.cgi?id=2272 Bug ID: 2272 Summary: Global "PermitTunnel Yes" required to connect to a tunnel Product: Portable OpenSSH Version: 6.6p1 Hardware: amd64 OS: Linux Status: NEW Severity: major Priority: P5 Component: sshd

On Sat, 2012-05-12 at 00:47 -0500, Hal Finkel wrote: > On Tue, 01 May 2012 21:25:29 -0500 > Peter Bergner <bergner at vnet.ibm.com> wrote: > > By the strict letter of the 32-bit ABI, the save and restore of > > r31 at a negative offset of r1 is verboten. The ABI states the > > the stack space below the stack pointer is declared as volatile. > > I actually

Ok, and then? in file smb.conf.192.168.0.1 [global] ... bind interfase only = yes interfaces = eth0 ... [FOR_ALL] ... in file smb.conf.192.168.0.2 [global] ... bind interfase only = yes interfaces = eth1 ... [ADMINS] ... Does this configuration works? Is this a good solution? i really don't know, so what's the global thinking about this. -- Information Systems

On Tue, 01 May 2012 17:23:07 -0500 Peter Bergner <bergner at vnet.ibm.com> wrote: > On Tue, 2012-05-01 at 16:06 -0500, Hal Finkel wrote: > > LLVM/clang now will build in the normal way (./configure; make > > install) on PPC (you'll need at least the 3.1 release candidate (or > > trunk)). I generally build on my PPC64 hosts with: > > make ENABLE_OPTIMIZED=1

>> the fact that ssh insists on tap* and tun* tun/tap-device-names is a >> real nag and prevents from nice and easy solutions in some cases. > > Could you offer some examples? some client: ssh -o "Tunnel Ethernet" -w any office next client: ssh -o "Tunnel Ethernet" -w any office ...and so forth. interface configuration on the hub for all clients:

On Tue, 01 May 2012 21:25:29 -0500 Peter Bergner <bergner at vnet.ibm.com> wrote: > On Tue, 2012-05-01 at 19:58 -0500, Peter Bergner wrote: > > On Tue, 2012-05-01 at 17:47 -0500, Hal Finkel wrote: > > > By default it should build for > > > whatever the current host is (no special flags required). To > > > specifically build for something else, use:

Hello, OpenSSH-wizards. In our company, we have looked into SSH-HostKey-signing in order to realize automated access without the need to accept the server's hostkey, manually. I got it to work with the HostCertificate-directive inside the sshd_config. Now, I was wondering whether it is possible to have multiple signatures, so I can, for example, sign the hostkey once with a

On 9/13/17 10:31 AM, Peter Bergner via llvm-dev wrote: > On 9/12/17 8:15 PM, Bill Seurer via llvm-dev wrote: >> I updated one of my powerpc64le llvm test systems to Fedora 25 and I >> started getting a whole bunch of sanitizer test case failures.  I tried >> testing some earlier revisions on the new OS that had worked fine under >> the old but they generate the same

Peter, Thanks! Do you happen to know where this needs to be changed in clang or LLVM. The code that actually interprets the constraints, generically, is in CodeGen/SelectionDAG/TargetLowering.cpp, is clang relying on that code, or is there some frontend code in clang itself that is failing to initially interpret the string? If it is the code in TargetLowering, then I don't see any support

Peter, Could you please comment on: http://llvm.org/bugs/show_bug.cgi?id=12757 Specifically, gcc seems to allow this: int __flt_rounds() { unsigned long fpscr; __asm__ volatile("mffs %0" : "=f"(fpscr)); return fpscr; } My reading of this is that gcc allocates a floating-point register to hold the result of the mffs instruction, and then bit casts (and truncates?) the

On Tue, 01 May 2012 15:10:56 -0500 Peter Bergner <bergner at vnet.ibm.com> wrote: > On Sat, 2012-04-28 at 15:51 -0500, Hal Finkel wrote: > > > > - There is no support for generating position-independent code > > > > on PPC32. (PIC on PPC64 now works well). Nevertheless, I have > > > > sometimes run into linking errors when compiling shared > >

On Sat, 28 Apr 2012 11:19:13 -0500 Peter Bergner <bergner at vnet.ibm.com> wrote: > On Fri, 2012-04-27 at 20:30 -0500, Hal Finkel wrote: > > Thanks! Do you happen to know where this needs to be changed in > > clang or LLVM. The code that actually interprets the constraints, > > generically, is in CodeGen/SelectionDAG/TargetLowering.cpp, is clang > > relying on

On Tue, 2012-05-01 at 19:58 -0500, Peter Bergner wrote: > On Tue, 2012-05-01 at 17:47 -0500, Hal Finkel wrote: > > By default it should build for > > whatever the current host is (no special flags required). To > > specifically build for something else, use: > > -ccc-host-triple powerpc64-unknown-linux-gnu > > or > > -ccc-host-triple

On Sat, 28 Apr 2012 13:46:02 -0500 Hal Finkel <hfinkel at anl.gov> wrote: > On Sat, 28 Apr 2012 11:19:13 -0500 > Peter Bergner <bergner at vnet.ibm.com> wrote: > > > On Fri, 2012-04-27 at 20:30 -0500, Hal Finkel wrote: > > > Thanks! Do you happen to know where this needs to be changed in > > > clang or LLVM. The code that actually interprets the