similar to: SSH certificate and serverside ForceCommand

On 29 September 2017 at 11:05, Iain Morgan <imorgan+openssh at nas.nasa.gov> wrote: [...] > This is due to my shell being csh, which is pickier about undefined > variables than the Bourne-style shells. The attached patch fixes the > issue. Thanks for figuring this out. > - 'test -z "$SSH_USER_AUTH"' || fail "SSH_USER_AUTH present" > +

Hi, OpenSSH 7.6p1 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a bugfix release. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available via git using the instructions at

On Fri, 29 Sep 2017, Iain Morgan wrote: > Actually, according to OpenBSD's printenv(1) man page, it first appeared > in 2BSD. The man page on OS X claims it was BSD 3.0. However, it doesn't > appear to be part of any standard. > > Your suggestion ran into the same issue as the original test, but > escaping the evaluation by the user's shell appears to work: >

https://bugzilla.mindrot.org/show_bug.cgi?id=2408 Bug ID: 2408 Summary: Expose authentication information to PAM Product: Portable OpenSSH Version: -current Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: PAM support Assignee:

Hi, I am trying to configure OpenSSH to allow root logins, without success so far. So I could really use some advice. This is my server configuration: AllowUsers = thomas root AuthenticationMethods hostbased,publickey ExposeAuthInfo = no ForceCommand none GSSAPIAuthentication no HostbasedAcceptedAlgorithms ssh-ed25519 HostbasedAuthentication yes HostbasedUsesNameFromPacketOnly yes HostKey

Hi, OpenSSH 7.7p1 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a bugfix release. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available via git using the instructions at

I have a need to add some server-side ACL functionality to the way ssh handles port forwarding. For a first pass, I want to be able to restrict -L port forwarding to localhost on the server only and I want to be able to specify the ports on Server. I was wondering if there would be any desire to incorporate said changes back into the main development tree? If so, are there coding guildlines

Hi, when scp'ing a file from hostA to hostB I receive following error message on the server side. Message in authlog: Jan 9 15:01:32 zapphod sshd[3229]: [ID 800047 auth.error] error: channel 0: chan_read_failed for istate 3 The file itself is transfered correctly, so I'm wondering why this error is being logged and what this error message means It seems that the occurance of this

Hello all, just started tinkering with Rails after reading all the hype about it. I''m a raw novice with Ruby and (obviously) Rails, but have extensive experience with serverside Java (J2EE stack, Tapestry, etc). Rails looks cool, though embedding Ruby code in HTML reminds me unpleasantly of JSP + Struts and I''m deeply suspicious of all the behind-the-scenes magic going on in

Hi all, This question might be a long shot, but I''m going to ask it anyway. In my application, I''ve created a before_filter that does some magic. It looks like this: if request.xhr? then render :update do |page| page.redirect_to url_for_thingy end else redirect_to redirect_to url_for_thingy end This works perfectly, however, I have one annoyance. On the server side,

Hello all, I am running Dovecot alpha1, and after about 24 hours of the server working fine, it starts to lock up when I open Thunderbird to check mail. Basically I can see new mail, but when I click it, it just hangs at "Loading message...". I get the following in my maillog: Aug 23 09:25:28 palantir dovecot: auth(default): client in: AUTH 1 PLAIN service=IMAP

Hi guys, I have a server setup with openssh-5.0p1 and use some users as sftp-only chroot accounts. The following configuration yields exactly the result I want: user is chrooted, logs to syslog, all is good. #================================================# Subsystem sftp internal-sftp -f AUTHPRIV -l VERBOSE Match User fredwww ChrootDirectory %h #ForceCommand internal-sftp

Hi All First of all apologize for my bad English ? it is not my native language. I'm using ssh for my everyday work. And I have noticed strange behaviour in sshd daemon. In sshd_config file there is option ForceCommand, and if I'm making sftp connection it look like command is also executed, I receive error message and connection is lost. In my opinion ForceCommand should not be

Hello, I am trying to force a command for all users *except* for users in the "wheel" group. My idea was to do the following in sshd_config: ForceCommand /usr/bin/validate-ssh-command Match Group wheel ForceCommand But obviously this doesn't work, because ForceCommand requires an argument. I couldn't find a way to achieve what I want. I wrote a patch that adds a

https://bugzilla.mindrot.org/show_bug.cgi?id=1527 Summary: ForceCommand internal-sftp needs a way to enable logging Product: Portable OpenSSH Version: 5.1p1 Platform: Itanium2 OS/Version: HP-UX Status: NEW Severity: minor Priority: P4 Component: sftp-server AssignedTo:

I've hit two roadblocks while using openssh -D as a general proxy: - openssh doesn't have an internal-null, so the options are to either give the user account a real shell and ForceCommand, or set the shell to something like /bin/cat and ChrootDirectory. I don't want proxy-only accounts to have a shell at all. - Comparing mini-httpd SSL/aes256 vs mini-httpd (localhost/no SSL) via

https://bugzilla.mindrot.org/show_bug.cgi?id=2486 Bug ID: 2486 Summary: allow ForceCommand none or similar Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org

https://bugzilla.mindrot.org/show_bug.cgi?id=2281 Bug ID: 2281 Summary: sshd accepts empty arguments in ForceCommand and VersionAddendum Product: Portable OpenSSH Version: 6.6p1 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5 Component: sshd

> > On Mar 22, 2008, at 3:32 PM, Chris Wilson wrote: > > > >> As I understand the "ForceCommand" in the sshd_confing file is meant to > >> ignore any command supplied by the client, but if user's home is shared > >> by server and client machines over network (ex. NFS) then user can > >> still put something else into ~/.ssh/rc file and

Hi, As I understand the "ForceCommand" in the sshd_confing file is meant to ignore any command supplied by the client, but if user's home is shared by server and client machines over network (ex. NFS) then user can still put something else into ~/.ssh/rc file and overcome this limitation. Is it possible to disable execution of the ~/.ssh/rc file in such a case? Thaks, Mike