similar to: [Bug 2681] New: postauth processes to log via monitor

The following is a patch I've been working on to support a "ChrootUser" option in the sshd_config file. I was looking for a way to offer sftp access and at the same time restict interactive shell access. This patch is a necessary first step (IMO). It applies clean with 'patch -l'. Also attached is a shell script that helps to build a chrooted home dir on a RedHat 7.2

Dovecot is faulting on an error about permissions that it shouldn't do. I've got an user with its home dir with permissions 700, and inside the mail directory with the mboxes. In the error log I can see: 'Can't chdir to /home/user. Permission denied' I wonder why it has to chdir to that directory and why it can't access. Shouldn't it be running as the user?

https://bugzilla.mindrot.org/show_bug.cgi?id=1875 Summary: Gentoo QA warning: net-misc/openssh-5.8_p1-r1: closefromtest.c:46: warning: implicit declaration of function ?closefrom? Product: Portable OpenSSH Version: 5.8p1 Platform: All OS/Version: Linux Status: NEW Severity: minor

http://bugzilla.mindrot.org/show_bug.cgi?id=414 ------- Additional Comments From markus at openbsd.org 2002-11-06 07:01 ------- Created an attachment (id=164) --> (http://bugzilla.mindrot.org/attachment.cgi?id=164&action=view) proposed patch what about this? (more in line with the rest of the code). ------- You are receiving this mail because: ------- You are the assignee for the

OpenSSL 1.1.0 has deprecated this function. --- configure.ac | 1 + openbsd-compat/openssl-compat.c | 2 ++ openbsd-compat/openssl-compat.h | 4 ++++ 3 files changed, 7 insertions(+) diff --git a/configure.ac b/configure.ac index 3f7fe2cd..db2aade8 100644 --- a/configure.ac +++ b/configure.ac @@ -2710,6 +2710,7 @@ if test "x$openssl" = "xyes" ; then ])

Please pardon any user idiocy involved, but I applied the OpenBSD 3.4 patch to the 3.9 sources on both my i386 and sparc64 OpenBSD 3.4 boxes, and get the same error: cc -o sshd sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o sshpty.o sshlogin.o servconf.o serverloop.o uidswap.o auth.o auth1.o auth2.o auth-options.o session.o auth-chall.o auth2-chall.o groupaccess.o auth-skey.o

this patch adds a LogFile option to sshd_config. it just logs messages directly to a file instead of stderr or syslog. the largest change is an additional argument to log_init() in log.c for the log file name (and then changes to the rest of the tools to add a NULL arg). galt -------------- next part -------------- diff -urN openssh-3.5p1-orig/log.c openssh-3.5p1/log.c ---

Hi, I saw in archive that some people made a patch to sftp-server, and that patch sets a root path. I'd like to know if there's an ideia to apply that patch in main tree of openssh? With the use of SSHFS [wich uses sftp-server], it would be interesting to have someting like that, because as we have netboot workstations, the access to devices [such as, floppy, cdrom and usb data] are

Hi all, When a client requests dynamic remote forwarding with -R it delays forking into the background. In ssh.c we see if (options.fork_after_authentication) { if (options.exit_on_forward_failure && options.num_remote_forwards > 0) { debug("deferring postauth fork until remote forward " "confirmation received");

Hello, I'm running a sshd server using the -e flag so that I can capture its whole output and later send it to the user. I'm also setting LogLevel to DEBUG1 in the configuration file and I don't want to disturb syslogd. But the problem is that it doesn't work as expected (or as I expect, which I think should be the correct behavior). The log file ends up being empty because the

Domain users using Windows 7 systems lose the ability to connect to Samba shares. Some users can connect one day but then lose the ability the next. When the problem starts to occur the log.smbd displays: =============================================== check_ntlm_password: authentication for user [user1] -> [user1] -> [MYDOMAIN\user1] succeeded ntlmssp_server_postauth: invalid

On Fri, 9 Jun 2023, Chris Rapier wrote: > Hi all, > > When a client requests dynamic remote forwarding with -R it delays forking > into the background. In ssh.c we see > > if (options.fork_after_authentication) { > if (options.exit_on_forward_failure && > options.num_remote_forwards > 0) { > debug("deferring postauth fork until

On Sun, 2018-01-07 at 18:41 +0000, halfdog wrote: > Hello list, > > I created a page to demonstrate, what would happen when chroot > root directory is writeable. In fact, code execution is possible > already, when only /etc and /bin are writable. I also tried to > escape the chroot jail, but that did not work for non-root users. > > As the 2009 CVE activities mention,

Howdy, It's been a while since I've made an announcement here but I wanted to mention that we've just released a set of HPN-SSH patches for OpenSSH6.2. The release marks the first time I've had the resources/help to actually do anything more than just forward port the patches in quite a while. http://www.psc.edu/index.php/hpn-ssh Items of note: 1) The multithreaded AES-CTR

There is bug for this: https://bugzilla.samba.org/show_bug.cgi?id=12303 I am testing this option to resolve this: client ipc signing = No But I am not yet sure if it works. Regards Christian Am Mittwoch, den 16.11.2016, 15:41 -0500 schrieb Sonic via samba: > Domain users using Windows 7 systems lose the ability to connect to > Samba shares. Some users can connect one day but then

------------ Original Message ------------ > Date: Sunday, April 19, 2015 18:44:43 +0000 > From: Sarogahtyp <sarogahtyp at web.de> > To: centos at centos.org > Subject: [CentOS] yum install failiure - CentOS-7 - Base > > I have a running CentOS 6.5 64-bit system running and i like to > have a CentOS 7 chrooted system inside. > Ive done that chroot environment as

https://bugzilla.mindrot.org/show_bug.cgi?id=2482 Bug ID: 2482 Summary: SELinux integration Product: Portable OpenSSH Version: 7.1p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org

Hi, As I understand the "ForceCommand" in the sshd_confing file is meant to ignore any command supplied by the client, but if user's home is shared by server and client machines over network (ex. NFS) then user can still put something else into ~/.ssh/rc file and overcome this limitation. Is it possible to disable execution of the ~/.ssh/rc file in such a case? Thaks, Mike

On 8/1/19 4:15 AM, Richard W.M. Jones wrote: > On Thu, Aug 01, 2019 at 10:06:01AM +0100, Richard W.M. Jones wrote: >> As far as I can see Haiku (hrev52698) has O_CLOEXEC but NOT >> SOCK_CLOEXEC. As this version is a little old I'll do an update and >> see if newer versions support it. > > I'm on hrev53313+1 which also doesn't appear to have SOCK_CLOEXEC

https://bugzilla.mindrot.org/show_bug.cgi?id=1643 Summary: Set FD_CLOEXEC on client socket Product: Portable OpenSSH Version: 5.2p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy: jchadima at