similar to: ssh -X versus -Y

Hello Stuart, On 06/25/2015 11:51 PM, Stuart Barkley wrote: > For (ssh based) X forwarding no X server needs to run on the server. > I usually install the xorg-x11-xauth (necessary) and xterm (optional) > rpms on all my servers in case X forwarding becomes necessary. > > Then from your desktop (assuming Linux already running X) in a local > xterm do something like: > >

This change allows use of untrusted X11 forwarding (which is more secure) without requiring users to choose a finite timeout after which to refuse new connections. This matches the semantics of the X11 security extension itself, which also treat a validity timeout of 0 on an authentication cookie as indefinite. Signed-off-by: Trixie Able <table at inventati.org> --- clientloop.c | 12

A few options appear to be missing from the list in ssh's manual. The one I didn't add is EnableSSHKeysign, whose description implies it is only effective when placed in the system-wide config file. Index: ssh.1 =================================================================== RCS file: /cvs/src/usr.bin/ssh/ssh.1,v retrieving revision 1.319 diff -u -p -r1.319 ssh.1 --- ssh.1 7 May 2011

https://bugzilla.mindrot.org/show_bug.cgi?id=1718 Summary: Spurious messages "X11 connection rejected because of wrong authentication." Product: Portable OpenSSH Version: 5.3p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: ssh

Hi, it seems that setting ForwardX11Trusted = yes ForwardX11Timeout = 0 causes untrusted connections to be refused immediately. While this certainly makes sense this way, I believe in this case ForwardX11Timeout = 0 might be better used for disabling the timeout entirely (the current behaviour is the same as ForwardX11Trusted = no). Is there some reason while this would be a bad idea?

this is at the bottom of auth.c. What is it? struct passwd * fakepw(void) { static struct passwd fake; memset(&fake, 0, sizeof(fake)); fake.pw_name = "NOUSER"; fake.pw_passwd = "$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK"; fake.pw_gecos = "NOUSER"; fake.pw_uid = -1; fake.pw_gid = -1; fake.pw_class =

On Sat, 1 May 2004, [koi8-r] "Valery A.Khamenya[koi8-r] " wrote: > there are two issues concerning invoking optimizations: > > 1. > this document: > http://llvm.cs.uiuc.edu/docs/GettingStarted.html > is very nice, it would be good though to add in a section > > An Example Using the LLVM Tool Chain > > examples on optimization step. That's an

This is on Solaris 10 x86, do not see this behavior on Solaris 10 sparc. Seen on multiple machines. Sshd debug: debug1: server_input_channel_open: ctype session rchan 256 win 16384 max 16384 debug1: input_session_request debug1: channel 0: new [server-session] debug2: session_new: allocate (allocated 0 max 10) debug3: session_unused: session id 0 unused debug1: session_new: session 0 debug1:

On Sun, 27 May 2007, Aaron Gray wrote: >> I just checked in a new LLVMBuilder class into llvm/Support/LLVMBuilder.h, > It does not seem to be on the LLVM cvsweb, is that still showing 1.9 or 2.0 > and not cvs ? It is there: http://llvm.org/cvsweb/cvsweb.cgi/llvm/include/llvm/Support/LLVMBuilder.h?rev=HEAD&content-type=text/x-cvsweb-markup -Chris -- http://nondot.org/sabre/

Hi all, I am struggling with remote R sessions and a (I suspect) locale related encoding problem: Using the X11 device (X11forwarding enabled), whenever I try to plot something containing umlauts using ggplot2, I am seeing sth like ,---- | Error in grid.Call(L_stringMetric, as.graphicsAnnot(x$label)) : | invalid use of -61 < 0 in 'X11_MetricInfo' `---- Using base graphics is fine

> On Sun, 27 May 2007, Aaron Gray wrote: >>> I just checked in a new LLVMBuilder class into >>> llvm/Support/LLVMBuilder.h, >> It does not seem to be on the LLVM cvsweb, is that still showing 1.9 or >> 2.0 >> and not cvs ? > > It is there: >

> If you have any more problems with this, please let me know! cvsweb content seems to be out-of-date: http://llvm.x10sys.com/cgi-bin/cvsweb.cgi/llvm/projects/ (the link to cvsweb is taken from llvm.org) -- Valery

Alkis Evlogimenos wrote: >On Wed, Apr 21, 2004 at 11:01:48AM +0200, Finn S Andersen wrote: > > >>For some of the benchmarks the linear scan regalloc >>works. When it does, results are in the x1.0 - 1.5 >>range. Unfortunately, the linear scan allocator breaks >>on most of my code. >> >> > >Is there a chance you can try cvs? I would be

https://bugzilla.mindrot.org/show_bug.cgi?id=1785 Summary: configurable timeout for x11 cookies Product: Portable OpenSSH Version: 5.5p1 Platform: All OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: ssh AssignedTo: unassigned-bugs at mindrot.org ReportedBy:

Hi folks. We were made aware of a MITRE CVE assignment on OpenSSH for a remote DoS in sftp, described as: The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via

All, If you use the CVSWeb facility to browse the CVS history, you may have noticed that on occasion it won't show any files and at the bottom it says "There are XX files, but none match the current tag". Unfortunately, this is a bug in CVSWeb. If someone sets the current tag, that setting is retained across users and sessions. Fortunately, there is a work around: just add

Hello, Possibly some of you will have read the news about "Hijacking a Macbook in 60 Seconds or Less"[1]. At this time I was searching a wireless card for my server and I wonder how this can affect to the combination FreeBSD+ath(4). The ath_hal page states that FreeBSD use a binary driver and I think it is located in this file[2]. Unlike OpenBSD which affirms that they have

https://bugzilla.mindrot.org/show_bug.cgi?id=2389 Bug ID: 2389 Summary: update the PROTOCOL.certkeys spec to avoid confusion regarding encoding of critical options fields Product: Portable OpenSSH Version: 6.8p1 Hardware: All OS: All Status: NEW Severity: enhancement

https://bugzilla.mindrot.org/show_bug.cgi?id=2295 Bug ID: 2295 Summary: clarify the effect of ForwardX11Timeout=0 in ssh config Product: Portable OpenSSH Version: 6.7p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: Documentation

Hi, Tavis Ormandy found some bugs in OpenSSL's ASN.1 and buffer code that can be exploited to cause a heap overflow: http://lists.grok.org.uk/pipermail/full-disclosure/2012-April/086585.html Fortunately OpenSSH's sshd is not vulnerable - it has avoided the use of ASN.1 parsing since 2002 when Markus wrote a custom RSA verification function (openssh_RSA_verify):