similar to: [PATCH] ssh-agent: add systemd socket-based activation

On 3/23/23 20:27, Eric Blake wrote: > On Thu, Mar 23, 2023 at 01:10:16PM +0100, Laszlo Ersek wrote: >> When the user calls nbd_set_socket_activation_name before calling >> nbd_connect_system_socket_activation, pass the name down to the server >> through LISTEN_FDNAMES. This has no effect unless the new API has >> been called to set the socket name to a non-empty string.

https://bugzilla.mindrot.org/show_bug.cgi?id=1809 Summary: ssh-agent doesnt respect $TMPDIR Product: Portable OpenSSH Version: 5.6p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh-agent AssignedTo: unassigned-bugs at mindrot.org ReportedBy: vapier at

The attached patch should solve the following problem: ssh-agent creates a temporary directory under /tmp with '600' permissions. The actual socket file is created in that dir using the default umask. That's no problem in U*X systems since nobody but the owner of the directory can read the socket file. Unfortunately, Windows has a user privilege called "Bypass traverse

On 6/19/23 20:20, Damien Miller wrote: > > On Fri, 16 Jun 2023, Ronan Pigott wrote: > >> This adds support for systemd socket-based activation in the ssh-agent. >> When using socket activation, the -a flag value must match the socket >> path provided by systemd, as a sanity check. Support for this feature is >> enabled by the --with-systemd configure flag.

On Sat, Mar 25, 2023 at 12:39:28PM +0100, Laszlo Ersek wrote: > From: "Richard W.M. Jones" <rjones at redhat.com> > > To allow us to name the socket passed down to the NBD server when > calling nbd_connect_systemd_socket_activation(3), we need to add the > field to the handle and add access functions. > > [Laszlo's notes: > > - Originally posted by

On 3/28/23 04:06, Eric Blake wrote: > On Sat, Mar 25, 2023 at 12:39:28PM +0100, Laszlo Ersek wrote: >> From: "Richard W.M. Jones" <rjones at redhat.com> >> >> To allow us to name the socket passed down to the NBD server when >> calling nbd_connect_systemd_socket_activation(3), we need to add the >> field to the handle and add access functions.

From: "Richard W.M. Jones" <rjones at redhat.com> To allow us to name the socket passed down to the NBD server when calling nbd_connect_systemd_socket_activation(3), we need to add the field to the handle and add access functions. [Laszlo's notes: - Originally posted by Rich at <https://listman.redhat.com/archives/libguestfs/2023-January/030557.html> (Message-Id:

From: "Richard W.M. Jones" <rjones at redhat.com> To allow us to name the socket passed down to the NBD server when calling nbd_connect_systemd_socket_activation(3), we need to add the field to the handle and add access functions. [Laszlo's note: originally posted by Rich at <https://listman.redhat.com/archives/libguestfs/2023-January/030557.html>. I've renamed

Hi, I just installed OpenSSH 3.3p1 on a SunOS 4.1.4 system (actually a 3-year old Auspex file server) as a replacement for an older, probably vulnerable ssh version. I used gcc, openssl 0.9.6d, zlib 1.1.4 and the configure incantation ./configure --with-tcp-wrappers --with-privsep-user=privsep (the latter option obviously being the default value). There were two problems: (a) memmove seems

[attempting to loop in systemd folks; this started in libnbd at https://listman.redhat.com/archives/libguestfs/2023-March/031178.html - although I may have to retry since I'm not a usual subscriber of systemd-devel] On Fri, Mar 24, 2023 at 11:32:26AM +0100, Laszlo Ersek wrote: > >> @@ -245,6 +245,9 @@ CONNECT_SA.START: > >> "LISTEN_PID=",

To allow us to name the socket passed down to the NBD server when calling nbd_connect_systemd_socket_activation(3), we need to add the field to the handle and add access functions. --- generator/API.ml | 49 ++++++++++++++++++++++++++++++++++++++++++ lib/handle.c | 56 ++++++++++++++++++++++++++++++++++++++++++++++++ lib/internal.h | 1 + 3 files changed, 106 insertions(+) diff --git

On Thu, Mar 23, 2023 at 01:10:16PM +0100, Laszlo Ersek wrote: > When the user calls nbd_set_socket_activation_name before calling > nbd_connect_system_socket_activation, pass the name down to the server > through LISTEN_FDNAMES. This has no effect unless the new API has > been called to set the socket name to a non-empty string. > >

ssh-agent is a great tool that is often misconfigured with respect to agent forwarding. How many people running ssh-agent and doing a ssh -A have the very same public keys in ~/.ssh/authorized_keys of the machine they are coming from? ssh(1) is very clear in its warning about enabling agent forwarding. The simple act of prompting the user before using the key would enable them to determine

openssh-2.9.9p2 assumes that pid_t, uid_t, gid_t, and mode_t are no wider than int. GCC complains about this assumption on 32-bit Solaris 8 sparc, where these types are 'long', not 'int'. This isn't an actual problem at runtime on this host, as long and int are the same width, but it is a problem on other hosts where pid_t is wider than int. E.g., I've heard that 64-bit

Without this patch "ssh-agent -d > ~/ssh-agent.sh" will produce a zero byte file. Obviously a corner case, but for what I'm doing it's a show-stopper, and it _seems_ like an obvious improvement to correctness, rather than relying on implicit newline flushing with TTYs and flush-on-exit with the forking mode. Not subscribed, so please CC me on any replies. ---

Engine keys are keys whose file format is understood by a specific engine rather than by openssl itself. Since these keys are file based, the pkcs11 interface isn't appropriate for them because they don't actually represent tokens. The current most useful engine for openssh keys are the TPM engines, which allow all private keys to be stored in a form only the TPM hardware can decode,

V4 was here (incorrectly versioned on the mailing list as v3): <http://mid.mail-archive.com/20230323121016.1442655-1-lersek at redhat.com>. See the Notes section on each patch for the v5 updates. Laszlo Ersek (2): socket activation: generalize environment construction socket activation: set LISTEN_FDNAMES Richard W.M. Jones (2): common/include: Copy ascii-ctype functions from nbdkit

Is anyone bothered by the compiler warnings that indicate that the format strings don't match the associated variables? I was, so I cast most of the objectionable args (pids, uids, gids) to "long", and added an "l" (el) to the format string. A single item was cast to an int. Here's the patch. If you haven't applied my UseLogin patch, the line numbers in

this patch adds a LogFile option to sshd_config. it just logs messages directly to a file instead of stderr or syslog. the largest change is an additional argument to log_init() in log.c for the log file name (and then changes to the rest of the tools to add a NULL arg). galt -------------- next part -------------- diff -urN openssh-3.5p1-orig/log.c openssh-3.5p1/log.c ---

On Fri, 16 Jun 2023, Ronan Pigott wrote: > This adds support for systemd socket-based activation in the ssh-agent. > When using socket activation, the -a flag value must match the socket > path provided by systemd, as a sanity check. Support for this feature is > enabled by the --with-systemd configure flag. > > --- > Something tells me upstream would not be interested in