Displaying 20 results from an estimated 9000 matches similar to: "Announce: OpenSSH 4.4 released"
2006 Sep 27
0
Announce: OpenSSH 4.4 released
OpenSSH 4.4 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.
Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches,
2006 Sep 21
5
Testing for the 4.4p1 release, round 2
Hi all.
As most of you know, we are preparing OpenSSH 4.4p1 for release. We have
had one round of testing and I would like to thank all who responded.
We believe that most of the problems reported have been resolved.
If you are so inclined, we would appreciate a quick retest to ensure
that the fixed ones remain fixed and the working ones remain working.
Of the problems identitified, I am only
2006 Sep 30
9
FreeBSD Security Advisory FreeBSD-SA-06:22.openssh
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-06:22.openssh Security Advisory
The FreeBSD Project
Topic: Multiple vulnerabilities in OpenSSH
Category: contrib
Module: openssh
Announced:
2006 Sep 30
9
FreeBSD Security Advisory FreeBSD-SA-06:22.openssh
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-06:22.openssh Security Advisory
The FreeBSD Project
Topic: Multiple vulnerabilities in OpenSSH
Category: contrib
Module: openssh
Announced:
2023 Nov 12
1
Match Principal enhancement
AFAIK everything you described here could be done using the
AuthorizedKeysCommand or AuthorizedPrincipalsCommand directives. These
can emit authorized_keys options (inc. permitopen) as well as the allowed
keys/principals.
On Sun, 12 Nov 2023, Bret Giddings wrote:
> Hi OpenSSH devs,
>
> I?m wondering if the following has any merit and can be done securely ...
>
> If you could
2023 Nov 12
1
Match Principal enhancement
Hi OpenSSH devs,
I?m wondering if the following has any merit and can be done securely ...
If you could match on principals in the sshd_config, then (for example) on a gateway machine, you could have something like
/etc/ssh/authorized_keys/sshfwd:
cert-authority,principals=?batcha-fwd,batchb-fwd? ...
/etc/ssh/sshd_config containing:
Match User sshfwd
PubkeyAuthentication yes
2006 Sep 30
0
FreeBSD Security Advisory FreeBSD-SA-06:22.openssh
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-06:22.openssh Security Advisory
The FreeBSD Project
Topic: Multiple vulnerabilities in OpenSSH
Category: contrib
Module: openssh
Announced:
2002 Aug 13
1
[PATCH] global port forwarding restriction
Here's another patch for people providing ssh access to restricted
environments.
We allow our users to use port forwarding when logging into our mail
servers so that they can use it to fetch mail over an encrypted channel
using clients that don't support TLS, for example fetchmail. (In fact,
fetchmail has built-in ssh support.) However we don't want them connecting
to other places
2017 May 05
3
[Bug 2711] New: Patch to add permitgwport and restrict permitopen to be a default deny
https://bugzilla.mindrot.org/show_bug.cgi?id=2711
Bug ID: 2711
Summary: Patch to add permitgwport and restrict permitopen to
be a default deny
Product: Portable OpenSSH
Version: 7.2p2
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component:
2020 May 05
1
[Bug 3159] New: authorized_keys: gap in port forwarding restrictions
https://bugzilla.mindrot.org/show_bug.cgi?id=3159
Bug ID: 3159
Summary: authorized_keys: gap in port forwarding restrictions
Product: Portable OpenSSH
Version: 8.0p1
Hardware: Other
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: sshd
Assignee: unassigned-bugs
2015 Feb 01
7
[Bug 2347] New: permitopen doesn't work with unix domain sockets
https://bugzilla.mindrot.org/show_bug.cgi?id=2347
Bug ID: 2347
Summary: permitopen doesn't work with unix domain sockets
Product: Portable OpenSSH
Version: 6.7p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-bugs
2010 Nov 28
0
Forwarding Remote Ports.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I was setting up sshd on a netbsd box to allow cygwin users to auto-ssh
in, and be rsync'ed. I wanted to secure the install such that a
compromised or stolen cygwin client could not be used to attack the sshd
server.
Setting shell to /usr/bin/false and using -N client side were helpful. I
disabled portforwarding for the client sshkey, and
2013 Jan 31
2
OpenSSH NoPty patch
Hey everyone,
I wanted to add support for denying PTY allocation through OpenSSH. I'm
not certain if this is quite thorough enough for all cases, but for me
it might work for the moment.
I know that you can currently do this through authorized_keys, but as
far as I know that only works for an actual key. In my use case, I
wanted a user with no password which is forced to run a specific
2008 Aug 22
1
CIDR address/masklen matching support for permitopen="host:port" restrictions?
Dear openssh-unix-dev list,
in OpenSSH 5.1 you introduced CIDR address/masklen matching for "Match address" blocks in sshd_config as well as supporting CIDR matching in ~/.ssh/authorized_keys from="..." restrictions in sshd.
I wonder whether CIDR address/masklen matching will be implemented for permitopen="host:port" restrictions in sshd as well, that would be quite
2017 May 03
2
OpenSSH contract development / patch
Hi OpenSSH developers;
Thank you for your amazing work.
I?m emailing to see if any knowledgeable OpenSSH developer is willing to help us review / revamp some patches we have for OpenSSH, and provide advice on some of the more advanced uses of OpenSSH. This would be a for pay contract engagement. We are trying to be super respectful of the process, and are happy to be very creative ? we are
2001 Aug 27
1
permitopen flag in authorized_keys file
I've just discovered the permitopen flag. We need such a feature for
our poor man's VPN services, but this flag seems to be usable only if
you generate your authorized_keys file from a database or something
like that: keeping a long list of host/port combinations up to date
for several users and keys is no fun.
As announced before, we have developed a far more powerful mechanism
for
2008 Aug 27
18
[Bug 1513] New: CIDR address/masklen matching support for permitopen=
https://bugzilla.mindrot.org/show_bug.cgi?id=1513
Summary: CIDR address/masklen matching support for permitopen=
Product: Portable OpenSSH
Version: 5.1p1
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P2
Component: sshd
AssignedTo: unassigned-bugs at mindrot.org
2011 Sep 30
0
openssh remote port forwarding and permitopen
I have an application where a lot of end user CPE devices ssh in
automatically to a central server, and are authenticated
by public key, to do remote (-R) port forwarding, so we can open
a connection back to a particular port on the remote device whether
it's behind some NAT or firewall or whatever. I want to be certain,
however, that if I open port 12345, it is connected to the correct
end
2019 Oct 09
0
Announce: OpenSSH 8.1 released
OpenSSH 8.1 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support.
Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested
2003 Jan 29
0
[PATCH] features for restricted shell environments
The patch below implements a couple of features which are useful
in an environment where users do not have a regular shell login.
It allows you to selectively disable certain features on a
system-wide level for users with a certain shell; it also allows
you to control and audit TCP forwarding in more detail.
Our system is an email server with a menu for the login shell;
we selectively allow port