similar to: Coding help : Where to log X11 forwards?

Hi! Here is the patch to support tcp wrappers with x11-forwarded connections. The patch is for openssh-3.0.1p1 but it works fine with 2.9.9p2 too. I've understood that this will not be included in the official version because it adds complexity (?!) to openssh. Binding the forwarded port to localhost doesn't solve all problems. I've understood that you should also implement

Hi, I noticed that Markus has fixed the temporary file cleanup problems in OpenSSH cvs. What files need patching for this ? I only noticed changes in: session.c, channels.h and channels.c. -Jarno -- Jarno Huuskonen <Jarno.Huuskonen at uku.fi>

hi, this can be applied to the latest portable CVS. by default bind sshd fake display to localhost. [stevesk at jenny stevesk]$ uname -sr HP-UX B.11.11 [stevesk at jenny stevesk]$ echo $DISPLAY localhost:14.0 [stevesk at jenny stevesk]$ netstat -an|grep 6014 tcp 0 0 127.0.0.1.6014 *.* LISTEN this is currently controlled with sshd_config gatewayports;

http://bugzilla.mindrot.org/show_bug.cgi?id=101 Summary: session.c modifications for correct UNICOS behavior Product: Portable OpenSSH Version: 3.0.2p1 Platform: Other OS/Version: other Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org

Hi! At compilation of the openssh-2.9.9p2 with Solaris WorkShop 6.01 the following compilation error was given out. /opt/SUNWspro/bin/cc -Xa -xF -xCC -xildoff -xarch=v9 -xchip=ultra -dalign -I/usr/include/v9 -D_REENTRANT -xO2 -I. -I. -I/usr/local/include -DETCDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\"

Hi, This also has been discussed in SSHSCI's SSH context. All SSH versions (both SSHSCI and OpenSSH) derive value for DISPLAY variable from `uname -n`. The problem is that the returned value is not necessarily resolvable to a valid IP number which in turn might cause a failure. To make it fool-proof I suggest to set DISPLAY to the interface's address the user has reached the system in

Hi, sorry if it is the wrong approuch to suggest improvments to OpenSSH, but here comes my suggestion: I recently stumbled upon the scponly shell which in it's chroot:ed form is an ideal solution when you want to share some files with people you trust more or less. The problem is, if you use the scponlyc as shell, port forwarding is still allowed. This can of course be dissallowed in

Here are some patches to re-enable support for AIX's authenticate routines. With them, ssh will honor locked & unlocked accounts, record successful and unsuccessful logins, and deny accounts that are prohibited to log in via the network. Tested with AIX 4.3. It also includes a fix for handling SIGCHLD that may be needed for other platforms (HP-UX 10.20, for example). If I get the time

What's going on here? I see nothing about this in the ChangeLog, so I am confused. ================================================================== ~:cairo> pwd /afs/rcf/user/jblaine ~:cairo> cat bin/tester #!/bin/sh echo "TESTER program in $HOME/bin!" ~:cairo> ================================================================== OpenSSH 4.4p1 (previous version we were

The patch below implements a couple of features which are useful in an environment where users do not have a regular shell login. It allows you to selectively disable certain features on a system-wide level for users with a certain shell; it also allows you to control and audit TCP forwarding in more detail. Our system is an email server with a menu for the login shell; we selectively allow port

Something really hosed Digital/Tru64 UNIX SIA support in 2.5.2p1. I haven't been able to figure out what changed in the code, but the symptom seems to be that the TTY name being registered with SIA is truncated to eight characters. This apparently prevents it from matching with entries in the tty database, and the dreaded "Cannot obtain database information on this terminal

Hi I'm having major problems setting up Samba 3.0.9 with kerberos authentication. I have also tried with 3.0.8(from Debian SID) with same result. smb.conf[1] has 'security = ads' , and 'use kerberos keytab = yes'. I have set up pam_krb5 and I get TGTs that works with my ssh servers. But, when I try to authenticate using smbclient -k -L server I get: "session setup failed:

Hello, I upgraded (?) one of my machines to Linux kernel 2.4.0-test9, and sshd started failing. Specifically, the sshd child processes would segfault if a user requested X11 forwarding. I tracked the problem down to these bits of code: channels.c, x11_create_display_inet, line 1738: sock = socket(ai->ai_family, SOCK_STREAM, 0); if (sock < 0) { if (errno != EINVAL) {

This is the patch part of contrib/chroot.diff updated to be appliable against openssh-2.9p2. Tested on FreeBSD (various 3.x and 4.x) without PAM or UseLogin. Also, as part of deployment (replacing emergency-withdrawal of Telnet access) I've chosen to get sftp on the relevant boxes. The deployment had a scriptlet doing the config/make/etc and after the "make install" would change

Currently, openssh-2.9p2 adds cookies to a user's .Xauthority file if X11 forwarding is requested but does not delete them while closing down the connection. While this may not necessarily be a security vulnerability, but it's a good idea for the application to cleanup appropriately. This patch takes care of removing the X forwarding cookies from the user's .Xauthority file. Please

Here the setup: # cat ecn rm config.cache CC="cc -O -xarch=v9" ./configure \ --prefix=/opt/openssh \ --sysconfdir=/var/ssh \ --with-rsh=/usr/local/etc/rsh \ --with-ipv4-default \ --with-ssl-dir=/usr/local/ssl \ --with-pam \ --with-ipaddr-display \ --with-pid-dir=/var/ssh ALthough I have tried several different configs, all

Hi all, After the memory leaks (bug 1967 <https://bugzilla.mindrot.org/show_bug.cgi?id=1967>) I reported in bugzilla are fixed, I also applied melton(http://lcs.ios.ac.cn/~xuzb/melton.html) to detect the potential bugs in sshd (openssh-5.9p1). The url below is the index of bug reports that are checked as real bugs manually.

Now that the list is said to be open again, I'm resending this. I've merged my changes into OpenSSH 2.1.0 as Kris imported it into FreeBSD over the weekend. ---------- Forwarded message ---------- Date: Thu, 4 May 2000 08:40:22 -0500 (CDT) From: Guy Helmer <ghelmer at cs.iastate.edu> To: openssh-unix-dev at mindrot.org Subject: OpenSSH (1.2.3) sshd hanging when using rsync over ssh

this (uncomplete) patch makes various features compile time options and saves up to 24K in the resulting ssh/sshd binaries. i don't know whether this should be added to the CVS since it makes the code less readable. perhaps WITH_COMPRESSION should be added, since it removes the dependency on libz -m Index: Makefile.inc =================================================================== RCS

Hello, I am unable to build a working OpenSSH 3.0.2p1 for IRIX 6.5 using either 1. gcc 2.95.3 + binutils 2.11.2 2. SGI MIPSpro cc, CC=cc, LD=/usr/bin/ld, CFLAGS='-mips3 -n32' Under both setups: - zlib seems to build fine - OpenSSL seems to build fine and tests out okay - OpenSSH builds, and then: openssh-3.0.2p1 % ./ssh -v myhost Trace/BPT/RangeErr/DivZero/Ovflow trap (core