Displaying 20 results from an estimated 600 matches similar to: "Coding help : Where to log X11 forwards?"
2001 Nov 27
1
[PATCH] tcp-wrappers support extended to x11 forwards
Hi!
Here is the patch to support tcp wrappers with x11-forwarded connections.
The patch is for openssh-3.0.1p1 but it works fine with 2.9.9p2 too.
I've understood that this will not be included in the official version
because it adds complexity (?!) to openssh.
Binding the forwarded port to localhost doesn't solve all problems. I've
understood that you should also implement
2001 Jun 05
1
OpenSSH tmp cleanup
Hi,
I noticed that Markus has fixed the temporary file cleanup problems in
OpenSSH cvs. What files need patching for this ? I only noticed
changes in: session.c, channels.h and channels.c.
-Jarno
--
Jarno Huuskonen <Jarno.Huuskonen at uku.fi>
2001 Dec 05
1
DISPLAY=localhost
hi,
this can be applied to the latest portable CVS. by default bind sshd fake
display to localhost.
[stevesk at jenny stevesk]$ uname -sr
HP-UX B.11.11
[stevesk at jenny stevesk]$ echo $DISPLAY
localhost:14.0
[stevesk at jenny stevesk]$ netstat -an|grep 6014
tcp 0 0 127.0.0.1.6014 *.* LISTEN
this is currently controlled with sshd_config gatewayports;
2002 Feb 04
0
[Bug 101] New: session.c modifications for correct UNICOS behavior
http://bugzilla.mindrot.org/show_bug.cgi?id=101
Summary: session.c modifications for correct UNICOS behavior
Product: Portable OpenSSH
Version: 3.0.2p1
Platform: Other
OS/Version: other
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
2001 Oct 23
1
Compilation error on Solaris Workshop 6 (+patch)
Hi!
At compilation of the openssh-2.9.9p2 with Solaris WorkShop 6.01 the
following compilation error was given out.
/opt/SUNWspro/bin/cc -Xa -xF -xCC -xildoff -xarch=v9 -xchip=ultra
-dalign -I/usr/include/v9 -D_REENTRANT -xO2 -I. -I.
-I/usr/local/include -DETCDIR=\"/etc/ssh\"
-D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\"
2001 Feb 21
3
X11 display issues
Hi,
This also has been discussed in SSHSCI's SSH context. All SSH versions
(both SSHSCI and OpenSSH) derive value for DISPLAY variable from
`uname -n`. The problem is that the returned value is not necessarily
resolvable to a valid IP number which in turn might cause a failure.
To make it fool-proof I suggest to set DISPLAY to the interface's
address the user has reached the system in
2004 Jan 19
3
Security suggestion concering SSH and port forwarding.
Hi,
sorry if it is the wrong approuch to suggest improvments to OpenSSH,
but here comes my suggestion:
I recently stumbled upon the scponly shell which in it's chroot:ed form is
an ideal solution when you want to share some files with people you trust
more or less.
The problem is, if you use the scponlyc as shell, port forwarding is still
allowed. This can of course be dissallowed in
2000 May 15
1
AIX authenticate patches
Here are some patches to re-enable support for AIX's authenticate
routines. With them, ssh will honor locked & unlocked accounts, record
successful and unsuccessful logins, and deny accounts that are
prohibited to log in via the network. Tested with AIX 4.3.
It also includes a fix for handling SIGCHLD that may be needed for
other platforms (HP-UX 10.20, for example).
If I get the time
2009 Feb 04
1
4.4p1 to 5.1p1 = $HOME/bin no longer in PATH?
What's going on here? I see nothing about this in the
ChangeLog, so I am confused.
==================================================================
~:cairo> pwd
/afs/rcf/user/jblaine
~:cairo> cat bin/tester
#!/bin/sh
echo "TESTER program in $HOME/bin!"
~:cairo>
==================================================================
OpenSSH 4.4p1 (previous version we were
2003 Jan 29
0
[PATCH] features for restricted shell environments
The patch below implements a couple of features which are useful
in an environment where users do not have a regular shell login.
It allows you to selectively disable certain features on a
system-wide level for users with a certain shell; it also allows
you to control and audit TCP forwarding in more detail.
Our system is an email server with a menu for the login shell;
we selectively allow port
2001 Mar 20
1
Tru64 UNIX SIA in 2.5.2p1 is hosed
Something really hosed Digital/Tru64 UNIX SIA support in 2.5.2p1. I
haven't been able to figure out what changed in the code, but the
symptom seems to be that the TTY name being registered with SIA is
truncated to eight characters. This apparently prevents it from
matching with entries in the tty database, and the dreaded "Cannot
obtain database information on this terminal
2004 Nov 30
1
Kerberos authentication sigsegvs
Hi
I'm having major problems setting up Samba 3.0.9 with kerberos
authentication. I have also tried with 3.0.8(from Debian SID) with same
result.
smb.conf[1] has 'security = ads' , and 'use kerberos keytab = yes'.
I have set up pam_krb5 and I get TGTs that works with my ssh
servers.
But, when I try to authenticate using smbclient -k -L server I
get:
"session setup failed:
2000 Oct 27
0
Segfault in 2.2.0p1 due to connect() changes in Linux 2.4
Hello,
I upgraded (?) one of my machines to Linux kernel 2.4.0-test9, and sshd
started failing. Specifically, the sshd child processes would segfault if
a user requested X11 forwarding. I tracked the problem down to these bits
of code:
channels.c, x11_create_display_inet, line 1738:
sock = socket(ai->ai_family, SOCK_STREAM, 0);
if (sock < 0) {
if (errno != EINVAL) {
2001 Jul 20
0
Updated chroot patch
This is the patch part of contrib/chroot.diff updated to be appliable
against openssh-2.9p2. Tested on FreeBSD (various 3.x and 4.x) without
PAM or UseLogin.
Also, as part of deployment (replacing emergency-withdrawal of Telnet
access) I've chosen to get sftp on the relevant boxes. The deployment
had a scriptlet doing the config/make/etc and after the "make install"
would change
2001 Jun 21
0
Patch for removing X11 fwding cookies
Currently, openssh-2.9p2 adds cookies to a user's .Xauthority file if X11
forwarding is requested but does not delete them while closing down the
connection. While this may not necessarily be a security vulnerability, but
it's a good idea for the application to cleanup appropriately.
This patch takes care of removing the X forwarding cookies from the user's
.Xauthority file. Please
2001 Aug 13
0
Latest won't compile under Solaris 8
Here the setup:
# cat ecn
rm config.cache
CC="cc -O -xarch=v9" ./configure \
--prefix=/opt/openssh \
--sysconfdir=/var/ssh \
--with-rsh=/usr/local/etc/rsh \
--with-ipv4-default \
--with-ssl-dir=/usr/local/ssl \
--with-pam \
--with-ipaddr-display \
--with-pid-dir=/var/ssh
ALthough I have tried several different configs, all
2012 Feb 04
8
Potential memory leak in sshd [detected by melton]
Hi all,
After the memory leaks (bug 1967
<https://bugzilla.mindrot.org/show_bug.cgi?id=1967>) I reported in
bugzilla are fixed,
I also applied melton(http://lcs.ios.ac.cn/~xuzb/melton.html)
to detect the potential bugs in sshd (openssh-5.9p1).
The url below is the index of bug reports that are checked as real
bugs manually.
2000 May 15
0
OpenSSH (1.2.3) sshd hanging when using rsync over ssh (retry)
Now that the list is said to be open again, I'm resending this. I've
merged my changes into OpenSSH 2.1.0 as Kris imported it into FreeBSD over
the weekend.
---------- Forwarded message ----------
Date: Thu, 4 May 2000 08:40:22 -0500 (CDT)
From: Guy Helmer <ghelmer at cs.iastate.edu>
To: openssh-unix-dev at mindrot.org
Subject: OpenSSH (1.2.3) sshd hanging when using rsync over ssh
2001 Oct 24
2
disable features
this (uncomplete) patch makes various features compile time
options and saves up to 24K in the resulting
ssh/sshd binaries. i don't know whether this
should be added to the CVS since it makes
the code less readable.
perhaps WITH_COMPRESSION should be added, since
it removes the dependency on libz
-m
Index: Makefile.inc
===================================================================
RCS
2002 Feb 01
3
3.0.2p1 under IRIX (coredumps)
Hello,
I am unable to build a working OpenSSH 3.0.2p1 for IRIX 6.5 using either
1. gcc 2.95.3 + binutils 2.11.2
2. SGI MIPSpro cc, CC=cc, LD=/usr/bin/ld, CFLAGS='-mips3 -n32'
Under both setups:
- zlib seems to build fine
- OpenSSL seems to build fine and tests out okay
- OpenSSH builds, and then:
openssh-3.0.2p1 % ./ssh -v myhost
Trace/BPT/RangeErr/DivZero/Ovflow trap (core