On Tue, 26 Mar 2024 at 23:49, Sylvain Saboua wrote:
[...]
> /bin/true is not in the /etc/shells file on my system.
> Did you suggest I should add it ?
I did suggest that as a possible resolution to your problem. Since
your problem is now resolved, I wouldn't change it.
--
Darren
've edited the passwd file with vipw and removed the
hashed password value leaving nothing in the password field, ie
someuser::1001:1001: [etc ...]
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA
Good judgement comes with exper
t> set tty com0
(Replace 19200 with whatever the console speed is). If that works,
put it in /etc/boot.conf
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA
Good judgement comes with experience. Unfortunately, the experience
usua
On Fri, 3 Feb 2023 at 22:40, Crystal Kolipe wrote:
> On Fri, Feb 03, 2023 at 10:33:16PM +1100, Darren Tucker wrote:
> > Fast ethernet (100base-T) uses pins 1, 2, 3 & 6
[...]
> But the output from ifconfig does suggest that the link was running with
> 1000baseT modulation:
&g
, which is about
the speed that you saw.
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
On Fri, 13 May 2022 at 11:07, Darren Tucker wrote:
> I've had two people ask me about this device in the last few days
> so I thought I'd post a followup describing what I did and found.
> As a reminder, this is an gl.inet GL-MV1000[0] (aka Brume) device.
Current status:
> Using t
d0 at scsibus0 targ 1 lun 0: removable
sd0: 7456MB, 512 bytes/sector, 15269888 sectors
scsibus1 at sdmmc0: 2 targets, initiator 0
sd1 at scsibus1 targ 1 lun 0: removable
sd1: 60906MB, 512 bytes/sector, 124735488 sectors
vscsi0 at root
scsibus2 at vscsi0: 256 targets
softraid0 at root
scsibus3 at softraid0
hat to do next. This is what you're seeing.
When I last looked, the bulk of the password guessing bots just sent a
single "password" auth method and if it doesn't work, disconnect.
Apparently the bots you're seeing behave a bit more like other clients.
[0] https://datatracker.ietf.org/doc/
lar in the past and it was a duplex mismatch.
If you have a managed switch, check that it and ifconfig agree on the
duplex setting that was auto-negotiated. Failing that, try forcing either
full-duplex or half-duplex with ifconfig and/or hostname.re0.
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA
lf, which is still running 6.8
stable due to the aforementioned problem finding the sdcard.
Any thanks to you and Patrick for the analysis and fix.
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes
switch seems to
> > be pretty common in this class of device.
>
> And if someone wants to program it, feel free to, mvsw(4) exists for a
> reason, might just need some code. :)
>
and maybe docs :-)
# man 4 mvsw
man: No entry for mvsw in section 4 of the manual.
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
.
>
To drag this a tiny bit toward the approximate direction of being on-topic:
if you do find one and want to run OpenSSH on it, you'll need to use 7.6p1
or earlier since I removed UNICOS support in 7.7p1 (
https://github.com/openssh/openssh-portable/commit/ddc0f3814881ea279a6b6d4d98e03afc60ae1ed7
initiator 0
sd1 at scsibus1 targ 1 lun 0: removable
sd1: 30436MB, 512 bytes/sector, 62333952 sectors
vscsi0 at root
scsibus2 at vscsi0: 256 targets
softraid0 at root
scsibus3 at softraid0: 256 targets
root on sd1a (9e51f250b602291d.a) swap on sd1b dump on sd1b
WARNING: CHECK AND RESET THE D
1a (9e51f250b602291d.a) swap on sd1b dump on sd1b
WARNING: CHECK AND RESET THE DATE!
Automatic boot in progress: starting file system checks.
/dev/sd1a (9e51f250b602291d.a): file system is clean; not checking
9e51f250b602291d.i: 6 files, 16034 free (8017 clusters)
pf enabled
starting network
r
ort 21285: invalid format
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
socks client to an IP address as well as
domain name. The test to an IP address will remove the DNS variable.
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the exper
parts (microsd card, case) so it'd probably cost more (and the onboard
wifi isn't supported so if you wanted wifi you'd have to add a USB one).
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes
or the existing
functions pending a better solution. The change should be live
shortly.
Thanks.
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually
break;
--
config_test = 1;
break;
case 'Y':
options.forward_x11 = 1;
options.forward_x11_trusted = 1;
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880
conf side, but
sshd's ChallengeResponseAuthentication/keyboard-interactive does
support that. You can ensure you are using that on the client side by
adding "-o PreferredAuthentication=keyboard-interactive" on the client
side or disabling PasswordAuthentication in sshd_config.
--
Dar
ged in -current but that change has
not yet made it to a release. From
https://man.openbsd.org/ssh_config.5: "The default is af21
(Low-Latency Data) for interactive sessions and cs1 (Lower Effort) for
non-interactive sessions."
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA /
made 2 days ago?
This may have been fixed:
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/readconf.c?rev=1.291=text/x-cvsweb-markup
If not, could you please share the fragment of your config that triggers it?
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B
On 5 May 2018 at 21:50, Hess THR <hessnovth...@mail.com> wrote:
[...]
> But the question: does anybody have more? Or better? Any idea how to have
> more and better quality testcases?
https://anongit.mindrot.org/openssh-fuzz-cases.git/
--
Darren Tucker (dtucker at dtucker.net)
GPG
a weak integrity guarantee compared to a proper
MAC).
[0] https://github.com/openssh/openssh-portable/commit/3d6d09f2
[1] https://www.openssh.com/releasenotes.html#7.6
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judg
t have a lot.
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
openbsd.org/login.conf.5
>
> Also I'd guess it should be a similar process for SFTP
sftp works approximately the same as a shell except sftp-server is
exec'ed instead of the shell.
>, telnet
telnetd is no longer supported but I think it always exec'ed login(1).
> other authenticated
der a Host for that device to save you having to remember
it. I don't know if your Cisco has any equivalent.
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
On 9 December 2017 at 09:40, Christian Weisgerber <na...@mips.inka.de>
wrote:
> On 2017-12-08, Darren Tucker <dtuc...@dtucker.net> wrote:
>
> > If your hardware doesn't have a clock (or the clock is bad) then it can
> > take ntpd a long time to adjust it bac
id this long
convergence by telling ntpd to step to the correct time on startup
(although this won't step after startup, so it requires that your NTP
servers be reachable at boot time).
$ grep ntp /etc/rc.conf.local
ntpd_flags="-s"
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6F
ith multiple SANs. Letsencrypt at least supports
this as long as all of the domains map (or can be made to map) to the
place requesting the certificate.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes wit
utput. The exact reason will
be in config.log (although you may have to scroll back a way to find
it). A common cause of this is not having added the new lib directory
to the runtime linker config via ldconfig(8).
--
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860
get the full number of MaxAuthTries log in attempts?
Assuming my guess above is correct, PreferredAuthentications=password
--
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
0x14200 bored systq
25519 499550 0 0 3 0x40014200 bored softclock
67706 213188 0 0 3 0x40014200idle0
1 179173 0 0 30x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb>
--
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
implementation
mechanisms although there are no drop-in replacements at the moment.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
d be interested in hearing the result.
[1] http://undeadly.org/cgi?action=article=20130201054156
--
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
annel_open: failure %s", ctype);
packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE);
packet_put_int(rchan);
- packet_put_int(SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED);
+ packet_put_int(reason);
if (!(datafellows & SSH_BUG_OPENFAILURE)) {
-
ee
KexAlgorithms in sshd_config(8)), and exactly which one gets used will
depend on what the client and server support and/or have enabled. They all
have the same security properties, though.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6
engines.ch/alix3d3.htm has "fix serial port" against the most
recent firmware version...
--
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
what could be causing this?
I suspect your addition to the shutdown script makes the unmount early
enough that it has time to complete whatever operation it's trying to
complete.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
USB revision 1.0
uhub6 at usb6 "ATI OHCI root hub" rev 1.00/1.00 addr 1
umass0 at uhub2 port 1 configuration 1 interface 0 "Generic Flash Card
Reader/Writer" rev 2.01/1.00 addr 2
umass0: using SCSI over Bulk-Only
scsibus2 at umass0: 2 targets, initiator 0
sd1 at sc
((t) & 0xf)
+#define RL_IM_RXPKTS(t)(((t) & 0xf) << 4)
#define RL_IM_TXTIME(t) (((t) & 0xf) << 8)
+#define RL_IM_TXPKTS(t)(((t) & 0xf) << 12)
struct rl_chain_data {
u_int16_t cur_r
ke a difference (which is probably an indication
that I did something wrong). I could dig up the patch if you'd like
to try it.
The other thing to be aware of is that if you're following current,
POOL_DEBUG is usually set in your config, which will be quite
expensive when pushing packets.
--
run it on port 222) and if the reason isn't obvious from the log
please post it to the list.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
first "+" means "append this to the list of accepted algorithms".
The second "+" doesn't mean anything so sshd is trying to parse that
as an algorithm name and failing (this should be obvious from the log
message). Try:
KexAlgorithms +diffie-hellman-group1-sha1,diffie-he
min group size >-
DH_GRP_MIN (2048 since OpenBSD 5.9) thus didn't cause the min value to
be modified, and any client that preferred another key exchange method
(most recent versions of OpenSSH) never triggered the problem.
Sorry for the inconvenience.
--
Darren Tucker (dtucker at zip.com.au
On Thu, Jun 2, 2016 at 2:06 PM, <pizdel...@gmail.com> wrote:
> On Thu, Jun 02, 2016 at 08:53:49AM +1000, Darren Tucker wrote:
> > > i'm inclined to disagree with this diff, for the following reasons:
> >
> > - other than the concatenation with spaces, i
connection, which might use sh -c
or might do something completely different depending on the server.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
quot;) since
that's how the rest of my rules are written but while the ruleset
loads fine it doesn't actually do anything because queues must be
assigned to real interface names (quoth pf.conf(5): "The root queue
must specifically reference an interface")
--
Darren Tucker (dtucker at zip.co
On Mon, Nov 2, 2015 at 12:56 PM, Darren Tucker <dtuc...@zip.com.au> wrote:
> Not that I have seen, but I don't know what the limiting factor is.
> iperf will push ~500Mbit/s from userspace (mtu 1500)
[...]
> I also notice dlg just made the following change to sys/dev/ic/re.c
> w
onfiguration 1 interface 0 "Generic Flash Card
Reader/Writer" rev 2.01/1.00 addr 2
umass0: using SCSI over Bulk-Only
scsibus2 at umass0: 2 targets, initiator 0
sd0 at scsibus2 targ 1 lun 0: <Multiple, Card Reader, 1.00> SCSI2
0/direct removable serial.058f6366058F63666485
sd0: 3886MB,
scripts or the kernel?
> Have you tried stuff like sync;sync;reboot or sync;sync;sleep 2;reboot ?
>
For a sample size of 1 trial each, neither helps.
Also, shouldn't the last-mounted location have been updated to "/" when the
root filesystem got remounted read-write?
--
Darren T
774a32b.a) swap on sd0b dump on sd0b
WARNING: /mnt was not properly unmounted
Automatic boot in progress: starting file system checks.
/dev/sd0a (0b606ebc9774a32b.a): FREE BLK COUNT(S) WRONG IN SUPERBLK (SALVAGED)
/dev/sd0a (0b606ebc9774a32b.a): 148615 files, 1630100 used, 308347 free (47619
fra
: extent_free: region not found
kdb breakpoint at 155ef04
Stopped at Debugger+0x8: nop
RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC!
DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION!
ddb
rebooting
--
Darren Tucker (dtucker at zip.com.au
constant
# define mblen(x, y) 1
The obvious thing to try would be to change that to:
# define mblen(x, y) (1)
(BTW openssh-unix-...@mindrot.org is the best place to get help with
portable OpenSSH. See http://www.openssh.com/report.html for details.)
--
Darren Tucker (dtucker at zip.com.au)
GPG
On Tue, May 5, 2015 at 3:02 PM, lawgi...@nym.hush.com wrote:
On 5/4/2015 at 9:39 PM, Darren Tucker dtuc...@zip.com.au wrote:
Please try this patch on your server.
[...]
We upgrade from snapshots, and don't have the source installed, so we
can't easily check this patch.
I have committed
)
TTSSH/2.70*,
TTSSH/2.71*,
TTSSH/2.72*,SSH_BUG_HOSTKEYS },
+ { WinSCP*,SSH_OLD_DHGEX },
{ NULL, 0 }
};
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE
resulted in the speed going back up to what I expected (about 85
mbit/s). If you are still having problems you might want to check that out.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience
'?' for help at any prompt)
p
OpenBSD area: 0-3451136; size: 3451136; free: 3451136
#size offset fstype [fsize bsize cpg]
c: 34511360 unused
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7
On Mon, Jan 5, 2015 at 9:14 PM, Darren Tucker dtuc...@zip.com.au wrote:
[..]
sd0 at scsibus0 targ 1 lun 0: SD/MMC, Drive #01, SCSI2 0/direct fixed
sd0: 7580MB, 512 bytes/sector, 15523840 sectors
scsibus1 at sdmmc1: 2 targets, initiator 0
sd1 at scsibus1 targ 1 lun 0: SD/MMC, Drive #01
.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
,
in which case doing those in software would be faster at the cost of using
more CPU, but I never tested this theory.
[1] http://undeadly.org/cgi?action=articlesid=20130201054156
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good
idle0
25159 0 0 0 3 0x14200 kmalloc kmthread
1 0 1 0 20x82init
0 -1 0 0 3 0x10200 scheduler swapper
ddb
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE
On Sat, Sep 20, 2014 at 11:41:38PM +1000, Darren Tucker wrote:
This is qemu/kvm on a linux host. It has previously worked fine.
There's a similar panic in the mp kernel which I can also capture if
it'll help.
I was able to bring it up in single-user enough to ifconfig the network
up, cvs up
On Sun, Sep 21, 2014 at 12:10:06AM +1000, Darren Tucker wrote:
On Sat, Sep 20, 2014 at 11:41:38PM +1000, Darren Tucker wrote:
This is qemu/kvm on a linux host. It has previously worked fine.
There's a similar panic in the mp kernel which I can also capture if
it'll help.
I was able
)
at /usr/src/lib/libc/asr/asr.c:224
#7 0x0154178b in getnameinfo (sa=0xcfbcc854, salen=16, host=0xcfbccdb0 ,
hostlen=256, serv=0x0, servlen=0, flags=8)
at /usr/src/lib/libc/asr/getnameinfo.c:47
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982
On Mon, May 12, 2014 at 04:39:57PM -0400, Darren Tucker wrote:
Indeed. It looks like a bug in the libc resolver rather than sshd, though.
I've been kinda busy recently so I haven't kept up with recent changes so
I'm not sure exactly what's changed in there. Looks like it should be
readily
is concerned, the underlying ssh is just an 8-bit
clean bidirectional pipe.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
) to retrieve
the original address which does not require privileges.
That does look like a better way of doing it and would likely also
simplify things. If I'm reading commit logs correctly, divert-to was
added about 6 months after I originally wrote that code.
--
Darren Tucker (dtucker
then.
The other gotcha is that it needed to be run as root to open the PF
device to look up the NAT states. That could potentially be mitigated
by a setuid helper program, but from memory it needed write access for
the DIOCNATLOOK ioctl, so it'd still be potentially dangerous.
--
Darren Tucker
at the cost of more CPU usage
although I never tested that.
[1] http://undeadly.org/cgi?action=articlesid=20130201054156
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately
the first for any hostname containing a dot, and the
second for anything without.
Also: it's not in 5.4 but it is in current: check out the Match keyword
for a more flexible method.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good
On Sun, Nov 03, 2013 at 01:00:28PM +0200, Lars Nooden wrote:
On Sun, 3 Nov 2013, Darren Tucker wrote:
[snip]
Also: it's not in 5.4 but it is in current: check out the Match keyword
for a more flexible method.
Cool. Were there any particular use cases in mind with 'exec' ?
ProxyCommand
.
# config -o /bsd -e /bsd
ukc disable mpbios
ukc disable uhci
ukc quit
then reboot.
anyway, this is just a guess. you might get some better advice if you
provide more info, like the output of dmesg.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982
) on? It's in sysctl.conf
(not in that list) and it's off by default.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
one of the faster MACs (umac...@openssh.com is probably going to be
the fastest one but you might want to try the others too).
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately
.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
offers many different identities. The
default is ``no''.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
of the system log.
[...]
Is this something from upcoming 6.3 or was it missed in the release notes
for 6.2?
It was added after the 5.2 release and will be in 5.3.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes
+ strcasecmp(options.chroot_directory, none) != 0)
+ fatal(server lacks privileges to chroot to ChrootDirectory);
+
if (getuid() != pw-pw_uid || geteuid() != pw-pw_uid)
fatal(Failed to set uids to %u., (u_int) pw-pw_uid);
}
--
Darren Tucker (dtucker
.
I would expect the compiled in default for UsePrivilegeSeparation to
change at some point down the track, at which point it will be commented
out in sshd_config again.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement
.
There is an open enhancement request to let it match subnets, which
may or may not be sufficient for what you want
(https://bugzilla.mindrot.org/show_bug.cgi?id=1169).
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes
this?
If you start ssh with ControlMaster mode enabled you can use ssh -O
forward to add forwardings to an established connection, eg:
$ ssh -o ControlMaster=yes -o ControlPath=/tmp/ctl localhost
$ ssh -o ControlMaster=no -o ControlPath=/tmp/ctl -O forward \
-L 1234:127.0.0.1:22 localhost
--
Darren
(or, at least, it's
taking much longer than they expected).
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
key, which an MITM can't do since it
doesn't have access to the corresponding private key.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad
mquery() to sandbox-systrace.c work on my system.
thank you.
Slight variant (SYSTR_POLICY_PERMIT) committed, thanks.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately
topic: I added an openssh specs page recently
(http://www.openssh.com/specs.html) which should be the authoritative
reference for what is supported. Corrections are welcome (but before
someone says RFC6594, note that I'm trying to keep it accurate for
the most recent release).
--
Darren Tucker
connection
and check if the send-q is non zero (indicating un-acked data).
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
Lars Nooden wrote:
How can umask be set on the remote host for chrooted sftp users?
You can set it on the server side with sftp-server's -u option but
that's very new (post 4.6).
You would have something like this in sshd_config:
Subsystem sftp sftp-server -u 0022
--
Darren Tucker
Falk Brockerhoff wrote:
is there any gentle way how to determine my ip address if I connected
via ssh to an openbsd system?
echo $SSH_CLIENT | cut -f1 -d' '
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes
things and slacking in this
department.
[1] http://www.zip.com.au/~dtucker/openntpd/snapshot/
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad
to the
same tun device.
http://www.iijlab.net/~kjc/software/dist/tunbridge-0.1.tar.gz
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
token before accessing the user's home directory.
The default is ``no''.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
somehost-xfer
Hostname somehost
ProxyCommand nc -T throughput %h %p
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
Pierre-Yves Ritschard wrote:
On Wed, 13 Jun 2007 15:40:36 +1000
Darren Tucker [EMAIL PROTECTED] wrote:
[...]
1. add a static published arp entry for the cluster address on the
balancer with its own mac address so packets aimed at the cluster
address will go to the balancer.
2. configure all
@host.example.com:/home/username/foo.bar .
Any other suggestions?
I don't use skey so I can't test it but this will probably work:
scp -o User=username:skey host.example.com:/home/username/foo.bar .
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4
into this would probably want to look at what Ben
Lindstrom has already done with this:
http://www.eviladmin.org/patches/sftp-tab.patch
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience
I'm
not sure as I don't transfer files that often.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
on
ChallengeResponseAuthentication.
I'll do a patch later today.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
1 - 100 of 128 matches
Mail list logo
