On Tue, 26 Mar 2024 at 23:49, Sylvain Saboua wrote:
[...]
> /bin/true is not in the /etc/shells file on my system.
> Did you suggest I should add it ?
I did suggest that as a possible resolution to your problem. Since
your problem is now resolved, I wouldn't change it.
--
Da
imilar
in the past I've edited the passwd file with vipw and removed the
hashed password value leaving nothing in the password field, ie
someuser::1001:1001: [etc ...]
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA
Good j
t> set tty com0
(Replace 19200 with whatever the console speed is). If that works,
put it in /etc/boot.conf
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA
Good judgement comes with experience. Unfortunately, the experience
usua
On Fri, 3 Feb 2023 at 22:40, Crystal Kolipe wrote:
> On Fri, Feb 03, 2023 at 10:33:16PM +1100, Darren Tucker wrote:
> > Fast ethernet (100base-T) uses pins 1, 2, 3 & 6
[...]
> But the output from ifconfig does suggest that the link was running with
> 1000baseT modulation:
&g
t, which is about
the speed that you saw.
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
On Fri, 13 May 2022 at 11:07, Darren Tucker wrote:
> I've had two people ask me about this device in the last few days
> so I thought I'd post a followup describing what I did and found.
> As a reminder, this is an gl.inet GL-MV1000[0] (aka Brume) device.
Current status:
&g
bus0 at sdmmc1: 2 targets, initiator 0
sd0 at scsibus0 targ 1 lun 0: removable
sd0: 7456MB, 512 bytes/sector, 15269888 sectors
scsibus1 at sdmmc0: 2 targets, initiator 0
sd1 at scsibus1 targ 1 lun 0: removable
sd1: 60906MB, 512 bytes/sector, 124735488 sectors
vscsi0 at root
scsibus2 at vscsi0: 256 targets
authentication methods
to decide what to do next. This is what you're seeing.
When I last looked, the bulk of the password guessing bots just sent a
single "password" auth method and if it doesn't work, disconnect.
Apparently the bots you're seeing behave a bit more like oth
ar in the past and it was a duplex mismatch.
If you have a managed switch, check that it and ifconfig agree on the
duplex setting that was auto-negotiated. Failing that, try forcing either
full-duplex or half-duplex with ifconfig and/or hostname.re0.
--
Darren Tucker (dtucker at dtucker.net)
GPG
itself, which is still running 6.8
stable due to the aforementioned problem finding the sdcard.
Any thanks to you and Patrick for the analysis and fix.
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes
us programmable switch seems to
> > be pretty common in this class of device.
>
> And if someone wants to program it, feel free to, mvsw(4) exists for a
> reason, might just need some code. :)
>
and maybe docs :-)
# man 4 mvsw
man: No entry for mvsw in section 4 of the manual.
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
To drag this a tiny bit toward the approximate direction of being on-topic:
if you do find one and want to run OpenSSH on it, you'll need to use 7.6p1
or earlier since I removed UNICOS support in 7.7p1 (
https://github.com/openssh/openssh-portable/commit/ddc0f3814881ea279a6b6d4d98e03afc60a
0p4
cpu1: 32KB 64b/line 2-way L1 VIPT I-cache, 32KB 64b/line 4-way L1
D-cache
cpu1: 256KB 64b/line 16-way L2 cache
cpu1: CRC32,SHA2,SHA1,AES+PMULL,ASID16
efi0 at mainbus0: UEFI 2.0.5
efi0: Das U-boot rev 0x0
apm0 at mainbus0
agtimer0 at mainbus0: 12500 kHz
"pmu" at mainbus0 not con
0a:/bsd
boot device: sd0
root on sd1a (9e51f250b602291d.a) swap on sd1b dump on sd1b
WARNING: CHECK AND RESET THE DATE!
Automatic boot in progress: starting file system checks.
/dev/sd1a (9e51f250b602291d.a): file system is clean; not checking
9e51f250b602291d.i: 6 files, 16034 free (8017 cluster
0.1 port 21285: invalid format
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
s the socks client to an IP address as well as
domain name. The test to an IP address will remove the DNS variable.
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the
ut you'd have to add
parts (microsd card, case) so it'd probably cost more (and the onboard
wifi isn't supported so if you wanted wifi you'd have to add a USB one).
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 1
ges for the existing
functions pending a better solution. The change should be live
shortly.
Thanks.
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
us
rd_x11 = 1;
break;
--
config_test = 1;
break;
case 'Y':
options.forward_x11 = 1;
options.forward_x11_trusted = 1;
--
Darren Tucker (dtucker at dtucker.net)
GPG
conf side, but
sshd's ChallengeResponseAuthentication/keyboard-interactive does
support that. You can ensure you are using that on the client side by
adding "-o PreferredAuthentication=keyboard-interactive" on the client
side or disabling PasswordAuthentication in sshd_config.
nged in -current but that change has
not yet made it to a release. From
https://man.openbsd.org/ssh_config.5: "The default is af21
(Low-Latency Data) for interactive sessions and cs1 (Lower Effort) for
non-interactive sessions."
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA
made 2 days ago?
This may have been fixed:
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/readconf.c?rev=1.291&content-type=text/x-cvsweb-markup
If not, could you please share the fragment of your config that triggers it?
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA
On 5 May 2018 at 21:50, Hess THR wrote:
[...]
> But the question: does anybody have more? Or better? Any idea how to have
> more and better quality testcases?
https://anongit.mindrot.org/openssh-fuzz-cases.git/
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B1
y guarantee compared to a proper
MAC).
[0] https://github.com/openssh/openssh-portable/commit/3d6d09f2
[1] https://www.openssh.com/releasenotes.html#7.6
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes
On 19 April 2018 at 16:52, Jan Stary wrote:
> This is a fresh upgrade of current/i386 on an ALIX 2D3.
> Upon start, kernel relinking fails, with relink.log saying:
Do you have any swap configured? Relinking takes a reasonable amount
of ram and the ALIX doesn't have a lot.
--
Da
penbsd.org/login.conf.5
>
> Also I'd guess it should be a similar process for SFTP
sftp works approximately the same as a shell except sftp-server is
exec'ed instead of the shell.
>, telnet
telnetd is no longer supported but I think it always exec'ed login(1).
> other authe
evice to save you having to remember
it. I don't know if your Cisco has any equivalent.
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
On 9 December 2017 at 09:40, Christian Weisgerber
wrote:
> On 2017-12-08, Darren Tucker wrote:
>
> > If your hardware doesn't have a clock (or the clock is bad) then it can
> > take ntpd a long time to adjust it back to the correct time (it uses
> > adjtime(), wh
nvergence by telling ntpd to step to the correct time on startup
(although this won't step after startup, so it requires that your NTP
servers be reachable at boot time).
$ grep ntp /etc/rc.conf.local
ntpd_flags="-s"
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E
ncrypt at least supports
this as long as all of the domains map (or can be made to map) to the
place requesting the certificate.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunatel
(although you may have to scroll back a way to find
it). A common cause of this is not having added the new lib directory
to the runtime linker config via ldconfig(8).
--
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good ju
t the full number of MaxAuthTries log in attempts?
Assuming my guess above is correct, PreferredAuthentications=password
--
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
0x40014200 acpi0 acpi0
69614 24706 0 0 3 0x14200 bored softnet
65266 358625 0 0 3 0x14200 bored systqmp
78420 65487 0 0 3 0x14200 bored systq
25519 499550 0 0 3 0x40014200 bored sof
gh there are no drop-in replacements at the moment.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
do try it I'd be interested in hearing the result.
[1] http://undeadly.org/cgi?action=article&sid=20130201054156
--
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
HIBITED);
+ packet_put_int(reason);
if (!(datafellows & SSH_BUG_OPENFAILURE)) {
- packet_put_cstring("open failed");
+ packet_put_cstring(errmsg ? errmsg : "open failed");
packet_put_cstring("");
}
packet_send();
--
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
onfig(8)), and exactly which one gets used will
depend on what the client and server support and/or have enabled. They all
have the same security properties, though.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judg
es.ch/alix3d3.htm has "fix serial port" against the most
recent firmware version...
--
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
r, what could be causing this?
I suspect your addition to the shutdown script makes the unmount early
enough that it has time to complete whatever operation it's trying to
complete.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (ne
hci3: USB revision 1.0
uhub6 at usb6 "ATI OHCI root hub" rev 1.00/1.00 addr 1
umass0 at uhub2 port 1 configuration 1 interface 0 "Generic Flash Card
Reader/Writer" rev 2.01/1.00 addr 2
umass0: using SCSI over Bulk-Only
scsibus2 at umass0: 2 targets, initiator 0
sd1 at scsibus2 targ 1 lun 0: SCSI2 0/direct
removable serial.058f6366058F63666485
vscsi0 at root
scsibus3 at vscsi0: 256 targets
softraid0 at root
scsibus4 at softraid0: 256 targets
root on sd0a (2b4cdf5e1e14b9e7.a) swap on sd0b dump on sd0b
--
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
On Fri, Aug 05, 2016 at 11:56:15AM +1000, Darren Tucker wrote:
> On Thu, Aug 04, 2016 at 02:46:44PM +0200, Momtchil Momtchev wrote:
> [...]
> > What is the problem with software interrupt moderation? That it has a
> > fixed timer while the hardware one scales with the RX rate?
0x5050
#define RL_IM_RXTIME(t)((t) & 0xf)
+#define RL_IM_RXPKTS(t)(((t) & 0xf) << 4)
#define RL_IM_TXTIME(t)(((t) & 0xf) << 8)
+#define RL_IM_TXPKTS(t)(((t) & 0xf) << 12)
struct rl_chain_data {
s probably an indication
that I did something wrong). I could dig up the patch if you'd like
to try it.
The other thing to be aware of is that if you're following current,
POOL_DEBUG is usually set in your config, which will be quite
expensive when pushing packets.
--
Darren Tucker
it on port 222) and if the reason isn't obvious from the log
please post it to the list.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
ot;append this to the list of accepted algorithms".
The second "+" doesn't mean anything so sshd is trying to parse that
as an algorithm name and failing (this should be obvious from the log
message). Try:
KexAlgorithms +diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha
gt;-
DH_GRP_MIN (2048 since OpenBSD 5.9) thus didn't cause the min value to
be modified, and any client that preferred another key exchange method
(most recent versions of OpenSSH) never triggered the problem.
Sorry for the inconvenience.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF
On Thu, Jun 2, 2016 at 2:06 PM, wrote:
> On Thu, Jun 02, 2016 at 08:53:49AM +1000, Darren Tucker wrote:
> > > i'm inclined to disagree with this diff, for the following reasons:
> >
> > - other than the concatenation with spaces, it's not a behaviour of
>
ght use sh -c
or might do something completely different depending on the server.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
27;s how the rest of my rules are written but while the ruleset
loads fine it doesn't actually do anything because queues must be
assigned to real interface names (quoth pf.conf(5): "The root queue
must specifically reference an interface")
--
Darren Tucker (dtucker at zip.com.au)
GPG k
On Mon, Nov 2, 2015 at 12:56 PM, Darren Tucker wrote:
> Not that I have seen, but I don't know what the limiting factor is.
> iperf will push ~500Mbit/s from userspace (mtu 1500)
[...]
> I also notice dlg just made the following change to sys/dev/ic/re.c
> which will probably
addr 1
umass0 at uhub2 port 1 configuration 1 interface 0 "Generic Flash Card
Reader/Writer" rev 2.01/1.00 addr 2
umass0: using SCSI over Bulk-Only
scsibus2 at umass0: 2 targets, initiator 0
sd0 at scsibus2 targ 1 lun 0: SCSI2
0/direct removable serial.058f6366058F63666485
sd0: 3886MB,
gt; Have you tried stuff like sync;sync;reboot or sync;sync;sleep 2;reboot ?
>
For a sample size of 1 trial each, neither helps.
Also, shouldn't the last-mounted location have been updated to "/" when the
root filesystem got remounted read-write?
--
Darren Tucker (dtucker at
operly unmounted
Automatic boot in progress: starting file system checks.
/dev/sd0a (0b606ebc9774a32b.a): FREE BLK COUNT(S) WRONG IN SUPERBLK (SALVAGED)
/dev/sd0a (0b606ebc9774a32b.a): 148615 files, 1630100 used, 308347 free (47619
frags, 32591 blocks, 2.5% fragmentation)
/dev/sd0a (0b606ebc9774a3
0141fff
0xc0142000 - 0xc0145fff
0xc0146000 - 0xc014bfff
extent_free: start 0xc00b4000, end 0xc00b9fff
panic: extent_free: region not found
kdb breakpoint at 155ef04
Stopped at Debugger+0x8: nop
RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING T
c constant
# define mblen(x, y) 1
The obvious thing to try would be to change that to:
# define mblen(x, y) (1)
(BTW openssh-unix-...@mindrot.org is the best place to get help with
portable OpenSSH. See http://www.openssh.com/report.html for details.)
--
Darren Tucker (dtucker at zip.com.a
On Tue, May 5, 2015 at 3:02 PM, wrote:
> On 5/4/2015 at 9:39 PM, "Darren Tucker" wrote:
> >Please try this patch on your server.
>
[...]
> We upgrade from snapshots, and don't have the source installed, so we
> can't easily check this patch.
>
I hav
t char *version)
"TTSSH/2.70*,"
"TTSSH/2.71*,"
"TTSSH/2.72*",SSH_BUG_HOSTKEYS },
+ { "WinSCP*",SSH_OLD_DHGEX },
{ NULL, 0 }
};
--
ull in the hostname.vr?
files resulted in the speed going back up to what I expected (about 85
mbit/s). If you are still having problems you might want to check that out.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good ju
On Mon, Jan 5, 2015 at 9:14 PM, Darren Tucker wrote:
[..]
> sd0 at scsibus0 targ 1 lun 0: SCSI2 0/direct fixed
> sd0: 7580MB, 512 bytes/sector, 15523840 sectors
> scsibus1 at sdmmc1: 2 targets, initiator 0
> sd1 at scsibus1 targ 1 lun 0: SCSI2 0/direct fixed
> sd1: 1832MB, 5
sd1
Label editor (enter '?' for help at any prompt)
> p
OpenBSD area: 0-3451136; size: 3451136; free: 3451136
#size offset fstype [fsize bsize cpg]
c: 34511360 unused
>
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3
> IIRC there were more details in an old lkml post.
>
I think I found the one you are referring to:
http://lkml.iu.edu/hypermail/linux/kernel/0712.3/1199.html
I can't test this at the moment since the hardware is on the other side of
the planet, but I might give this a spin when I
d hardware in the chips,
in which case doing those in software would be faster at the cost of using
more CPU, but I never tested this theory.
[1] http://undeadly.org/cgi?action=article&sid=20130201054156
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C
On Sun, Sep 21, 2014 at 12:10:06AM +1000, Darren Tucker wrote:
> On Sat, Sep 20, 2014 at 11:41:38PM +1000, Darren Tucker wrote:
> > This is qemu/kvm on a linux host. It has previously worked fine.
> > There's a similar panic in the mp kernel which I can also capture if
> &
On Sat, Sep 20, 2014 at 11:41:38PM +1000, Darren Tucker wrote:
> This is qemu/kvm on a linux host. It has previously worked fine.
> There's a similar panic in the mp kernel which I can also capture if
> it'll help.
I was able to bring it up in single-user enough to ifconfig
722 0 0 0 3 0x14200 bored syswq
10704 0 0 0 3 0x40014200idle0
25159 0 0 0 3 0x14200 kmalloc kmthread
1 0 1 0 20x82init
0 -1 0 0 3 0x10200 sc
On Mon, May 12, 2014 at 04:39:57PM -0400, Darren Tucker wrote:
> Indeed. It looks like a bug in the libc resolver rather than sshd, though.
> I've been kinda busy recently so I haven't kept up with recent changes so
> I'm not sure exactly what's changed in th
usr/src/lib/libc/asr/asr.c:199
#6 0x01558e87 in asr_run_sync (as=0x83012d00, ar=0xcfbcc68c)
at /usr/src/lib/libc/asr/asr.c:224
#7 0x0154178b in getnameinfo (sa=0xcfbcc854, salen=16, host=0xcfbccdb0 "",
hostlen=256, serv=0x0, servlen=0, flags=8)
at /usr/src/lib/libc/asr/getnam
ftp is concerned, the underlying ssh is just an 8-bit
clean bidirectional pipe.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
eve
> the original address which does not require privileges.
That does look like a better way of doing it and would likely also
simplify things. If I'm reading commit logs correctly, divert-to was
added about 6 months after I originally wrote that code.
--
Darren Tucker (dtucker at zi
bitrotted since then.
The other gotcha is that it needed to be run as root to open the PF
device to look up the NAT states. That could potentially be mitigated
by a setuid helper program, but from memory it needed write access for
the DIOCNATLOOK ioctl, so it'd still be potentially dangerous
ost of more CPU usage
although I never tested that.
[1] http://undeadly.org/cgi?action=article&sid=20130201054156
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the exp
On Sun, Nov 03, 2013 at 01:00:28PM +0200, Lars Nooden wrote:
> On Sun, 3 Nov 2013, Darren Tucker wrote:
> [snip]
> > Also: it's not in 5.4 but it is in current: check out the Match keyword
> > for a more flexible method.
>
> Cool. Were there any particular
s256-ctr,...
Host *
Ciphers arcfour256,arcfour128,...
which will use the first for any hostname containing a dot, and the
second for anything without.
Also: it's not in 5.4 but it is in current: check out the Match keyword
for a more flexible method.
--
Darren Tucker (dtucker at zi
y be specific to some versions of qemu.
# config -o /bsd -e /bsd
ukc> disable mpbios
ukc> disable uhci
ukc> quit
then reboot.
anyway, this is just a guess. you might get some better advice if you
provide more info, like the output of dmesg.
--
Darren Tucker (dtucker at zip.com.au)
G
resolv.conf
> /etc/pf.conf
> /etc/dhcpd.conf
Is IP forwarding (net.inet.ip.forwarding=1) on? It's in sysctl.conf
(not in that list) and it's off by default.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgeme
rformance?
Try one of the faster MACs (umac...@openssh.com is probably going to be
the fastest one but you might want to try the others too).
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfo
your case, I'd guess you were
seeing HTTP/1.1 keep-alives.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
situations where ssh-agent offers many different identities. The
default is ``no''.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
og_file instead of the system log.
[...]
> Is this something from upcoming 6.3 or was it missed in the release notes
> for 6.2?
It was added after the 5.2 release and will be in 5.3.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4
tocol, where it
was disabled in new installations for about 2.5 years before the default
compiled into sshd was changed.
I would expect the compiled in default for UsePrivilegeSeparation to
change at some point down the track, at which point it will be commented
out in sshd_config again.
--
ptions.chroot_directory != NULL &&
+ strcasecmp(options.chroot_directory, "none") != 0)
+ fatal("server lacks privileges to chroot to ChrootDirectory");
+
if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
fatal("Failed to se
s to, and they're simple string matches.
There is an open enhancement request to let it match subnets, which
may or may not be sufficient for what you want
(https://bugzilla.mindrot.org/show_bug.cgi?id=1169).
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2
-O forward \
-L 1234:127.0.0.1:22 localhost
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
ntly (or, at least, it's
taking much longer than they expected).
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
.143;r2=1.144;sortby=date
>
> anyway, add mquery() to sandbox-systrace.c work on my system.
> thank you.
Slight variant (SYSTR_POLICY_PERMIT) committed, thanks.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement co
an MITM can't do since it
doesn't have access to the corresponding private key.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
eference for what is supported. Corrections are welcome (but before
someone says "RFC6594", note that I'm trying to keep it accurate for
the most recent release).
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
ing "netstat" on each, identify the TCP connection
and check if the "send-q" is non zero (indicating un-acked data).
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
Lars Nooden wrote:
How can umask be set on the remote host for chrooted sftp users?
You can set it on the server side with sftp-server's "-u" option but
that's very new (post 4.6).
You would have something like this in sshd_config:
Subsystem sftp sftp-server -u 002
Falk Brockerhoff wrote:
is there any gentle way how to determine my ip address if I connected
via ssh to an openbsd system?
echo $SSH_CLIENT | cut -f1 -d' '
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judge
There's more work to be done, and some of it is going to be nontrivial
to port (eg sensors, adjtime(NULL, olddelta) returning the remaining
offset) and I have been busy with other things and slacking in this
department.
[1] http://www.zip.com.au/~dtucker/openntpd/snapshot/
--
Da
ts to the
same tun device."
http://www.iijlab.net/~kjc/software/dist/tunbridge-0.1.tar.gz
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually come
ire an AFS token before accessing the user's home directory.
The default is ``no''.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
Host somehost-xfer
Hostname somehost
ProxyCommand nc -T throughput %h %p
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
1067393 Jul 2 07:50 /tmp/tmp2
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
Pierre-Yves Ritschard wrote:
On Wed, 13 Jun 2007 15:40:36 +1000
Darren Tucker <[EMAIL PROTECTED]> wrote:
[...]
1. add a static published arp entry for the cluster address on the
balancer with its own mac address so packets aimed at the cluster
address will go to the balancer.
2. con
or it and send a
> patch ;)
Anyone looking into this would probably want to look at what Ben
Lindstrom has already done with this:
http://www.eviladmin.org/patches/sftp-tab.patch
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
; scp "username:skey"@host.example.com:/home/username/foo.bar .
>
> Any other suggestions?
I don't use skey so I can't test it but this will probably work:
scp -o User="username:skey" host.example.com:/home/username/foo.bar .
--
Darren Tucker (dtucker at zip.
calhost
$ echo $?
255
You can also put them in ~/.ssh/config or ssh_config.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
x27;s only happening after
using SFTP (and SCP doesn't work afterwards), but unfortunately I'm
not sure as I don't transfer files that often.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
1 - 100 of 132 matches
Mail list logo
