Re: OpenBSD projects

On 28 December 2014 at 15:14, Ingo Schwarze wrote: > Hi, > > as this request met quite a bit of interest, i have drafted > a list at this *temporary* URI: > > http://mdocml.bsd.lv/openbsd_projects.html > > If developers want it, moving it to the OpenBSD web site would > be fine with me. Looks

Re: elementary opensmtpd setting on rental server

Gilles's advices is essential ! i read http://yama-ga.seesaa.net/article/394367473.html too. so i rewrite smtpd.conf listen on lo0 listen on em0 port 25 listen on em0 port 465 listen on em0 port 587 table aliases db:/etc/mail/aliases.db accept from any f

Re: Alleged OpenSSH bug

On 23 Jul 2015, at 17:38, Marc Espie wrote: Not surprisingly, as the patch clearly shows, the problem is right smack in the middle of USE_PAM code. I wouldn't call that an OpenSSH bug. I would call it a systemic design flaw in PAM. As usual. LOTS of security holes in authentication systems

Re: Alleged OpenSSH bug

On Thu, Jul 23, 2015 at 12:29:37PM -0400, Garance A Drosehn wrote: > On 23 Jul 2015, at 10:06, Emilio Perea wrote: > > >To me it looks like a mistimed April Fools' joke, but hope somebody more > >knowledgeable will respond: > > > >https://kingcope.wordpress.com/2015/07/16/openssh-keyboard-interact

Re: Alleged OpenSSH bug

On Thu, Jul 23, 2015 at 5:10 PM, Ted Unangst wrote: > Come on. Calling it an oversight is not condescending. I think it's > perfectly > reasonable to say it was an oversight. He did't say it was the hole of the > century. There's no need to be so defensive. > Given that the last (and first) remo

Re: Alleged OpenSSH bug

On Thu, Jul 23, 2015 at 5:10 PM, Ted Unangst wrote: > Giancarlo Razzolini wrote: > > > The original post wondered if this was some mis-timed April Fool's > > > joke. My reply was just to say that it's a real issue, although > > > many people won't see this issue due to the way sshd is configured

Re: Alleged OpenSSH bug

Giancarlo Razzolini wrote: > > The original post wondered if this was some mis-timed April Fool's > > joke. My reply was just to say that it's a real issue, although > > many people won't see this issue due to the way sshd is configured > > on their systems. > > You were condescending, admit it.

Re: Alleged OpenSSH bug

Em 23-07-2015 16:43, Garance A Drosehn escreveu: > As noted in my message, I did actually test it on a variety of systems. You mentioned FreeBSD boxes and a Mac. That ain't a variety of systems. > I happened to avoid it on my systems, but that was more by luck than > any cleverness on my part. T

Mozilla + GStreamer1 = Problem

Hi there! (Again) I'd like to bring an issue to the attention of those who are skilled enough to handle this... To begin with: The following relates to current-i386 (current-amd64 was effected too but I didn't test lately). With /usr/local/libexec/gstreamer-1.0/gst-plugin-scanner enabled mozilla

Re: elementary opensmtpd setting on rental server

On Fri, Jul 24, 2015 at 02:09:53AM +0900, Tuyosi Takesima wrote: > thanks for Denis > > |Tell me if I'm wrong but you don't listen on port 25 or 465. > your advise is great ! > > /etc/mail/smtpd.conf is rewriten . > listen on lo0 > listen on em0 port 25<-to recieve mail f

Re: Alleged OpenSSH bug

On 23 Jul 2015, at 13:33, Theo de Raadt wrote: > >> My freebsd boxes do *not* have the problem, but that's because I have >> set 'ChallengeResponseAuthentication no'. >> I don't even remember why I set that on my freebsd boxes. I change very >> few settings, but for some reason I decided to change

Re: elementary opensmtpd setting on rental server

i have done my homework buti cannot send mails to x...@gmail.com & x...@gmx.com . Do you have any error code or message ? thunderbird says --- An error occurred while sending mail. The mail server responded: Invalid recipient. <--- Please check the message recipie

Re: elementary opensmtpd setting on rental server

> buti cannot send mails to x...@gmail.com & x...@gmx.com . > Do you have any error code or message ?

Re: Alleged OpenSSH bug

On 23 July 2015 at 09:15, Giancarlo Razzolini wrote: > Em 23-07-2015 11:16, Peter N. M. Hansteen escreveu: >> However, running that command pinting at a FreeBSD 10.1 box in my care >> gave more than three tries. I aborted well before reaching 1 for >> obvious reasons. > Digging some more, I've

Re: Alleged OpenSSH bug

> But it depends on the right (wrong) combination of factors > which, unfortunately, FreeBSD has. Exactly.

Re: Alleged OpenSSH bug

On 7/23/2015 12:29 PM, Garance A Drosehn wrote: > On 23 Jul 2015, at 10:06, Emilio Perea wrote: [snip] > > It is a real issue. Your servers might not see the issue depending on > what > options have been set for sshd_config. My freebsd boxes do *not* have > the > problem, but that's because I

Re: Alleged OpenSSH bug

> It is a real issue. Your servers might not see the issue depending on > what options have been set for sshd_config. Some operating systems have extremely fast passwd checks, others have slow ones. FreeBSD seems to be the worst affected because their PAM integration does not terminate the loop

Re: Alleged OpenSSH bug

Em 23-07-2015 13:29, Garance A Drosehn escreveu: > It is a real issue. Your servers might not see the issue depending on > what > options have been set for sshd_config. My freebsd boxes do *not* have > the > problem, but that's because I have set > 'ChallengeResponseAuthentication no'. > I don't

Re: Alleged OpenSSH bug

On 23 Jul 2015, at 10:06, Emilio Perea wrote: To me it looks like a mistimed April Fools' joke, but hope somebody more knowledgeable will respond: https://kingcope.wordpress.com/2015/07/16/openssh-keyboard-interactive-authentication-brute-force-vulnerability-maxauthtries-bypass/ It is a real

Re: elementary opensmtpd setting on rental server

thanks for Denis |Tell me if I'm wrong but you don't listen on port 25 or 465. your advise is great ! /etc/mail/smtpd.conf is rewriten . listen on lo0 listen on em0 port 25<-to recieve mail from gmx listen on em0 port 465 <-to recieve mail from gmail tab

Re: Alleged OpenSSH bug

> > It seems to affect only FreeBSD. But it's bad, and affect a lot of > > versions, dating back to 2007. And also, as I guessed, interaction with > > PAM is the culprit. > > That's why Dr. House doesn't allow exotic things to be ported to OpenBSD. > "You Can't Always Get What You Want". Seriousl

Re: Alleged OpenSSH bug

> It seems to affect only FreeBSD. But it's bad, and affect a lot of > versions, dating back to 2007. And also, as I guessed, interaction with > PAM is the culprit. That's why Dr. House doesn't allow exotic things to be ported to OpenBSD. "You Can't Always Get What You Want".

Re: LibreSSL and easy-rsa

On 2015-07-22, Predrag Punosevac wrote: > Hi Misc, > > I apologize if this was asked earlier. I am using easy-rsa to generate > certificates for my new OpenVPN gateway. Could somebody confirm if > easy-rsa is now using LibreSSL? Quick inspection of It uses the "openssl" command which, on OpenBSD

Re: Building Tor with libevent 2.x (from ports)

On Thu, Jul 23, 2015 at 05:40:54PM +0200, nusenu wrote: > as we have learned from Nicholas, OpenBSD will stay with libevent > 1.4.x for the time being. > > Do you have any plans to make the Tor port use libevent 2.x from > ports? > > Background: Tor on OpenBSD using libevent 1.4.15 is significant

Re: Alleged OpenSSH bug

Em 23-07-2015 11:16, Peter N. M. Hansteen escreveu: > However, running that command pinting at a FreeBSD 10.1 box in my care > gave more than three tries. I aborted well before reaching 1 for > obvious reasons. Digging some more, I've found this: http://seclists.org/oss-sec/2015/q3/156 It see

Re: OpenBSD release with libevent 2.x?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 > No we have pretty much settled on a (mildly forked) 1.4 now and > there are no plans to update the base system. Thanks for your answer. -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJVsQq6AAoJEFv7XvVCELh0fNkP/17w6ZopeuWUvqLqPzNzoakd 9QiZemNTcWcFc

Re: Alleged OpenSSH bug

Em 23-07-2015 11:16, Peter N. M. Hansteen escreveu: > In my *very* limited testing, using variations of the first ssh > command in that blog post, none of my OpenBSD boxes with fairly > pristine out of the box /etc/ssh/sshd_config permitted more than three > tries before closing the connection. I a

Building Tor with libevent 2.x (from ports)

Hi Pascal, as we have learned from Nicholas, OpenBSD will stay with libevent 1.4.x for the time being. Do you have any plans to make the Tor port use libevent 2.x from ports? Background: Tor on OpenBSD using libevent 1.4.15 is significantly "slower" (less throughput) compared to other OSes with

Re: Alleged OpenSSH bug

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/23/15 16:06, Emilio Perea wrote: > To me it looks like a mistimed April Fools' joke, but hope somebody > more knowledgeable will respond: > > https://kingcope.wordpress.com/2015/07/16/openssh-keyboard-interactive-authentication-brute-force-vulne

Re: Bluetooth Support

All bluetooth support was removed some releases ago. The code rotted. If someone wants to work on this again, they are welcome to. On 2015 Jul 23 (Thu) at 10:02:55 -0400 (-0400), Richard E. Thornton wrote: :I am just curious - is Bluetooth supported on any bluetooth enabled :computers? Or is

Alleged OpenSSH bug

To me it looks like a mistimed April Fools' joke, but hope somebody more knowledgeable will respond: https://kingcope.wordpress.com/2015/07/16/openssh-keyboard-interactive-authentication-brute-force-vulnerability-maxauthtries-bypass/

Bluetooth Support

I am just curious - is Bluetooth supported on any bluetooth enabled computers? Or is this a dead topic? Richard

Re: Audio Boost for Sndio

Some sound cards have two volume controls: one is for the specific source and the other is for the whole card. Both must be at 100% for maximum output. On 07/23/2015 06:55 AM, ropers wrote: I'm talking out my arse here, but: To me, your submission vaguely reminds me of the CD Loudness War < http

Re: MPLS configuration problem

Reza, I am doing something similar, and I followed https://2011.eurobsdcon.org/papers/jeker/MPLS.pdf. I don't see a problem when running "ifconfig mpe2 rdomain 2;ifconfig mpe2 mplslabel 999;ifconfig mpe2 192.168.238.2/32". I run on OpenBSD 5.5. -Yang F

rdomain with BGP dynamic route

Hi all, I am configuring OpenBSD bgpd so that it can relay the routes learned from customer BGP servers to a route reflector (RR). Customer BGP servers only speak IPv4 BGP, so my OpenBSD bgpd needs to add different route-distinguisher and route-target to the dynamic routes learned from each cus

MPLS configuration problem

Hi misc I want to implement simple MPLS network according to this page but when configuring PE1 , after run this command " ifconfig mpe0 mplslabel 666 " i got this log " ifconfig: SIOCSETLABEL: Network is unreachable "

Re: Audio Boost for Sndio

I'm talking out my arse here, but: To me, your submission vaguely reminds me of the CD Loudness War < https://en.wikipedia.org/wiki/Loudness_war>. It sounds to me as if your hardware may be inherently a bit too quiet, but to an extent it's possible to compensate for that by pre-processing the signa

Re: elementary opensmtpd setting on rental server

On 2015-07-23 Thu 11:27 AM |, Tuyosi Takesima wrote: > > Gmail server reject mail from PC2 because Gmail server thinks that it is > relayed by aoi. Post logs. > and > aoi server reject mail from PC1 because aoi server thinks that it is > relayed by Gmail. > Post logs. > > ssh -l user aoi.