---------------------------------------
2008 USENIX/ACCURATE Electronic Voting Technology Workshop (EVT '08)
July 28-29, 2008
San Jose, CA, USA
Sponsored by USENIX: The Advanced Computing Systems Association, and
ACCURATE: A Center for Correct, Usable, Reliable, Auditable, and
Transparent Elections
Refereed paper submissions due: March 28, 2008, 11:59 p.m. PDT
Panel proposals due: May 2, 2008
http://www.usenix.org/evt08/cfpa
-----------------------------------------

The Call for Papers for the 2008 USENIX/ACCURATE Electronic Voting
Technology Workshop is now available.

I have two (similar) boxes A and B using the same Internet
connection to access an SVN server S. A accesses S via a VPN - thus, in
order to check out a source tree T from A I do

svn co svn+ssh://S/T

in A.

B, however, accesses S via SSH tunneling (B could possibly use
the VPN but let's just assume that it can't) as follows:

1) In B, in ~/.subversion/config, under the [tunnels] section add

sbox = ssh -p 2022

2) In B do

ssh -fngT -L 2022:S:22 -C M ping -i 30 localhost > /dev/null 2>&1

where M is a box that B can SSH into directly from the Internet, and M
and S are in the same internal LAN, not directly accessible from A
(except through the VPN which, like I said, B can't use.)

3) In B get the tree T with the command

svn co svn+sbox://localhost/T

Hi all,

I have an ssh tunnel between two machines: local port 5000 will be
tunneled
to port 1521 on the remote side.

A telnet localhost 5000 results in the following error messages on
the remote machine;

sshd[28421]:[ID800047 FACILITY_AND_PRIORITY] Received request to
connect to host 127.0.0.1 port 1521 , but the request was
denied.

I have the same setup on a number of machines but only this one is
causing trouble.
Any help appreciated.

I can restrict certain SSH users/keys from doing shell commands by putting
something like:

command="false"

on the line with their public key in the authorized_keys file, allowing
them to do only that one command, or to use the -N option to do no command.
That way they can do -L and -R to set up secure TCP paths.

For some users, I'd like to further limit this so they can only do -L and
not do -R at all. I could use:

no-port-forwarding

on the key line in the authorized_keys file, but that would turn off BOTH
-L and -R. But I want to leave -L on.

Perhaps permitopen="host:port" might work for SOME of these users, since
a subset only needs to connect to one specific host:port. But some others
might need to do more than that. I may even want to let them do -D.
I just don't want them to do -R at all.

Any ideas? Something I overlooked?

Steph wrote:

If you use X11 Forward I don't think it's necessary to use xhost, since
the connection is comming (via a tunnel) from the localhost.

Greetings

I am trying to get ssh to work without prompting for a password.
I can get this to work but there seems to be a quirk that I wanted to
know if it was a known issue/feature.

If I place my public rsa key into the authorized_keys file of another
user on another server, I can not ssh to that user without being
prompted for a password. However it seems that my user that I am
ssh'ing with also exists on that other server then I am not prompted
for a password. Even though I do not have the password for the same
userid on the other server.

Is this a feature or something ?

On Jan 10, 3:13 pm, zethw hotmail.com> wrote:

Are there any known issues with SSH-1.99-OpenSSH_4.1, as with version
SSH-1.99-OpenSSH_3.8.1.p1 I don't have to set keep alive parameter?

I am not sure if this is related, I have a ksh script that calls a db2 pl
stored procedure several times when it comes to certain iteration, it ends
up hanging in the middle. I experienced this with an environment that has
SSH-1.99-OpenSSH_4.1 but not with a different environment that has
OpenSSH_3.8.1.p1.

Thanks in advance

"Steph" _gmail.com> wrote:

Your X server that came with cygwin most likely as a full session mode
via XDMCP over a direct local connection.

Hi,

from my home I have (only) access to my office PC via ssh (and I have
root permissions, too).

I'd like to test a webserver behind the firewall.
Can I use ssh in some way to forward the ssh port to port 8080 ?

Many thanks for a hint,

Helmut Jarausch

Lehrstuhl fuer Numerische Mathematik
RWTH - Aachen University
D 52056 Aachen, Germany