Bug#1025533: New systemd socket activation breaks existing setups

uard pn monkeysphere ii ssh-askpass 1:1.2.4.1-15 pn ufw -- debconf information excluded -- .''`. martin f. krafft : :' : proud Debian developer `. `'` http://people.debian.org/~madduck `- Debian - when you have better things to do than fixing systems

Bug#954965: /etc/ssh/ssh_config: ssh_config: Include custom config files at the end, so they can overwrite the default settings

libpam-systemd [logind] 245.4-4 pn ncurses-term ii xauth1:1.0.10-1 Versions of packages openssh-server suggests: pn molly-guard pn monkeysphere ii ssh-askpass 1:1.2.4.1-10+b1 pn ufw -- debconf information excluded -- .''`. martin f

Bug#934216: buster version has 3 deprecated settings in sshd_config

KeyRegenerationInterval sshd[1330]: /etc/ssh/sshd_config line 33: Deprecated option ServerKeyBits Probably worth addressing using a NEWS.Debian entry. -- .''`. martin f. krafft @martinkrafft : :' : proud Debian developer `. `'` http://people.debian.org/~madduck `- Debian - when you have better

Bug#806427: ProxyCommand %h does not respect CanonicalizeHostname

[not included] -- debconf-show failed -- .''`. martin f. krafft <madduck@d.o> @martinkrafft : :' : proud Debian developer `. `'` http://people.debian.org/~madduck `- Debian - when you have better things to do than fixing systems digital_signature_gpg.asc Description: Digital signatur

Bug#618863: /usr/bin/ssh: insecurely verifies host key with VerifyHostKeyDNS option

ii ssh-askpass-gnome [ssh-askpass] 1:6.9p1-2+b1 -- debconf-show failed -- .''`. martin f. krafft <madduck@d.o> @martinkrafft : :' : proud Debian developer `. `'` http://people.debian.org/~madduck `- Debian - when you have better things to do than fixing s

Bug#804817: Manpage gives misleading information about "secure fingerprints" from DNS (SSHFP records)

pn libpam-ssh ii monkeysphere 0.37-3 ii ssh-askpass-gnome [ssh-askpass] 1:6.9p1-2+b1 -- debconf-show failed -- .''`. martin f. krafft <madduck@d.o> @martinkrafft : :' : proud Debian developer `. `'` http://people.debian.org/~

Bug#804820: ControlPersist disables UpdateHostKeys, even with -Snone

suggests: pn keychain pn libpam-ssh ii monkeysphere 0.37-3 ii ssh-askpass-gnome [ssh-askpass] 1:6.9p1-2+b1 -- debconf-show failed -- .''`. martin f. krafft <madduck@d.o> @martinkrafft : :' : proud Debian dev

Bug#804820: ControlPersist disables UpdateHostKeys, even with -Snone

kick in even then, as ControlPersist should only > affect masters. :-/ Yes, it's set to auto. -- .''`. martin f. krafft <madduck@d.o> @martinkrafft : :' : proud Debian developer `. `'` http://people.debian.org/~madduck `- Debian - when you have better things to do than

Bug#804818: Improved interplay between StrictHostKeyChecking and VerifyHostKeyDNS

for hosts where I control the zone? -- .''`. martin f. krafft <madduck@d.o> @martinkrafft : :' : proud Debian developer `. `'` http://people.debian.org/~madduck `- Debian - when you have better things to do than fixing systems digital_signature_gpg.asc Description: Digital sign

Bug#236718: ssh: UNIX socket support in -L would be great

I would really appreciate this functionality. Sure, I can hack this up with socat on both sides, but this would be so much better placed within OpenSSH, I cannot even say how much! Do you know what's blocking the patch? https://bugzilla.mindrot.org/show_bug.cgi?id=1256 -- .''`. martin f

Bug#713806: subsystems: hide informational logging warning

pn rssh none ii ssh-askpass-gnome [ssh-askpass] 1:6.2p2-4 pn ufw none -- debconf-show failed -- .''`. martin f. krafft madduck@d.o Related projects: : :' : proud Debian developer http://debiansystem.info

Bug#698669: Access to escape functions with ControlPersist

] -- no debconf information -- .''`. martin f. krafft madduck@d.o Related projects: : :' : proud Debian developer http://debiansystem.info `. `'` http://people.debian.org/~madduckhttp://vcs-pkg.org `- Debian - when you have better things to do than fixing systems

Bug#695734: Log IP instead of hostname

0.4.5-1 ii monkeysphere 0.35-2 pn rssh none ii ssh-askpass-gnome [ssh-askpass] 1:6.0p1-3 pn ufw none -- debconf information excluded -- .''`. martin f. krafft madduck@d.o Related projects

Bug#650512: Debian-specific?

tags 650512 - upstream thanks According to https://bugzilla.mindrot.org/show_bug.cgi?id=1963#c6, the bug is in Debian only, not in upstream… However, I cannot find anything in debian/patches that would explain this… -- .''`. martin f. krafft madduck@d.o Related projects: : :' : proud

Bug#650512: Not fixed in OpenSSH 6.0

on non-mapped v4-in-v6 addressed connections (closes: #643312, #650512, #671075). With 6.0, I get exactly the same behaviour as before, so #650512 is not fixed, sorry… -- .''`. martin f. krafft madduck@d.o Related projects: : :' : proud Debian developer http

Bug#643312: Vice versa for IPv6 AF_INET6

: packet_set_tos: set IPV6_TCLASS 0x08 (ignore for now that the class set is wrong, that will be subject of the next report) -- .''`. martin f. krafft madduck@d.o Related projects: : :' : proud Debian developer http://debiansystem.info `. `'` http://people.debian.org

Bug#650512: IPQoS not honoured

gtk-led-askpass [ssh-askpass] 0.11-1 ii keychain none ii libpam-ssh none ii monkeysphere 0.35-2 -- Configuration Files: /etc/ssh/ssh_config changed [not included] -- no debconf information -- .''`. martin f. krafft madduck@d.o

Bug#650521: QoS/DSCP names false translated to ToS hex value

-- .''`. martin f. krafft madduck@d.o Related projects: : :' : proud Debian developer http://debiansystem.info `. `'` http://people.debian.org/~madduckhttp://vcs-pkg.org `- Debian - when you have better things to do than fixing systems digital_signature_gpg.asc

Bug#594687: ControlPersist causes defunct/zombie processes

dialog suitable for pn keychain none (no description available) pn libpam-sshnone (no description available) -- Configuration Files: /etc/ssh/ssh_config changed [not included] -- no debconf information -- .''`. martin f. krafft madd...@d.o

Bug#550260: add reference to control master to environment of slave sessions

available) pn libpam-sshnone (no description available) -- debconf-show failed -- .''`. martin f. krafft madd...@d.o Related projects: : :' : proud Debian developer http://debiansystem.info `. `'` http://people.debian.org/~madduckhttp://vcs

Bug#454784: pretty sure this is fixed

forcemerge 471649 454784 thanks I am pretty sure this has been fixed with #471649, thus closing by forcemerge. -- .''`. martin f. krafft madd...@d.o Related projects: : :' : proud Debian developer http://debiansystem.info `. `'` http://people.debian.org/~madduck

Bug#550262: all sessions should be slaves of a backgrounded master

] 0.10-2 GTK+ password dialog suitable for pn keychain none (no description available) pn libpam-sshnone (no description available) -- debconf-show failed -- .''`. martin f. krafft madd...@d.o Related projects: : :' : proud Debian

Bug#514523: ListenAddress :: does not allow IPv4 connections

protects machines from accidental pn rssh none (no description available) -- debconf information excluded -- .''`. martin f. krafft madd...@d.o Related projects: : :' : proud Debian developer http://debiansystem.info `. `'` http

Bug#510951: segfaults after PAM thread exits unexpectedly

in the past. No, that does not reproduce the bug. I will try to get an strace of the process once I am back at home... -- .''`. martin f. krafft madd...@d.o Related projects: : :' : proud Debian developer http://debiansystem.info `. `'` http://people.debian.org/~madduck

Bug#510951: segfaults after PAM thread exits unexpectedly

also sprach martin f krafft madd...@debian.org [2009.01.06.0846 +0100]: sshd[23060]: fatal: PAM: authentication thread exited unexpectedly kernel: sshd[23324]: segfault at eip esp bfcd73cc error 4 The following is a complete set of log entries (auth+syslog), selected by PID

Bug#505656: -O check option does not honour -q

) -- no debconf information -- .''`. martin f. krafft [EMAIL PROTECTED] : :' : proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck - http://debiansystem.info `- Debian - when you have better things to do than fixing systems digital_signature_gpg.asc

Bug#481238: host key fingerprints in .ssh/config

with merging remote host configuration into one file, namely .ssh/config, but I forgot the exact reason for it. Sorry, -- .''`. martin f. krafft [EMAIL PROTECTED] : :' : proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck - http://debiansystem.info

Bug#481235: HostKeyAlias does not work as expected

1:1.2.3.3.dfsg-12 compression library - runtime Versions of packages openssh-client recommends: ii xauth 1:1.0.3-1 X authentication utility -- no debconf information -- .''`. martin f. krafft [EMAIL PROTECTED] : :' : proud Debian developer, author

Bug#481232: mysterious DSAAuthentication option found

password and ii zlib1g1:1.2.3.3.dfsg-12 compression library - runtime Versions of packages openssh-client recommends: ii xauth 1:1.0.3-1 X authentication utility -- no debconf information -- .''`. martin f. krafft [EMAIL PROTECTED] : :' : proud

Bug#481238: host key fingerprints in .ssh/config

-- no debconf information -- .''`. martin f. krafft [EMAIL PROTECTED] : :' : proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck - http://debiansystem.info `- Debian - when you have better things to do than fixing systems

Bug#481251: support for .ssh/authorized_keys.d

-12 compression library - runtime Versions of packages openssh-server recommends: ii xauth 1:1.0.3-1 X authentication utility -- debconf information excluded -- .''`. martin f. krafft [EMAIL PROTECTED] : :' : proud Debian developer, author, administrator, and user

Bug#481250: support for .ssh/known_hosts.d

password and ii zlib1g1:1.2.3.3.dfsg-12 compression library - runtime Versions of packages openssh-client recommends: ii xauth 1:1.0.3-1 X authentication utility -- no debconf information -- .''`. martin f. krafft [EMAIL PROTECTED] : :' : proud Debian

Bug#480266: option to create non-login shell over ControlMaster socket connections

1:1.2.3.3.dfsg-12 compression library - runtime Versions of packages openssh-client recommends: ii xauth 1:1.0.3-1 X authentication utility -- no debconf information -- .''`. martin f. krafft [EMAIL PROTECTED] : :' : proud Debian developer, author

Bug#471649: fail gracefully when ControlMaster socket already exists but is not yet ready

1:4.1.0-2 change and administer password and ii zlib1g1:1.2.3.3.dfsg-11 compression library - runtime openssh-client recommends no packages. -- no debconf information -- .''`. martin f. krafft [EMAIL PROTECTED] : :' : proud Debian developer, author

Bug#471437: option to prevent going via master control socket

and administer password and ii zlib1g1:1.2.3.3.dfsg-11 compression library - runtime openssh-client recommends no packages. -- no debconf information -- .''`. martin f. krafft [EMAIL PROTECTED] : :' : proud Debian developer, author, administrator, and user `. `'` http

Bug#471437: option to prevent going via master control socket

ControlPath and -- .''`. martin f. krafft [EMAIL PROTECTED] : :' : proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck - http://debiansystem.info `- Debian - when you have better things to do than fixing systems literature always anticipates

Bug#395473: please add suggests for molly-guard

Secure shell client, an rlogin/rsh ii zlib1g 1:1.2.3-13 compression library - runtime openssh-server recommends no packages. -- debconf information excluded -- .''`. martin f. krafft [EMAIL PROTECTED] : :' : proud Debian developer, author, administrator, and user

Bug#374980: ssh-keyscan does not exit in case of failure

also sprach martin f krafft [EMAIL PROTECTED] [2006.06.22.1447 +0200]: $ ssh-keyscan -t rsa does.not.exist.org $ echo $? 0 Of course, the domain name must resolve. Sorry. So the problem happens when the host is down or sshd not running. -- Please do not send copies of list mail to me; I

Bug#373006: logic error in sshd(8) manpage/known_hosts file format

), and the per-user file is maintained auto‐ matically: whenever the user connects from an unknown host its key is added to the per-user file. That last line should be to an unknown host not from -- Please do not send copies of list mail to me; I read the list! .''`. martin f

Bug#354820: sorry, wrong filenames

re: my last mail. i included the wrong filenames. instead of e.g. creating /etc/logcheck/violations.ignore.d/local-ssh, please add the rules to /etc/logcheck/violations.ignore.d/logcheck-ssh. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft [EMAIL

Bug#354820: updated logcheck filter set

:)?[.[:digit:]]+$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Failed keyboard-interactive/pam for illegal user [[:alnum:]]+ from (:::)?[.[:digit:]]+ port [[:digit:]]{1,5} ssh2$ -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft

Bug#354820: please consider adding two logcheck filters

:]]+$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [[:xdigit:]:.]+: [12]: Timeout, server not responding\. Thanks, -- .''`. martin f. krafft [EMAIL PROTECTED] : :' :proud Debian developer and author: http://debiansystem.info `. `'` `- Debian

Bug#310536: status?

If you can take a minute to fill me in on the status of this bug report, it would be greatly appreciated! -- .''`. martin f. krafft [EMAIL PROTECTED] : :' :proud Debian developer and author: http://debiansystem.info `. `'` `- Debian - when you have better things to do than fixing

Bug#231472: status?

What is the status on this wishlist request? -- .''`. martin f. krafft [EMAIL PROTECTED] : :' :proud Debian developer and author: http://debiansystem.info `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP (sub)keys? Use subkeys.pgp.net

Bug#351231: Ignore unknown options

not recognise? Thanks, -- .''`. martin f. krafft [EMAIL PROTECTED] : :' :proud Debian developer and author: http://debiansystem.info `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP (sub)keys? Use subkeys.pgp.net as keyserver! computer

Bug#351231: Ignore unknown options

of an unknown option? UnknownOptionAction [abort|warn|ignore] -- .''`. martin f. krafft [EMAIL PROTECTED] : :' :proud Debian developer and author: http://debiansystem.info `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP (sub)keys? Use

Bug#350893: control socket not working with svn+ssh

1:4.2p1-5 Secure shell server, an rshd repla ssh recommends no packages. -- debconf-show failed -- .''`. martin f. krafft [EMAIL PROTECTED] : :' :proud Debian developer and author: http://debiansystem.info `. `'` `- Debian - when you have better things to do than

Bug#350898: background the control socket connection

-show failed -- .''`. martin f. krafft [EMAIL PROTECTED] : :' :proud Debian developer and author: http://debiansystem.info `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP (sub)keys? Use subkeys.pgp.net as keyserver! fashions have done

Bug#254616: scp: -p should honour ACLs and filesystem attributes

. an extension to the rcp protocol -- if done right -- would only take effect when both sides support it. otherwise, it would be silently ignored... i'll shut up. -- Please do not CC me when replying to lists; I read them! .''`. martin f. krafft [EMAIL PROTECTED] : :' :proud Debian

Bug#254616: scp: -p should honour ACLs and filesystem attributes

not CC me when replying to lists; I read them! .''`. martin f. krafft [EMAIL PROTECTED] : :' :proud Debian developer, admin, and user `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver

Bug#254616: scp: -p should honour ACLs and filesystem attributes

using stdin tunneling of ssh... -- Please do not CC me when replying to lists; I read them! .''`. martin f. krafft [EMAIL PROTECTED] : :' :proud Debian developer, admin, and user `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys