[Bug 2989] Revoking certificates when TrustedUserCAKeys-file contains multiple keys does not work
https://bugzilla.mindrot.org/show_bug.cgi?id=2989 Damien Miller changed: What|Removed |Added Resolution|--- |WORKSFORME Status|NEW |RESOLVED --- Comment #2 from Damien Miller --- Closing for lack of followup -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2976] Avoid automatically adding RemoteCommand option
https://bugzilla.mindrot.org/show_bug.cgi?id=2976 Damien Miller changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |WONTFIX CC||d...@mindrot.org --- Comment #1 from Damien Miller --- I think this case could be satisfied using `scp -J` (jumphost). In any case, we won't add an option for this particular case, sorry - it's a bit too niche. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2966] scp client-side filename matching problems
https://bugzilla.mindrot.org/show_bug.cgi?id=2966 Damien Miller changed: What|Removed |Added Resolution|--- |FIXED Status|NEW |RESOLVED --- Comment #6 from Damien Miller --- I just committed something similar: https://github.com/openssh/openssh-portable/commit/c97520d23d1fe53d30725a2af25d26f2faff Since this bug was opened, we also switched the default protocol for scp from the old rcp protocol to SFTP, which performs all glob expansion on the client and so doesn't suffer from these problems. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2957] servconf.c: parse_multistate: does not allow override?
https://bugzilla.mindrot.org/show_bug.cgi?id=2957 Damien Miller changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |WORKSFORME -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2917] keepalive packets are sent twice each interval if connection is interrupted
https://bugzilla.mindrot.org/show_bug.cgi?id=2917 Damien Miller changed: What|Removed |Added Resolution|--- |FIXED Status|NEW |RESOLVED CC||d...@mindrot.org --- Comment #1 from Damien Miller --- I think this got fixed in 9d7193a835963 if it wasn't already fixed during refactoring. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2899] scp remote-to-remote does not work with IPv6 addresses anymore
https://bugzilla.mindrot.org/show_bug.cgi?id=2899 Damien Miller changed: What|Removed |Added CC||d...@mindrot.org Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #1 from Damien Miller --- This seems to have been fixed at some point. Both scp [::1]:/bin/ls [::1]:/tmp scp -O [::1]:/bin/ls [::1]:/tmp work for me. Please reopen if otherwise. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2861] LDAP user with public key authentication showing AUTHSTATE=compat
https://bugzilla.mindrot.org/show_bug.cgi?id=2861 Damien Miller changed: What|Removed |Added Resolution|--- |WORKSFORME Status|NEW |RESOLVED CC||d...@mindrot.org --- Comment #6 from Damien Miller --- Closing; no followup from reporter for 5+ years -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2856] key-options.sh fails when pty /dev/ttyp1 is not owned by testing user
https://bugzilla.mindrot.org/show_bug.cgi?id=2856 --- Comment #5 from Damien Miller --- Is this still broken? AFAIK we regularly run integration tests on NetBSD and it they are working okay. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2833] The code in opennsd-compat/port-solaris.c should not change PRIV_LIMIT when PRIV_XPOLICY is set.
https://bugzilla.mindrot.org/show_bug.cgi?id=2833 Damien Miller changed: What|Removed |Added CC||dtuc...@dtucker.net Attachment #3740||ok?(dtuc...@dtucker.net) Flags|| --- Comment #7 from Damien Miller --- Created attachment 3740 --> https://bugzilla.mindrot.org/attachment.cgi?id=3740=edit same patch Here's the same patch attached for easier review/committing. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2830] Add option to set TCP_USER_TIMEOUT on linux
https://bugzilla.mindrot.org/show_bug.cgi?id=2830 Damien Miller changed: What|Removed |Added CC||d...@mindrot.org --- Comment #3 from Damien Miller --- Isn't this use-case already handled by ClientAliveInterval/ClientAliveCountMax and the corresponding client option? These allow termination of connections for all kinds of network interruptions, not just link drops. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3613] Unable to sign using certificates and PKCS#11
https://bugzilla.mindrot.org/show_bug.cgi?id=3613 --- Comment #6 from Damien Miller --- (In reply to aim from comment #5) > Oh yeah, I can see it already uses softhsm. Should be easy enough to > port. I can try giving it a go if you like? Have you made any > progress on the patch, is there anything I can help with? Sorry, I've been away and haven't had time to look at it. Getting the agent-pkcs11.sh regress test going (and failing) with certs would be a great help if you're able. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3627] openssh 9.4p1 does not see RSA keys in know_hosts file.
https://bugzilla.mindrot.org/show_bug.cgi?id=3627 Darren Tucker changed: What|Removed |Added CC||dtuc...@dtucker.net --- Comment #2 from Darren Tucker --- A long shot but does your OpenSSL build pass its self-tests? ("cd openssl && make tests"). -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3627] openssh 9.4p1 does not see RSA keys in know_hosts file.
https://bugzilla.mindrot.org/show_bug.cgi?id=3627 Damien Miller changed: What|Removed |Added CC||d...@mindrot.org --- Comment #1 from Damien Miller --- Created attachment 3739 --> https://bugzilla.mindrot.org/attachment.cgi?id=3739=edit additional debuigging for known_hosts Please try applying this patch and running ssh in debug mode again. The patch adds some additional diagnostics that might help figure out what's happening here. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3626] potentially uninitialized local pointer in sshkey_ecdsa_key_to_nid() in sshkey.c
https://bugzilla.mindrot.org/show_bug.cgi?id=3626 Damien Miller changed: What|Removed |Added Resolution|--- |INVALID Status|NEW |RESOLVED CC||d...@mindrot.org --- Comment #1 from Damien Miller --- Another false positive. There is no uninitialised use of `eg` https://github.com/openssh/openssh-portable/blob/V_9_5_P1/sshkey.c#L1348 -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3625] potentially uninitialized local pointer in send_handle() in sftp-server.c
https://bugzilla.mindrot.org/show_bug.cgi?id=3625 Damien Miller changed: What|Removed |Added CC||d...@mindrot.org Status|NEW |RESOLVED Resolution|--- |INVALID --- Comment #1 from Damien Miller --- Another false positive. handle_to_string() initalises handle. Please don't post untriaged compiler warnings as bugs. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3624] potentially uninitialized local pointers in assemble_algorithms() in servconf.c
https://bugzilla.mindrot.org/show_bug.cgi?id=3624 Damien Miller changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |INVALID CC||d...@mindrot.org --- Comment #1 from Damien Miller --- This is definitely a bogus warning. The pointers in question are initialised in the lines immediately following declaration: https://github.com/openssh/openssh-portable/blob/V_9_5_P1/servconf.c#L212-L226 Please spend a moment to validate compiler warnings before posting them as bugs here. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3623] potentially uninitialized local pointers in fill_default_options() in readconf.c
https://bugzilla.mindrot.org/show_bug.cgi?id=3623 Damien Miller changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |INVALID CC||d...@mindrot.org --- Comment #1 from Damien Miller --- All these pointers are unconditionally initialised before use: https://github.com/openssh/openssh-portable/blob/V_9_5_P1/readconf.c#L2784-L2794 If you have evidence otherwise beyond a compiler warning then please reopen this bug. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3627] New: openssh 9.4p1 does not see RSA keys in know_hosts file.
https://bugzilla.mindrot.org/show_bug.cgi?id=3627 Bug ID: 3627 Summary: openssh 9.4p1 does not see RSA keys in know_hosts file. Product: Portable OpenSSH Version: 9.4p1 Hardware: SPARC OS: Solaris Status: NEW Severity: major Priority: P5 Component: ssh Assignee: unassigned-b...@mindrot.org Reporter: bugzi...@outputservices.com Created attachment 3738 --> https://bugzilla.mindrot.org/attachment.cgi?id=3738=edit pdf of my issue I have compiled openssh 9.4p1 using the following compile command: configure CFLAGS="-g -O3 -L/usr/local/tools/openssh/openssh/openssl/lib/64 -R/usr/local/tools/openssh/openssh/openssl/lib/64 -I/usr/local/tools/openssh/openssh/openssl/include/openssl" CC="gcc -m64" --without-zlib-version-check --without-openssl-header-check --with-pam --prefix=/usr/local/tools/openssh/openssh/openssh Here is the version: < user_lamborghini ~/.ssh: > ssh -V OpenSSH_9.4p1, OpenSSL 3.1.2 1 Aug 2023 < user_lamborghini ~/.ssh: > I do not have any knowHost file in my directory < user_lamborghini ~/.ssh: > ls -l total 6 -rw-r--r-- 1 user user 221 Mar 18 2012 authorized_keys -rw-r--r-- 1 user user 26 Aug 30 10:12 config -rw-r--r-- 1 user user 302 Sep 7 10:57 env < user_lamborghini ~/.ssh: > I connect the first time it asks me to accept the RSA host key. < user_lamborghini ~/.ssh: > ssh user@10.106.101.142 The authenticity of host '10.106.101.142 (10.106.101.142)' can't be established. RSA key fingerprint is SHA256:lG+1WuVSfR9Frovpc3XXp/AvPK4LpRKSfLEe+6eai9w. This key is not known by any other names. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '10.106.101.142' (RSA) to the list of known hosts. I finish logging in. user@10.106.101.142's password: ### # # WRKSTN42 # ### WARNING: This is a restricted access server. If you do not have explicit permission to access this server, please disconnect immediately. Unauthorized access to this system is considered gross misconduct and may result in disciplinary action, including revocation of network access privileges, immediate termination of employment, and/or prosecution to the fullest extent of the law. Last login: Mon Oct 9 11:00:11 2023 from 10.10.10.62 #]0;user@wrkstn42: ~#user@wrkstn42:~$ exit logout Connection to 10.106.101.142 closed. < user_lamborghini ~/.ssh: > Now I have TWO known_hosts files. known_hosts and known_hosts.old. < user_lamborghini ~/.ssh: > ls -l total 10 -rw-r--r-- 1 user user 221 Mar 18 2012 authorized_keys -rw-r--r-- 1 user user 26 Aug 30 10:12 config -rw-r--r-- 1 user user 302 Sep 7 10:57 env -rw--- 1 user user 792 Oct 9 11:19 known_hosts -rw-r--r-- 1 user user 396 Oct 9 11:19 known_hosts.old < user_lamborghini ~/.ssh: > more known* Here are the entries in the known_hosts files: :: known_hosts :: 10.106.101.142 ssh-rsa B3NzaC1yc2EDAQABAAABAQDwCIAibDePAymJF3HY4JbLrwp3fXzdTkIi7rcRleoT3E7AxFo+dyQiWsuIRo93KUX4vftYxA7ZMIAuxrrkV/DkTh8MREGRJUR/tWE9w4r4EiGwJdV+mOWzvgYzjQIfeHx76f9zF17YsACbL3riPdWKxVvq80UPIYIkBfUdWbEYCZ1isFMUYgFbB/gE9RjyNmW3LbBiROa+8owMWOKEaZ0Pk3Cewo4gBBekx/zv4qSsM5i4J5OnTxbgUf2hCrvXAforHMGQ1JjsU+wNYScscDLWDh8vwVFTQDnwzQNifPh3j0XNN60xev3717Jz9Aa99NskCYNtOEpd6YHv23BwzaTx 10.106.101.142 ssh-rsa B3NzaC1yc2EDAQABAAABAQDwCIAibDePAymJF3HY4JbLrwp3fXzdTkIi7rcRleoT3E7AxFo+dyQiWsuIRo93KUX4vftYxA7ZMIAuxrrkV/DkTh8MREGRJUR/tWE9w4r4EiGwJdV+mOWzvgYzjQIfeHx76f9zF17YsACbL3riPdWKxVvq80UPIYIkBfUdWbEYCZ1isFMUYgFbB/gE9RjyNmW3LbBiROa+8owMWOKEaZ0Pk3Cewo4gBBekx/zv4qSsM5i4J5OnTxbgUf2hCrvXAforHMGQ1JjsU+wNYScscDLWDh8vwVFTQDnwzQNifPh3j0XNN60xev3717Jz9Aa99NskCYNtOEpd6YHv23BwzaTx :: known_hosts.old :: 10.106.101.142 ssh-rsa B3NzaC1yc2EDAQABAAABAQDwCIAibDePAymJF3HY4JbLrwp3fXzdTkIi7rcRleoT3E7AxFo+dyQiWsuIRo93KUX4vftYxA7ZMIAuxrrkV/DkTh8MREGRJUR/tWE9w4r4EiGwJdV+mOWzvgYzjQIfeHx76f9zF17YsACbL3riPdWKxVvq80UPIYIkBfUdWbEYCZ1isFMUYgFbB/gE9RjyNmW3LbBiROa+8owMWOKEaZ0Pk3Cewo4gBBekx/zv4qSsM5i4J5OnTxbgUf2hCrvXAforHMGQ1JjsU+wNYScscDLWDh8vwVFTQDnwzQNifPh3j0XNN60xev3717Jz9Aa99NskCYNtOEpd6YHv23BwzaTx < user_lamborghini ~/.ssh: > It is put in the known_hosts two times and known_hosts.old one time. Now I log into the same workstation again and I get this error: parse error in hostkeys file < user_lamborghini ~/.ssh: > ssh -v user@10.106.101.142 OpenSSH_9.4p1, OpenSSL 3.1.2 1 Aug 2023 debug1: Reading configuration data /export/home/user/.ssh/config debug1: Reading configuration data /usr/local/tools/openssh/openssh_9.4.3.1.2/openssh/etc/ssh_config debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling debug1: Connecting to 10.106.101.142 [10.106.101.142] port 22. debug1: Connection
[Bug 3626] New: potentially uninitialized local pointer in sshkey_ecdsa_key_to_nid() in sshkey.c
https://bugzilla.mindrot.org/show_bug.cgi?id=3626 Bug ID: 3626 Summary: potentially uninitialized local pointer in sshkey_ecdsa_key_to_nid() in sshkey.c Product: Portable OpenSSH Version: 9.5p1 Hardware: All OS: All Status: NEW Severity: trivial Priority: P5 Component: ssh Assignee: unassigned-b...@mindrot.org Reporter: tessgauth...@microsoft.com Overview: eg is uninitialized. int sshkey_ecdsa_key_to_nid(EC_KEY *k) { EC_GROUP *eg; ... } Expected Result: EC_GROUP *eg = NULL; Additional Information: Corresponding compiler warning - https://learn.microsoft.com/en-us/cpp/error-messages/compiler-warnings/compiler-warning-level-4-c4703?view=msvc-170=%3FappId%3DDev16IDEF1%26l%3DEN-US%26k%3Dk(C4703)%26rd%3Dtrue -- You are receiving this mail because: You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3625] New: potentially uninitialized local pointer in send_handle() in sftp-server.c
https://bugzilla.mindrot.org/show_bug.cgi?id=3625 Bug ID: 3625 Summary: potentially uninitialized local pointer in send_handle() in sftp-server.c Product: Portable OpenSSH Version: 9.5p1 Hardware: All OS: All Status: NEW Severity: trivial Priority: P5 Component: sftp-server Assignee: unassigned-b...@mindrot.org Reporter: tessgauth...@microsoft.com Overview: string is uninitialized. static void send_handle(u_int32_t id, int handle) { u_char *string; int hlen; handle_to_string(handle, , ); debug("request %u: sent handle %d", id, handle); send_data_or_handle(SSH2_FXP_HANDLE, id, string, hlen); free(string); } Expected Result: u_char *string = NULL; Additional Information: Corresponding compiler warning - https://learn.microsoft.com/en-us/cpp/error-messages/compiler-warnings/compiler-warning-level-4-c4703?view=msvc-170=%3FappId%3DDev16IDEF1%26l%3DEN-US%26k%3Dk(C4703)%26rd%3Dtrue -- You are receiving this mail because: You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3624] New: potentially uninitialized local pointers in assemble_algorithms() in servconf.c
https://bugzilla.mindrot.org/show_bug.cgi?id=3624 Bug ID: 3624 Summary: potentially uninitialized local pointers in assemble_algorithms() in servconf.c Product: Portable OpenSSH Version: 9.5p1 Hardware: All OS: All Status: NEW Severity: trivial Priority: P5 Component: sshd Assignee: unassigned-b...@mindrot.org Reporter: tessgauth...@microsoft.com Overview: *def_cipher, *def_mac, *def_kex, *def_key, *def_sig are uninitialized pointers. static void assemble_algorithms(ServerOptions *o) { char *all_cipher, *all_mac, *all_kex, *all_key, *all_sig; char *def_cipher, *def_mac, *def_kex, *def_key, *def_sig; int r; ... } Expected: char *def_cipher = NULL, *def_mac = NULL, *def_kex = NULL, *def_key = NULL, *def_sig = NULL; Additional Information: Corresponding compiler warning - https://learn.microsoft.com/en-us/cpp/error-messages/compiler-warnings/compiler-warning-level-4-c4703?view=msvc-170=%3FappId%3DDev16IDEF1%26l%3DEN-US%26k%3Dk(C4703)%26rd%3Dtrue -- You are receiving this mail because: You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3623] New: potentially uninitialized local pointers in fill_default_options() in readconf.c
https://bugzilla.mindrot.org/show_bug.cgi?id=3623 Bug ID: 3623 Summary: potentially uninitialized local pointers in fill_default_options() in readconf.c Product: Portable OpenSSH Version: 9.5p1 Hardware: All OS: All Status: NEW Severity: trivial Priority: P5 Component: ssh Assignee: unassigned-b...@mindrot.org Reporter: tessgauth...@microsoft.com Overview: *def_cipher, *def_mac, *def_kex, *def_key, *def_sig are uninitialized pointers. int fill_default_options(Options * options) { char *all_cipher, *all_mac, *all_kex, *all_key, *all_sig; char *def_cipher, *def_mac, *def_kex, *def_key, *def_sig; int ret = 0, r; ... } Expected: char *def_cipher = NULL, *def_mac = NULL, *def_kex = NULL, *def_key = NULL, *def_sig = NULL; Additional Information: Corresponding compiler warning - https://learn.microsoft.com/en-us/cpp/error-messages/compiler-warnings/compiler-warning-level-4-c4703?view=msvc-170=%3FappId%3DDev16IDEF1%26l%3DEN-US%26k%3Dk(C4703)%26rd%3Dtrue -- You are receiving this mail because: You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs