[Bug 3628] tracking bug for openssh-9.6
https://bugzilla.mindrot.org/show_bug.cgi?id=3628 Damien Miller changed: What|Removed |Added Depends on||3643 Referenced Bugs: https://bugzilla.mindrot.org/show_bug.cgi?id=3643 [Bug 3643] order_hostkeyalgs can't find host-key in KnownHostsCommand if it contains port -- You are receiving this mail because: You are watching the reporter of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3628] tracking bug for openssh-9.6
https://bugzilla.mindrot.org/show_bug.cgi?id=3628 Bug 3628 depends on bug 3643, which changed state. Bug 3643 Summary: order_hostkeyalgs can't find host-key in KnownHostsCommand if it contains port https://bugzilla.mindrot.org/show_bug.cgi?id=3643 What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are watching the assignee of the bug. You are watching the reporter of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3643] order_hostkeyalgs can't find host-key in KnownHostsCommand if it contains port
https://bugzilla.mindrot.org/show_bug.cgi?id=3643 Damien Miller changed: What|Removed |Added Resolution|--- |FIXED Status|ASSIGNED|RESOLVED Blocks||3628 --- Comment #3 from Damien Miller --- committed with the name fixed - it should be 'hostname' instead of 'hostaddr' Thanks - this will be in OpenSSH 9.6, due next week. Referenced Bugs: https://bugzilla.mindrot.org/show_bug.cgi?id=3628 [Bug 3628] tracking bug for openssh-9.6 -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3643] order_hostkeyalgs can't find host-key in KnownHostsCommand if it contains port
https://bugzilla.mindrot.org/show_bug.cgi?id=3643 Darren Tucker changed: What|Removed |Added Attachment #3775|ok?(dtuc...@dtucker.net)|ok+ Flags|| -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3643] order_hostkeyalgs can't find host-key in KnownHostsCommand if it contains port
https://bugzilla.mindrot.org/show_bug.cgi?id=3643 Damien Miller changed: What|Removed |Added Assignee|unassigned-b...@mindrot.org |d...@mindrot.org CC||d...@mindrot.org, ||dtuc...@dtucker.net Status|NEW |ASSIGNED Attachment #3775||ok?(dtuc...@dtucker.net) Flags|| --- Comment #2 from Damien Miller --- Created attachment 3775 --> https://bugzilla.mindrot.org/attachment.cgi?id=3775=edit use hostaddr (host[:port]) instead of plain host -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3643] order_hostkeyalgs can't find host-key in KnownHostsCommand if it contains port
https://bugzilla.mindrot.org/show_bug.cgi?id=3643 --- Comment #1 from Anton Lundin --- Sorry for the inconsistent port number in the redacted log-snippet. s/1234/9022/ and everything is ok. -- You are receiving this mail because: You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3643] New: order_hostkeyalgs can't find host-key in KnownHostsCommand if it contains port
https://bugzilla.mindrot.org/show_bug.cgi?id=3643 Bug ID: 3643 Summary: order_hostkeyalgs can't find host-key in KnownHostsCommand if it contains port Product: Portable OpenSSH Version: 9.5p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-b...@mindrot.org Reporter: glance+mind...@ac2.se I have a KnownHostsCommand which emits : [targethost]:1234 ssh-rsa ... ssh -vvv -o KnownHostsCommand=cmd -p 1234 targethost shows: ... debug1: Authenticating to targethost:9022 as 'user' debug3: put_host_port: [targethost]:9022 debug3: subprocess: KnownHostsCommand-ORDER command "cmd" running as user (flags 0x1a) debug3: subprocess: KnownHostsCommand-ORDER pid 12345 debug3: sigaction(Killed): Invalid argument debug3: sigaction(Stopped (signal)): Invalid argument debug3: sigaction(Unknown signal 32): Invalid argument debug3: sigaction(Unknown signal 33): Invalid argument debug3: order_hostkeyalgs: no algorithms matched; accept original I've diagnosed this down to sshconnect2.c:142: load_hostkeys_command(hostkeys, options.known_hosts_command, "ORDER", cinfo, NULL, host); It calls load_hostkeys_command with host, which in this context is just targethost and not hostname that will in this context be [targethost]:1234 . Right above the load_hostkeys_command are the load_hostkeys calls which uses hostname instead. I'm guessing this is just a simple typo from development which caused it to not work in the special case where one has a not prefered ssh-host-key with a port in a KnownHostsCommand. If the ssh-host-key the KnownHostsCommand emitted would be the prefered one, ssh-ed25519, it would by accident, or if the default port was used. -- You are receiving this mail because: You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3642] New: GSS treats hostnames case sensitive -> suggestion for docs of GSSAPIStrictAcceptorCheck setting
https://bugzilla.mindrot.org/show_bug.cgi?id=3642 Bug ID: 3642 Summary: GSS treats hostnames case sensitive -> suggestion for docs of GSSAPIStrictAcceptorCheck setting Product: Portable OpenSSH Version: 9.5p1 Hardware: amd64 OS: FreeBSD Status: NEW Severity: enhancement Priority: P5 Component: Kerberos support Assignee: unassigned-b...@mindrot.org Reporter: alexander-opensshbugzi...@leidinger.net Hi, I have a host which has a different case in the kerberos DB than in DNS. krb5: host/test.example.com@REALM DNS: test.Example.com(forward and reverse match in DNS) If I try to do GSS API authentication, it fails. If I use "GSSAPIStrictAcceptorCheck no" for sshd, it succeeds. Searching in the net reveals that more people have this issue. I suggest to add a note to the ssh docs that this setting is not only for multihomed machines, but also for cases where the case of the hostname may not match from all sources (command line vs DNS vs the output of hostname). -- You are receiving this mail because: You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs