[Bug 3628] tracking bug for openssh-9.6

2023-12-12 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=3628

Damien Miller  changed:

   What|Removed |Added

 Depends on||3643


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=3643
[Bug 3643] order_hostkeyalgs can't find host-key in KnownHostsCommand
if it contains port
-- 
You are receiving this mail because:
You are watching the reporter of the bug.
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 3628] tracking bug for openssh-9.6

2023-12-12 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=3628
Bug 3628 depends on bug 3643, which changed state.

Bug 3643 Summary: order_hostkeyalgs can't find host-key in KnownHostsCommand if 
it contains port
https://bugzilla.mindrot.org/show_bug.cgi?id=3643

   What|Removed |Added

 Status|ASSIGNED|RESOLVED
 Resolution|--- |FIXED

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching the reporter of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 3643] order_hostkeyalgs can't find host-key in KnownHostsCommand if it contains port

2023-12-12 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=3643

Damien Miller  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|ASSIGNED|RESOLVED
 Blocks||3628

--- Comment #3 from Damien Miller  ---
committed with the name fixed - it should be 'hostname' instead of
'hostaddr'

Thanks - this will be in OpenSSH 9.6, due next week.


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=3628
[Bug 3628] tracking bug for openssh-9.6
-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 3643] order_hostkeyalgs can't find host-key in KnownHostsCommand if it contains port

2023-12-12 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=3643

Darren Tucker  changed:

   What|Removed |Added

   Attachment #3775|ok?(dtuc...@dtucker.net)|ok+
  Flags||

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 3643] order_hostkeyalgs can't find host-key in KnownHostsCommand if it contains port

2023-12-12 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=3643

Damien Miller  changed:

   What|Removed |Added

   Assignee|unassigned-b...@mindrot.org |d...@mindrot.org
 CC||d...@mindrot.org,
   ||dtuc...@dtucker.net
 Status|NEW |ASSIGNED
   Attachment #3775||ok?(dtuc...@dtucker.net)
  Flags||

--- Comment #2 from Damien Miller  ---
Created attachment 3775
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3775=edit
use hostaddr (host[:port]) instead of plain host

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 3643] order_hostkeyalgs can't find host-key in KnownHostsCommand if it contains port

2023-12-12 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=3643

--- Comment #1 from Anton Lundin  ---
Sorry for the inconsistent port number in the redacted log-snippet.
s/1234/9022/ and everything is ok.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 3643] New: order_hostkeyalgs can't find host-key in KnownHostsCommand if it contains port

2023-12-12 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=3643

Bug ID: 3643
   Summary: order_hostkeyalgs can't find host-key in
KnownHostsCommand if it contains port
   Product: Portable OpenSSH
   Version: 9.5p1
  Hardware: Other
OS: Linux
Status: NEW
  Severity: enhancement
  Priority: P5
 Component: ssh
  Assignee: unassigned-b...@mindrot.org
  Reporter: glance+mind...@ac2.se

I have a KnownHostsCommand which emits :
[targethost]:1234 ssh-rsa ...

ssh -vvv -o KnownHostsCommand=cmd -p 1234 targethost shows:
...
debug1: Authenticating to targethost:9022 as 'user'
debug3: put_host_port: [targethost]:9022
debug3: subprocess: KnownHostsCommand-ORDER command "cmd" running as
user (flags 0x1a)
debug3: subprocess: KnownHostsCommand-ORDER pid 12345
debug3: sigaction(Killed): Invalid argument
debug3: sigaction(Stopped (signal)): Invalid argument
debug3: sigaction(Unknown signal 32): Invalid argument
debug3: sigaction(Unknown signal 33): Invalid argument
debug3: order_hostkeyalgs: no algorithms matched; accept original


I've diagnosed this down to sshconnect2.c:142:
load_hostkeys_command(hostkeys, options.known_hosts_command,
"ORDER", cinfo, NULL, host);

It calls load_hostkeys_command with host, which in this context is just
targethost and not hostname that will in this context be
[targethost]:1234 .

Right above the load_hostkeys_command are the load_hostkeys calls which
uses hostname instead.


I'm guessing this is just a simple typo from development which caused
it to not work in the special case where one has a not prefered
ssh-host-key with a port in a KnownHostsCommand. If the ssh-host-key
the KnownHostsCommand emitted would be the prefered one, ssh-ed25519,
it would by accident, or if the default port was used.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 3642] New: GSS treats hostnames case sensitive -> suggestion for docs of GSSAPIStrictAcceptorCheck setting

2023-12-12 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=3642

Bug ID: 3642
   Summary: GSS treats hostnames case sensitive -> suggestion for
docs of GSSAPIStrictAcceptorCheck  setting
   Product: Portable OpenSSH
   Version: 9.5p1
  Hardware: amd64
OS: FreeBSD
Status: NEW
  Severity: enhancement
  Priority: P5
 Component: Kerberos support
  Assignee: unassigned-b...@mindrot.org
  Reporter: alexander-opensshbugzi...@leidinger.net

Hi,

I have a host which has a different case in the kerberos DB than in
DNS.
   krb5: host/test.example.com@REALM
   DNS: test.Example.com(forward and reverse match in DNS)

If I try to do GSS API authentication, it fails. If I use
"GSSAPIStrictAcceptorCheck no" for sshd, it succeeds.

Searching in the net reveals that more people have this issue.

I suggest to add a note to the ssh docs that this setting is not only
for multihomed machines, but also for cases where the case of the
hostname may not match from all sources (command line vs DNS vs the
output of hostname).

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs