Damien Miller wrote:
> Another thing we're considering in OpenSSH is changing how we integrate
> with PAM. PAM's API demands loading modules into the authenticating
> process' address space, but obviously we've just been reminded that this
> is risky.
This was a long-standing problem with pam/nss-
In days of yore (Tue, 02 Apr 2024), Colin Watson thus quoth:
> TCP wrappers
>
Not used hosts.{allow,deny} for the last 17 years (since I started my
current employment) so I am biased. Honest opinion is that firewall and
fail2ban have pretty much obsoleted TCP wrappers.
> SELinux
> =
Christoph Anton Mitterer writes:
> Actually I think that most sites where I "need"/use GSSAPI... only
> require the ticket for AFS, and do actually allow pubkey auth (but
> right now, one doesn't have AFS access then).
In past discussions of this patch, this has not been the case. One of the
ad
Hey.
On Tue, 2024-04-02 at 01:30 +0100, Colin Watson wrote:
> All the same, I'm aware that some people now depend on having this
> facility in Debian's main openssh package: I get enough occasional
> bug
> reports to convince me that it's still in use.
Being one of those people, and having even a
On Tue, 2 Apr 2024, Colin Watson wrote:
[I'm not subscribed to the debian-* lists, please Cc me in replies if
you want me to see them]
> [I've CCed openssh-unix-dev for awareness, but set Mail-Followup-To to
> just debian-devel and debian-ssh to avoid potentially spamming them
> with a long discu
[I've CCed openssh-unix-dev for awareness, but set Mail-Followup-To to
just debian-devel and debian-ssh to avoid potentially spamming them with
a long discussion. If you choose to override this then that's your
call, but please be mindful of upstream's time.]
Following the xz-utils backdoor, I'm
Thanks for your reply, Colin.
> While I realize that this doesn't introduce a new external dependency, I
> have to say that this is not the week to be asking for a new distro
> patch to OpenSSH!
Point taken.
> I'd be happy to include this if upstream does, but I don't think I'm
> likely to apply
Processing control commands:
> tags -1 wontfix
Bug #1068162 [openssh-server] Please consider adding MP-TCP support
Added tag(s) wontfix.
--
1068162: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068162
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Control: tags -1 wontfix
On Mon, Apr 01, 2024 at 01:21:27AM +0200, Juliusz Chroboczek wrote:
> Please consider applying the following patch:
>
> https://github.com/openssh/openssh-portable/pull/335
>
> MP-TCP support allows moving from one IP address to another without
> breaking connections,
9 matches
Mail list logo
