https://bugzilla.mindrot.org/show_bug.cgi?id=3577
xspielinbox+mind...@protonmail.com changed:
What|Removed |Added
Summary|CASignatureAlgorithms |CASignatureAlgorithms
https://bugzilla.mindrot.org/show_bug.cgi?id=3579
Bug ID: 3579
Summary: OpenSSH trims last character of fixed-lenght buffers
received from the pkcs11 providers providing users
with inaccurate information
Product: Portable Op
https://bugzilla.mindrot.org/show_bug.cgi?id=3578
--- Comment #2 from Darren Tucker ---
(In reply to Richard Neill from comment #0)
[...]
> * forward error-correction: preemptively transmit each packet 3x
> (both from the client-end and the server-end) without waiting to
> find out whether it was
https://bugzilla.mindrot.org/show_bug.cgi?id=3578
Damien Miller changed:
What|Removed |Added
CC||d...@mindrot.org
--- Comment #1 from Dami
https://bugzilla.mindrot.org/show_bug.cgi?id=3578
Bug ID: 3578
Summary: RFE: forward error correction
Product: Portable OpenSSH
Version: 9.3p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
https://bugzilla.mindrot.org/show_bug.cgi?id=2347
Jernej Jakob changed:
What|Removed |Added
Version|6.7p1 |9.3p1
CC|
https://bugzilla.mindrot.org/show_bug.cgi?id=3542
--- Comment #4 from cadeaudee...@gmail.com ---
Hello,
update on our side:
Since changing the access management system isn't an option (because of
the number of users). I have enough and reversed-engineered the bastion
(hopefully in this component
https://bugzilla.mindrot.org/show_bug.cgi?id=3577
Bug ID: 3577
Summary: CASignatureAlgorithms supports -cert alogrithms
Product: Portable OpenSSH
Version: 9.3p1
Hardware: amd64
OS: Linux
Status: NEW
Severi
https://bugzilla.mindrot.org/show_bug.cgi?id=3418
Bug 3418 depends on bug 2573, which changed state.
Bug 2573 Summary: dead sessions cannot be closed with ~.
https://bugzilla.mindrot.org/show_bug.cgi?id=2573
What|Removed |Added
--
https://bugzilla.mindrot.org/show_bug.cgi?id=2573
Christoph Anton Mitterer changed:
What|Removed |Added
Status|CLOSED |REOPENED
Resolution|FI
https://bugzilla.mindrot.org/show_bug.cgi?id=3575
--- Comment #2 from Max Chinni ---
Thank you for your answer, that make sense.
I took it literally probably because it was on a separate line. I was
wrong.
I noticed that it works, too, if specified as long as other parameters.
"-h" is the same,
https://bugzilla.mindrot.org/show_bug.cgi?id=3575
Darren Tucker changed:
What|Removed |Added
CC||dtuc...@dtucker.net
--- Comment #1 from D
https://bugzilla.mindrot.org/show_bug.cgi?id=3576
Bug ID: 3576
Summary: The sftp-server does not provide the feature of
changing expired passwords, which is provided by the
sshd.
Product: Portable OpenSSH
Version:
https://bugzilla.mindrot.org/show_bug.cgi?id=3575
Bug ID: 3575
Summary: wrong usage message: "-Q protocol_feature" is an
invalid query type
Product: Portable OpenSSH
Version: 9.2p1
Hardware: Other
OS: Linux
https://bugzilla.mindrot.org/show_bug.cgi?id=3549
Damien Miller changed:
What|Removed |Added
Depends on||3574
Referenced Bugs:
https://bugzilla.
https://bugzilla.mindrot.org/show_bug.cgi?id=3549
Bug 3549 depends on bug 3574, which changed state.
Bug 3574 Summary: sshd ignores AuthorizedPrincipalsCommand if
AuthorizedKeysCommand is also set
https://bugzilla.mindrot.org/show_bug.cgi?id=3574
What|Removed |
https://bugzilla.mindrot.org/show_bug.cgi?id=3574
Damien Miller changed:
What|Removed |Added
Resolution|--- |FIXED
Blocks|
https://bugzilla.mindrot.org/show_bug.cgi?id=3574
Darren Tucker changed:
What|Removed |Added
Attachment #3699|ok?(dtuc...@dtucker.net)|ok+
Flags|
https://bugzilla.mindrot.org/show_bug.cgi?id=3574
Damien Miller changed:
What|Removed |Added
Attachment #3698|0 |1
is obsolete|
https://bugzilla.mindrot.org/show_bug.cgi?id=3574
John Meyers changed:
What|Removed |Added
Summary|ssh ignores |sshd ignores
|AuthorizedP
https://bugzilla.mindrot.org/show_bug.cgi?id=3574
John Meyers changed:
What|Removed |Added
CC||c...@themeyers.us
--
You are receiving thi
https://bugzilla.mindrot.org/show_bug.cgi?id=3574
--- Comment #1 from John Meyers ---
Created attachment 3698
--> https://bugzilla.mindrot.org/attachment.cgi?id=3698&action=edit
Suggested fix
--
You are receiving this mail because:
You are watching the assignee of the bug.
___
https://bugzilla.mindrot.org/show_bug.cgi?id=3574
Bug ID: 3574
Summary: ssh ignores AuthorizedPrincipalsCommand if
AuthorizedKeysCommand is also set
Product: Portable OpenSSH
Version: 9.3p1
Hardware: All
OS:
https://bugzilla.mindrot.org/show_bug.cgi?id=2876
--- Comment #14 from Magnus Svendsen ---
https://github.com/openssh/openssh-portable/pull/337
Made a PR here which solves it (although, it did take a few attempts,
seems like sshd pam behaviour changed sometime last year)
This fixed the issue fo
https://bugzilla.mindrot.org/show_bug.cgi?id=2876
bill.laze...@gmail.com changed:
What|Removed |Added
CC||bill.laze...@gmail.com
--- Commen
https://bugzilla.mindrot.org/show_bug.cgi?id=3573
Darren Tucker changed:
What|Removed |Added
CC||dtuc...@dtucker.net
--- Comment #1 from D
https://bugzilla.mindrot.org/show_bug.cgi?id=3573
Bug ID: 3573
Summary: sshd service crashes with "error 1067: Service
terminated unexpectedly" when I try to start it in
Windows 11
Product: Portable OpenSSH
Versio
https://bugzilla.mindrot.org/show_bug.cgi?id=3017
Darren Tucker changed:
What|Removed |Added
CC||dtuc...@dtucker.net
--- Comment #6 from D
https://bugzilla.mindrot.org/show_bug.cgi?id=3017
--- Comment #5 from Pavel Sidlo ---
I've faced probably the same behavior for RemoteForward.
I seems sshd by default allocates both tcp and tcp6 sockets.
ExitOnForwardFailure fails to reject connection if tcp is already in
use but tcp6 is not (an
https://bugzilla.mindrot.org/show_bug.cgi?id=3017
Pavel Sidlo changed:
What|Removed |Added
CC||pavel.si...@linuxbox.cz
--
You are receivi
https://bugzilla.mindrot.org/show_bug.cgi?id=3572
Bug ID: 3572
Summary: ssh-agent refused operation when using FIDO2 with -O
verify-required
Product: Portable OpenSSH
Version: 9.3p1
Hardware: Other
OS: Linux
https://bugzilla.mindrot.org/show_bug.cgi?id=3571
Bug ID: 3571
Summary: Canceling SSH_ASKPASS actually sends an empty string
Product: Portable OpenSSH
Version: 8.8p1
Hardware: Other
OS: Linux
Status: NEW
S
https://bugzilla.mindrot.org/show_bug.cgi?id=3570
Bug ID: 3570
Summary: Add substitution token for explicitly selected
IdentityFile for ControlPath selection
Product: Portable OpenSSH
Version: 9.3p1
Hardware: All
https://bugzilla.mindrot.org/show_bug.cgi?id=3153
Ben changed:
What|Removed |Added
CC||b...@smokingkangaroo.com
--- Comment #6 from Ben -
https://bugzilla.mindrot.org/show_bug.cgi?id=3549
Bug 3549 depends on bug 3548, which changed state.
Bug 3548 Summary: Upgrading from openssl-3.0.8 to openssl-3.1.0 leads to
version mismatch error
https://bugzilla.mindrot.org/show_bug.cgi?id=3548
What|Removed |
https://bugzilla.mindrot.org/show_bug.cgi?id=3548
Darren Tucker changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|---
https://bugzilla.mindrot.org/show_bug.cgi?id=3548
--- Comment #10 from Damien Miller ---
I withdraw my version of the diff. Darren, do you want to commit yours?
IMO we should keep the status check that is in yours but not in the
post to the mailing list.
--
You are receiving this mail because:
https://bugzilla.mindrot.org/show_bug.cgi?id=3548
Damien Miller changed:
What|Removed |Added
Attachment #3685||ok-
Flags|
https://bugzilla.mindrot.org/show_bug.cgi?id=3548
--- Comment #9 from Sam James ---
See also https://marc.info/?l=openssh-unix-dev&m=168348988530204&w=2.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
https://bugzilla.mindrot.org/show_bug.cgi?id=3569
Alex Smith changed:
What|Removed |Added
Attachment #3697|Adds a command to execute |3) Adds a command to
description|comm
https://bugzilla.mindrot.org/show_bug.cgi?id=3569
Alex Smith changed:
What|Removed |Added
Attachment #3696|Adds an option to enter |2) Adds an option to enter
descriptio
https://bugzilla.mindrot.org/show_bug.cgi?id=3569
Alex Smith changed:
What|Removed |Added
Attachment #3695|Adds an option to allow |1) Adds an option to allow
descriptio
https://bugzilla.mindrot.org/show_bug.cgi?id=3569
--- Comment #2 from Alex Smith ---
Created attachment 3697
--> https://bugzilla.mindrot.org/attachment.cgi?id=3697&action=edit
Adds a command to execute commands from a local file
--
You are receiving this mail because:
You are watching the as
https://bugzilla.mindrot.org/show_bug.cgi?id=3569
--- Comment #1 from Alex Smith ---
Created attachment 3696
--> https://bugzilla.mindrot.org/attachment.cgi?id=3696&action=edit
Adds an option to enter interactive mode after a batch or single
transfer
--
You are receiving this mail because:
Yo
https://bugzilla.mindrot.org/show_bug.cgi?id=3569
Bug ID: 3569
Summary: Semi-interactive sftp batch mode
Product: Portable OpenSSH
Version: 9.3p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
https://bugzilla.mindrot.org/show_bug.cgi?id=3568
--- Comment #3 from Blake D ---
(In reply to Blake D from comment #2)
> I can't say WHERE the problem is - that's why I'm alerting both
> teams.
I also posted
https://github.com/PowerShell/Win32-OpenSSH/discussions/2064
--
You are receiving thi
https://bugzilla.mindrot.org/show_bug.cgi?id=3568
--- Comment #2 from Blake D ---
I can't say WHERE the problem is - that's why I'm alerting both teams.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
https://bugzilla.mindrot.org/show_bug.cgi?id=3568
Darren Tucker changed:
What|Removed |Added
CC||dtuc...@dtucker.net
--- Comment #1 from D
https://bugzilla.mindrot.org/show_bug.cgi?id=3568
Bug ID: 3568
Summary: ctrl-c causes ssh connection to drop
Product: Portable OpenSSH
Version: 9.3p1
Hardware: Other
OS: Windows 10
Status: NEW
Severity: no
https://bugzilla.mindrot.org/show_bug.cgi?id=3567
Damien Miller changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|---
https://bugzilla.mindrot.org/show_bug.cgi?id=3567
Darren Tucker changed:
What|Removed |Added
Attachment #3694|ok?(dtuc...@dtucker.net)|ok+
Flags|
https://bugzilla.mindrot.org/show_bug.cgi?id=3561
Damien Miller changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|---
https://bugzilla.mindrot.org/show_bug.cgi?id=3567
Damien Miller changed:
What|Removed |Added
Attachment #3693|ok?(dtuc...@dtucker.net)|
Flags|
https://bugzilla.mindrot.org/show_bug.cgi?id=3567
Damien Miller changed:
What|Removed |Added
Assignee|unassigned-b...@mindrot.org |d...@mindrot.org
CC|
https://bugzilla.mindrot.org/show_bug.cgi?id=3567
Bug ID: 3567
Summary: CanonicalizeHostname yes doesn't canonicalize the
Hostname with ProxyJump none
Product: Portable OpenSSH
Version: 9.3p1
Hardware: All
O
https://bugzilla.mindrot.org/show_bug.cgi?id=3561
--- Comment #5 from RickyDoug ---
I totally agree with you that there are few, if any that even
build-time support it and none that release binaries packed, at least
that I have found.
The real issue is someone copied a header file without packi
https://bugzilla.mindrot.org/show_bug.cgi?id=3566
Bug ID: 3566
Summary: Password expiry warning is printed multiple times when
UsePAM is set to yes
Product: Portable OpenSSH
Version: 8.8p1
Hardware: All
OS:
https://bugzilla.mindrot.org/show_bug.cgi?id=3565
--- Comment #2 from Markus Schmidt ---
I'm embarrased and sorry that this happened (this was a major SNAFU on
my side that led to seeing this in old code). Sorry for the time
wasted on your side, I'll be more careful next time.
--
You are rece
https://bugzilla.mindrot.org/show_bug.cgi?id=3564
Damien Miller changed:
What|Removed |Added
Resolution|--- |FIXED
Status|NEW
https://bugzilla.mindrot.org/show_bug.cgi?id=3565
Damien Miller changed:
What|Removed |Added
Status|NEW |RESOLVED
CC|
https://bugzilla.mindrot.org/show_bug.cgi?id=3565
Bug ID: 3565
Summary: keygen do_download_sk() incorrect return value
Product: Portable OpenSSH
Version: 8.5p1
Hardware: Other
OS: Windows 10
Status: NEW
Se
https://bugzilla.mindrot.org/show_bug.cgi?id=3564
Bug ID: 3564
Summary: When downloading sk keys from a fido token,
applications with multiple keys overwrite each other
Product: Portable OpenSSH
Version: 8.5p1
Hardware: Oth
https://bugzilla.mindrot.org/show_bug.cgi?id=3563
Bug ID: 3563
Summary: Connection terminated just after authentication
successful when SFTP Server running inside Azure.
Product: Portable OpenSSH
Version: 8.4p1
Hardware: Ot
https://bugzilla.mindrot.org/show_bug.cgi?id=3561
--- Comment #4 from Damien Miller ---
The spec might say use 1-byte packing, but I can't find a Unix/Linux
implementation that actually does this.
OpenSC doesn't:
https://github.com/OpenSC/libp11/blob/master/src/pkcs11.h
WolfSSL doesn't:
https:/
https://bugzilla.mindrot.org/show_bug.cgi?id=3561
--- Comment #3 from RickyDoug ---
My apologies. Please ignore the reference to CK_ULONG...that is another
issue. Perhaps a re-state is in order:
The PKCS11 specification is very clear on byte packing (1 byte), but
openssh does not even attempt to
https://bugzilla.mindrot.org/show_bug.cgi?id=3562
Bug ID: 3562
Summary: make SSH_ASKPASS and SSH_ASKPASS_REQUIRE available as
config options
Product: Portable OpenSSH
Version: 9.3p1
Hardware: Other
OS: All
https://bugzilla.mindrot.org/show_bug.cgi?id=3439
--- Comment #4 from tar.ancalime.nume...@gmail.com ---
Hey Darren.
Just one question on this:
In both cases, the prompt with password and the prefix with
keyboard-interactive, are these generated by the ssh client?
Cause if e.g. the server could
https://bugzilla.mindrot.org/show_bug.cgi?id=3438
--- Comment #3 from Christoph Anton Mitterer ---
Shall I provide a patch that adds a line like:
"If the same variable is give multiple times, only it's first
occurrence is considered."
to SetEnv / SendEnv?
However, for SendEnv it would be intere
https://bugzilla.mindrot.org/show_bug.cgi?id=3449
--- Comment #3 from Christoph Anton Mitterer ---
Thinking of it again:
A ~ in the remote path would IMO *only* make sense to be expanded in
the remote context (or not at all, if that's not possible).
Cause the remote path if course to be taken w
https://bugzilla.mindrot.org/show_bug.cgi?id=3456
--- Comment #6 from Christoph Anton Mitterer ---
Thanks Daimen... but still not particularly "user-friendly" in the
sense that one still has to write a special command (2x ssh with
special options) and cannot simply "ssh host" as usual.
Wouldn't
https://bugzilla.mindrot.org/show_bug.cgi?id=3561
Damien Miller changed:
What|Removed |Added
CC||d...@mindrot.org
--- Comment #2 from Dami
https://bugzilla.mindrot.org/show_bug.cgi?id=3561
--- Comment #1 from RickyDoug ---
This is actually a confused report, mixing two different issues. One is
the lack of byte packing. The second is depending on the compiler to
set the size of CK_ULONG instead of using stdint.h to specifically set
t
https://bugzilla.mindrot.org/show_bug.cgi?id=3561
Bug ID: 3561
Summary: Open SSH does not support 1-byte structure packing on
non-windows systems for PKCS11
Product: Portable OpenSSH
Version: 9.3p1
Hardware: Other
https://bugzilla.mindrot.org/show_bug.cgi?id=3559
--- Comment #2 from Markus Schmidt ---
On further thought, the function could be abandoned alltogether and the
two callers could simply call
pkalgs = match_filter_allowlist(KEX_DEFAULT_PK_ALG, all_key);
themselves and free the result.
--
Yo
https://bugzilla.mindrot.org/show_bug.cgi?id=3560
Markus Schmidt changed:
What|Removed |Added
Severity|enhancement |trivial
--- Comment #1 from Markus Schmi
https://bugzilla.mindrot.org/show_bug.cgi?id=3559
Markus Schmidt changed:
What|Removed |Added
Severity|enhancement |trivial
--- Comment #1 from Markus Schmi
https://bugzilla.mindrot.org/show_bug.cgi?id=3560
Bug ID: 3560
Summary: Memory leak in channels.c
Product: Portable OpenSSH
Version: 8.5p1
Hardware: Other
OS: All
Status: NEW
Severity: enhancement
https://bugzilla.mindrot.org/show_bug.cgi?id=3559
Bug ID: 3559
Summary: Mini memory leak and needless(?) const/static
qualifier.
Product: Portable OpenSSH
Version: 8.5p1
Hardware: Other
OS: All
S
https://bugzilla.mindrot.org/show_bug.cgi?id=3558
--- Comment #12 from Darren Tucker ---
(In reply to Damien Miller from comment #11)
> Maybe we could provide a "visudo" like tool to wrap config editing
> in sshd -T?
I like that even less than leaving it as is.
--
You are receiving this mail b
https://bugzilla.mindrot.org/show_bug.cgi?id=3558
--- Comment #11 from Damien Miller ---
Sure, but the current behaviour has the benefit of being obvious and we
do provide hooks to verify the config before reloading.
Maybe we could provide a "visudo" like tool to wrap config editing in
sshd -T?
https://bugzilla.mindrot.org/show_bug.cgi?id=3558
--- Comment #10 from Darren Tucker ---
The message doesn't go to the user sending the SIGHUP now (unless
you're arguing "when it stops working they'll eventually get the
message").
--
You are receiving this mail because:
You are watching the ass
https://bugzilla.mindrot.org/show_bug.cgi?id=3558
--- Comment #9 from Damien Miller ---
I don't like this because the message doesn't (can't) go to the user
sending the SIGHUP, only the system log. So if the intended config
change was really important (e.g. one with security consequences) but
con
https://bugzilla.mindrot.org/show_bug.cgi?id=3558
Darren Tucker changed:
What|Removed |Added
Attachment #3689||ok?(d...@mindrot.org)
Flags|
https://bugzilla.mindrot.org/show_bug.cgi?id=3558
Jim Knoble changed:
What|Removed |Added
CC||jmkno...@pobox.com
--- Comment #7 from Jim K
https://bugzilla.mindrot.org/show_bug.cgi?id=3558
Damien Miller changed:
What|Removed |Added
CC||d...@mindrot.org
--- Comment #6 from Dami
https://bugzilla.mindrot.org/show_bug.cgi?id=3558
--- Comment #5 from Darren Tucker ---
Left to its own devices, sshd will leave existing connections up when
sshd is restarted, including in the case where the restart fails. If
your active connection was terminated on a failed restart that's
prob
https://bugzilla.mindrot.org/show_bug.cgi?id=3558
--- Comment #4 from Ulrich Windl ---
May the issue is a systemd one: From the past I know you can restart
sshd without loosing your connection. Maybe (I didn't verify) systemd
kills all sshd processes if the main process died.
If so, the solution
https://bugzilla.mindrot.org/show_bug.cgi?id=3558
--- Comment #3 from Darren Tucker ---
The config is either valid or isn't. Even if we did make it accept
increasingly vague directives there will still be invalid configs.
Many SysV-style init scripts checked the config before committing to a
re
https://bugzilla.mindrot.org/show_bug.cgi?id=3558
Dmitry Belyavskiy changed:
What|Removed |Added
CC||dbely...@redhat.com
--- Comment #2 fr
https://bugzilla.mindrot.org/show_bug.cgi?id=3558
Darren Tucker changed:
What|Removed |Added
CC||dtuc...@dtucker.net
--- Comment #1 from D
https://bugzilla.mindrot.org/show_bug.cgi?id=3558
Bug ID: 3558
Summary: Spelling "yes" as "Yes" in sshd_config has a fatal
result
Product: Portable OpenSSH
Version: 7.2p2
Hardware: All
OS: Linux
https://bugzilla.mindrot.org/show_bug.cgi?id=3557
Bug ID: 3557
Summary: Multiple files force undocumented remote directory
creation
Product: Portable OpenSSH
Version: 9.3p1
Hardware: Other
OS: Linux
https://bugzilla.mindrot.org/show_bug.cgi?id=3556
Bug ID: 3556
Summary: Document scp version command
Product: Portable OpenSSH
Version: 9.3p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
https://bugzilla.mindrot.org/show_bug.cgi?id=3555
Damien Miller changed:
What|Removed |Added
Resolution|--- |WORKSFORME
Status|NEW
https://bugzilla.mindrot.org/show_bug.cgi?id=3555
Bug ID: 3555
Summary: ForwardAgent doesn't work under Match canonical
Product: Portable OpenSSH
Version: 8.4p1
Hardware: amd64
OS: Linux
Status: NEW
Severi
https://bugzilla.mindrot.org/show_bug.cgi?id=3554
--- Comment #3 from Bernard Spil ---
Sorry for the noise. Should've checked before reporting.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_
https://bugzilla.mindrot.org/show_bug.cgi?id=3527
Alexander Dahl changed:
What|Removed |Added
CC||p...@lespocky.de
--- Comment #4 from Ale
https://bugzilla.mindrot.org/show_bug.cgi?id=3554
Darren Tucker changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|---
https://bugzilla.mindrot.org/show_bug.cgi?id=3554
--- Comment #1 from Bernard Spil ---
Created attachment 3688
--> https://bugzilla.mindrot.org/attachment.cgi?id=3688&action=edit
diff for openbsd-compat/bsd-getentropy.c
Patch fixes the build error on my systems
--
You are receiving this mail
https://bugzilla.mindrot.org/show_bug.cgi?id=3554
Bug ID: 3554
Summary: Build failure using --without-openssl
Product: Portable OpenSSH
Version: 9.2p1
Hardware: All
OS: FreeBSD
Status: NEW
Severity: minor
1201 - 1300 of 10465 matches
Mail list logo