[Bug 3577] CASignatureAlgorithms supports -cert algorithms when used alongside with other options

https://bugzilla.mindrot.org/show_bug.cgi?id=3577 xspielinbox+mind...@protonmail.com changed: What|Removed |Added Summary|CASignatureAlgorithms |CASignatureAlgorithms

[Bug 3579] New: OpenSSH trims last character of fixed-lenght buffers received from the pkcs11 providers providing users with inaccurate information

https://bugzilla.mindrot.org/show_bug.cgi?id=3579 Bug ID: 3579 Summary: OpenSSH trims last character of fixed-lenght buffers received from the pkcs11 providers providing users with inaccurate information Product: Portable Op

[Bug 3578] RFE: forward error correction

https://bugzilla.mindrot.org/show_bug.cgi?id=3578 --- Comment #2 from Darren Tucker --- (In reply to Richard Neill from comment #0) [...] > * forward error-correction: preemptively transmit each packet 3x > (both from the client-end and the server-end) without waiting to > find out whether it was

[Bug 3578] RFE: forward error correction

https://bugzilla.mindrot.org/show_bug.cgi?id=3578 Damien Miller changed: What|Removed |Added CC||d...@mindrot.org --- Comment #1 from Dami

[Bug 3578] New: RFE: forward error correction

https://bugzilla.mindrot.org/show_bug.cgi?id=3578 Bug ID: 3578 Summary: RFE: forward error correction Product: Portable OpenSSH Version: 9.3p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement

[Bug 2347] permitopen doesn't work with unix domain sockets

https://bugzilla.mindrot.org/show_bug.cgi?id=2347 Jernej Jakob changed: What|Removed |Added Version|6.7p1 |9.3p1 CC|

[Bug 3542] Allow to redirect stderr only even with tty

https://bugzilla.mindrot.org/show_bug.cgi?id=3542 --- Comment #4 from cadeaudee...@gmail.com --- Hello, update on our side: Since changing the access management system isn't an option (because of the number of users). I have enough and reversed-engineered the bastion (hopefully in this component

[Bug 3577] New: CASignatureAlgorithms supports -cert alogrithms

https://bugzilla.mindrot.org/show_bug.cgi?id=3577 Bug ID: 3577 Summary: CASignatureAlgorithms supports -cert alogrithms Product: Portable OpenSSH Version: 9.3p1 Hardware: amd64 OS: Linux Status: NEW Severi

[Bug 3418] tracking bug for openssh-9.1

https://bugzilla.mindrot.org/show_bug.cgi?id=3418 Bug 3418 depends on bug 2573, which changed state. Bug 2573 Summary: dead sessions cannot be closed with ~. https://bugzilla.mindrot.org/show_bug.cgi?id=2573 What|Removed |Added --

[Bug 2573] dead sessions cannot be closed with ~.

https://bugzilla.mindrot.org/show_bug.cgi?id=2573 Christoph Anton Mitterer changed: What|Removed |Added Status|CLOSED |REOPENED Resolution|FI

[Bug 3575] wrong usage message: "-Q protocol_feature" is an invalid query type

https://bugzilla.mindrot.org/show_bug.cgi?id=3575 --- Comment #2 from Max Chinni --- Thank you for your answer, that make sense. I took it literally probably because it was on a separate line. I was wrong. I noticed that it works, too, if specified as long as other parameters. "-h" is the same,

[Bug 3575] wrong usage message: "-Q protocol_feature" is an invalid query type

https://bugzilla.mindrot.org/show_bug.cgi?id=3575 Darren Tucker changed: What|Removed |Added CC||dtuc...@dtucker.net --- Comment #1 from D

[Bug 3576] New: The sftp-server does not provide the feature of changing expired passwords, which is provided by the sshd.

https://bugzilla.mindrot.org/show_bug.cgi?id=3576 Bug ID: 3576 Summary: The sftp-server does not provide the feature of changing expired passwords, which is provided by the sshd. Product: Portable OpenSSH Version:

[Bug 3575] New: wrong usage message: "-Q protocol_feature" is an invalid query type

https://bugzilla.mindrot.org/show_bug.cgi?id=3575 Bug ID: 3575 Summary: wrong usage message: "-Q protocol_feature" is an invalid query type Product: Portable OpenSSH Version: 9.2p1 Hardware: Other OS: Linux

[Bug 3549] Tracking bug for OpenSSH 9.4

https://bugzilla.mindrot.org/show_bug.cgi?id=3549 Damien Miller changed: What|Removed |Added Depends on||3574 Referenced Bugs: https://bugzilla.

[Bug 3549] Tracking bug for OpenSSH 9.4

https://bugzilla.mindrot.org/show_bug.cgi?id=3549 Bug 3549 depends on bug 3574, which changed state. Bug 3574 Summary: sshd ignores AuthorizedPrincipalsCommand if AuthorizedKeysCommand is also set https://bugzilla.mindrot.org/show_bug.cgi?id=3574 What|Removed |

[Bug 3574] sshd ignores AuthorizedPrincipalsCommand if AuthorizedKeysCommand is also set

https://bugzilla.mindrot.org/show_bug.cgi?id=3574 Damien Miller changed: What|Removed |Added Resolution|--- |FIXED Blocks|

[Bug 3574] sshd ignores AuthorizedPrincipalsCommand if AuthorizedKeysCommand is also set

https://bugzilla.mindrot.org/show_bug.cgi?id=3574 Darren Tucker changed: What|Removed |Added Attachment #3699|ok?(dtuc...@dtucker.net)|ok+ Flags|

[Bug 3574] sshd ignores AuthorizedPrincipalsCommand if AuthorizedKeysCommand is also set

https://bugzilla.mindrot.org/show_bug.cgi?id=3574 Damien Miller changed: What|Removed |Added Attachment #3698|0 |1 is obsolete|

[Bug 3574] sshd ignores AuthorizedPrincipalsCommand if AuthorizedKeysCommand is also set

https://bugzilla.mindrot.org/show_bug.cgi?id=3574 John Meyers changed: What|Removed |Added Summary|ssh ignores |sshd ignores |AuthorizedP

[Bug 3574] ssh ignores AuthorizedPrincipalsCommand if AuthorizedKeysCommand is also set

https://bugzilla.mindrot.org/show_bug.cgi?id=3574 John Meyers changed: What|Removed |Added CC||c...@themeyers.us -- You are receiving thi

[Bug 3574] ssh ignores AuthorizedPrincipalsCommand if AuthorizedKeysCommand is also set

https://bugzilla.mindrot.org/show_bug.cgi?id=3574 --- Comment #1 from John Meyers --- Created attachment 3698 --> https://bugzilla.mindrot.org/attachment.cgi?id=3698&action=edit Suggested fix -- You are receiving this mail because: You are watching the assignee of the bug. ___

[Bug 3574] New: ssh ignores AuthorizedPrincipalsCommand if AuthorizedKeysCommand is also set

https://bugzilla.mindrot.org/show_bug.cgi?id=3574 Bug ID: 3574 Summary: ssh ignores AuthorizedPrincipalsCommand if AuthorizedKeysCommand is also set Product: Portable OpenSSH Version: 9.3p1 Hardware: All OS:

[Bug 2876] PAM_TEXT_INFO and PAM_ERROR_MSG conversation not honoured during PAM authentication

https://bugzilla.mindrot.org/show_bug.cgi?id=2876 --- Comment #14 from Magnus Svendsen --- https://github.com/openssh/openssh-portable/pull/337 Made a PR here which solves it (although, it did take a few attempts, seems like sshd pam behaviour changed sometime last year) This fixed the issue fo

[Bug 2876] PAM_TEXT_INFO and PAM_ERROR_MSG conversation not honoured during PAM authentication

https://bugzilla.mindrot.org/show_bug.cgi?id=2876 bill.laze...@gmail.com changed: What|Removed |Added CC||bill.laze...@gmail.com --- Commen

[Bug 3573] sshd service crashes with "error 1067: Service terminated unexpectedly" when I try to start it in Windows 11

https://bugzilla.mindrot.org/show_bug.cgi?id=3573 Darren Tucker changed: What|Removed |Added CC||dtuc...@dtucker.net --- Comment #1 from D

[Bug 3573] New: sshd service crashes with "error 1067: Service terminated unexpectedly" when I try to start it in Windows 11

https://bugzilla.mindrot.org/show_bug.cgi?id=3573 Bug ID: 3573 Summary: sshd service crashes with "error 1067: Service terminated unexpectedly" when I try to start it in Windows 11 Product: Portable OpenSSH Versio

[Bug 3017] ExitOnForwardFailure=yes doesn't work for local forwards (-L)

https://bugzilla.mindrot.org/show_bug.cgi?id=3017 Darren Tucker changed: What|Removed |Added CC||dtuc...@dtucker.net --- Comment #6 from D

[Bug 3017] ExitOnForwardFailure=yes doesn't work for local forwards (-L)

https://bugzilla.mindrot.org/show_bug.cgi?id=3017 --- Comment #5 from Pavel Sidlo --- I've faced probably the same behavior for RemoteForward. I seems sshd by default allocates both tcp and tcp6 sockets. ExitOnForwardFailure fails to reject connection if tcp is already in use but tcp6 is not (an

[Bug 3017] ExitOnForwardFailure=yes doesn't work for local forwards (-L)

https://bugzilla.mindrot.org/show_bug.cgi?id=3017 Pavel Sidlo changed: What|Removed |Added CC||pavel.si...@linuxbox.cz -- You are receivi

[Bug 3572] New: ssh-agent refused operation when using FIDO2 with -O verify-required

https://bugzilla.mindrot.org/show_bug.cgi?id=3572 Bug ID: 3572 Summary: ssh-agent refused operation when using FIDO2 with -O verify-required Product: Portable OpenSSH Version: 9.3p1 Hardware: Other OS: Linux

[Bug 3571] New: Canceling SSH_ASKPASS actually sends an empty string

https://bugzilla.mindrot.org/show_bug.cgi?id=3571 Bug ID: 3571 Summary: Canceling SSH_ASKPASS actually sends an empty string Product: Portable OpenSSH Version: 8.8p1 Hardware: Other OS: Linux Status: NEW S

[Bug 3570] New: Add substitution token for explicitly selected IdentityFile for ControlPath selection

https://bugzilla.mindrot.org/show_bug.cgi?id=3570 Bug ID: 3570 Summary: Add substitution token for explicitly selected IdentityFile for ControlPath selection Product: Portable OpenSSH Version: 9.3p1 Hardware: All

[Bug 3153] Prefer user specified keys to avoid the agent overloading MaxAuthTries before even trying the key that was specified

https://bugzilla.mindrot.org/show_bug.cgi?id=3153 Ben changed: What|Removed |Added CC||b...@smokingkangaroo.com --- Comment #6 from Ben -

[Bug 3549] Tracking bug for OpenSSH 9.4

https://bugzilla.mindrot.org/show_bug.cgi?id=3549 Bug 3549 depends on bug 3548, which changed state. Bug 3548 Summary: Upgrading from openssl-3.0.8 to openssl-3.1.0 leads to version mismatch error https://bugzilla.mindrot.org/show_bug.cgi?id=3548 What|Removed |

[Bug 3548] Upgrading from openssl-3.0.8 to openssl-3.1.0 leads to version mismatch error

https://bugzilla.mindrot.org/show_bug.cgi?id=3548 Darren Tucker changed: What|Removed |Added Status|NEW |RESOLVED Resolution|---

[Bug 3548] Upgrading from openssl-3.0.8 to openssl-3.1.0 leads to version mismatch error

https://bugzilla.mindrot.org/show_bug.cgi?id=3548 --- Comment #10 from Damien Miller --- I withdraw my version of the diff. Darren, do you want to commit yours? IMO we should keep the status check that is in yours but not in the post to the mailing list. -- You are receiving this mail because:

[Bug 3548] Upgrading from openssl-3.0.8 to openssl-3.1.0 leads to version mismatch error

https://bugzilla.mindrot.org/show_bug.cgi?id=3548 Damien Miller changed: What|Removed |Added Attachment #3685||ok- Flags|

[Bug 3548] Upgrading from openssl-3.0.8 to openssl-3.1.0 leads to version mismatch error

https://bugzilla.mindrot.org/show_bug.cgi?id=3548 --- Comment #9 from Sam James --- See also https://marc.info/?l=openssh-unix-dev&m=168348988530204&w=2. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___

[Bug 3569] Semi-interactive sftp batch mode

https://bugzilla.mindrot.org/show_bug.cgi?id=3569 Alex Smith changed: What|Removed |Added Attachment #3697|Adds a command to execute |3) Adds a command to description|comm

[Bug 3569] Semi-interactive sftp batch mode

https://bugzilla.mindrot.org/show_bug.cgi?id=3569 Alex Smith changed: What|Removed |Added Attachment #3696|Adds an option to enter |2) Adds an option to enter descriptio

[Bug 3569] Semi-interactive sftp batch mode

https://bugzilla.mindrot.org/show_bug.cgi?id=3569 Alex Smith changed: What|Removed |Added Attachment #3695|Adds an option to allow |1) Adds an option to allow descriptio

[Bug 3569] Semi-interactive sftp batch mode

https://bugzilla.mindrot.org/show_bug.cgi?id=3569 --- Comment #2 from Alex Smith --- Created attachment 3697 --> https://bugzilla.mindrot.org/attachment.cgi?id=3697&action=edit Adds a command to execute commands from a local file -- You are receiving this mail because: You are watching the as

[Bug 3569] Semi-interactive sftp batch mode

https://bugzilla.mindrot.org/show_bug.cgi?id=3569 --- Comment #1 from Alex Smith --- Created attachment 3696 --> https://bugzilla.mindrot.org/attachment.cgi?id=3696&action=edit Adds an option to enter interactive mode after a batch or single transfer -- You are receiving this mail because: Yo

[Bug 3569] New: Semi-interactive sftp batch mode

https://bugzilla.mindrot.org/show_bug.cgi?id=3569 Bug ID: 3569 Summary: Semi-interactive sftp batch mode Product: Portable OpenSSH Version: 9.3p1 Hardware: All OS: All Status: NEW Severity: enhancement

[Bug 3568] ctrl-c causes ssh connection to drop

https://bugzilla.mindrot.org/show_bug.cgi?id=3568 --- Comment #3 from Blake D --- (In reply to Blake D from comment #2) > I can't say WHERE the problem is - that's why I'm alerting both > teams. I also posted https://github.com/PowerShell/Win32-OpenSSH/discussions/2064 -- You are receiving thi

[Bug 3568] ctrl-c causes ssh connection to drop

https://bugzilla.mindrot.org/show_bug.cgi?id=3568 --- Comment #2 from Blake D --- I can't say WHERE the problem is - that's why I'm alerting both teams. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.

[Bug 3568] ctrl-c causes ssh connection to drop

https://bugzilla.mindrot.org/show_bug.cgi?id=3568 Darren Tucker changed: What|Removed |Added CC||dtuc...@dtucker.net --- Comment #1 from D

[Bug 3568] New: ctrl-c causes ssh connection to drop

https://bugzilla.mindrot.org/show_bug.cgi?id=3568 Bug ID: 3568 Summary: ctrl-c causes ssh connection to drop Product: Portable OpenSSH Version: 9.3p1 Hardware: Other OS: Windows 10 Status: NEW Severity: no

[Bug 3567] CanonicalizeHostname yes doesn't canonicalize the Hostname with ProxyJump none

https://bugzilla.mindrot.org/show_bug.cgi?id=3567 Damien Miller changed: What|Removed |Added Status|NEW |RESOLVED Resolution|---

[Bug 3567] CanonicalizeHostname yes doesn't canonicalize the Hostname with ProxyJump none

https://bugzilla.mindrot.org/show_bug.cgi?id=3567 Darren Tucker changed: What|Removed |Added Attachment #3694|ok?(dtuc...@dtucker.net)|ok+ Flags|

[Bug 3561] Open SSH does not support 1-byte structure packing on non-windows systems for PKCS11

https://bugzilla.mindrot.org/show_bug.cgi?id=3561 Damien Miller changed: What|Removed |Added Status|NEW |RESOLVED Resolution|---

[Bug 3567] CanonicalizeHostname yes doesn't canonicalize the Hostname with ProxyJump none

https://bugzilla.mindrot.org/show_bug.cgi?id=3567 Damien Miller changed: What|Removed |Added Attachment #3693|ok?(dtuc...@dtucker.net)| Flags|

[Bug 3567] CanonicalizeHostname yes doesn't canonicalize the Hostname with ProxyJump none

https://bugzilla.mindrot.org/show_bug.cgi?id=3567 Damien Miller changed: What|Removed |Added Assignee|unassigned-b...@mindrot.org |d...@mindrot.org CC|

[Bug 3567] New: CanonicalizeHostname yes doesn't canonicalize the Hostname with ProxyJump none

https://bugzilla.mindrot.org/show_bug.cgi?id=3567 Bug ID: 3567 Summary: CanonicalizeHostname yes doesn't canonicalize the Hostname with ProxyJump none Product: Portable OpenSSH Version: 9.3p1 Hardware: All O

[Bug 3561] Open SSH does not support 1-byte structure packing on non-windows systems for PKCS11

https://bugzilla.mindrot.org/show_bug.cgi?id=3561 --- Comment #5 from RickyDoug --- I totally agree with you that there are few, if any that even build-time support it and none that release binaries packed, at least that I have found. The real issue is someone copied a header file without packi

[Bug 3566] New: Password expiry warning is printed multiple times when UsePAM is set to yes

https://bugzilla.mindrot.org/show_bug.cgi?id=3566 Bug ID: 3566 Summary: Password expiry warning is printed multiple times when UsePAM is set to yes Product: Portable OpenSSH Version: 8.8p1 Hardware: All OS:

[Bug 3565] keygen do_download_sk() incorrect return value

https://bugzilla.mindrot.org/show_bug.cgi?id=3565 --- Comment #2 from Markus Schmidt --- I'm embarrased and sorry that this happened (this was a major SNAFU on my side that led to seeing this in old code). Sorry for the time wasted on your side, I'll be more careful next time. -- You are rece

[Bug 3564] When downloading sk keys from a fido token, applications with multiple keys overwrite each other

https://bugzilla.mindrot.org/show_bug.cgi?id=3564 Damien Miller changed: What|Removed |Added Resolution|--- |FIXED Status|NEW

[Bug 3565] keygen do_download_sk() incorrect return value

https://bugzilla.mindrot.org/show_bug.cgi?id=3565 Damien Miller changed: What|Removed |Added Status|NEW |RESOLVED CC|

[Bug 3565] New: keygen do_download_sk() incorrect return value

https://bugzilla.mindrot.org/show_bug.cgi?id=3565 Bug ID: 3565 Summary: keygen do_download_sk() incorrect return value Product: Portable OpenSSH Version: 8.5p1 Hardware: Other OS: Windows 10 Status: NEW Se

[Bug 3564] New: When downloading sk keys from a fido token, applications with multiple keys overwrite each other

https://bugzilla.mindrot.org/show_bug.cgi?id=3564 Bug ID: 3564 Summary: When downloading sk keys from a fido token, applications with multiple keys overwrite each other Product: Portable OpenSSH Version: 8.5p1 Hardware: Oth

[Bug 3563] New: Connection terminated just after authentication successful when SFTP Server running inside Azure.

https://bugzilla.mindrot.org/show_bug.cgi?id=3563 Bug ID: 3563 Summary: Connection terminated just after authentication successful when SFTP Server running inside Azure. Product: Portable OpenSSH Version: 8.4p1 Hardware: Ot

[Bug 3561] Open SSH does not support 1-byte structure packing on non-windows systems for PKCS11

https://bugzilla.mindrot.org/show_bug.cgi?id=3561 --- Comment #4 from Damien Miller --- The spec might say use 1-byte packing, but I can't find a Unix/Linux implementation that actually does this. OpenSC doesn't: https://github.com/OpenSC/libp11/blob/master/src/pkcs11.h WolfSSL doesn't: https:/

[Bug 3561] Open SSH does not support 1-byte structure packing on non-windows systems for PKCS11

https://bugzilla.mindrot.org/show_bug.cgi?id=3561 --- Comment #3 from RickyDoug --- My apologies. Please ignore the reference to CK_ULONG...that is another issue. Perhaps a re-state is in order: The PKCS11 specification is very clear on byte packing (1 byte), but openssh does not even attempt to

[Bug 3562] New: make SSH_ASKPASS and SSH_ASKPASS_REQUIRE available as config options

https://bugzilla.mindrot.org/show_bug.cgi?id=3562 Bug ID: 3562 Summary: make SSH_ASKPASS and SSH_ASKPASS_REQUIRE available as config options Product: Portable OpenSSH Version: 9.3p1 Hardware: Other OS: All

[Bug 3439] identify password prompts

https://bugzilla.mindrot.org/show_bug.cgi?id=3439 --- Comment #4 from tar.ancalime.nume...@gmail.com --- Hey Darren. Just one question on this: In both cases, the prompt with password and the prefix with keyboard-interactive, are these generated by the ssh client? Cause if e.g. the server could

[Bug 3438] env var that is SetEnv'ed multiple times in the same SetEnv directive, is sent/printed several times

https://bugzilla.mindrot.org/show_bug.cgi?id=3438 --- Comment #3 from Christoph Anton Mitterer --- Shall I provide a patch that adds a line like: "If the same variable is give multiple times, only it's first occurrence is considered." to SetEnv / SendEnv? However, for SendEnv it would be intere

[Bug 3449] LocalForward doesn't support ~/path syntax for UNIX sockets

https://bugzilla.mindrot.org/show_bug.cgi?id=3449 --- Comment #3 from Christoph Anton Mitterer --- Thinking of it again: A ~ in the remote path would IMO *only* make sense to be expanded in the remote context (or not at all, if that's not possible). Cause the remote path if course to be taken w

[Bug 3456] provide a way to have forwardings killed, when the remote command/shell finishes

https://bugzilla.mindrot.org/show_bug.cgi?id=3456 --- Comment #6 from Christoph Anton Mitterer --- Thanks Daimen... but still not particularly "user-friendly" in the sense that one still has to write a special command (2x ssh with special options) and cannot simply "ssh host" as usual. Wouldn't

[Bug 3561] Open SSH does not support 1-byte structure packing on non-windows systems for PKCS11

https://bugzilla.mindrot.org/show_bug.cgi?id=3561 Damien Miller changed: What|Removed |Added CC||d...@mindrot.org --- Comment #2 from Dami

[Bug 3561] Open SSH does not support 1-byte structure packing on non-windows systems for PKCS11

https://bugzilla.mindrot.org/show_bug.cgi?id=3561 --- Comment #1 from RickyDoug --- This is actually a confused report, mixing two different issues. One is the lack of byte packing. The second is depending on the compiler to set the size of CK_ULONG instead of using stdint.h to specifically set t

[Bug 3561] New: Open SSH does not support 1-byte structure packing on non-windows systems for PKCS11

https://bugzilla.mindrot.org/show_bug.cgi?id=3561 Bug ID: 3561 Summary: Open SSH does not support 1-byte structure packing on non-windows systems for PKCS11 Product: Portable OpenSSH Version: 9.3p1 Hardware: Other

[Bug 3559] Mini memory leak and needless(?) const/static qualifier.

https://bugzilla.mindrot.org/show_bug.cgi?id=3559 --- Comment #2 from Markus Schmidt --- On further thought, the function could be abandoned alltogether and the two callers could simply call pkalgs = match_filter_allowlist(KEX_DEFAULT_PK_ALG, all_key); themselves and free the result. -- Yo

[Bug 3560] Memory leak in channels.c

https://bugzilla.mindrot.org/show_bug.cgi?id=3560 Markus Schmidt changed: What|Removed |Added Severity|enhancement |trivial --- Comment #1 from Markus Schmi

[Bug 3559] Mini memory leak and needless(?) const/static qualifier.

https://bugzilla.mindrot.org/show_bug.cgi?id=3559 Markus Schmidt changed: What|Removed |Added Severity|enhancement |trivial --- Comment #1 from Markus Schmi

[Bug 3560] New: Memory leak in channels.c

https://bugzilla.mindrot.org/show_bug.cgi?id=3560 Bug ID: 3560 Summary: Memory leak in channels.c Product: Portable OpenSSH Version: 8.5p1 Hardware: Other OS: All Status: NEW Severity: enhancement

[Bug 3559] New: Mini memory leak and needless(?) const/static qualifier.

https://bugzilla.mindrot.org/show_bug.cgi?id=3559 Bug ID: 3559 Summary: Mini memory leak and needless(?) const/static qualifier. Product: Portable OpenSSH Version: 8.5p1 Hardware: Other OS: All S

[Bug 3558] Spelling "yes" as "Yes" in sshd_config has a fatal result

https://bugzilla.mindrot.org/show_bug.cgi?id=3558 --- Comment #12 from Darren Tucker --- (In reply to Damien Miller from comment #11) > Maybe we could provide a "visudo" like tool to wrap config editing > in sshd -T? I like that even less than leaving it as is. -- You are receiving this mail b

[Bug 3558] Spelling "yes" as "Yes" in sshd_config has a fatal result

https://bugzilla.mindrot.org/show_bug.cgi?id=3558 --- Comment #11 from Damien Miller --- Sure, but the current behaviour has the benefit of being obvious and we do provide hooks to verify the config before reloading. Maybe we could provide a "visudo" like tool to wrap config editing in sshd -T?

[Bug 3558] Spelling "yes" as "Yes" in sshd_config has a fatal result

https://bugzilla.mindrot.org/show_bug.cgi?id=3558 --- Comment #10 from Darren Tucker --- The message doesn't go to the user sending the SIGHUP now (unless you're arguing "when it stops working they'll eventually get the message"). -- You are receiving this mail because: You are watching the ass

[Bug 3558] Spelling "yes" as "Yes" in sshd_config has a fatal result

https://bugzilla.mindrot.org/show_bug.cgi?id=3558 --- Comment #9 from Damien Miller --- I don't like this because the message doesn't (can't) go to the user sending the SIGHUP, only the system log. So if the intended config change was really important (e.g. one with security consequences) but con

[Bug 3558] Spelling "yes" as "Yes" in sshd_config has a fatal result

https://bugzilla.mindrot.org/show_bug.cgi?id=3558 Darren Tucker changed: What|Removed |Added Attachment #3689||ok?(d...@mindrot.org) Flags|

[Bug 3558] Spelling "yes" as "Yes" in sshd_config has a fatal result

https://bugzilla.mindrot.org/show_bug.cgi?id=3558 Jim Knoble changed: What|Removed |Added CC||jmkno...@pobox.com --- Comment #7 from Jim K

[Bug 3558] Spelling "yes" as "Yes" in sshd_config has a fatal result

https://bugzilla.mindrot.org/show_bug.cgi?id=3558 Damien Miller changed: What|Removed |Added CC||d...@mindrot.org --- Comment #6 from Dami

[Bug 3558] Spelling "yes" as "Yes" in sshd_config has a fatal result

https://bugzilla.mindrot.org/show_bug.cgi?id=3558 --- Comment #5 from Darren Tucker --- Left to its own devices, sshd will leave existing connections up when sshd is restarted, including in the case where the restart fails. If your active connection was terminated on a failed restart that's prob

[Bug 3558] Spelling "yes" as "Yes" in sshd_config has a fatal result

https://bugzilla.mindrot.org/show_bug.cgi?id=3558 --- Comment #4 from Ulrich Windl --- May the issue is a systemd one: From the past I know you can restart sshd without loosing your connection. Maybe (I didn't verify) systemd kills all sshd processes if the main process died. If so, the solution

[Bug 3558] Spelling "yes" as "Yes" in sshd_config has a fatal result

https://bugzilla.mindrot.org/show_bug.cgi?id=3558 --- Comment #3 from Darren Tucker --- The config is either valid or isn't. Even if we did make it accept increasingly vague directives there will still be invalid configs. Many SysV-style init scripts checked the config before committing to a re

[Bug 3558] Spelling "yes" as "Yes" in sshd_config has a fatal result

https://bugzilla.mindrot.org/show_bug.cgi?id=3558 Dmitry Belyavskiy changed: What|Removed |Added CC||dbely...@redhat.com --- Comment #2 fr

[Bug 3558] Spelling "yes" as "Yes" in sshd_config has a fatal result

https://bugzilla.mindrot.org/show_bug.cgi?id=3558 Darren Tucker changed: What|Removed |Added CC||dtuc...@dtucker.net --- Comment #1 from D

[Bug 3558] New: Spelling "yes" as "Yes" in sshd_config has a fatal result

https://bugzilla.mindrot.org/show_bug.cgi?id=3558 Bug ID: 3558 Summary: Spelling "yes" as "Yes" in sshd_config has a fatal result Product: Portable OpenSSH Version: 7.2p2 Hardware: All OS: Linux

[Bug 3557] New: Multiple files force undocumented remote directory creation

https://bugzilla.mindrot.org/show_bug.cgi?id=3557 Bug ID: 3557 Summary: Multiple files force undocumented remote directory creation Product: Portable OpenSSH Version: 9.3p1 Hardware: Other OS: Linux

[Bug 3556] New: Document scp version command

https://bugzilla.mindrot.org/show_bug.cgi?id=3556 Bug ID: 3556 Summary: Document scp version command Product: Portable OpenSSH Version: 9.3p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement

[Bug 3555] ForwardAgent doesn't work under Match canonical

https://bugzilla.mindrot.org/show_bug.cgi?id=3555 Damien Miller changed: What|Removed |Added Resolution|--- |WORKSFORME Status|NEW

[Bug 3555] New: ForwardAgent doesn't work under Match canonical

https://bugzilla.mindrot.org/show_bug.cgi?id=3555 Bug ID: 3555 Summary: ForwardAgent doesn't work under Match canonical Product: Portable OpenSSH Version: 8.4p1 Hardware: amd64 OS: Linux Status: NEW Severi

[Bug 3554] Build failure using --without-openssl

https://bugzilla.mindrot.org/show_bug.cgi?id=3554 --- Comment #3 from Bernard Spil --- Sorry for the noise. Should've checked before reporting. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _

[Bug 3527] ssh-copy-id broken for dropbear

https://bugzilla.mindrot.org/show_bug.cgi?id=3527 Alexander Dahl changed: What|Removed |Added CC||p...@lespocky.de --- Comment #4 from Ale

[Bug 3554] Build failure using --without-openssl

https://bugzilla.mindrot.org/show_bug.cgi?id=3554 Darren Tucker changed: What|Removed |Added Status|NEW |RESOLVED Resolution|---

[Bug 3554] Build failure using --without-openssl

https://bugzilla.mindrot.org/show_bug.cgi?id=3554 --- Comment #1 from Bernard Spil --- Created attachment 3688 --> https://bugzilla.mindrot.org/attachment.cgi?id=3688&action=edit diff for openbsd-compat/bsd-getentropy.c Patch fixes the build error on my systems -- You are receiving this mail

[Bug 3554] New: Build failure using --without-openssl

https://bugzilla.mindrot.org/show_bug.cgi?id=3554 Bug ID: 3554 Summary: Build failure using --without-openssl Product: Portable OpenSSH Version: 9.2p1 Hardware: All OS: FreeBSD Status: NEW Severity: minor

<    8   9   10   11   12   13   14   15   16   17   >