Processed: tagging 809695
Processing commands for cont...@bugs.debian.org: > tags 809695 + pending Bug #809695 [openssh-server] openssh-server: Setting PermitRootLogin without-password disables GSSAPI Auth Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 809695: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809695 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#809035: ssh.service notification warning in syslog
Processing control commands: > tag -1 pending Bug #809035 [openssh-server] ssh.service notification warning in syslog Added tag(s) pending. -- 809035: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809035 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#809035: ssh.service notification warning in syslog
Control: tag -1 pending On Sun, Dec 27, 2015 at 04:00:50PM +0100, Michael Biebl wrote: > Am 26.12.2015 um 17:27 schrieb Colin Watson: > > Michael, this looks like a regression from your readiness notification > > changes that I applied recently. Please could you have a look? > > Attached is a patch on top of the existing one, which fixes the issue by > running the sd_notify() call only in the main process and not the > spawned off children. > It moves it right next to the existing SIGSTOP readiness-signal. > From 60aab01587f4974261882b7c4066750f34522ea4 Mon Sep 17 00:00:00 2001 > From: Michael Biebl> Date: Sun, 27 Dec 2015 15:58:03 +0100 > Subject: [PATCH] Call sd_notify() only for the main process > > Move the sd_notify() call next to the existing SIGSTOP readiness > notification so it is only run in the main process and not for the > spawned off children. It's not actually due to per-login child processes, which come rather later; the true reason is that when sshd is re-execed it sets inetd_flag. But your patch does the job either way and I'll just merge it into your previous patch. Thanks, -- Colin Watson [cjwat...@debian.org]
Processing of openssh_7.1p1-6_source.changes
openssh_7.1p1-6_source.changes uploaded successfully to localhost along with the files: openssh_7.1p1-6.dsc openssh_7.1p1-6.debian.tar.xz Greetings, Your Debian queue daemon (running on host franck.debian.org)
Accepted openssh 1:7.1p1-6 (source) into unstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 04 Jan 2016 15:09:10 + Source: openssh Binary: openssh-client openssh-client-ssh1 openssh-server openssh-sftp-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb Architecture: source Version: 1:7.1p1-6 Distribution: unstable Urgency: medium Maintainer: Debian OpenSSH MaintainersChanged-By: Colin Watson Description: openssh-client - secure shell (SSH) client, for secure access to remote machines openssh-client-ssh1 - secure shell (SSH) client for legacy SSH1 protocol openssh-client-udeb - secure shell client for the Debian installer (udeb) openssh-server - secure shell (SSH) server, for secure access from remote machines openssh-server-udeb - secure shell server for the Debian installer (udeb) openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot ssh- secure shell client and server (metapackage) ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad ssh-krb5 - secure shell client and server (transitional package) Closes: 809035 809695 809696 Changes: openssh (1:7.1p1-6) unstable; urgency=medium . [ Colin Watson ] * Remove explicit "XS-Testsuite: autopkgtest" from debian/control; dpkg-source now figures that out automatically based on the existence of debian/tests/control. * Allow authenticating as root using gssapi-keyex even with "PermitRootLogin prohibit-password" (closes: #809695). * Shuffle PROPOSAL_KEX_ALGS mangling for GSSAPI key exchange a little later in ssh_kex2 so that it's actually effective (closes: #809696). . [ Michael Biebl ] * Don't call sd_notify when sshd is re-execed (closes: #809035). Checksums-Sha1: 254c98fc4fa99eb2b7ba7eb39e1c70def48aa70c 2835 openssh_7.1p1-6.dsc f6a86ead13a5535f4e0ef3c2f46c85ef1422b6eb 148788 openssh_7.1p1-6.debian.tar.xz Checksums-Sha256: 3300bb7d57d1744b29c36ac1095d81fe345ef388d4e4447a3e4719fe31a054cf 2835 openssh_7.1p1-6.dsc 31239f540911a21d337f72e40a88ef81c5bf1a49aed54a3806b98148281f2be5 148788 openssh_7.1p1-6.debian.tar.xz Files: 2e76218f302f8e24a9857b8d83b80fcc 2835 net standard openssh_7.1p1-6.dsc db7e7b7194e09f4ff7a462303eb14b71 148788 net standard openssh_7.1p1-6.debian.tar.xz -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: Colin Watson -- Debian developer iQIVAwUBVoqNLDk1h9l9hlALAQhaxA/+JaIByj9CmnWVHs5XYkWXxijYzKih2FbR f/bMbwkavHx2mV+FimFM9tYm7M8OHUG/W3XtFQyB4SuQl8EMHagbqzzH0BAmG6nK snZy6MEoqL1/MkysYNxwLfB09C9Xo+uw6nPsF8wHHaRybOtfpDXCNkZrgrfC4Rc3 4VFXeqlNP0TqXusEt1GDNhDz+wHJ4hz36OM76qQuE836MqYfR8bV1nu7Z2yGyK2f dNegixCuAGzKoIDmHgsQyzWa8xgn6w8cRZkfL1T2GxGPTfXnWoSsE0oVs15zVKn4 aZxtBePl7uW2WwSxztLuxMOZDZhjNUSGLK7qIvt64ojMcXtUcLlfYiKwkS1SDr/O 2/jYQIXIWvoWVah1OzVhzpcnYB1ibORMDFK8EJFQkT9Idb6ERvD2pQDKVjUZ7A+d 88M93xgKOhyDcAzzRi4baqzNtBmcOa121gUVsXg6m1uKYc8VrumZrZBKZtt9gTGy xGjp3ZD4r7j7/eM13R3k/AiLCac17LJdZ/MNHtvqHln63y5QTqamaRQykG+fPb1s D3N9tPtTgygMXv/JGbXMXFLmJEMeesr8reHY2y6/iq86qQ3CslbJy4yInAmZh4Jy T5QrnzRVu8vdBGpjTnmW1QLEccIUcuYo/axz6dPMOdYi2Mn2sbptBIs9g7FKxb9z UOiUowxk398= =McOD -END PGP SIGNATURE-
Bug#809696: marked as done (Regression: GSSAPIKeyExchange yes stops working after 6.9p1-3)
Your message dated Mon, 04 Jan 2016 16:23:50 + with message-idand subject line Bug#809696: fixed in openssh 1:7.1p1-6 has caused the Debian Bug report #809696, regarding Regression: GSSAPIKeyExchange yes stops working after 6.9p1-3 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 809696: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809696 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: openssh-client Version: 1:6.9p1-3 Severity: important Dear Maintainers, The version 6.9p1-3 is the last one where GSSAPIKeyExchange can succeed, that is the version at http://snapshot.debian.org/archive/debian/20151202T154902Z/pool/main/o/openssh/openssh-client_6.9p1-3_amd64.deb All newer versions fail. What I expect to see is (ssh -vv foo@bar): ... debug1: Offering GSSAPI proposal: gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-gex-sha1-A/vxljAEU54gt9a48EiANQ==,gss-group1-sha1-A/vxljAEU54gt9a48EiANQ==,gss-group14-sha1-A/vxljAEU54gt9a48EiANQ==,gss-gex-sha1-bontcUwnM6aGfWCP21alxQ==,gss-group1-sha1-bontcUwnM6aGfWCP21alxQ==,gss-group14-sha1-bontcUwnM6aGfWCP21alxQ==,gss-gex-sha1-eipGX3TCiQSrx573bT1o1Q==,gss-group1-sha1-eipGX3TCiQSrx573bT1o1Q==,gss-group14-sha1-eipGX3TCiQSrx573bT1o1Q== debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-gex-sha1-A/vxljAEU54gt9a48EiANQ==,gss-group1-sha1-A/vxljAEU54gt9a48EiANQ==,gss-group14-sha1-A/vxljAEU54gt9a48EiANQ==,gss-gex-sha1-bontcUwnM6aGfWCP21alxQ==,gss-group1-sha1-bontcUwnM6aGfWCP21alxQ==,gss-group14-sha1-bontcUwnM6aGfWCP21alxQ==,gss-gex-sha1-eipGX3TCiQSrx573bT1o1Q==,gss-group1-sha1-eipGX3TCiQSrx573bT1o1Q==,gss-group14-sha1-eipGX3TCiQSrx573bT1o1Q==,curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-...@openssh.com,ecdsa-sha2-nistp384-cert-...@openssh.com,ecdsa-sha2-nistp521-cert-...@openssh.com,ssh-ed25519-cert-...@openssh.com,ssh-rsa-cert-...@openssh.com,ssh-dss-cert-...@openssh.com,ssh-rsa-cert-...@openssh.com,ssh-dss-cert-...@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa,ssh-dss,null debug2: kex_parse_kexinit: chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-...@lysator.liu.se debug2: kex_parse_kexinit: chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-...@lysator.liu.se debug2: kex_parse_kexinit: umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-...@openssh.com,hmac-ripemd160-...@openssh.com,hmac-sha1-96-...@openssh.com,hmac-md5-96-...@openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-...@openssh.com,hmac-ripemd160-...@openssh.com,hmac-sha1-96-...@openssh.com,hmac-md5-96-...@openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,z...@openssh.com,zlib debug2: kex_parse_kexinit: none,z...@openssh.com,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==,curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1 debug2: kex_parse_kexinit: ecdsa-sha2-nistp521,ssh-rsa debug2: kex_parse_kexinit:
Bug#809695: marked as done (openssh-server: Setting PermitRootLogin without-password disables GSSAPI Auth)
Your message dated Mon, 04 Jan 2016 16:23:50 + with message-idand subject line Bug#809695: fixed in openssh 1:7.1p1-6 has caused the Debian Bug report #809695, regarding openssh-server: Setting PermitRootLogin without-password disables GSSAPI Auth to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 809695: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809695 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: openssh-server Version: 1:7.1p1-5 Severity: important Dear Maintainer, Using ssh/SSAPI auth should work even if root login with password are disabled, however, it looks like the new 7.0 setting of "without-password" and prohibit-password inadvertently prevent GSSAPI auth to root, too. Please see http://lists.mindrot.org/pipermail/openssh-bugs/2015-September/015366.html for more details. Cheers, Juha -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.2.0-1-amd64 (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=UTF-8) (ignored: LC_ALL set to en_GB.UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages openssh-server depends on: ii adduser3.113+nmu3 ii debconf [debconf-2.0] 1.5.58 ii dpkg 1.18.3 ii init-system-helpers1.24 ii libaudit1 1:2.4.4-4 ii libc6 2.21-4 ii libcomerr2 1.42.13-1 ii libgssapi-krb5-2 1.13.2+dfsg-4 ii libkrb5-3 1.13.2+dfsg-4 ii libpam-modules 1.1.8-3.1 ii libpam-runtime 1.1.8-3.1 ii libpam0g 1.1.8-3.1 ii libselinux12.4-3 ii libssl1.0.21.0.2e-1 ii libsystemd0228-2 ii libwrap0 7.6.q-25 ii lsb-base 9.20150917 ii openssh-client 1:7.1p1-5 ii openssh-sftp-server1:7.1p1-5 ii procps 2:3.3.10-4+b1 ii zlib1g 1:1.2.8.dfsg-2+b1 Versions of packages openssh-server recommends: ii ncurses-term 6.0+20151024-2 ii xauth 1:1.0.9-1 Versions of packages openssh-server suggests: ii ksshaskpass [ssh-askpass] 4:5.4.3-1 ii kwalletcli [ssh-askpass] 2.12-5 pn molly-guard pn monkeysphere pn rssh pn ufw -- debconf information excluded --- End Message --- --- Begin Message --- Source: openssh Source-Version: 1:7.1p1-6 We believe that the bug you reported is fixed in the latest version of openssh, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 809...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Colin Watson (supplier of updated openssh package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 04 Jan 2016 15:09:10 + Source: openssh Binary: openssh-client openssh-client-ssh1 openssh-server openssh-sftp-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb Architecture: source Version: 1:7.1p1-6 Distribution: unstable Urgency: medium Maintainer: Debian OpenSSH Maintainers Changed-By: Colin Watson Description: openssh-client - secure shell (SSH) client, for secure access to remote machines openssh-client-ssh1 - secure shell (SSH) client for legacy SSH1 protocol openssh-client-udeb - secure shell client for the Debian installer (udeb) openssh-server - secure shell (SSH) server, for secure access from remote machines openssh-server-udeb - secure shell server for the Debian installer (udeb) openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot ssh- secure shell client and server (metapackage) ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad ssh-krb5 - secure shell client and server (transitional package) Closes: 809035 809695 809696 Changes: openssh (1:7.1p1-6) unstable; urgency=medium . [ Colin
Bug#809035: marked as done (ssh.service notification warning in syslog)
Your message dated Mon, 04 Jan 2016 16:23:50 + with message-idand subject line Bug#809035: fixed in openssh 1:7.1p1-6 has caused the Debian Bug report #809035, regarding ssh.service notification warning in syslog to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 809035: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809035 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: openssh-server Version: 1:7.1p1-5 Severity: minor I started to see the following messages in syslog recently: Dec 22 18:12:36 e systemd[1]: ssh.service: Got notification message from PID 6719, but reception only permitted for main PID 31374 Dec 22 18:32:55 e systemd[1]: ssh.service: Got notification message from PID 6783, but reception only permitted for main PID 31374 Is this an useless warning, or a real problem in the ssh service, or ...? --- End Message --- --- Begin Message --- Source: openssh Source-Version: 1:7.1p1-6 We believe that the bug you reported is fixed in the latest version of openssh, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 809...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Colin Watson (supplier of updated openssh package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 04 Jan 2016 15:09:10 + Source: openssh Binary: openssh-client openssh-client-ssh1 openssh-server openssh-sftp-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb Architecture: source Version: 1:7.1p1-6 Distribution: unstable Urgency: medium Maintainer: Debian OpenSSH Maintainers Changed-By: Colin Watson Description: openssh-client - secure shell (SSH) client, for secure access to remote machines openssh-client-ssh1 - secure shell (SSH) client for legacy SSH1 protocol openssh-client-udeb - secure shell client for the Debian installer (udeb) openssh-server - secure shell (SSH) server, for secure access from remote machines openssh-server-udeb - secure shell server for the Debian installer (udeb) openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot ssh- secure shell client and server (metapackage) ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad ssh-krb5 - secure shell client and server (transitional package) Closes: 809035 809695 809696 Changes: openssh (1:7.1p1-6) unstable; urgency=medium . [ Colin Watson ] * Remove explicit "XS-Testsuite: autopkgtest" from debian/control; dpkg-source now figures that out automatically based on the existence of debian/tests/control. * Allow authenticating as root using gssapi-keyex even with "PermitRootLogin prohibit-password" (closes: #809695). * Shuffle PROPOSAL_KEX_ALGS mangling for GSSAPI key exchange a little later in ssh_kex2 so that it's actually effective (closes: #809696). . [ Michael Biebl ] * Don't call sd_notify when sshd is re-execed (closes: #809035). Checksums-Sha1: 254c98fc4fa99eb2b7ba7eb39e1c70def48aa70c 2835 openssh_7.1p1-6.dsc f6a86ead13a5535f4e0ef3c2f46c85ef1422b6eb 148788 openssh_7.1p1-6.debian.tar.xz Checksums-Sha256: 3300bb7d57d1744b29c36ac1095d81fe345ef388d4e4447a3e4719fe31a054cf 2835 openssh_7.1p1-6.dsc 31239f540911a21d337f72e40a88ef81c5bf1a49aed54a3806b98148281f2be5 148788 openssh_7.1p1-6.debian.tar.xz Files: 2e76218f302f8e24a9857b8d83b80fcc 2835 net standard openssh_7.1p1-6.dsc db7e7b7194e09f4ff7a462303eb14b71 148788 net standard openssh_7.1p1-6.debian.tar.xz -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: Colin Watson -- Debian developer iQIVAwUBVoqNLDk1h9l9hlALAQhaxA/+JaIByj9CmnWVHs5XYkWXxijYzKih2FbR f/bMbwkavHx2mV+FimFM9tYm7M8OHUG/W3XtFQyB4SuQl8EMHagbqzzH0BAmG6nK snZy6MEoqL1/MkysYNxwLfB09C9Xo+uw6nPsF8wHHaRybOtfpDXCNkZrgrfC4Rc3 4VFXeqlNP0TqXusEt1GDNhDz+wHJ4hz36OM76qQuE836MqYfR8bV1nu7Z2yGyK2f dNegixCuAGzKoIDmHgsQyzWa8xgn6w8cRZkfL1T2GxGPTfXnWoSsE0oVs15zVKn4 aZxtBePl7uW2WwSxztLuxMOZDZhjNUSGLK7qIvt64ojMcXtUcLlfYiKwkS1SDr/O
openssh_7.1p1-6_source.changes ACCEPTED into unstable
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 04 Jan 2016 15:09:10 + Source: openssh Binary: openssh-client openssh-client-ssh1 openssh-server openssh-sftp-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb Architecture: source Version: 1:7.1p1-6 Distribution: unstable Urgency: medium Maintainer: Debian OpenSSH MaintainersChanged-By: Colin Watson Description: openssh-client - secure shell (SSH) client, for secure access to remote machines openssh-client-ssh1 - secure shell (SSH) client for legacy SSH1 protocol openssh-client-udeb - secure shell client for the Debian installer (udeb) openssh-server - secure shell (SSH) server, for secure access from remote machines openssh-server-udeb - secure shell server for the Debian installer (udeb) openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot ssh- secure shell client and server (metapackage) ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad ssh-krb5 - secure shell client and server (transitional package) Closes: 809035 809695 809696 Changes: openssh (1:7.1p1-6) unstable; urgency=medium . [ Colin Watson ] * Remove explicit "XS-Testsuite: autopkgtest" from debian/control; dpkg-source now figures that out automatically based on the existence of debian/tests/control. * Allow authenticating as root using gssapi-keyex even with "PermitRootLogin prohibit-password" (closes: #809695). * Shuffle PROPOSAL_KEX_ALGS mangling for GSSAPI key exchange a little later in ssh_kex2 so that it's actually effective (closes: #809696). . [ Michael Biebl ] * Don't call sd_notify when sshd is re-execed (closes: #809035). Checksums-Sha1: 254c98fc4fa99eb2b7ba7eb39e1c70def48aa70c 2835 openssh_7.1p1-6.dsc f6a86ead13a5535f4e0ef3c2f46c85ef1422b6eb 148788 openssh_7.1p1-6.debian.tar.xz Checksums-Sha256: 3300bb7d57d1744b29c36ac1095d81fe345ef388d4e4447a3e4719fe31a054cf 2835 openssh_7.1p1-6.dsc 31239f540911a21d337f72e40a88ef81c5bf1a49aed54a3806b98148281f2be5 148788 openssh_7.1p1-6.debian.tar.xz Files: 2e76218f302f8e24a9857b8d83b80fcc 2835 net standard openssh_7.1p1-6.dsc db7e7b7194e09f4ff7a462303eb14b71 148788 net standard openssh_7.1p1-6.debian.tar.xz -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: Colin Watson -- Debian developer iQIVAwUBVoqNLDk1h9l9hlALAQhaxA/+JaIByj9CmnWVHs5XYkWXxijYzKih2FbR f/bMbwkavHx2mV+FimFM9tYm7M8OHUG/W3XtFQyB4SuQl8EMHagbqzzH0BAmG6nK snZy6MEoqL1/MkysYNxwLfB09C9Xo+uw6nPsF8wHHaRybOtfpDXCNkZrgrfC4Rc3 4VFXeqlNP0TqXusEt1GDNhDz+wHJ4hz36OM76qQuE836MqYfR8bV1nu7Z2yGyK2f dNegixCuAGzKoIDmHgsQyzWa8xgn6w8cRZkfL1T2GxGPTfXnWoSsE0oVs15zVKn4 aZxtBePl7uW2WwSxztLuxMOZDZhjNUSGLK7qIvt64ojMcXtUcLlfYiKwkS1SDr/O 2/jYQIXIWvoWVah1OzVhzpcnYB1ibORMDFK8EJFQkT9Idb6ERvD2pQDKVjUZ7A+d 88M93xgKOhyDcAzzRi4baqzNtBmcOa121gUVsXg6m1uKYc8VrumZrZBKZtt9gTGy xGjp3ZD4r7j7/eM13R3k/AiLCac17LJdZ/MNHtvqHln63y5QTqamaRQykG+fPb1s D3N9tPtTgygMXv/JGbXMXFLmJEMeesr8reHY2y6/iq86qQ3CslbJy4yInAmZh4Jy T5QrnzRVu8vdBGpjTnmW1QLEccIUcuYo/axz6dPMOdYi2Mn2sbptBIs9g7FKxb9z UOiUowxk398= =McOD -END PGP SIGNATURE- Thank you for your contribution to Debian.