Your message dated Mon, 14 Nov 2022 17:12:33 +0000
with message-id <>
and subject line Bug#197037: fixed in openssh 1:9.1p1-1
has caused the Debian Bug report #197037,
regarding please remove rlogin/rsh/rcp alternatives
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact

Debian Bug Tracking System
Contact with problems
--- Begin Message ---
Package: ssh
Version: 1:3.6.1p2-2
Severity: wishlist


The ssh provides commands for rlogin, rsh and rcp handled via the
/etc/alternatives system. This usually has undesirable results
because slogin, ssh and scp are not compatible replacements for
rlogin/rsh/rcp. ssh is argueably better, but not a replacement.
eg: if a server is running rlogind, you don't be able to connect to
it using slogin.

this brings much confusion to ssh users that occasionaly need to
connect to an rlogind server and find the error:

$ rlogin foo
ssh: connect to host foo port 22: Connection refused

-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux aragorn 2.2.22 #1 dl nov 25 21:59:43 CET 2002 i686
Locale: LANG=ca_ES.ISO-8859-1, LC_CTYPE=ca_ES.ISO-8859-1

Versions of packages ssh depends on:
ii  adduser                     3.50         Add and remove users and groups
ii  debconf                     1.2.35       Debian configuration management sy
ii  libc6                       2.3.1-17     GNU C Library: Shared libraries an
ii  libpam-modules              0.76-10      Pluggable Authentication Modules f
ii  libpam0g                    0.76-10      Pluggable Authentication Modules l
ii  libssl0.9.7                 0.9.7b-2     SSL shared libraries
ii  libwrap0                    7.6-ipv6.1-3 Wietse Venema's TCP wrappers libra
ii  zlib1g                      1:1.1.4-11   compression library - runtime

-- debconf information excluded

--- End Message ---
--- Begin Message ---
Source: openssh
Source-Version: 1:9.1p1-1
Done: Colin Watson <>

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
Colin Watson <> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing

Hash: SHA256

Format: 1.8
Date: Mon, 14 Nov 2022 16:25:45 +0000
Source: openssh
Architecture: source
Version: 1:9.1p1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSH Maintainers <>
Changed-By: Colin Watson <>
Closes: 197037 1016340 1021585
 openssh (1:9.1p1-1) unstable; urgency=medium
   [ Markus Teich ]
   * Delete obsolete upstart configuration override.
   [ Colin Watson ]
   * Work around apparent dh-exec regressions (closes: #1016340).
   * Don't install unnecessary *.lo files in openssh-tests.
   * Update Lintian overrides to current syntax.
   * Pass on compiler/linker flags when building debian/keygen-test.
   * Remove obsolete and misleading rcp/rlogin/rsh alternatives, and stop
     providing rsh-client (closes: #197037).
   * Add sshd_config checksums for 1:8.2p1-1 and 1:8.7p1-1 to ucf reference
   * New upstream release (,
     closes: #1021585):
     - ssh-keyscan(1): fix a one-byte overflow in SSH- banner processing.
     - ssh-keygen(1): double free() in error path of file hashing step in
       signing/verify code.
     - ssh-keysign(8): double-free in error path introduced in openssh-8.9.
     - ssh(1), sshd(8): SetEnv directives in ssh_config and sshd_config are
       now first-match-wins to match other directives. Previously if an
       environment variable was multiply specified the last set value would
       have been used.
     - ssh-keygen(8): ssh-keygen -A (generate all default host key types)
       will no longer generate DSA keys, as these are insecure and have not
       been used by default for some years.
     - ssh(1), sshd(8): add a RequiredRSASize directive to set a minimum RSA
       key length. Keys below this length will be ignored for user
       authentication and for host authentication in sshd(8). ssh(1) will
       terminate a connection if the server offers an RSA key that falls
       below this limit, as the SSH protocol does not include the ability to
       retry a failed key exchange.
     - sftp-server(8): add a "" extension
       request that allows the client to obtain user/group names that
       correspond to a set of uids/gids.
     - sftp(1): use "" sftp-server extension
       (when available) to fill in user/group names for directory listings.
     - sftp-server(8): support the "home-directory" extension request defined
       in draft-ietf-secsh-filexfer-extensions-00. This overlaps a bit with
       the existing "", but some other clients support
     - ssh-keygen(1), sshd(8): allow certificate validity intervals, sshsig
       verification times and authorized_keys expiry-time options to accept
       dates in the UTC time zone in addition to the default of interpreting
       them in the system time zone. YYYYMMDD and YYMMDDHHMM[SS] dates/times
       will be interpreted as UTC if suffixed with a 'Z' character. Also
       allow certificate validity intervals to be specified in raw
       seconds-since-epoch as hex value, e.g. -V 0x1234:0x4567890. This is
       intended for use by regress tests and other tools that call ssh-keygen
       as part of a CA workflow.
     - sftp(1): allow arguments to the sftp -D option, e.g. sftp -D
       "/usr/libexec/sftp-server -el debug3".
     - ssh-keygen(1): allow the existing -U (use agent) flag to work with "-Y
       sign" operations, where it will be interpreted to require that the
       private keys is hosted in an agent.
     - ssh-keygen(1): implement the "verify-required" certificate option.
       This was already documented when support for user-verified FIDO keys
       was added, but the ssh-keygen(1) code was missing.
     - ssh-agent(1): hook up the restrict_websafe command-line flag;
       previously the flag was accepted but never actually used.
     - sftp(1): improve filename tab completions: never try to complete names
       to non-existent commands, and better match the completion type (local
       or remote filename) against the argument position being completed.
     - ssh-keygen(1), ssh(1), ssh-agent(1): several fixes to FIDO key
       handling, especially relating to keys that request user-verification.
       These should reduce the number of unnecessary PIN prompts for keys
       that support intrinsic user verification.
     - ssh-keygen(1): when enrolling a FIDO resident key, check if a
       credential with matching application and user ID strings already
       exists and, if so, prompt the user for confirmation before overwriting
       the credential.
     - sshd(8): improve logging of errors when opening authorized_keys files.
     - ssh(1): avoid multiplexing operations that could cause SIGPIPE from
       causing the client to exit early.
     - ssh_config(5), sshd_config(5): clarify that the RekeyLimit directive
       applies to both transmitted and received data.
     - ssh-keygen(1): avoid double fclose() in error path.
     - sshd(8): log an error if pipe() fails while accepting a connection.
     - ssh-keyscan(1): add missing *-sk types to ssh-keyscan manpage.
     - sshd(8): ensure that authentication passwords are cleared from memory
       in error paths.
     - ssh(1), ssh-agent(1): avoid possibility of notifier code executing
     - ssh_config(5): note that the ProxyJump directive also accepts the same
       tokens as ProxyCommand.
     - scp(1): do not ftruncate(3) files early when in sftp mode. The
       previous behaviour of unconditionally truncating the destination file
       would cause "scp ~/foo localhost:foo" and the reverse "scp
       localhost:foo ~/foo" to delete all the contents of their destination.
     - ssh-keygen(1): improve error message when 'ssh-keygen -Y sign' is
       unable to load a private key.
     - sftp(1), scp(1): when performing operations that glob(3) a remote
       path, ensure that the implicit working directory used to construct
       that path escapes glob(3) characters. This prevents glob characters
       from being processed in places they shouldn't, e.g. "cd /tmp/a*/",
       "get *.txt" should have the get operation treat the path "/tmp/a*"
       literally and not attempt to expand it (LP: #1483751).
     - ssh(1), sshd(8): be stricter in which characters will be accepted in
       specifying a mask length; allow only 0-9.
     - ssh-keygen(1): avoid printing hash algorithm twice when dumping a KRL.
     - ssh(1), sshd(8): continue running local I/O for open channels during
       SSH transport rekeying. This should make ~-escapes work in the client
       (e.g. to exit) if the connection happened to have stalled during a
       rekey event.
     - ssh(1), sshd(8): avoid potential poll() spin during rekeying.
     - Further hardening for sshbuf internals: disallow "reparenting" a
       hierarchical sshbuf and zero the entire buffer if reallocation fails.
     - sshd(8): add AUDIT_ARCH_PPC to supported seccomp sandbox
   * Drop patch to work around,
     since the fix for that is in Debian testing.
   * Rewrite gnome-ssh-askpass(1) manual page using mdoc macros, and flesh it
     out a bit more.
   [ Steve Langasek ]
   * Support systemd socket activation.  Migrate any existing inetd-style
     socket activation to systemd socket activation.
   [ Gioele Barabucci ]
   * Remove ancient version constraints.
   * d/openssh-server.{postinst,config}: get_config_option: Replace perl with
 3d09519333c37fc37e447ab2211f880099db487a 3311 openssh_9.1p1-1.dsc
 15545440268967511d3194ebf20bcd0c7ff3fcc9 1838747 openssh_9.1p1.orig.tar.gz
 739873beca6afe4163d79a2168dbe7d313dbce39 833 openssh_9.1p1.orig.tar.gz.asc
 e04988d8ebc3e51dd57438359123cfaec4ebb505 179584 openssh_9.1p1-1.debian.tar.xz
 66cecc01833154ecc84909a16b947e66b800935b58d33c11c45fe84a3026e8af 3311 
 19f85009c7e3e23787f0236fbb1578392ab4d4bf9f8ec5fe6bc1cd7e8bfdd288 1838747 
 abac4673e0862604ab1f69a4597d191940c0cf58679dc5fc81fbdbd8b28ca267 833 
 a6ffc0939c91d636ef4fe6514295de63ac57280a1c2fd207e9914c5618648d0d 179584 
 8bdfe7169b837f30f4a27d44e9bc6086 3311 net standard openssh_9.1p1-1.dsc
 471912038124285c96918882ee190a22 1838747 net standard openssh_9.1p1.orig.tar.gz
 e7e81a9eb2de83e00509ad97aa71f36c 833 net standard openssh_9.1p1.orig.tar.gz.asc
 092d3782dab1f39ef4b668a263b70e48 179584 net standard 



--- End Message ---

Reply via email to