https://bugzilla.mindrot.org/show_bug.cgi?id=3161
Damien Miller changed:
What|Removed |Added
Resolution|--- |WORKSFORME
Status|NEW
https://bugzilla.mindrot.org/show_bug.cgi?id=3139
Damien Miller changed:
What|Removed |Added
CC||d...@mindrot.org
--- Comment #1 from Dami
https://bugzilla.mindrot.org/show_bug.cgi?id=3131
Damien Miller changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|---
https://bugzilla.mindrot.org/show_bug.cgi?id=3128
Damien Miller changed:
What|Removed |Added
CC||d...@mindrot.org
Status|NEW
https://bugzilla.mindrot.org/show_bug.cgi?id=3125
Damien Miller changed:
What|Removed |Added
Resolution|--- |FIXED
Status|NEW
https://bugzilla.mindrot.org/show_bug.cgi?id=3123
Damien Miller changed:
What|Removed |Added
CC||d...@mindrot.org
--- Comment #2 from Dami
https://bugzilla.mindrot.org/show_bug.cgi?id=3118
Damien Miller changed:
What|Removed |Added
CC||d...@mindrot.org
--- Comment #4 from Dami
https://bugzilla.mindrot.org/show_bug.cgi?id=3114
Damien Miller changed:
What|Removed |Added
CC||d...@mindrot.org
--- Comment #2 from Dami
https://bugzilla.mindrot.org/show_bug.cgi?id=3112
Damien Miller changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|---
https://bugzilla.mindrot.org/show_bug.cgi?id=3094
Damien Miller changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|---
https://bugzilla.mindrot.org/show_bug.cgi?id=3087
--- Comment #7 from Damien Miller ---
We'll be happy to reconsider this if/when there are published
cryptanalytic results against ed25519.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone
https://bugzilla.mindrot.org/show_bug.cgi?id=3087
Damien Miller changed:
What|Removed |Added
Status|REOPENED|RESOLVED
Resolution|---
https://bugzilla.mindrot.org/show_bug.cgi?id=3080
Damien Miller changed:
What|Removed |Added
Resolution|--- |FIXED
Status|REOPENED
https://bugzilla.mindrot.org/show_bug.cgi?id=3076
Damien Miller changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|---
https://bugzilla.mindrot.org/show_bug.cgi?id=3075
Damien Miller changed:
What|Removed |Added
Resolution|--- |WORKSFORME
Status|NEW
https://bugzilla.mindrot.org/show_bug.cgi?id=3270
Bug 3270 depends on bug 3069, which changed state.
Bug 3069 Summary: sftp issues with [ or ] in path name
https://bugzilla.mindrot.org/show_bug.cgi?id=3069
What|Removed |Added
https://bugzilla.mindrot.org/show_bug.cgi?id=3549
Bug 3549 depends on bug 3069, which changed state.
Bug 3069 Summary: sftp issues with [ or ] in path name
https://bugzilla.mindrot.org/show_bug.cgi?id=3069
What|Removed |Added
https://bugzilla.mindrot.org/show_bug.cgi?id=3069
Damien Miller changed:
What|Removed |Added
Resolution|--- |FIXED
Status|NEW
https://bugzilla.mindrot.org/show_bug.cgi?id=3067
Damien Miller changed:
What|Removed |Added
Resolution|--- |WORKSFORME
Status|NEW
https://bugzilla.mindrot.org/show_bug.cgi?id=3048
Damien Miller changed:
What|Removed |Added
CC||d...@mindrot.org
--- Comment #4 from Dami
https://bugzilla.mindrot.org/show_bug.cgi?id=3047
Damien Miller changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|---
https://bugzilla.mindrot.org/show_bug.cgi?id=3034
Damien Miller changed:
What|Removed |Added
CC||d...@mindrot.org
--- Comment #1 from Dami
https://bugzilla.mindrot.org/show_bug.cgi?id=3021
Damien Miller changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|---
https://bugzilla.mindrot.org/show_bug.cgi?id=3017
Damien Miller changed:
What|Removed |Added
Resolution|--- |WORKSFORME
Status|NEW
https://bugzilla.mindrot.org/show_bug.cgi?id=2989
Damien Miller changed:
What|Removed |Added
Resolution|--- |WORKSFORME
Status|NEW
https://bugzilla.mindrot.org/show_bug.cgi?id=2976
Damien Miller changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|---
https://bugzilla.mindrot.org/show_bug.cgi?id=2966
Damien Miller changed:
What|Removed |Added
Resolution|--- |FIXED
Status|NEW
https://bugzilla.mindrot.org/show_bug.cgi?id=2957
Damien Miller changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|---
https://bugzilla.mindrot.org/show_bug.cgi?id=2917
Damien Miller changed:
What|Removed |Added
Resolution|--- |FIXED
Status|NEW
https://bugzilla.mindrot.org/show_bug.cgi?id=2899
Damien Miller changed:
What|Removed |Added
CC||d...@mindrot.org
Status|NEW
https://bugzilla.mindrot.org/show_bug.cgi?id=2861
Damien Miller changed:
What|Removed |Added
Resolution|--- |WORKSFORME
Status|NEW
https://bugzilla.mindrot.org/show_bug.cgi?id=2856
--- Comment #5 from Damien Miller ---
Is this still broken? AFAIK we regularly run integration tests on
NetBSD and it they are working okay.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watc
https://bugzilla.mindrot.org/show_bug.cgi?id=2833
Damien Miller changed:
What|Removed |Added
CC||dtuc...@dtucker.net
Attachment #3740|
https://bugzilla.mindrot.org/show_bug.cgi?id=2830
Damien Miller changed:
What|Removed |Added
CC||d...@mindrot.org
--- Comment #3 from Dami
https://bugzilla.mindrot.org/show_bug.cgi?id=3613
--- Comment #6 from Damien Miller ---
(In reply to aim from comment #5)
> Oh yeah, I can see it already uses softhsm. Should be easy enough to
> port. I can try giving it a go if you like? Have you made any
> progress on the patch, is there anyth
https://bugzilla.mindrot.org/show_bug.cgi?id=3627
Darren Tucker changed:
What|Removed |Added
CC||dtuc...@dtucker.net
--- Comment #2 from D
https://bugzilla.mindrot.org/show_bug.cgi?id=3627
Damien Miller changed:
What|Removed |Added
CC||d...@mindrot.org
--- Comment #1 from Dami
https://bugzilla.mindrot.org/show_bug.cgi?id=3626
Damien Miller changed:
What|Removed |Added
Resolution|--- |INVALID
Status|NEW
https://bugzilla.mindrot.org/show_bug.cgi?id=3625
Damien Miller changed:
What|Removed |Added
CC||d...@mindrot.org
Status|NEW
https://bugzilla.mindrot.org/show_bug.cgi?id=3624
Damien Miller changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|---
https://bugzilla.mindrot.org/show_bug.cgi?id=3623
Damien Miller changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|---
https://bugzilla.mindrot.org/show_bug.cgi?id=3627
Bug ID: 3627
Summary: openssh 9.4p1 does not see RSA keys in know_hosts
file.
Product: Portable OpenSSH
Version: 9.4p1
Hardware: SPARC
OS: Solaris
https://bugzilla.mindrot.org/show_bug.cgi?id=3626
Bug ID: 3626
Summary: potentially uninitialized local pointer in
sshkey_ecdsa_key_to_nid() in sshkey.c
Product: Portable OpenSSH
Version: 9.5p1
Hardware: All
https://bugzilla.mindrot.org/show_bug.cgi?id=3625
Bug ID: 3625
Summary: potentially uninitialized local pointer in
send_handle() in sftp-server.c
Product: Portable OpenSSH
Version: 9.5p1
Hardware: All
OS: Al
https://bugzilla.mindrot.org/show_bug.cgi?id=3624
Bug ID: 3624
Summary: potentially uninitialized local pointers in
assemble_algorithms() in servconf.c
Product: Portable OpenSSH
Version: 9.5p1
Hardware: All
https://bugzilla.mindrot.org/show_bug.cgi?id=3623
Bug ID: 3623
Summary: potentially uninitialized local pointers in
fill_default_options() in readconf.c
Product: Portable OpenSSH
Version: 9.5p1
Hardware: All
https://bugzilla.mindrot.org/show_bug.cgi?id=3614
--- Comment #6 from Darren Tucker ---
(In reply to micet2004-github from comment #5)
> If you agree this feature
> request could be helpful for several users, than the socks way could
> be an easy start for this.
I neglected to mention it in my e
https://bugzilla.mindrot.org/show_bug.cgi?id=3614
--- Comment #5 from micet2004-git...@yahoo.de ---
(In reply to Damien Miller from comment #4)
> yeah, if you can use SOCKS then you should use SOCKS. Note however
> that ssh's SOCKS support doesn't cover *all* network traffic, just
> TCP.
If you h
https://bugzilla.mindrot.org/show_bug.cgi?id=3622
--- Comment #5 from Kemel Zaidan ---
Sorry @Damien. I'm still learning about fish. It's looks you are write
and that I missed this details of persistence between restarts.
I believe my first interaction was right and global scope would be
enough
https://bugzilla.mindrot.org/show_bug.cgi?id=3613
--- Comment #5 from aim@orbit.online ---
(In reply to Damien Miller from comment #4)
> IMO it would be better to get the existing regress/agent-pkcs11.sh
> test working for certs, we'll need to do this anyway
Oh yeah, I can see it already uses sof
https://bugzilla.mindrot.org/show_bug.cgi?id=3622
Dmitry Belyavskiy changed:
What|Removed |Added
CC||dbely...@redhat.com
--- Comment #4 fr
https://bugzilla.mindrot.org/show_bug.cgi?id=3622
--- Comment #3 from Damien Miller ---
AFAIK it's the reverse: tcsh is more popular than fish. Also there's
csh:
https://qa.debian.org/popcon.php?package=tcsh
which is another C-shell.
Re -U, the fish documentation says this:
> -U or --universa
https://bugzilla.mindrot.org/show_bug.cgi?id=3622
--- Comment #2 from Kemel Zaidan ---
just amending my report. You should use set -xU instead of -xg. -U
stands for universal, so every terminal has access to this variable.
So, I must understand that's an accepted feature request since there's
su
https://bugzilla.mindrot.org/show_bug.cgi?id=3614
--- Comment #4 from Damien Miller ---
yeah, if you can use SOCKS then you should use SOCKS. Note however that
ssh's SOCKS support doesn't cover *all* network traffic, just TCP.
--
You are receiving this mail because:
You are watching the assigne
https://bugzilla.mindrot.org/show_bug.cgi?id=3613
--- Comment #4 from Damien Miller ---
IMO it would be better to get the existing regress/agent-pkcs11.sh test
working for certs, we'll need to do this anyway
--
You are receiving this mail because:
You are watching the assignee of the bug.
You a
https://bugzilla.mindrot.org/show_bug.cgi?id=3610
Damien Miller changed:
What|Removed |Added
CC||dtuc...@dtucker.net
Assignee|un
https://bugzilla.mindrot.org/show_bug.cgi?id=3610
Damien Miller changed:
What|Removed |Added
CC||d...@mindrot.org
--- Comment #1 from Dami
https://bugzilla.mindrot.org/show_bug.cgi?id=3622
Damien Miller changed:
What|Removed |Added
CC||d...@mindrot.org
--- Comment #1 from Dami
https://bugzilla.mindrot.org/show_bug.cgi?id=3620
Damien Miller changed:
What|Removed |Added
CC||d...@mindrot.org
Status|NEW
https://bugzilla.mindrot.org/show_bug.cgi?id=3622
Bug ID: 3622
Summary: Please add an option to generate fish shell output
Product: Portable OpenSSH
Version: 9.5p1
Hardware: Other
OS: Linux
Status: NEW
Sev
https://bugzilla.mindrot.org/show_bug.cgi?id=3621
Bug ID: 3621
Summary: support port sequence/array (for port knocking)
Product: Portable OpenSSH
Version: -current
Hardware: All
OS: All
Status: NEW
Severit
https://bugzilla.mindrot.org/show_bug.cgi?id=3620
Darren Tucker changed:
What|Removed |Added
CC||dtuc...@dtucker.net
--- Comment #1 from D
https://bugzilla.mindrot.org/show_bug.cgi?id=3620
Bug ID: 3620
Summary: openssh on Windows server 2019
Product: Portable OpenSSH
Version: 7.7p1
Hardware: amd64
OS: Other
Status: NEW
Severity: normal
https://bugzilla.mindrot.org/show_bug.cgi?id=3619
Bug ID: 3619
Summary: GitHub has been compromised in regards to me
Product: Portable OpenSSH
Version: 9.4p1
Hardware: amd64
OS: Mac OS X
Status: NEW
Severi
https://bugzilla.mindrot.org/show_bug.cgi?id=3618
Bug ID: 3618
Summary: GitHub has been compromised in regards to me
Product: Portable OpenSSH
Version: 9.4p1
Hardware: amd64
OS: Mac OS X
Status: NEW
Severi
https://bugzilla.mindrot.org/show_bug.cgi?id=3617
Bug ID: 3617
Summary: GitHub has been compromised in regards to me
Product: Portable OpenSSH
Version: 9.4p1
Hardware: amd64
OS: Mac OS X
Status: NEW
Severi
https://bugzilla.mindrot.org/show_bug.cgi?id=3616
Darren Tucker changed:
What|Removed |Added
CC||dtuc...@dtucker.net
--- Comment #1 from D
https://bugzilla.mindrot.org/show_bug.cgi?id=3616
Bug ID: 3616
Summary: SSHD Server Not Working After 9.4p1 Upgrade
Product: Portable OpenSSH
Version: 9.4p1
Hardware: amd64
OS: Linux
Status: NEW
Severity:
https://bugzilla.mindrot.org/show_bug.cgi?id=3615
--- Comment #29 from Richard Kreutzer ---
I much appreciate your help. I was so used to transferring keys
verbatim from the .pub files to authorized keys, that I just missed the
requirement to have the host names at the front in the ssh_known_hos
https://bugzilla.mindrot.org/show_bug.cgi?id=3615
--- Comment #28 from Darren Tucker ---
(In reply to Richard Kreutzer from comment #25)
[...]
> I will now have to add the fqdn to the beginning of each key in the
> .pub files after pasting then in them in the ssh_known_hosts file
> for each serve
https://bugzilla.mindrot.org/show_bug.cgi?id=3615
--- Comment #27 from Richard Kreutzer ---
Yes, it looks like it is, and it works. That will make it much easier!
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bu
https://bugzilla.mindrot.org/show_bug.cgi?id=3615
--- Comment #26 from Richard Kreutzer ---
P.S. What about ssh-keyscan? Is that what it is for?
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
__
https://bugzilla.mindrot.org/show_bug.cgi?id=3615
--- Comment #25 from Richard Kreutzer ---
So you are saying the fqdn should be in the ssh_known_host file on the
server, but *not* in the /etc/ssh/ssh_host_ed25519_key.pub file on the
client.
OMG, it worked! It also works with just "ssh gemini",
https://bugzilla.mindrot.org/show_bug.cgi?id=3615
--- Comment #24 from Darren Tucker ---
(In reply to Richard Kreutzer from comment #23)
> 1. No, the fqdn are still in the .pub files
The fqdn should not be in the .pub files. the line should start with
ssh-rsa, ssh-ed25519 or similar. That woul
https://bugzilla.mindrot.org/show_bug.cgi?id=3615
--- Comment #23 from Richard Kreutzer ---
1. No, the fqdn are still in the .pub files
2. Yes the .pub files are world readable
On the client (basement-gentoo):
rwk@basement-gentoo /etc/ssh $ ls -l *.pub
-rw-r--r-- 1 root root 212 Sep 21 18:42 ss
https://bugzilla.mindrot.org/show_bug.cgi?id=3615
--- Comment #22 from Darren Tucker ---
(In reply to Richard Kreutzer from comment #16)
[...]
> debug1: HostbasedAuthentication enabled but no local public host
> keys could be loaded.
This means the client could not load any of the public key fil
https://bugzilla.mindrot.org/show_bug.cgi?id=3615
--- Comment #21 from Richard Kreutzer ---
rwk@basement-gentoo /etc/ssh $ grep EnableSSHKeysign ssh_config
EnableSSHKeysign yes
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC l
https://bugzilla.mindrot.org/show_bug.cgi?id=3615
--- Comment #20 from Darren Tucker ---
(In reply to Darren Tucker from comment #19)
> I'll take a look at the logs, but one question: do you have
> "EnableSSHKeysign yes" in /etc/ssh/ssh_config? It needs to be in
> the global section
... on the
https://bugzilla.mindrot.org/show_bug.cgi?id=3615
--- Comment #19 from Darren Tucker ---
I'll take a look at the logs, but one question: do you have
"EnableSSHKeysign yes" in /etc/ssh/ssh_config? It needs to be in the
global section:
```
EnableSSHKeysign
Setting this option to yes in th
https://bugzilla.mindrot.org/show_bug.cgi?id=3615
--- Comment #18 from Richard Kreutzer ---
Created attachment 3735
--> https://bugzilla.mindrot.org/attachment.cgi?id=3735&action=edit
ssh degug logs
Use this.
--
You are receiving this mail because:
You are watching someone on the CC list of
https://bugzilla.mindrot.org/show_bug.cgi?id=3615
--- Comment #17 from Richard Kreutzer ---
Not sure why but my cut/paste logs are not getting to you correctly. I
am reposting as an attachment. Please wait for the attachment.
--
You are receiving this mail because:
You are watching the assign
https://bugzilla.mindrot.org/show_bug.cgi?id=3615
--- Comment #16 from Richard Kreutzer ---
rwk@basement-gentoo /etc/ssh $ ssh -vvv -p 1023 -o
PreferredAuthentications=hostbased gemini.krautclan.com pwd
OpenSSH_9.4p1, OpenSSL 3.1.2 1 Aug 2023
debug1: Reading configuration data /etc/ssh/ssh_confi
https://bugzilla.mindrot.org/show_bug.cgi?id=3615
--- Comment #15 from Richard Kreutzer ---
Ok, here are the logs for both sides. And here is the suggested
ssh_known_hosts:
basement-gentoo.krautclan.com ssh-ed25519
C3NzaC1lZDI1NTE5IL7ScLQVn+2HvNUpLTdmfpKiduxvZS8s1HoHQV8OeOAH
root@baseme
https://bugzilla.mindrot.org/show_bug.cgi?id=3615
--- Comment #14 from Darren Tucker ---
(In reply to Richard Kreutzer from comment #12)
> OK, for the sake of simplicity, I have tested with rsa only...
>
> Here is basement-gentoo:/etc/ssh/ssh_host_rsa_key.pub
> basement-gentoo.krautclan.com ssh-
https://bugzilla.mindrot.org/show_bug.cgi?id=3615
--- Comment #13 from Richard Kreutzer ---
P.S. I am still using:
HostbasedUsesNameFromPacketOnly yes
I thought I read somewhere that this can cause a problem if DNS and
rDNS are working properly and UseDNS is yes. Should I remove it?
--
You
https://bugzilla.mindrot.org/show_bug.cgi?id=3615
--- Comment #12 from Richard Kreutzer ---
OK, for the sake of simplicity, I have tested with rsa only...
Here is basement-gentoo:/etc/ssh/ssh_host_rsa_key.pub
basement-gentoo.krautclan.com ssh-rsa
B3NzaC1yc2EDAQABAAABgQDOCSF+Ne8C8xgar9DT
https://bugzilla.mindrot.org/show_bug.cgi?id=3615
--- Comment #11 from Richard Kreutzer ---
Well, the keys were all generated by: "ssh-keygen -A". I just re-ran
it and it did not put host names at the start of the keys. I will add
fully qualified domain names to the .pub files manually and retr
https://bugzilla.mindrot.org/show_bug.cgi?id=3613
aim@orbit.online changed:
What|Removed |Added
CC||aim@orbit.online
--
You are receiving
https://bugzilla.mindrot.org/show_bug.cgi?id=3613
--- Comment #3 from aim@orbit.online ---
Created attachment 3734
--> https://bugzilla.mindrot.org/attachment.cgi?id=3734&action=edit
Self-contained testscript for cert signing via HSM
First of all thank you for the quick response and a potential
https://bugzilla.mindrot.org/show_bug.cgi?id=3615
--- Comment #10 from Darren Tucker ---
(In reply to Richard Kreutzer from comment #8)
> What do these debug lines mean:
> debug3: mm_answer_keyallowed: hostbased authentication test: ED25519
> key is not allowed
It means the key offered by the cl
https://bugzilla.mindrot.org/show_bug.cgi?id=3615
--- Comment #9 from Darren Tucker ---
(In reply to Richard Kreutzer from comment #6)
> As you can see from the attachment, the system wide server
> "ssh_known_hosts" file "/etc/ssh/ssh_known_hosts" contains:
[...]
> I.e., with "r...@basement-gento
https://bugzilla.mindrot.org/show_bug.cgi?id=3615
--- Comment #8 from Richard Kreutzer ---
What do these debug lines mean:
debug3: mm_answer_keyallowed: hostbased authentication test: ED25519
key is not allowed
debug3: mm_answer_keyallowed: hostbased authentication test: ECDSA key
is not allowed
https://bugzilla.mindrot.org/show_bug.cgi?id=3615
--- Comment #7 from Richard Kreutzer ---
Created attachment 3733
--> https://bugzilla.mindrot.org/attachment.cgi?id=3733&action=edit
Second sshd debug output
Second server side debug output from: /usr/sbin/sshd -dddep 1023
--
You are receivin
https://bugzilla.mindrot.org/show_bug.cgi?id=3615
--- Comment #6 from Richard Kreutzer ---
As you can see from the attachment, the system wide server
"ssh_known_hosts" file "/etc/ssh/ssh_known_hosts" contains:
ecdsa-sha2-nistp256
E2VjZHNhLXNoYTItbmlzdHAy..XS3md3R0NHMLQWw31fNw4w+yrp9QnZ9Q
https://bugzilla.mindrot.org/show_bug.cgi?id=3615
--- Comment #5 from Darren Tucker ---
Comment on attachment 3731
--> https://bugzilla.mindrot.org/attachment.cgi?id=3731
Requested debug/config information
[...]
>debug1: check_key_in_hostfiles: key for host basement-gentoo.krautclan.com not
>
https://bugzilla.mindrot.org/show_bug.cgi?id=3615
--- Comment #4 from Richard Kreutzer ---
Created attachment 3732
--> https://bugzilla.mindrot.org/attachment.cgi?id=3732&action=edit
Resend...
Use this one...
--
You are receiving this mail because:
You are watching someone on the CC list of
https://bugzilla.mindrot.org/show_bug.cgi?id=3615
--- Comment #3 from Richard Kreutzer ---
Thank you so much for your help. Let me know if there is anything else
you need.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list
https://bugzilla.mindrot.org/show_bug.cgi?id=3615
--- Comment #2 from Richard Kreutzer ---
Created attachment 3731
--> https://bugzilla.mindrot.org/attachment.cgi?id=3731&action=edit
Requested debug/config information
--
You are receiving this mail because:
You are watching the assignee of th
https://bugzilla.mindrot.org/show_bug.cgi?id=3615
Darren Tucker changed:
What|Removed |Added
CC||dtuc...@dtucker.net
--- Comment #1 from D
https://bugzilla.mindrot.org/show_bug.cgi?id=3615
Bug ID: 3615
Summary: Host Based Authentication is failing
Product: Portable OpenSSH
Version: 9.4p1
Hardware: Other
OS: Linux
Status: NEW
Severity: critica
801 - 900 of 10431 matches
Mail list logo