[Bug 3161] ssh -J doesn't work as expected

https://bugzilla.mindrot.org/show_bug.cgi?id=3161 Damien Miller changed: What|Removed |Added Resolution|--- |WORKSFORME Status|NEW

[Bug 3139] Tunneling does not work on recent versions of macOS

https://bugzilla.mindrot.org/show_bug.cgi?id=3139 Damien Miller changed: What|Removed |Added CC||d...@mindrot.org --- Comment #1 from Dami

[Bug 3131] [PATCH] Adding a chroot-directory option per key in authorized_keys file

https://bugzilla.mindrot.org/show_bug.cgi?id=3131 Damien Miller changed: What|Removed |Added Status|NEW |RESOLVED Resolution|---

[Bug 3128] Add option to show version of the executable (ssh-keygen)

https://bugzilla.mindrot.org/show_bug.cgi?id=3128 Damien Miller changed: What|Removed |Added CC||d...@mindrot.org Status|NEW

[Bug 3125] ssh-add -D and -d break pkcs11-backed identities

https://bugzilla.mindrot.org/show_bug.cgi?id=3125 Damien Miller changed: What|Removed |Added Resolution|--- |FIXED Status|NEW

[Bug 3123] PermitOpen does not allow wildcards for hosts despite what docs say

https://bugzilla.mindrot.org/show_bug.cgi?id=3123 Damien Miller changed: What|Removed |Added CC||d...@mindrot.org --- Comment #2 from Dami

[Bug 3118] ProxyCommand and ProxyJump not works with openssh-server-8.1p1-1.el7.x86_64

https://bugzilla.mindrot.org/show_bug.cgi?id=3118 Damien Miller changed: What|Removed |Added CC||d...@mindrot.org --- Comment #4 from Dami

[Bug 3114] Remote command execution although -N specified with ControlMaster=yes, ControlPersist=yes and non-existent ControlPath

https://bugzilla.mindrot.org/show_bug.cgi?id=3114 Damien Miller changed: What|Removed |Added CC||d...@mindrot.org --- Comment #2 from Dami

[Bug 3112] ssh -o ControlPath=... -N immediately exits with server authorized_keys command, fine w/o ControlPath

https://bugzilla.mindrot.org/show_bug.cgi?id=3112 Damien Miller changed: What|Removed |Added Status|NEW |RESOLVED Resolution|---

[Bug 3094] Signature verification fails on windows

https://bugzilla.mindrot.org/show_bug.cgi?id=3094 Damien Miller changed: What|Removed |Added Status|NEW |RESOLVED Resolution|---

[Bug 3087] Ed448 support

https://bugzilla.mindrot.org/show_bug.cgi?id=3087 --- Comment #7 from Damien Miller --- We'll be happy to reconsider this if/when there are published cryptanalytic results against ed25519. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone

[Bug 3087] Ed448 support

https://bugzilla.mindrot.org/show_bug.cgi?id=3087 Damien Miller changed: What|Removed |Added Status|REOPENED|RESOLVED Resolution|---

[Bug 3080] Document IdentityFile=none and clarify interaction of defaults with IdentitiesOnly

https://bugzilla.mindrot.org/show_bug.cgi?id=3080 Damien Miller changed: What|Removed |Added Resolution|--- |FIXED Status|REOPENED

[Bug 3076] Better error messages when destination directory not exist.

https://bugzilla.mindrot.org/show_bug.cgi?id=3076 Damien Miller changed: What|Removed |Added Status|NEW |RESOLVED Resolution|---

[Bug 3075] Causes terminal corruption by disabling XON/XOFF unconditionally

https://bugzilla.mindrot.org/show_bug.cgi?id=3075 Damien Miller changed: What|Removed |Added Resolution|--- |WORKSFORME Status|NEW

[Bug 3270] Tracking bug for 8.6 release

https://bugzilla.mindrot.org/show_bug.cgi?id=3270 Bug 3270 depends on bug 3069, which changed state. Bug 3069 Summary: sftp issues with [ or ] in path name https://bugzilla.mindrot.org/show_bug.cgi?id=3069 What|Removed |Added

[Bug 3549] Tracking bug for OpenSSH 9.4

https://bugzilla.mindrot.org/show_bug.cgi?id=3549 Bug 3549 depends on bug 3069, which changed state. Bug 3069 Summary: sftp issues with [ or ] in path name https://bugzilla.mindrot.org/show_bug.cgi?id=3069 What|Removed |Added

[Bug 3069] sftp issues with [ or ] in path name

https://bugzilla.mindrot.org/show_bug.cgi?id=3069 Damien Miller changed: What|Removed |Added Resolution|--- |FIXED Status|NEW

[Bug 3067] Fails to unlink ControlMaster socket early enough, confuses other clients

https://bugzilla.mindrot.org/show_bug.cgi?id=3067 Damien Miller changed: What|Removed |Added Resolution|--- |WORKSFORME Status|NEW

[Bug 3048] ssh reads from the wrong directory in user namespace

https://bugzilla.mindrot.org/show_bug.cgi?id=3048 Damien Miller changed: What|Removed |Added CC||d...@mindrot.org --- Comment #4 from Dami

[Bug 3047] while do the sftp from openssh 6.6.1 to openssh 7.4 "Received message too long " error appear

https://bugzilla.mindrot.org/show_bug.cgi?id=3047 Damien Miller changed: What|Removed |Added Status|NEW |RESOLVED Resolution|---

[Bug 3034] provide options to map additional FDs

https://bugzilla.mindrot.org/show_bug.cgi?id=3034 Damien Miller changed: What|Removed |Added CC||d...@mindrot.org --- Comment #1 from Dami

[Bug 3021] Openssh/sftp question related to timezone difference with "ls -l"

https://bugzilla.mindrot.org/show_bug.cgi?id=3021 Damien Miller changed: What|Removed |Added Status|NEW |RESOLVED Resolution|---

[Bug 3017] ExitOnForwardFailure=yes doesn't work for local forwards (-L)

https://bugzilla.mindrot.org/show_bug.cgi?id=3017 Damien Miller changed: What|Removed |Added Resolution|--- |WORKSFORME Status|NEW

[Bug 2989] Revoking certificates when TrustedUserCAKeys-file contains multiple keys does not work

https://bugzilla.mindrot.org/show_bug.cgi?id=2989 Damien Miller changed: What|Removed |Added Resolution|--- |WORKSFORME Status|NEW

[Bug 2976] Avoid automatically adding RemoteCommand option

https://bugzilla.mindrot.org/show_bug.cgi?id=2976 Damien Miller changed: What|Removed |Added Status|NEW |RESOLVED Resolution|---

[Bug 2966] scp client-side filename matching problems

https://bugzilla.mindrot.org/show_bug.cgi?id=2966 Damien Miller changed: What|Removed |Added Resolution|--- |FIXED Status|NEW

[Bug 2957] servconf.c: parse_multistate: does not allow override?

https://bugzilla.mindrot.org/show_bug.cgi?id=2957 Damien Miller changed: What|Removed |Added Status|NEW |RESOLVED Resolution|---

[Bug 2917] keepalive packets are sent twice each interval if connection is interrupted

https://bugzilla.mindrot.org/show_bug.cgi?id=2917 Damien Miller changed: What|Removed |Added Resolution|--- |FIXED Status|NEW

[Bug 2899] scp remote-to-remote does not work with IPv6 addresses anymore

https://bugzilla.mindrot.org/show_bug.cgi?id=2899 Damien Miller changed: What|Removed |Added CC||d...@mindrot.org Status|NEW

[Bug 2861] LDAP user with public key authentication showing AUTHSTATE=compat

https://bugzilla.mindrot.org/show_bug.cgi?id=2861 Damien Miller changed: What|Removed |Added Resolution|--- |WORKSFORME Status|NEW

[Bug 2856] key-options.sh fails when pty /dev/ttyp1 is not owned by testing user

https://bugzilla.mindrot.org/show_bug.cgi?id=2856 --- Comment #5 from Damien Miller --- Is this still broken? AFAIK we regularly run integration tests on NetBSD and it they are working okay. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watc

[Bug 2833] The code in opennsd-compat/port-solaris.c should not change PRIV_LIMIT when PRIV_XPOLICY is set.

https://bugzilla.mindrot.org/show_bug.cgi?id=2833 Damien Miller changed: What|Removed |Added CC||dtuc...@dtucker.net Attachment #3740|

[Bug 2830] Add option to set TCP_USER_TIMEOUT on linux

https://bugzilla.mindrot.org/show_bug.cgi?id=2830 Damien Miller changed: What|Removed |Added CC||d...@mindrot.org --- Comment #3 from Dami

[Bug 3613] Unable to sign using certificates and PKCS#11

https://bugzilla.mindrot.org/show_bug.cgi?id=3613 --- Comment #6 from Damien Miller --- (In reply to aim from comment #5) > Oh yeah, I can see it already uses softhsm. Should be easy enough to > port. I can try giving it a go if you like? Have you made any > progress on the patch, is there anyth

[Bug 3627] openssh 9.4p1 does not see RSA keys in know_hosts file.

https://bugzilla.mindrot.org/show_bug.cgi?id=3627 Darren Tucker changed: What|Removed |Added CC||dtuc...@dtucker.net --- Comment #2 from D

[Bug 3627] openssh 9.4p1 does not see RSA keys in know_hosts file.

https://bugzilla.mindrot.org/show_bug.cgi?id=3627 Damien Miller changed: What|Removed |Added CC||d...@mindrot.org --- Comment #1 from Dami

[Bug 3626] potentially uninitialized local pointer in sshkey_ecdsa_key_to_nid() in sshkey.c

https://bugzilla.mindrot.org/show_bug.cgi?id=3626 Damien Miller changed: What|Removed |Added Resolution|--- |INVALID Status|NEW

[Bug 3625] potentially uninitialized local pointer in send_handle() in sftp-server.c

https://bugzilla.mindrot.org/show_bug.cgi?id=3625 Damien Miller changed: What|Removed |Added CC||d...@mindrot.org Status|NEW

[Bug 3624] potentially uninitialized local pointers in assemble_algorithms() in servconf.c

https://bugzilla.mindrot.org/show_bug.cgi?id=3624 Damien Miller changed: What|Removed |Added Status|NEW |RESOLVED Resolution|---

[Bug 3623] potentially uninitialized local pointers in fill_default_options() in readconf.c

https://bugzilla.mindrot.org/show_bug.cgi?id=3623 Damien Miller changed: What|Removed |Added Status|NEW |RESOLVED Resolution|---

[Bug 3627] New: openssh 9.4p1 does not see RSA keys in know_hosts file.

https://bugzilla.mindrot.org/show_bug.cgi?id=3627 Bug ID: 3627 Summary: openssh 9.4p1 does not see RSA keys in know_hosts file. Product: Portable OpenSSH Version: 9.4p1 Hardware: SPARC OS: Solaris

[Bug 3626] New: potentially uninitialized local pointer in sshkey_ecdsa_key_to_nid() in sshkey.c

https://bugzilla.mindrot.org/show_bug.cgi?id=3626 Bug ID: 3626 Summary: potentially uninitialized local pointer in sshkey_ecdsa_key_to_nid() in sshkey.c Product: Portable OpenSSH Version: 9.5p1 Hardware: All

[Bug 3625] New: potentially uninitialized local pointer in send_handle() in sftp-server.c

https://bugzilla.mindrot.org/show_bug.cgi?id=3625 Bug ID: 3625 Summary: potentially uninitialized local pointer in send_handle() in sftp-server.c Product: Portable OpenSSH Version: 9.5p1 Hardware: All OS: Al

[Bug 3624] New: potentially uninitialized local pointers in assemble_algorithms() in servconf.c

https://bugzilla.mindrot.org/show_bug.cgi?id=3624 Bug ID: 3624 Summary: potentially uninitialized local pointers in assemble_algorithms() in servconf.c Product: Portable OpenSSH Version: 9.5p1 Hardware: All

[Bug 3623] New: potentially uninitialized local pointers in fill_default_options() in readconf.c

https://bugzilla.mindrot.org/show_bug.cgi?id=3623 Bug ID: 3623 Summary: potentially uninitialized local pointers in fill_default_options() in readconf.c Product: Portable OpenSSH Version: 9.5p1 Hardware: All

[Bug 3614] add setting to redirect all Network access over client

https://bugzilla.mindrot.org/show_bug.cgi?id=3614 --- Comment #6 from Darren Tucker --- (In reply to micet2004-github from comment #5) > If you agree this feature > request could be helpful for several users, than the socks way could > be an easy start for this. I neglected to mention it in my e

[Bug 3614] add setting to redirect all Network access over client

https://bugzilla.mindrot.org/show_bug.cgi?id=3614 --- Comment #5 from micet2004-git...@yahoo.de --- (In reply to Damien Miller from comment #4) > yeah, if you can use SOCKS then you should use SOCKS. Note however > that ssh's SOCKS support doesn't cover *all* network traffic, just > TCP. If you h

[Bug 3622] Please add an option to generate fish shell output

https://bugzilla.mindrot.org/show_bug.cgi?id=3622 --- Comment #5 from Kemel Zaidan --- Sorry @Damien. I'm still learning about fish. It's looks you are write and that I missed this details of persistence between restarts. I believe my first interaction was right and global scope would be enough

[Bug 3613] Unable to sign using certificates and PKCS#11

https://bugzilla.mindrot.org/show_bug.cgi?id=3613 --- Comment #5 from aim@orbit.online --- (In reply to Damien Miller from comment #4) > IMO it would be better to get the existing regress/agent-pkcs11.sh > test working for certs, we'll need to do this anyway Oh yeah, I can see it already uses sof

[Bug 3622] Please add an option to generate fish shell output

https://bugzilla.mindrot.org/show_bug.cgi?id=3622 Dmitry Belyavskiy changed: What|Removed |Added CC||dbely...@redhat.com --- Comment #4 fr

[Bug 3622] Please add an option to generate fish shell output

https://bugzilla.mindrot.org/show_bug.cgi?id=3622 --- Comment #3 from Damien Miller --- AFAIK it's the reverse: tcsh is more popular than fish. Also there's csh: https://qa.debian.org/popcon.php?package=tcsh which is another C-shell. Re -U, the fish documentation says this: > -U or --universa

[Bug 3622] Please add an option to generate fish shell output

https://bugzilla.mindrot.org/show_bug.cgi?id=3622 --- Comment #2 from Kemel Zaidan --- just amending my report. You should use set -xU instead of -xg. -U stands for universal, so every terminal has access to this variable. So, I must understand that's an accepted feature request since there's su

[Bug 3614] add setting to redirect all Network access over client

https://bugzilla.mindrot.org/show_bug.cgi?id=3614 --- Comment #4 from Damien Miller --- yeah, if you can use SOCKS then you should use SOCKS. Note however that ssh's SOCKS support doesn't cover *all* network traffic, just TCP. -- You are receiving this mail because: You are watching the assigne

[Bug 3613] Unable to sign using certificates and PKCS#11

https://bugzilla.mindrot.org/show_bug.cgi?id=3613 --- Comment #4 from Damien Miller --- IMO it would be better to get the existing regress/agent-pkcs11.sh test working for certs, we'll need to do this anyway -- You are receiving this mail because: You are watching the assignee of the bug. You a

[Bug 3610] Using ControlPath and the -J option

https://bugzilla.mindrot.org/show_bug.cgi?id=3610 Damien Miller changed: What|Removed |Added CC||dtuc...@dtucker.net Assignee|un

[Bug 3610] Using ControlPath and the -J option

https://bugzilla.mindrot.org/show_bug.cgi?id=3610 Damien Miller changed: What|Removed |Added CC||d...@mindrot.org --- Comment #1 from Dami

[Bug 3622] Please add an option to generate fish shell output

https://bugzilla.mindrot.org/show_bug.cgi?id=3622 Damien Miller changed: What|Removed |Added CC||d...@mindrot.org --- Comment #1 from Dami

[Bug 3620] openssh on Windows server 2019

https://bugzilla.mindrot.org/show_bug.cgi?id=3620 Damien Miller changed: What|Removed |Added CC||d...@mindrot.org Status|NEW

[Bug 3622] New: Please add an option to generate fish shell output

https://bugzilla.mindrot.org/show_bug.cgi?id=3622 Bug ID: 3622 Summary: Please add an option to generate fish shell output Product: Portable OpenSSH Version: 9.5p1 Hardware: Other OS: Linux Status: NEW Sev

[Bug 3621] New: support port sequence/array (for port knocking)

https://bugzilla.mindrot.org/show_bug.cgi?id=3621 Bug ID: 3621 Summary: support port sequence/array (for port knocking) Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severit

[Bug 3620] openssh on Windows server 2019

https://bugzilla.mindrot.org/show_bug.cgi?id=3620 Darren Tucker changed: What|Removed |Added CC||dtuc...@dtucker.net --- Comment #1 from D

[Bug 3620] New: openssh on Windows server 2019

https://bugzilla.mindrot.org/show_bug.cgi?id=3620 Bug ID: 3620 Summary: openssh on Windows server 2019 Product: Portable OpenSSH Version: 7.7p1 Hardware: amd64 OS: Other Status: NEW Severity: normal

[Bug 3619] New: GitHub has been compromised in regards to me

https://bugzilla.mindrot.org/show_bug.cgi?id=3619 Bug ID: 3619 Summary: GitHub has been compromised in regards to me Product: Portable OpenSSH Version: 9.4p1 Hardware: amd64 OS: Mac OS X Status: NEW Severi

[Bug 3618] New: GitHub has been compromised in regards to me

https://bugzilla.mindrot.org/show_bug.cgi?id=3618 Bug ID: 3618 Summary: GitHub has been compromised in regards to me Product: Portable OpenSSH Version: 9.4p1 Hardware: amd64 OS: Mac OS X Status: NEW Severi

[Bug 3617] New: GitHub has been compromised in regards to me

https://bugzilla.mindrot.org/show_bug.cgi?id=3617 Bug ID: 3617 Summary: GitHub has been compromised in regards to me Product: Portable OpenSSH Version: 9.4p1 Hardware: amd64 OS: Mac OS X Status: NEW Severi

[Bug 3616] SSHD Server Not Working After 9.4p1 Upgrade

https://bugzilla.mindrot.org/show_bug.cgi?id=3616 Darren Tucker changed: What|Removed |Added CC||dtuc...@dtucker.net --- Comment #1 from D

[Bug 3616] New: SSHD Server Not Working After 9.4p1 Upgrade

https://bugzilla.mindrot.org/show_bug.cgi?id=3616 Bug ID: 3616 Summary: SSHD Server Not Working After 9.4p1 Upgrade Product: Portable OpenSSH Version: 9.4p1 Hardware: amd64 OS: Linux Status: NEW Severity:

[Bug 3615] Host Based Authentication is failing

https://bugzilla.mindrot.org/show_bug.cgi?id=3615 --- Comment #29 from Richard Kreutzer --- I much appreciate your help. I was so used to transferring keys verbatim from the .pub files to authorized keys, that I just missed the requirement to have the host names at the front in the ssh_known_hos

[Bug 3615] Host Based Authentication is failing

https://bugzilla.mindrot.org/show_bug.cgi?id=3615 --- Comment #28 from Darren Tucker --- (In reply to Richard Kreutzer from comment #25) [...] > I will now have to add the fqdn to the beginning of each key in the > .pub files after pasting then in them in the ssh_known_hosts file > for each serve

[Bug 3615] Host Based Authentication is failing

https://bugzilla.mindrot.org/show_bug.cgi?id=3615 --- Comment #27 from Richard Kreutzer --- Yes, it looks like it is, and it works. That will make it much easier! -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bu

[Bug 3615] Host Based Authentication is failing

https://bugzilla.mindrot.org/show_bug.cgi?id=3615 --- Comment #26 from Richard Kreutzer --- P.S. What about ssh-keyscan? Is that what it is for? -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. __

[Bug 3615] Host Based Authentication is failing

https://bugzilla.mindrot.org/show_bug.cgi?id=3615 --- Comment #25 from Richard Kreutzer --- So you are saying the fqdn should be in the ssh_known_host file on the server, but *not* in the /etc/ssh/ssh_host_ed25519_key.pub file on the client. OMG, it worked! It also works with just "ssh gemini",

[Bug 3615] Host Based Authentication is failing

https://bugzilla.mindrot.org/show_bug.cgi?id=3615 --- Comment #24 from Darren Tucker --- (In reply to Richard Kreutzer from comment #23) > 1. No, the fqdn are still in the .pub files The fqdn should not be in the .pub files. the line should start with ssh-rsa, ssh-ed25519 or similar. That woul

[Bug 3615] Host Based Authentication is failing

https://bugzilla.mindrot.org/show_bug.cgi?id=3615 --- Comment #23 from Richard Kreutzer --- 1. No, the fqdn are still in the .pub files 2. Yes the .pub files are world readable On the client (basement-gentoo): rwk@basement-gentoo /etc/ssh $ ls -l *.pub -rw-r--r-- 1 root root 212 Sep 21 18:42 ss

[Bug 3615] Host Based Authentication is failing

https://bugzilla.mindrot.org/show_bug.cgi?id=3615 --- Comment #22 from Darren Tucker --- (In reply to Richard Kreutzer from comment #16) [...] > debug1: HostbasedAuthentication enabled but no local public host > keys could be loaded. This means the client could not load any of the public key fil

[Bug 3615] Host Based Authentication is failing

https://bugzilla.mindrot.org/show_bug.cgi?id=3615 --- Comment #21 from Richard Kreutzer --- rwk@basement-gentoo /etc/ssh $ grep EnableSSHKeysign ssh_config EnableSSHKeysign yes -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC l

[Bug 3615] Host Based Authentication is failing

https://bugzilla.mindrot.org/show_bug.cgi?id=3615 --- Comment #20 from Darren Tucker --- (In reply to Darren Tucker from comment #19) > I'll take a look at the logs, but one question: do you have > "EnableSSHKeysign yes" in /etc/ssh/ssh_config? It needs to be in > the global section ... on the

[Bug 3615] Host Based Authentication is failing

https://bugzilla.mindrot.org/show_bug.cgi?id=3615 --- Comment #19 from Darren Tucker --- I'll take a look at the logs, but one question: do you have "EnableSSHKeysign yes" in /etc/ssh/ssh_config? It needs to be in the global section: ``` EnableSSHKeysign Setting this option to yes in th

[Bug 3615] Host Based Authentication is failing

https://bugzilla.mindrot.org/show_bug.cgi?id=3615 --- Comment #18 from Richard Kreutzer --- Created attachment 3735 --> https://bugzilla.mindrot.org/attachment.cgi?id=3735&action=edit ssh degug logs Use this. -- You are receiving this mail because: You are watching someone on the CC list of

[Bug 3615] Host Based Authentication is failing

https://bugzilla.mindrot.org/show_bug.cgi?id=3615 --- Comment #17 from Richard Kreutzer --- Not sure why but my cut/paste logs are not getting to you correctly. I am reposting as an attachment. Please wait for the attachment. -- You are receiving this mail because: You are watching the assign

[Bug 3615] Host Based Authentication is failing

https://bugzilla.mindrot.org/show_bug.cgi?id=3615 --- Comment #16 from Richard Kreutzer --- rwk@basement-gentoo /etc/ssh $ ssh -vvv -p 1023 -o PreferredAuthentications=hostbased gemini.krautclan.com pwd OpenSSH_9.4p1, OpenSSL 3.1.2 1 Aug 2023 debug1: Reading configuration data /etc/ssh/ssh_confi

[Bug 3615] Host Based Authentication is failing

https://bugzilla.mindrot.org/show_bug.cgi?id=3615 --- Comment #15 from Richard Kreutzer --- Ok, here are the logs for both sides. And here is the suggested ssh_known_hosts: basement-gentoo.krautclan.com ssh-ed25519 C3NzaC1lZDI1NTE5IL7ScLQVn+2HvNUpLTdmfpKiduxvZS8s1HoHQV8OeOAH root@baseme

[Bug 3615] Host Based Authentication is failing

https://bugzilla.mindrot.org/show_bug.cgi?id=3615 --- Comment #14 from Darren Tucker --- (In reply to Richard Kreutzer from comment #12) > OK, for the sake of simplicity, I have tested with rsa only... > > Here is basement-gentoo:/etc/ssh/ssh_host_rsa_key.pub > basement-gentoo.krautclan.com ssh-

[Bug 3615] Host Based Authentication is failing

https://bugzilla.mindrot.org/show_bug.cgi?id=3615 --- Comment #13 from Richard Kreutzer --- P.S. I am still using: HostbasedUsesNameFromPacketOnly yes I thought I read somewhere that this can cause a problem if DNS and rDNS are working properly and UseDNS is yes. Should I remove it? -- You

[Bug 3615] Host Based Authentication is failing

https://bugzilla.mindrot.org/show_bug.cgi?id=3615 --- Comment #12 from Richard Kreutzer --- OK, for the sake of simplicity, I have tested with rsa only... Here is basement-gentoo:/etc/ssh/ssh_host_rsa_key.pub basement-gentoo.krautclan.com ssh-rsa B3NzaC1yc2EDAQABAAABgQDOCSF+Ne8C8xgar9DT

[Bug 3615] Host Based Authentication is failing

https://bugzilla.mindrot.org/show_bug.cgi?id=3615 --- Comment #11 from Richard Kreutzer --- Well, the keys were all generated by: "ssh-keygen -A". I just re-ran it and it did not put host names at the start of the keys. I will add fully qualified domain names to the .pub files manually and retr

[Bug 3613] Unable to sign using certificates and PKCS#11

https://bugzilla.mindrot.org/show_bug.cgi?id=3613 aim@orbit.online changed: What|Removed |Added CC||aim@orbit.online -- You are receiving

[Bug 3613] Unable to sign using certificates and PKCS#11

https://bugzilla.mindrot.org/show_bug.cgi?id=3613 --- Comment #3 from aim@orbit.online --- Created attachment 3734 --> https://bugzilla.mindrot.org/attachment.cgi?id=3734&action=edit Self-contained testscript for cert signing via HSM First of all thank you for the quick response and a potential

[Bug 3615] Host Based Authentication is failing

https://bugzilla.mindrot.org/show_bug.cgi?id=3615 --- Comment #10 from Darren Tucker --- (In reply to Richard Kreutzer from comment #8) > What do these debug lines mean: > debug3: mm_answer_keyallowed: hostbased authentication test: ED25519 > key is not allowed It means the key offered by the cl

[Bug 3615] Host Based Authentication is failing

https://bugzilla.mindrot.org/show_bug.cgi?id=3615 --- Comment #9 from Darren Tucker --- (In reply to Richard Kreutzer from comment #6) > As you can see from the attachment, the system wide server > "ssh_known_hosts" file "/etc/ssh/ssh_known_hosts" contains: [...] > I.e., with "r...@basement-gento

[Bug 3615] Host Based Authentication is failing

https://bugzilla.mindrot.org/show_bug.cgi?id=3615 --- Comment #8 from Richard Kreutzer --- What do these debug lines mean: debug3: mm_answer_keyallowed: hostbased authentication test: ED25519 key is not allowed debug3: mm_answer_keyallowed: hostbased authentication test: ECDSA key is not allowed

[Bug 3615] Host Based Authentication is failing

https://bugzilla.mindrot.org/show_bug.cgi?id=3615 --- Comment #7 from Richard Kreutzer --- Created attachment 3733 --> https://bugzilla.mindrot.org/attachment.cgi?id=3733&action=edit Second sshd debug output Second server side debug output from: /usr/sbin/sshd -dddep 1023 -- You are receivin

[Bug 3615] Host Based Authentication is failing

https://bugzilla.mindrot.org/show_bug.cgi?id=3615 --- Comment #6 from Richard Kreutzer --- As you can see from the attachment, the system wide server "ssh_known_hosts" file "/etc/ssh/ssh_known_hosts" contains: ecdsa-sha2-nistp256 E2VjZHNhLXNoYTItbmlzdHAy..XS3md3R0NHMLQWw31fNw4w+yrp9QnZ9Q

[Bug 3615] Host Based Authentication is failing

https://bugzilla.mindrot.org/show_bug.cgi?id=3615 --- Comment #5 from Darren Tucker --- Comment on attachment 3731 --> https://bugzilla.mindrot.org/attachment.cgi?id=3731 Requested debug/config information [...] >debug1: check_key_in_hostfiles: key for host basement-gentoo.krautclan.com not >

[Bug 3615] Host Based Authentication is failing

https://bugzilla.mindrot.org/show_bug.cgi?id=3615 --- Comment #4 from Richard Kreutzer --- Created attachment 3732 --> https://bugzilla.mindrot.org/attachment.cgi?id=3732&action=edit Resend... Use this one... -- You are receiving this mail because: You are watching someone on the CC list of

[Bug 3615] Host Based Authentication is failing

https://bugzilla.mindrot.org/show_bug.cgi?id=3615 --- Comment #3 from Richard Kreutzer --- Thank you so much for your help. Let me know if there is anything else you need. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list

[Bug 3615] Host Based Authentication is failing

https://bugzilla.mindrot.org/show_bug.cgi?id=3615 --- Comment #2 from Richard Kreutzer --- Created attachment 3731 --> https://bugzilla.mindrot.org/attachment.cgi?id=3731&action=edit Requested debug/config information -- You are receiving this mail because: You are watching the assignee of th

[Bug 3615] Host Based Authentication is failing

https://bugzilla.mindrot.org/show_bug.cgi?id=3615 Darren Tucker changed: What|Removed |Added CC||dtuc...@dtucker.net --- Comment #1 from D

[Bug 3615] New: Host Based Authentication is failing

https://bugzilla.mindrot.org/show_bug.cgi?id=3615 Bug ID: 3615 Summary: Host Based Authentication is failing Product: Portable OpenSSH Version: 9.4p1 Hardware: Other OS: Linux Status: NEW Severity: critica

<    4   5   6   7   8   9   10   11   12   13   >