[Bug 2755] [PATCH] sshd_config: allow directories in AuthorizedKeysFile=
https://bugzilla.mindrot.org/show_bug.cgi?id=2755 Damien Miller changed: What|Removed |Added CC||d...@mindrot.org --- Comment #3 from Damien Miller --- We're late in preparations for the 7.6 release. We'll look at this after -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2319] [PATCH REVIEW] U2F authentication
https://bugzilla.mindrot.org/show_bug.cgi?id=2319 David Lang changed: What|Removed |Added CC||da...@lang.hm --- Comment #24 from David Lang --- Any update on this (either accepting the optional u2f lgpl lib, asking Yubico to allow the BSD license, or writing a replacement)? -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2635] Unable to use SSH Agent and user level PKCS11Provider configuration directive
https://bugzilla.mindrot.org/show_bug.cgi?id=2635 --- Comment #7 from Marc 'Zugschlus' Haber --- And, after trying with PKCS11Provider option in place, and the agent refusing operation for the first time, I need to do the ssh-add -D ssh-add -e, ssh-add -s routine, or the agent will refuse operation even after removing the PKCS11Provider option: ssh -F config-with-PKSCS11Provider => agent refused operation ssh -F config-without-PKCS11Provider => agent refused operation ssh-add -D ssh-add -e ssh-add -s ssh -F config-without-PKCS11Provider => works Whenever ssh says "agent refused operations", ssh-agent started with -d logs "process_sign_request2: sshkey_sign: error in libcrypto". Hope this helps. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2635] Unable to use SSH Agent and user level PKCS11Provider configuration directive
https://bugzilla.mindrot.org/show_bug.cgi?id=2635 Marc 'Zugschlus' Haber changed: What|Removed |Added CC||mh+openssh-bugzilla@zugschl ||us.de --- Comment #6 from Marc 'Zugschlus' Haber --- I have exactly the same issue, on Debian unstable, using OpenSSH 7.5p1 from the Debian packages, and a yubikey 4 Nano. My ssh - output is the same as Jamin's. I can provide additional information: (1) My second Yubikey, a Yubikey Neo, works fine even with the agent loaded and the PKCS11Provider option in the config. (2) When using the agent without the PKCS11Provider option, the ssh -vvv output is the identical same until: debug3: sign_and_send_pubkey: RSA sign_and_send_pubkey: signing failed: agent refused operation debug1: Offering RSA public key: /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so On the working client, things are: debug3: sign_and_send_pubkey: RSA debug3: send packet: type 50 debug3: receive packet: type 52 debug1: Authentication succeeded (publickey). Authenticated to localhost ([127.0.0.1]:10022). debug1: channel 0: new [client-session] debug3: ssh_session2_open: channel_new: 0 debug2: channel 0: send open -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2752] Allow syscalls for openssl engines on s390x
https://bugzilla.mindrot.org/show_bug.cgi?id=2752 --- Comment #6 from ebarre...@linux.vnet.ibm.com --- (In reply to Damien Miller from comment #5) > Yeah, I agree. Would it be feasible to skip using the engines in the > pre-auth phase entirely? Hi Damien, We have on S390 two OpenSSL Engines, one more specific (is specific for one crypto card) and one more generic that works with different crypto card/devices. The first is openssl-ibmca and the last one openssl-ibmpkcs11. We already did some changes on the seccomp filter (openssh-7.5) for the ibmca engine, but the getuid and geteuid was missing as it was enabled on some distro's openssh package but not on others. Can we get the getuid and geteuid patch integrated for now? The other engine, ibmpkcs11, which needs the sysv ipc is not yet released and we can work on an alternative based on your feedback. This works for you? Thanks, Eduardo -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2755] [PATCH] sshd_config: allow directories in AuthorizedKeysFile=
https://bugzilla.mindrot.org/show_bug.cgi?id=2755 --- Comment #2 from Luca BRUNO --- As I got no answers so far, this is another gentle ping for a review. -- You are receiving this mail because: You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs