https://bugzilla.mindrot.org/show_bug.cgi?id=3162
Bug 3162 depends on bug 3581, which changed state.
Bug 3581 Summary: ssh-keyscan fails with `fdlim_get: bad value` with large file
descriptor limit due to type confusion
https://bugzilla.mindrot.org/show_bug.cgi?id=3581
What
https://bugzilla.mindrot.org/show_bug.cgi?id=3581
jan-erik changed:
What|Removed |Added
Resolution|FIXED |---
Status|RESOLVED
https://bugzilla.mindrot.org/show_bug.cgi?id=3568
Damien Miller changed:
What|Removed |Added
Resolution|--- |WORKSFORME
Status|NEW
https://bugzilla.mindrot.org/show_bug.cgi?id=3578
Damien Miller changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|---
https://bugzilla.mindrot.org/show_bug.cgi?id=3575
Damien Miller changed:
What|Removed |Added
Resolution|--- |WONTFIX
Status|NEW
https://bugzilla.mindrot.org/show_bug.cgi?id=3573
Damien Miller changed:
What|Removed |Added
CC||d...@mindrot.org
Status|NEW
https://bugzilla.mindrot.org/show_bug.cgi?id=3576
Damien Miller changed:
What|Removed |Added
Resolution|--- |WONTFIX
Status|NEW
https://bugzilla.mindrot.org/show_bug.cgi?id=3162
Bug 3162 depends on bug 3577, which changed state.
Bug 3577 Summary: CASignatureAlgorithms supports -cert algorithms when used
alongside with other options
https://bugzilla.mindrot.org/show_bug.cgi?id=3577
What|Removed
https://bugzilla.mindrot.org/show_bug.cgi?id=3162
Damien Miller changed:
What|Removed |Added
Depends on||3577
Referenced Bugs:
https://bugzilla.mindrot.org/show_bug.cgi?id=3577
Damien Miller changed:
What|Removed |Added
Status|NEW |RESOLVED
Blocks|
https://bugzilla.mindrot.org/show_bug.cgi?id=3162
Damien Miller changed:
What|Removed |Added
Depends on||3581
Referenced Bugs:
https://bugzilla.mindrot.org/show_bug.cgi?id=3162
Bug 3162 depends on bug 3581, which changed state.
Bug 3581 Summary: ssh-keyscan fails with `fdlim_get: bad value` with large file
descriptor limit due to type confusion
https://bugzilla.mindrot.org/show_bug.cgi?id=3581
What
https://bugzilla.mindrot.org/show_bug.cgi?id=3577
Darren Tucker changed:
What|Removed |Added
Attachment #3701|ok?(dtuc...@dtucker.net)|ok+
Flags|
https://bugzilla.mindrot.org/show_bug.cgi?id=3581
Darren Tucker changed:
What|Removed |Added
Attachment #3702|ok?(dtuc...@dtucker.net)|ok+
Flags|
https://bugzilla.mindrot.org/show_bug.cgi?id=3581
Damien Miller changed:
What|Removed |Added
CC||d...@mindrot.org,
|
https://bugzilla.mindrot.org/show_bug.cgi?id=3577
Damien Miller changed:
What|Removed |Added
Attachment #3701||ok?(dtuc...@dtucker.net)
https://bugzilla.mindrot.org/show_bug.cgi?id=3577
--- Comment #4 from xspielinbox+mind...@protonmail.com ---
Thank you for the clarification and the patch!
The patch indeed fixes the configuration-file behavior. It doesn't fix
`ssh -Q CASignatureAlgorithms` still producing the wrong output,
https://bugzilla.mindrot.org/show_bug.cgi?id=3581
Bug ID: 3581
Summary: ssh-keyscan fails with `fdlim_get: bad value` with
large file descriptor limit due to type confusion
Product: Portable OpenSSH
Version: 9.3p1
https://bugzilla.mindrot.org/show_bug.cgi?id=3577
Darren Tucker changed:
What|Removed |Added
Attachment #3700|ok?(dtuc...@dtucker.net)|ok+
Flags|
https://bugzilla.mindrot.org/show_bug.cgi?id=3580
Damien Miller changed:
What|Removed |Added
CC||d...@mindrot.org
Status|NEW
https://bugzilla.mindrot.org/show_bug.cgi?id=3577
Damien Miller changed:
What|Removed |Added
CC||d...@mindrot.org,
|
https://bugzilla.mindrot.org/show_bug.cgi?id=3580
Bug ID: 3580
Summary: ssh-keygen -l: "no comment" never appears again after
the first comment
Product: Portable OpenSSH
Version: 9.3p1
Hardware: Other
OS:
https://bugzilla.mindrot.org/show_bug.cgi?id=3577
--- Comment #2 from xspielinbox+mind...@protonmail.com ---
that can be controlled via CASignatureAlgorithms, it does not make
sense to me, why these options are valid, if a key using this algorithm
cannot be obtained.
Moreover: having an option
https://bugzilla.mindrot.org/show_bug.cgi?id=3577
xspielinbox+mind...@protonmail.com changed:
What|Removed |Added
Summary|CASignatureAlgorithms |CASignatureAlgorithms
https://bugzilla.mindrot.org/show_bug.cgi?id=3579
Bug ID: 3579
Summary: OpenSSH trims last character of fixed-lenght buffers
received from the pkcs11 providers providing users
with inaccurate information
Product: Portable
https://bugzilla.mindrot.org/show_bug.cgi?id=3578
--- Comment #2 from Darren Tucker ---
(In reply to Richard Neill from comment #0)
[...]
> * forward error-correction: preemptively transmit each packet 3x
> (both from the client-end and the server-end) without waiting to
> find out whether it
https://bugzilla.mindrot.org/show_bug.cgi?id=3578
Damien Miller changed:
What|Removed |Added
CC||d...@mindrot.org
--- Comment #1 from
https://bugzilla.mindrot.org/show_bug.cgi?id=3578
Bug ID: 3578
Summary: RFE: forward error correction
Product: Portable OpenSSH
Version: 9.3p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
https://bugzilla.mindrot.org/show_bug.cgi?id=2347
Jernej Jakob changed:
What|Removed |Added
Version|6.7p1 |9.3p1
CC|
https://bugzilla.mindrot.org/show_bug.cgi?id=3542
--- Comment #4 from cadeaudee...@gmail.com ---
Hello,
update on our side:
Since changing the access management system isn't an option (because of
the number of users). I have enough and reversed-engineered the bastion
(hopefully in this component
https://bugzilla.mindrot.org/show_bug.cgi?id=3577
Bug ID: 3577
Summary: CASignatureAlgorithms supports -cert alogrithms
Product: Portable OpenSSH
Version: 9.3p1
Hardware: amd64
OS: Linux
Status: NEW
https://bugzilla.mindrot.org/show_bug.cgi?id=3418
Bug 3418 depends on bug 2573, which changed state.
Bug 2573 Summary: dead sessions cannot be closed with ~.
https://bugzilla.mindrot.org/show_bug.cgi?id=2573
What|Removed |Added
https://bugzilla.mindrot.org/show_bug.cgi?id=2573
Christoph Anton Mitterer changed:
What|Removed |Added
Status|CLOSED |REOPENED
https://bugzilla.mindrot.org/show_bug.cgi?id=3575
--- Comment #2 from Max Chinni ---
Thank you for your answer, that make sense.
I took it literally probably because it was on a separate line. I was
wrong.
I noticed that it works, too, if specified as long as other parameters.
"-h" is the same,
https://bugzilla.mindrot.org/show_bug.cgi?id=3575
Darren Tucker changed:
What|Removed |Added
CC||dtuc...@dtucker.net
--- Comment #1 from
https://bugzilla.mindrot.org/show_bug.cgi?id=3576
Bug ID: 3576
Summary: The sftp-server does not provide the feature of
changing expired passwords, which is provided by the
sshd.
Product: Portable OpenSSH
https://bugzilla.mindrot.org/show_bug.cgi?id=3575
Bug ID: 3575
Summary: wrong usage message: "-Q protocol_feature" is an
invalid query type
Product: Portable OpenSSH
Version: 9.2p1
Hardware: Other
OS: Linux
https://bugzilla.mindrot.org/show_bug.cgi?id=3549
Damien Miller changed:
What|Removed |Added
Depends on||3574
Referenced Bugs:
https://bugzilla.mindrot.org/show_bug.cgi?id=3549
Bug 3549 depends on bug 3574, which changed state.
Bug 3574 Summary: sshd ignores AuthorizedPrincipalsCommand if
AuthorizedKeysCommand is also set
https://bugzilla.mindrot.org/show_bug.cgi?id=3574
What|Removed
https://bugzilla.mindrot.org/show_bug.cgi?id=3574
Damien Miller changed:
What|Removed |Added
Resolution|--- |FIXED
Blocks|
https://bugzilla.mindrot.org/show_bug.cgi?id=3574
Darren Tucker changed:
What|Removed |Added
Attachment #3699|ok?(dtuc...@dtucker.net)|ok+
Flags|
https://bugzilla.mindrot.org/show_bug.cgi?id=3574
John Meyers changed:
What|Removed |Added
Summary|ssh ignores |sshd ignores
https://bugzilla.mindrot.org/show_bug.cgi?id=3574
John Meyers changed:
What|Removed |Added
CC||c...@themeyers.us
--
You are receiving
https://bugzilla.mindrot.org/show_bug.cgi?id=3574
--- Comment #1 from John Meyers ---
Created attachment 3698
--> https://bugzilla.mindrot.org/attachment.cgi?id=3698=edit
Suggested fix
--
You are receiving this mail because:
You are watching the assignee of the bug.
https://bugzilla.mindrot.org/show_bug.cgi?id=3574
Bug ID: 3574
Summary: ssh ignores AuthorizedPrincipalsCommand if
AuthorizedKeysCommand is also set
Product: Portable OpenSSH
Version: 9.3p1
Hardware: All
https://bugzilla.mindrot.org/show_bug.cgi?id=2876
bill.laze...@gmail.com changed:
What|Removed |Added
CC||bill.laze...@gmail.com
---
https://bugzilla.mindrot.org/show_bug.cgi?id=3573
Bug ID: 3573
Summary: sshd service crashes with "error 1067: Service
terminated unexpectedly" when I try to start it in
Windows 11
Product: Portable OpenSSH
https://bugzilla.mindrot.org/show_bug.cgi?id=3017
Darren Tucker changed:
What|Removed |Added
CC||dtuc...@dtucker.net
--- Comment #6 from
https://bugzilla.mindrot.org/show_bug.cgi?id=3017
--- Comment #5 from Pavel Sidlo ---
I've faced probably the same behavior for RemoteForward.
I seems sshd by default allocates both tcp and tcp6 sockets.
ExitOnForwardFailure fails to reject connection if tcp is already in
use but tcp6 is not
https://bugzilla.mindrot.org/show_bug.cgi?id=3017
Pavel Sidlo changed:
What|Removed |Added
CC||pavel.si...@linuxbox.cz
--
You are
https://bugzilla.mindrot.org/show_bug.cgi?id=3572
Bug ID: 3572
Summary: ssh-agent refused operation when using FIDO2 with -O
verify-required
Product: Portable OpenSSH
Version: 9.3p1
Hardware: Other
OS:
https://bugzilla.mindrot.org/show_bug.cgi?id=3571
Bug ID: 3571
Summary: Canceling SSH_ASKPASS actually sends an empty string
Product: Portable OpenSSH
Version: 8.8p1
Hardware: Other
OS: Linux
Status: NEW
https://bugzilla.mindrot.org/show_bug.cgi?id=3570
Bug ID: 3570
Summary: Add substitution token for explicitly selected
IdentityFile for ControlPath selection
Product: Portable OpenSSH
Version: 9.3p1
Hardware: All
https://bugzilla.mindrot.org/show_bug.cgi?id=3153
Ben changed:
What|Removed |Added
CC||b...@smokingkangaroo.com
--- Comment #6 from Ben
https://bugzilla.mindrot.org/show_bug.cgi?id=3549
Bug 3549 depends on bug 3548, which changed state.
Bug 3548 Summary: Upgrading from openssl-3.0.8 to openssl-3.1.0 leads to
version mismatch error
https://bugzilla.mindrot.org/show_bug.cgi?id=3548
What|Removed
https://bugzilla.mindrot.org/show_bug.cgi?id=3548
Darren Tucker changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|---
https://bugzilla.mindrot.org/show_bug.cgi?id=3548
--- Comment #10 from Damien Miller ---
I withdraw my version of the diff. Darren, do you want to commit yours?
IMO we should keep the status check that is in yours but not in the
post to the mailing list.
--
You are receiving this mail because:
https://bugzilla.mindrot.org/show_bug.cgi?id=3548
Damien Miller changed:
What|Removed |Added
Attachment #3685||ok-
Flags|
https://bugzilla.mindrot.org/show_bug.cgi?id=3548
--- Comment #9 from Sam James ---
See also https://marc.info/?l=openssh-unix-dev=168348988530204=2.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
https://bugzilla.mindrot.org/show_bug.cgi?id=3569
Alex Smith changed:
What|Removed |Added
Attachment #3697|Adds a command to execute |3) Adds a command to
https://bugzilla.mindrot.org/show_bug.cgi?id=3569
Alex Smith changed:
What|Removed |Added
Attachment #3696|Adds an option to enter |2) Adds an option to enter
https://bugzilla.mindrot.org/show_bug.cgi?id=3569
Alex Smith changed:
What|Removed |Added
Attachment #3695|Adds an option to allow |1) Adds an option to allow
https://bugzilla.mindrot.org/show_bug.cgi?id=3569
--- Comment #2 from Alex Smith ---
Created attachment 3697
--> https://bugzilla.mindrot.org/attachment.cgi?id=3697=edit
Adds a command to execute commands from a local file
--
You are receiving this mail because:
You are watching the assignee
https://bugzilla.mindrot.org/show_bug.cgi?id=3569
--- Comment #1 from Alex Smith ---
Created attachment 3696
--> https://bugzilla.mindrot.org/attachment.cgi?id=3696=edit
Adds an option to enter interactive mode after a batch or single
transfer
--
You are receiving this mail because:
You are
https://bugzilla.mindrot.org/show_bug.cgi?id=3569
Bug ID: 3569
Summary: Semi-interactive sftp batch mode
Product: Portable OpenSSH
Version: 9.3p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
https://bugzilla.mindrot.org/show_bug.cgi?id=3568
--- Comment #3 from Blake D ---
(In reply to Blake D from comment #2)
> I can't say WHERE the problem is - that's why I'm alerting both
> teams.
I also posted
https://github.com/PowerShell/Win32-OpenSSH/discussions/2064
--
You are receiving
https://bugzilla.mindrot.org/show_bug.cgi?id=3568
--- Comment #2 from Blake D ---
I can't say WHERE the problem is - that's why I'm alerting both teams.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
https://bugzilla.mindrot.org/show_bug.cgi?id=3568
Darren Tucker changed:
What|Removed |Added
CC||dtuc...@dtucker.net
--- Comment #1 from
https://bugzilla.mindrot.org/show_bug.cgi?id=3568
Bug ID: 3568
Summary: ctrl-c causes ssh connection to drop
Product: Portable OpenSSH
Version: 9.3p1
Hardware: Other
OS: Windows 10
Status: NEW
Severity:
https://bugzilla.mindrot.org/show_bug.cgi?id=3567
Damien Miller changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|---
https://bugzilla.mindrot.org/show_bug.cgi?id=3567
Darren Tucker changed:
What|Removed |Added
Attachment #3694|ok?(dtuc...@dtucker.net)|ok+
Flags|
https://bugzilla.mindrot.org/show_bug.cgi?id=3561
Damien Miller changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|---
https://bugzilla.mindrot.org/show_bug.cgi?id=3567
Damien Miller changed:
What|Removed |Added
Attachment #3693|ok?(dtuc...@dtucker.net)|
Flags|
https://bugzilla.mindrot.org/show_bug.cgi?id=3567
Damien Miller changed:
What|Removed |Added
Assignee|unassigned-b...@mindrot.org |d...@mindrot.org
CC|
https://bugzilla.mindrot.org/show_bug.cgi?id=3567
Bug ID: 3567
Summary: CanonicalizeHostname yes doesn't canonicalize the
Hostname with ProxyJump none
Product: Portable OpenSSH
Version: 9.3p1
Hardware: All
https://bugzilla.mindrot.org/show_bug.cgi?id=3561
--- Comment #5 from RickyDoug ---
I totally agree with you that there are few, if any that even
build-time support it and none that release binaries packed, at least
that I have found.
The real issue is someone copied a header file without
https://bugzilla.mindrot.org/show_bug.cgi?id=3566
Bug ID: 3566
Summary: Password expiry warning is printed multiple times when
UsePAM is set to yes
Product: Portable OpenSSH
Version: 8.8p1
Hardware: All
OS:
https://bugzilla.mindrot.org/show_bug.cgi?id=3565
--- Comment #2 from Markus Schmidt ---
I'm embarrased and sorry that this happened (this was a major SNAFU on
my side that led to seeing this in old code). Sorry for the time
wasted on your side, I'll be more careful next time.
--
You are
https://bugzilla.mindrot.org/show_bug.cgi?id=3564
Damien Miller changed:
What|Removed |Added
Resolution|--- |FIXED
Status|NEW
https://bugzilla.mindrot.org/show_bug.cgi?id=3565
Damien Miller changed:
What|Removed |Added
Status|NEW |RESOLVED
CC|
https://bugzilla.mindrot.org/show_bug.cgi?id=3565
Bug ID: 3565
Summary: keygen do_download_sk() incorrect return value
Product: Portable OpenSSH
Version: 8.5p1
Hardware: Other
OS: Windows 10
Status: NEW
https://bugzilla.mindrot.org/show_bug.cgi?id=3564
Bug ID: 3564
Summary: When downloading sk keys from a fido token,
applications with multiple keys overwrite each other
Product: Portable OpenSSH
Version: 8.5p1
Hardware:
https://bugzilla.mindrot.org/show_bug.cgi?id=3563
Bug ID: 3563
Summary: Connection terminated just after authentication
successful when SFTP Server running inside Azure.
Product: Portable OpenSSH
Version: 8.4p1
Hardware:
https://bugzilla.mindrot.org/show_bug.cgi?id=3561
--- Comment #4 from Damien Miller ---
The spec might say use 1-byte packing, but I can't find a Unix/Linux
implementation that actually does this.
OpenSC doesn't:
https://github.com/OpenSC/libp11/blob/master/src/pkcs11.h
WolfSSL doesn't:
https://bugzilla.mindrot.org/show_bug.cgi?id=3561
--- Comment #3 from RickyDoug ---
My apologies. Please ignore the reference to CK_ULONG...that is another
issue. Perhaps a re-state is in order:
The PKCS11 specification is very clear on byte packing (1 byte), but
openssh does not even attempt
https://bugzilla.mindrot.org/show_bug.cgi?id=3562
Bug ID: 3562
Summary: make SSH_ASKPASS and SSH_ASKPASS_REQUIRE available as
config options
Product: Portable OpenSSH
Version: 9.3p1
Hardware: Other
OS: All
https://bugzilla.mindrot.org/show_bug.cgi?id=3439
--- Comment #4 from tar.ancalime.nume...@gmail.com ---
Hey Darren.
Just one question on this:
In both cases, the prompt with password and the prefix with
keyboard-interactive, are these generated by the ssh client?
Cause if e.g. the server
https://bugzilla.mindrot.org/show_bug.cgi?id=3438
--- Comment #3 from Christoph Anton Mitterer ---
Shall I provide a patch that adds a line like:
"If the same variable is give multiple times, only it's first
occurrence is considered."
to SetEnv / SendEnv?
However, for SendEnv it would be
https://bugzilla.mindrot.org/show_bug.cgi?id=3449
--- Comment #3 from Christoph Anton Mitterer ---
Thinking of it again:
A ~ in the remote path would IMO *only* make sense to be expanded in
the remote context (or not at all, if that's not possible).
Cause the remote path if course to be taken
https://bugzilla.mindrot.org/show_bug.cgi?id=3456
--- Comment #6 from Christoph Anton Mitterer ---
Thanks Daimen... but still not particularly "user-friendly" in the
sense that one still has to write a special command (2x ssh with
special options) and cannot simply "ssh host" as usual.
Wouldn't
https://bugzilla.mindrot.org/show_bug.cgi?id=3561
Damien Miller changed:
What|Removed |Added
CC||d...@mindrot.org
--- Comment #2 from
https://bugzilla.mindrot.org/show_bug.cgi?id=3561
--- Comment #1 from RickyDoug ---
This is actually a confused report, mixing two different issues. One is
the lack of byte packing. The second is depending on the compiler to
set the size of CK_ULONG instead of using stdint.h to specifically set
https://bugzilla.mindrot.org/show_bug.cgi?id=3561
Bug ID: 3561
Summary: Open SSH does not support 1-byte structure packing on
non-windows systems for PKCS11
Product: Portable OpenSSH
Version: 9.3p1
Hardware: Other
https://bugzilla.mindrot.org/show_bug.cgi?id=3559
--- Comment #2 from Markus Schmidt ---
On further thought, the function could be abandoned alltogether and the
two callers could simply call
pkalgs = match_filter_allowlist(KEX_DEFAULT_PK_ALG, all_key);
themselves and free the result.
--
https://bugzilla.mindrot.org/show_bug.cgi?id=3560
Markus Schmidt changed:
What|Removed |Added
Severity|enhancement |trivial
--- Comment #1 from Markus
https://bugzilla.mindrot.org/show_bug.cgi?id=3559
Markus Schmidt changed:
What|Removed |Added
Severity|enhancement |trivial
--- Comment #1 from Markus
https://bugzilla.mindrot.org/show_bug.cgi?id=3560
Bug ID: 3560
Summary: Memory leak in channels.c
Product: Portable OpenSSH
Version: 8.5p1
Hardware: Other
OS: All
Status: NEW
Severity: enhancement
https://bugzilla.mindrot.org/show_bug.cgi?id=3559
Bug ID: 3559
Summary: Mini memory leak and needless(?) const/static
qualifier.
Product: Portable OpenSSH
Version: 8.5p1
Hardware: Other
OS: All
https://bugzilla.mindrot.org/show_bug.cgi?id=3558
--- Comment #12 from Darren Tucker ---
(In reply to Damien Miller from comment #11)
> Maybe we could provide a "visudo" like tool to wrap config editing
> in sshd -T?
I like that even less than leaving it as is.
--
You are receiving this mail
https://bugzilla.mindrot.org/show_bug.cgi?id=3558
--- Comment #11 from Damien Miller ---
Sure, but the current behaviour has the benefit of being obvious and we
do provide hooks to verify the config before reloading.
Maybe we could provide a "visudo" like tool to wrap config editing in
sshd
901 - 1000 of 15225 matches
Mail list logo