[Bug 2266] Bugs intended to be fixed in 6.8
https://bugzilla.mindrot.org/show_bug.cgi?id=2266 Bug 2266 depends on bug 2313, which changed state. Bug 2313 Summary: Corrupt KRL file when using multiple CA. https://bugzilla.mindrot.org/show_bug.cgi?id=2313 What|Removed |Added Status|NEW |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are watching the reporter of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2266] Bugs intended to be fixed in 6.8
https://bugzilla.mindrot.org/show_bug.cgi?id=2266 Damien Miller d...@mindrot.org changed: What|Removed |Added Depends on||2313 -- You are receiving this mail because: You are watching the reporter of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2322] please let the server enable/disable delayed compression on a per user basis
https://bugzilla.mindrot.org/show_bug.cgi?id=2322 Damien Miller d...@mindrot.org changed: What|Removed |Added CC||d...@mindrot.org Assignee|unassigned-b...@mindrot.org |d...@mindrot.org --- Comment #1 from Damien Miller d...@mindrot.org --- Created attachment 2515 -- https://bugzilla.mindrot.org/attachment.cgi?id=2515action=edit Require multiple publickey entries in AuthenticationMethods use different keys Thanks for reminding me to do this - I've been planning it for a while. Here's a patch that implements it for -current. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2322] please let the server enable/disable delayed compression on a per user basis
https://bugzilla.mindrot.org/show_bug.cgi?id=2322 --- Comment #2 from Damien Miller d...@mindrot.org --- Comment on attachment 2515 -- https://bugzilla.mindrot.org/attachment.cgi?id=2515 Require multiple publickey entries in AuthenticationMethods use different keys oops, wrong bug - please disregard -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2266] Bugs intended to be fixed in 6.8
https://bugzilla.mindrot.org/show_bug.cgi?id=2266 Damien Miller d...@mindrot.org changed: What|Removed |Added Depends on||2323 -- You are receiving this mail because: You are watching the reporter of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2323] Two factor authentication with two different SSH keys
https://bugzilla.mindrot.org/show_bug.cgi?id=2323 Damien Miller d...@mindrot.org changed: What|Removed |Added Blocks||2266 -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2266] Bugs intended to be fixed in 6.8
https://bugzilla.mindrot.org/show_bug.cgi?id=2266 Damien Miller d...@mindrot.org changed: What|Removed |Added Depends on||2324 -- You are receiving this mail because: You are watching the reporter of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2318] ControlPath name collisions when using shared locations like /tmp for the sockets.
https://bugzilla.mindrot.org/show_bug.cgi?id=2318 Damien Miller d...@mindrot.org changed: What|Removed |Added Status|NEW |RESOLVED CC||d...@mindrot.org Resolution|--- |WONTFIX --- Comment #2 from Damien Miller d...@mindrot.org --- Like the manual now recommends, don't use shared directories for mux sockets. If you do use shared directories and are happy to accept that particular risk, then it is up to you to make the path unique. You can add %u to the path explicitly very easily. I don't see a compelling reason to change this. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2311] simple attack when control channel muxing is used
https://bugzilla.mindrot.org/show_bug.cgi?id=2311 Damien Miller d...@mindrot.org changed: What|Removed |Added Resolution|--- |WONTFIX CC||d...@mindrot.org Status|NEW |RESOLVED --- Comment #4 from Damien Miller d...@mindrot.org --- As I mentioned, root being able to access user sockets is intentional behaviour. I'm not interested in adding additional checks to prevent this - they would need to be behind an option to avoid breaking existing, legitimate uses and I don't believe that the maintenance and complexity cost of a new config option is warranted. Don't use shared directories for mux sockets. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2266] Bugs intended to be fixed in 6.8
https://bugzilla.mindrot.org/show_bug.cgi?id=2266 Bug 2266 depends on bug 2316, which changed state. Bug 2316 Summary: typo in man page for sftp-server -d option - %h should be %d https://bugzilla.mindrot.org/show_bug.cgi?id=2316 What|Removed |Added Status|NEW |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are watching the reporter of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2316] typo in man page for sftp-server -d option - %h should be %d
https://bugzilla.mindrot.org/show_bug.cgi?id=2316 Damien Miller d...@mindrot.org changed: What|Removed |Added Status|NEW |RESOLVED CC||d...@mindrot.org Resolution|--- |FIXED Blocks||2266 --- Comment #1 from Damien Miller d...@mindrot.org --- Patch applied - this will be in OpenSSH 6.8 -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2266] Bugs intended to be fixed in 6.8
https://bugzilla.mindrot.org/show_bug.cgi?id=2266 Damien Miller d...@mindrot.org changed: What|Removed |Added Depends on||2316 -- You are receiving this mail because: You are watching the reporter of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2310] functionality to start process before ssh and/or to wrap such command around ssh
https://bugzilla.mindrot.org/show_bug.cgi?id=2310 Damien Miller d...@mindrot.org changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |WONTFIX CC||d...@mindrot.org --- Comment #1 from Damien Miller d...@mindrot.org --- This functionality can easily be achieved using shell functions, shell aliases, shell scripts or wrapper binaries. There is no need to add more options to accomplish this. Each new option is a maintenance burden for developers and a cognitive load for users, so they need to be well justified. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2317] sshd_config man page not clear on PermitUserEnvironment
https://bugzilla.mindrot.org/show_bug.cgi?id=2317 Damien Miller d...@mindrot.org changed: What|Removed |Added Resolution|--- |WONTFIX Status|NEW |RESOLVED CC||d...@mindrot.org --- Comment #1 from Damien Miller d...@mindrot.org --- Unfortunately the reality is a little more complex than that. Restricted accounts may be invoked by the user's shell that may be affected by environment variables. It's impractical to list all the possible cases where enabling this has unexpected consequences, so we leave it to the administrator's discretion and knowledge of their own system. I don't see any reason to modify the text to weaken the warning. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2319] [PATCH REVIEW] U2F authentication
https://bugzilla.mindrot.org/show_bug.cgi?id=2319 Damien Miller d...@mindrot.org changed: What|Removed |Added CC||d...@mindrot.org --- Comment #2 from Damien Miller d...@mindrot.org --- I think it is best that you start with a description of the u2f authentication method protocol - it's much better to review that the protocol is sound before looking at the implementation. Could you write this up? -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2301] test_sshbuf_misc.c:44 ASSERT_INT_NE(feof(out), 0) failed
https://bugzilla.mindrot.org/show_bug.cgi?id=2301 Damien Miller d...@mindrot.org changed: What|Removed |Added CC||d...@mindrot.org --- Comment #1 from Damien Miller d...@mindrot.org --- This is probably due to Irix's libc not support the %z format characters. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2266] Bugs intended to be fixed in 6.8
https://bugzilla.mindrot.org/show_bug.cgi?id=2266 Bug 2266 depends on bug 2291, which changed state. Bug 2291 Summary: ssh -Q kex lists diffie-hellman-group1-sha1 twice https://bugzilla.mindrot.org/show_bug.cgi?id=2291 What|Removed |Added Status|NEW |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are watching the reporter of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2266] Bugs intended to be fixed in 6.8
https://bugzilla.mindrot.org/show_bug.cgi?id=2266 Damien Miller d...@mindrot.org changed: What|Removed |Added Depends on||2291 -- You are receiving this mail because: You are watching the reporter of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2266] Bugs intended to be fixed in 6.8
https://bugzilla.mindrot.org/show_bug.cgi?id=2266 Bug 2266 depends on bug 2287, which changed state. Bug 2287 Summary: AuthorizedKeysCommandUser should have it's default documented https://bugzilla.mindrot.org/show_bug.cgi?id=2287 What|Removed |Added Status|NEW |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are watching the reporter of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2287] AuthorizedKeysCommandUser should have it's default documented
https://bugzilla.mindrot.org/show_bug.cgi?id=2287 Damien Miller d...@mindrot.org changed: What|Removed |Added Blocks||2266 Status|NEW |RESOLVED Resolution|--- |FIXED CC||d...@mindrot.org --- Comment #1 from Damien Miller d...@mindrot.org --- fixed: +If no user is specified then +.Cm AuthorizedKeysCommand +is ignored. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2266] Bugs intended to be fixed in 6.8
https://bugzilla.mindrot.org/show_bug.cgi?id=2266 Damien Miller d...@mindrot.org changed: What|Removed |Added Depends on||2287 -- You are receiving this mail because: You are watching the assignee of the bug. You are watching the reporter of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2308] Forwarded Unix domain sockets not removed on logout
https://bugzilla.mindrot.org/show_bug.cgi?id=2308 Damien Miller d...@mindrot.org changed: What|Removed |Added CC||d...@mindrot.org --- Comment #1 from Damien Miller d...@mindrot.org --- ssh/sshd should probably clean up after itself better, but you might be interested in the ssh_config StreamLocalBindUnlink option in the meantime -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs