[Bug 2495] New: add GSI GSSAPI SSO authentication to OpenSSH

2015-11-12 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2495

Bug ID: 2495
   Summary: add GSI GSSAPI SSO authentication to OpenSSH
   Product: Portable OpenSSH
   Version: 7.1p1
  Hardware: amd64
OS: Linux
Status: NEW
  Severity: enhancement
  Priority: P5
 Component: Kerberos support
  Assignee: unassigned-b...@mindrot.org
  Reporter: thomas.dow...@ligo.org

This is effectively a bump of bug 958, filed by Jim Basney, to the
current version of openssh. Jim maintains a patch for openssh which
enables authentication with GSI GSSAPI.

Effectively it enables single-sign-on with certificate verification by
the client of the host and of the client by the host. This is in use
securely by a large number of users in scientific and other computing
projects.

Patch:

http://grid.ncsa.illinois.edu/ssh/installpatch.html
http://grid.ncsa.illinois.edu/ssh/dl/patch/

Full releases:

https://github.com/globus/gsi-openssh/releases

We would like you to review this patch and consider it for inclusion in
the standard release of openssh. Currently, we are compelled to
recompile and repackage openssh ourselves on both linux and OS X.
Practically speaking, it can be hard to keep the packaging going
although I believe (hope) the burden on Jim of maintaining the patch
itself is fairly low.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 958] patch to support GSI GSSAPI mechanism

2015-11-12 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=958

Tom Downes  changed:

   What|Removed |Added

 CC||thomas.dow...@ligo.org

--- Comment #8 from Tom Downes  ---
I have created bug 2495 on the latest version of openssh and marked it
within the kerberos/GSSAPI component.

-- 
You are receiving this mail because:
You are the assignee for the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2495] add GSI GSSAPI SSO authentication to OpenSSH

2015-11-12 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2495

Tom Downes  changed:

   What|Removed |Added

 CC||jbas...@illinois.edu

--- Comment #1 from Tom Downes  ---
*** Bug 958 has been marked as a duplicate of this bug. ***

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 958] patch to support GSI GSSAPI mechanism

2015-11-12 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=958

Tom Downes  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |DUPLICATE

--- Comment #9 from Tom Downes  ---


*** This bug has been marked as a duplicate of bug 2495 ***

-- 
You are receiving this mail because:
You are the assignee for the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2490] allow to set AuthorizedKeysFile none

2015-11-12 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2490

Damien Miller  changed:

   What|Removed |Added

 Resolution|--- |WORKSFORME
 Status|NEW |RESOLVED
 CC||d...@mindrot.org

--- Comment #1 from Damien Miller  ---
It's already supported. From sshd_config(5) AuthorizedKeysFile:

> Multiple files may be listed, separated by whitespace. Alternately
> this option may be set to “none” to skip checking for user keys in 
> files. The default is “.ssh/authorized_keys .ssh/authorized_keys2”.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2451] Bugs intended to be fixed in 7.2

2015-11-12 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2451

Damien Miller  changed:

   What|Removed |Added

 Depends on||2489


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2489
[Bug 2489] options that can be used in Match blocks but aren't
documented as such
-- 
You are receiving this mail because:
You are watching the reporter of the bug.
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2472] Add support to load additional certificates

2015-11-12 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2472

--- Comment #5 from Damien Miller  ---
Looking at the patch, I like the idea but I don't think we need to
modify ssh-agent to accommodate it.

Couldn't ssh-add just graft the extra certificates to the private key
and send them? This is similar to how it send implicit *-cert.pub
certificates now.

It might be a little more hassle for the user, since they will need to
have their private keys available at the same time as their
certificates, but IMO users shouldn't be able to add keys to an agent
*without* presenting their private section.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2418] sftp-server connection closed upon openssh6.8P1 upgrade

2015-11-12 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2418

Damien Miller  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|NEW |RESOLVED

--- Comment #2 from Damien Miller  ---
four months with no followup = no bug

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2406] Forwarding local port to remote named sockets fails

2015-11-12 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2406

Damien Miller  changed:

   What|Removed |Added

 Status|RESOLVED|CLOSED

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2491] x11-ssh-askpass (ssh-add) sets incorrect flags in WM_SIZE_HINTS

2015-11-12 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2491

Darren Tucker  changed:

   What|Removed |Added

 CC||dtuc...@zip.com.au

--- Comment #3 from Darren Tucker  ---
The last copy of that site on archive.org
(https://web.archive.org/web/20131006102910/http://jmknoble.net/software/x11-ssh-askpass/)
says "The OpenBSD folks are maintaining their own port of
x11-ssh-askpass. It's available in the X11 section of OpenBSD's
anonymous CVS tree."  Which indeed seems to be true
(http://cvsweb.openbsd.org/cgi-bin/cvsweb/xenocara/app/ssh-askpass/)
although by the "last touched it" rule, the maintainer is jsg@ rather
than the openssh team.

There's also a mirror on github although it looks like there's never
been any work done there.
https://github.com/sigmavirus24/x11-ssh-askpass

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2486] allow ForceCommand none or similar

2015-11-12 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2486

Darren Tucker  changed:

   What|Removed |Added

   Attachment #2751|ok?(dtuc...@zip.com.au) |ok+
  Flags||

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2484] ssh-kegen -Z option undocumented

2015-11-12 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2484

Damien Miller  changed:

   What|Removed |Added

 CC||d...@mindrot.org

--- Comment #1 from Damien Miller  ---
It's intentionally undocumented for now. We might change this in the
future.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2406] Forwarding local port to remote named sockets fails

2015-11-12 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2406

Damien Miller  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|NEW |RESOLVED

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2360] Bugs intended to be fixed in 6.9

2015-11-12 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2360
Bug 2360 depends on bug 2406, which changed state.

Bug 2406 Summary: Forwarding local port to remote named sockets fails
https://bugzilla.mindrot.org/show_bug.cgi?id=2406

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |FIXED

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching the reporter of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2358] allow sshd to "redirect" to another local user

2015-11-12 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2358

Damien Miller  changed:

   What|Removed |Added

 CC||d...@mindrot.org

--- Comment #3 from Damien Miller  ---
(In reply to Darren Tucker from comment #1)
> Thinking about this one I think it would be possible to fit into the
> Match framework but I'm struggling to think of an example of where
> it would actually be useful.  Why would you want to do such a thing?
> 
> As for security implications: it might upset privsep (in general it
> does not allow changing of usernames once started).  It would have
> to be explicitly configured by the system administrator.

I know of one case where system administrators wanted to implement a
"catch-all" user. They did this by hacking getpwnamallow() to lookup a
single account for all users. We could do a "ForceUser" option that did
something similar I guess.

it does mean that authctxt->user wouldn't be the same as
authctxt->pw->pw_name and a couple of things depend on this, e.g. s/key

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 626] sftp is unable to resume interrupted downloads/ uploads

2015-11-12 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=626

Damien Miller  changed:

   What|Removed |Added

 Blocks||2076
 Resolution|--- |FIXED
 CC||d...@mindrot.org
 Status|NEW |RESOLVED

--- Comment #4 from Damien Miller  ---
Yes, resumption is implemented for both get and put now.


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2076
[Bug 2076] Bugs intended to be fixed in 6.3
-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2489] options that can be used in Match blocks but aren't documented as such

2015-11-12 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2489

--- Comment #2 from Christoph Anton Mitterer  ---
Guess I've accidentally looked the others up in the current version in
Debian sid, and not the master in git O:)

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2494] kex_protocol_error should send SSH2_MSG_UNIMPLEMENTED

2015-11-12 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2494

Damien Miller  changed:

   What|Removed |Added

 Blocks||2451

--- Comment #3 from Damien Miller  ---
Patch applied - this will be in OpenSSH 7.2. (Please do let us know the
affected conch version though)


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2451
[Bug 2451] Bugs intended to be fixed in 7.2
-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2495] add GSI GSSAPI SSO authentication to OpenSSH

2015-11-12 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2495

Mantas M.  changed:

   What|Removed |Added

 CC||graw...@gmail.com

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2494] kex_protocol_error should send SSH2_MSG_UNIMPLEMENTED

2015-11-12 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2494

Damien Miller  changed:

   What|Removed |Added

 Status|NEW |ASSIGNED
 CC||d...@mindrot.org,
   ||dtuc...@zip.com.au
   Assignee|unassigned-b...@mindrot.org |d...@mindrot.org
   Attachment #2749||ok?(dtuc...@zip.com.au)
  Flags||

--- Comment #1 from Damien Miller  ---
Created attachment 2749
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2749=edit
send SSH_MSG_UNIMPLEMENTED on kex protocol error

I think this should do it; can you test against the conch version that
was sending the old key exchange?

Also, please send the banner string for the affected conch version so
we can add a compat flag for it.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2494] kex_protocol_error should send SSH2_MSG_UNIMPLEMENTED

2015-11-12 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2494

Darren Tucker  changed:

   What|Removed |Added

   Attachment #2750|ok?(dtuc...@zip.com.au) |ok+
  Flags||

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2486] allow ForceCommand none or similar

2015-11-12 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2486

Damien Miller  changed:

   What|Removed |Added

 CC||d...@mindrot.org,
   ||dtuc...@zip.com.au
 Status|NEW |ASSIGNED
   Assignee|unassigned-b...@mindrot.org |d...@mindrot.org
   Attachment #2751||ok?(dtuc...@zip.com.au)
  Flags||

--- Comment #1 from Damien Miller  ---
Created attachment 2751
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2751=edit
accept "none" to ForceCommand and ChrootDirectory

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 819] patch to add kerberos password-changing

2015-11-12 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=819

Damien Miller  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 CC||d...@mindrot.org
 Resolution|--- |WONTFIX

--- Comment #3 from Damien Miller  ---
This can be done using PAM kbd-int without server modifications. I
don't think we want to implement it again in the server.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 1860] UseDNS option ignored

2015-11-12 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=1860

Damien Miller  changed:

   What|Removed |Added

 Resolution|--- |WORKSFORME
 Status|NEW |RESOLVED

--- Comment #6 from Damien Miller  ---
The bit leading up to this is:

20538:  xgetsockaddr(UW71|XPG4, REMOTENAME, 3, 0x08047ADC, 0x08047B60)
= 0
20538:  gettimeofday(0x08047070, 0xBFF5A870)= 0
20538:  getpid()= 20538  [
20271 ]
20538:  open("/etc/resolv.conf", O_RDONLY, 0666)= 4
20538:  ioctl(4, TCGETS, 0x08046F64)Err#25 ENOTTY

Which makes me think this is canohost.c:get_remote_hostname(). It does
a getpeername() call that is probably the xgetscoaddr call above. It
then does a:

if (getnameinfo((struct sockaddr *), fromlen, ntop, sizeof(ntop),
NULL, 0, NI_NUMERICHOST) != 0)

call. This should not result in any DNS traffic though - it's
requesting a numeric hostname.

IMO the only way for it to end up in the DNS here is if the OS
getnameinfo() is buggy. This is further supported by what it does next:

20538:  open("/etc/services", O_RDONLY, 0666)   = 4
20538:  ioctl(4, TCGETS, 0x08047894)Err#25 ENOTTY
20538:  fxstat(2, 4, 0x080478D4)= 0
20538:  read(4, " # i d e n t\t " @ ( # )".., 8192) = 4260
20538:  read(4, 0x0814A090, 8192)   

It's not looking at /etc/hosts - it's looking for a port number to
service name lookup and it's doing so in spite of the getnameinfo()
call above not requesting a service name lookup.

So, I think your system has been configured to do service lookups by
DNS *and* your libc/resolver getnameinfo() is broken. There isn't much
we can do in sshd to mitigate this. If it is still failing for you then
I suggest disabling service lookups via DNS and/or contacting your OS
vendor.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2451] Bugs intended to be fixed in 7.2

2015-11-12 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2451

Damien Miller  changed:

   What|Removed |Added

 Depends on||2486


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2486
[Bug 2486] allow ForceCommand none or similar
-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching the reporter of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2491] x11-ssh-askpass (ssh-add) sets incorrect flags in WM_SIZE_HINTS

2015-11-12 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2491

Damien Miller  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |INVALID
 CC||d...@mindrot.org

--- Comment #2 from Damien Miller  ---
x11-ssh-askpass isn't maintained by the OpenSSH team.

It used to be maintained by Jim Knoble at
http://www.jmknoble.net/software/x11-ssh-askpass/ but that domain seems
to be gone now.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2076] Bugs intended to be fixed in 6.3

2015-11-12 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2076

Damien Miller  changed:

   What|Removed |Added

 Depends on||626


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=626
[Bug 626] sftp is unable to resume interrupted downloads/ uploads
-- 
You are receiving this mail because:
You are watching the reporter of the bug.
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2076] Bugs intended to be fixed in 6.3

2015-11-12 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2076
Bug 2076 depends on bug 626, which changed state.

Bug 626 Summary: sftp is unable to resume interrupted downloads/ uploads
https://bugzilla.mindrot.org/show_bug.cgi?id=626

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |FIXED

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching the reporter of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 708] Remote forward: Connect from privileged port if originator connected from privileged port

2015-11-12 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=708

Damien Miller  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 CC||d...@mindrot.org
 Resolution|--- |WONTFIX

--- Comment #3 from Damien Miller  ---
Given our privilege separation system, this is much more trouble to
implement that it is IMO worth.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2451] Bugs intended to be fixed in 7.2

2015-11-12 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2451
Bug 2451 depends on bug 2489, which changed state.

Bug 2489 Summary: options that can be used in Match blocks but aren't 
documented as such
https://bugzilla.mindrot.org/show_bug.cgi?id=2489

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |FIXED

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching the reporter of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2489] options that can be used in Match blocks but aren't documented as such

2015-11-12 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2489

Damien Miller  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|NEW |RESOLVED
 CC||d...@mindrot.org
 Blocks||2451

--- Comment #1 from Damien Miller  ---
Thanks - the AuthorizedPrincipalsCommand* options were missing (fixed),
but the others are already there.


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2451
[Bug 2451] Bugs intended to be fixed in 7.2
-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2392] unable to ssh with umac hash algorithm. error:Disconnecting packet:corrupted MAC on input.

2015-11-12 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2392

Damien Miller  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |WORKSFORME

--- Comment #7 from Damien Miller  ---
5 months with no followup = no bug

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2451] Bugs intended to be fixed in 7.2

2015-11-12 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2451

Damien Miller  changed:

   What|Removed |Added

 Depends on||2494


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2494
[Bug 2494] kex_protocol_error should send SSH2_MSG_UNIMPLEMENTED
-- 
You are receiving this mail because:
You are watching the reporter of the bug.
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2451] Bugs intended to be fixed in 7.2

2015-11-12 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2451
Bug 2451 depends on bug 2486, which changed state.

Bug 2486 Summary: allow ForceCommand none or similar
https://bugzilla.mindrot.org/show_bug.cgi?id=2486

   What|Removed |Added

 Status|ASSIGNED|RESOLVED
 Resolution|--- |FIXED

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching the reporter of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2486] allow ForceCommand none or similar

2015-11-12 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2486

Damien Miller  changed:

   What|Removed |Added

 Blocks||2451
 Resolution|--- |FIXED
 Status|ASSIGNED|RESOLVED

--- Comment #2 from Damien Miller  ---
Applied - this will be in OpenSSH 7.2


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2451
[Bug 2451] Bugs intended to be fixed in 7.2
-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2494] kex_protocol_error should send SSH2_MSG_UNIMPLEMENTED

2015-11-12 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2494

Darren Tucker  changed:

   What|Removed |Added

   Attachment #2749|ok?(dtuc...@zip.com.au) |ok+
  Flags||

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2494] kex_protocol_error should send SSH2_MSG_UNIMPLEMENTED

2015-11-12 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2494

Damien Miller  changed:

   What|Removed |Added

   Attachment #2749|0   |1
is obsolete||
   Attachment #2750||ok?(dtuc...@zip.com.au)
  Flags||

--- Comment #2 from Damien Miller  ---
Created attachment 2750
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2750=edit
fixed diff

oops, previous diff forgot to declare a variable

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs