[Bug 2319] [PATCH REVIEW] U2F authentication
https://bugzilla.mindrot.org/show_bug.cgi?id=2319 wik...@metacode.biz changed: What|Removed |Added CC||wik...@metacode.biz -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1467] improper handling of EWOULDBLOCK on HP
https://bugzilla.mindrot.org/show_bug.cgi?id=1467 Marc Aurele La Francechanged: What|Removed |Added CC||t...@tuyoix.net -- You are receiving this mail because: You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2503] The sshd log files are insufficient to detect sessions
https://bugzilla.mindrot.org/show_bug.cgi?id=2503 Damien Millerchanged: What|Removed |Added Blocks||2451 Referenced Bugs: https://bugzilla.mindrot.org/show_bug.cgi?id=2451 [Bug 2451] Bugs intended to be fixed in 7.2 -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2505] key_load_private_type: unknown or unsupported key type
https://bugzilla.mindrot.org/show_bug.cgi?id=2505 Damien Millerchanged: What|Removed |Added Status|NEW |RESOLVED CC||d...@mindrot.org Resolution|--- |FIXED Blocks||2451 --- Comment #2 from Damien Miller --- applied - thanks Referenced Bugs: https://bugzilla.mindrot.org/show_bug.cgi?id=2451 [Bug 2451] Bugs intended to be fixed in 7.2 -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2451] Bugs intended to be fixed in 7.2
https://bugzilla.mindrot.org/show_bug.cgi?id=2451 Bug 2451 depends on bug 2505, which changed state. Bug 2505 Summary: key_load_private_type: unknown or unsupported key type https://bugzilla.mindrot.org/show_bug.cgi?id=2505 What|Removed |Added Status|NEW |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are watching the assignee of the bug. You are watching the reporter of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2499] It would be nice to have a tool to manage ssh connections
https://bugzilla.mindrot.org/show_bug.cgi?id=2499 Damien Millerchanged: What|Removed |Added Resolution|--- |WONTFIX Status|NEW |RESOLVED CC||d...@mindrot.org --- Comment #1 from Damien Miller --- We don't plan on offering any connection management tool - generally we'd like to make the existing unix toolset do this job. Mostly, it does. For your first example, you can kill ssh session by user by looking at the process list. Active session list the username, e.g. $ ps ax | grep sshd 25092 ?? S 0:05.52 sshd: djm@ttyp0,ttyp1,ttyp2 (sshd) ... So killing the connection is just a matter of killing that user's processes. Afterwards, the account can be locked using standard system account maintenance tools - sshd honours locked passwords (either via PAM or by directly inspecting the passwords lock string). Your second example could be done similarly to the above case, with a little indirection though the existing 'w' or 'who' tools, or the system logs to find out the source address. Your third example is something that could be handled via PAM if your system supports it (most do). E.g. http://www.linux-pam.org/Linux-PAM-html/sag-pam_time.html -- we do support some authentication restrictions in sshd_config, but we can't cover everything... -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2505] key_load_private_type: unknown or unsupported key type
https://bugzilla.mindrot.org/show_bug.cgi?id=2505 --- Comment #1 from Damien Miller--- *** Bug 2504 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2503] The sshd log files are insufficient to detect sessions
https://bugzilla.mindrot.org/show_bug.cgi?id=2503 Damien Millerchanged: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #3 from Damien Miller --- The caching is already triggered as soon as the packet code is informed of the connection fds. See https://anongit.mindrot.org/openssh.git/tree/packet.c?id=39736be06c#n298 Anyway, patch is applied - this will be in OpenSSH 7.2. It looks like this now: Dec 11 14:28:29 fuyu sshd[15956]: Connection from 203.217.30.82 port 38485 on 203.217.30.81 port 22 Dec 11 14:28:30 fuyu sshd[15956]: Postponed publickey for djm from 203.217.30.82 port 38485 ssh2 [preauth] Dec 11 14:28:32 fuyu sshd[15956]: Accepted publickey for djm from 203.217.30.82 port 38485 ssh2: ECDSA SHA256:LmoNaxGFFurT6S2Q67RFuuxIq4is0rVLLdkt6Qgvy66E Dec 11 14:28:32 fuyu sshd[15956]: User child is on pid 26320 Dec 11 14:28:32 fuyu sshd[26320]: Starting session: shell on ttyp3 for djm from 203.217.30.82 port 38485 Dec 11 14:28:38 fuyu sshd[26320]: Received disconnect from 203.217.30.82 port 38485:11: disconnected by user Dec 11 14:28:38 fuyu sshd[26320]: Disconnected from 203.217.30.82 port 38485 -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2451] Bugs intended to be fixed in 7.2
https://bugzilla.mindrot.org/show_bug.cgi?id=2451 Damien Millerchanged: What|Removed |Added Depends on||2505 Referenced Bugs: https://bugzilla.mindrot.org/show_bug.cgi?id=2505 [Bug 2505] key_load_private_type: unknown or unsupported key type -- You are receiving this mail because: You are watching the assignee of the bug. You are watching the reporter of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2504] New: key_load_private_type: unknown or unsupported key type
https://bugzilla.mindrot.org/show_bug.cgi?id=2504 Bug ID: 2504 Summary: key_load_private_type: unknown or unsupported key type Product: Portable OpenSSH Version: 7.1p1 Hardware: All OS: All Status: RESOLVED Severity: minor Priority: P5 Component: ssh Assignee: unassigned-b...@mindrot.org Reporter: imor...@nas.nasa.gov CC: d...@mindrot.org CC: d...@mindrot.org Status: RESOLVED Resolution: DUPLICATE When using hostbased authentication as root, and protocol v1 support has not been compiled in, ssh(1) complains about an invalid key type: # ssh testacct@somehost pwd key_load_private_type: unknown or unsupported key type /u/testacct This is due to ssh(1) attempting to load the RSA1 key (assuming that one exists) into sensitive_data.keys. This issue only occurs for root. --- Comment #1 from Damien Miller--- *** This bug has been marked as a duplicate of bug 2505 *** -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2451] Bugs intended to be fixed in 7.2
https://bugzilla.mindrot.org/show_bug.cgi?id=2451 Bug 2451 depends on bug 2503, which changed state. Bug 2503 Summary: The sshd log files are insufficient to detect sessions https://bugzilla.mindrot.org/show_bug.cgi?id=2503 What|Removed |Added Status|NEW |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are watching the reporter of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2451] Bugs intended to be fixed in 7.2
https://bugzilla.mindrot.org/show_bug.cgi?id=2451 Damien Millerchanged: What|Removed |Added Depends on||2507 Referenced Bugs: https://bugzilla.mindrot.org/show_bug.cgi?id=2507 [Bug 2507] missing or misleading error messages -- You are receiving this mail because: You are watching the assignee of the bug. You are watching the reporter of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2451] Bugs intended to be fixed in 7.2
https://bugzilla.mindrot.org/show_bug.cgi?id=2451 Bug 2451 depends on bug 2507, which changed state. Bug 2507 Summary: missing or misleading error messages https://bugzilla.mindrot.org/show_bug.cgi?id=2507 What|Removed |Added Status|NEW |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are watching the assignee of the bug. You are watching the reporter of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2507] missing or misleading error messages
https://bugzilla.mindrot.org/show_bug.cgi?id=2507 Damien Millerchanged: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |FIXED CC||d...@mindrot.org Blocks||2451 --- Comment #3 from Damien Miller --- Patch applied - thanks. This will be in the OpenSSH 7.2 release. Referenced Bugs: https://bugzilla.mindrot.org/show_bug.cgi?id=2451 [Bug 2451] Bugs intended to be fixed in 7.2 -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2503] The sshd log files are insufficient to detect sessions
https://bugzilla.mindrot.org/show_bug.cgi?id=2503 Damien Millerchanged: What|Removed |Added CC||d...@mindrot.org, ||dtuc...@zip.com.au Attachment #2765||ok?(dtuc...@zip.com.au) Flags|| --- Comment #1 from Damien Miller --- Created attachment 2765 --> https://bugzilla.mindrot.org/attachment.cgi?id=2765=edit include port number in more places Loglevel=verbose already gives you most of the information you want: Dec 11 13:26:53 fuyu sshd[14096]: Connection from 203.217.30.82 port 36726 on 203.217.30.81 port 22 Dec 11 13:26:54 fuyu sshd[14096]: Postponed publickey for djm from 203.217.30.82 port 36726 ssh2 [preauth] Dec 11 13:26:58 fuyu sshd[14096]: Accepted publickey for djm from 203.217.30.82 port 36726 ssh2: ECDSA SHA256:LmoNaxGFFurT6S2Q67RFuuxIq4is0rVLLdkt6Qgvy66E Dec 11 13:26:58 fuyu sshd[14096]: User child is on pid 17347 Dec 11 13:26:58 fuyu sshd[17347]: Starting session: shell on ttyp2 for djm from 203.217.30.82 port 36726 Dec 11 13:27:13 fuyu sshd[17347]: Received disconnect from 203.217.30.82: 11: disconnected by user Dec 11 13:27:13 fuyu sshd[17347]: Disconnected from 203.217.30.82 That being said, we could include the port in disconnect messages. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2451] Bugs intended to be fixed in 7.2
https://bugzilla.mindrot.org/show_bug.cgi?id=2451 Damien Millerchanged: What|Removed |Added Depends on||2503 Referenced Bugs: https://bugzilla.mindrot.org/show_bug.cgi?id=2503 [Bug 2503] The sshd log files are insufficient to detect sessions -- You are receiving this mail because: You are watching the assignee of the bug. You are watching the reporter of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2503] The sshd log files are insufficient to detect sessions
https://bugzilla.mindrot.org/show_bug.cgi?id=2503 Darren Tuckerchanged: What|Removed |Added Attachment #2765|ok?(dtuc...@zip.com.au) |ok+ Flags|| --- Comment #2 from Darren Tucker --- Comment on attachment 2765 --> https://bugzilla.mindrot.org/attachment.cgi?id=2765 include port number in more places ok, but I think we should also explicitly cache these values as early as practical (ie just after accept, and just after the inetd/reexec handling) to minimise the chance they'll vanish by the time they're needed. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2501] VerifyHostKeyDNS & StrictHostKeyChecking
https://bugzilla.mindrot.org/show_bug.cgi?id=2501 Damien Millerchanged: What|Removed |Added CC||d...@mindrot.org Attachment #2753|application/octet-stream|text/plain mime type|| Attachment #2753|0 |1 is patch|| -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2451] Bugs intended to be fixed in 7.2
https://bugzilla.mindrot.org/show_bug.cgi?id=2451 Damien Millerchanged: What|Removed |Added Depends on||2501 Referenced Bugs: https://bugzilla.mindrot.org/show_bug.cgi?id=2501 [Bug 2501] VerifyHostKeyDNS & StrictHostKeyChecking -- You are receiving this mail because: You are watching the reporter of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2501] VerifyHostKeyDNS & StrictHostKeyChecking
https://bugzilla.mindrot.org/show_bug.cgi?id=2501 Damien Millerchanged: What|Removed |Added Blocks||2451 Referenced Bugs: https://bugzilla.mindrot.org/show_bug.cgi?id=2451 [Bug 2451] Bugs intended to be fixed in 7.2 -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2494] kex_protocol_error should send SSH2_MSG_UNIMPLEMENTED
https://bugzilla.mindrot.org/show_bug.cgi?id=2494 Damien Millerchanged: What|Removed |Added Resolution|--- |FIXED Status|ASSIGNED|RESOLVED --- Comment #5 from Damien Miller --- Patch has been applied - will be in OpenSSH 7.2 -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2451] Bugs intended to be fixed in 7.2
https://bugzilla.mindrot.org/show_bug.cgi?id=2451 Bug 2451 depends on bug 2494, which changed state. Bug 2494 Summary: kex_protocol_error should send SSH2_MSG_UNIMPLEMENTED https://bugzilla.mindrot.org/show_bug.cgi?id=2494 What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are watching the assignee of the bug. You are watching the reporter of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2515] New: Implement diffie-hellman-group{14,15,16)-sha256
https://bugzilla.mindrot.org/show_bug.cgi?id=2515 Bug ID: 2515 Summary: Implement diffie-hellman-group{14,15,16)-sha256 Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: ASSIGNED Severity: enhancement Priority: P3 Component: ssh Assignee: dtuc...@zip.com.au Reporter: dtuc...@zip.com.au Blocks: 2451 The IETF ssh working group has proposed adding MODP groups 15 and 16 with SHA256 and deprecating group14-sha1 (we're already doing the latter). https://datatracker.ietf.org/doc/draft-baushke-ssh-dh-group-sha2/ Referenced Bugs: https://bugzilla.mindrot.org/show_bug.cgi?id=2451 [Bug 2451] Bugs intended to be fixed in 7.2 -- You are receiving this mail because: You are watching the reporter of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2451] Bugs intended to be fixed in 7.2
https://bugzilla.mindrot.org/show_bug.cgi?id=2451 Darren Tuckerchanged: What|Removed |Added Depends on||2515 Referenced Bugs: https://bugzilla.mindrot.org/show_bug.cgi?id=2515 [Bug 2515] Implement diffie-hellman-group{14,15,16)-sha256 -- You are receiving this mail because: You are watching the assignee of the bug. You are watching the reporter of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2515] Implement diffie-hellman-group{14,15,16)-sha256
https://bugzilla.mindrot.org/show_bug.cgi?id=2515 --- Comment #1 from Darren Tucker--- Created attachment 2766 --> https://bugzilla.mindrot.org/attachment.cgi?id=2766=edit add diffie-hellman-group{14,15,16}-sha256 -- You are receiving this mail because: You are watching the reporter of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2515] Implement diffie-hellman-group{14,15,16)-sha256
https://bugzilla.mindrot.org/show_bug.cgi?id=2515 Darren Tuckerchanged: What|Removed |Added Attachment #2766|0 |1 is obsolete|| --- Comment #2 from Darren Tucker --- Created attachment 2767 --> https://bugzilla.mindrot.org/attachment.cgi?id=2767=edit add diffie-hellman-group{14,15,16}-sha256 Add missing change to ssh_api.c, from Mark D. Baushke. -- You are receiving this mail because: You are watching the reporter of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs