[Bug 2319] [PATCH REVIEW] U2F authentication

2015-12-10 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2319

wik...@metacode.biz changed:

   What|Removed |Added

 CC||wik...@metacode.biz

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 1467] improper handling of EWOULDBLOCK on HP

2015-12-10 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=1467

Marc Aurele La France  changed:

   What|Removed |Added

 CC||t...@tuyoix.net

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2503] The sshd log files are insufficient to detect sessions

2015-12-10 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2503

Damien Miller  changed:

   What|Removed |Added

 Blocks||2451


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2451
[Bug 2451] Bugs intended to be fixed in 7.2
-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2505] key_load_private_type: unknown or unsupported key type

2015-12-10 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2505

Damien Miller  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 CC||d...@mindrot.org
 Resolution|--- |FIXED
 Blocks||2451

--- Comment #2 from Damien Miller  ---
applied - thanks


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2451
[Bug 2451] Bugs intended to be fixed in 7.2
-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2451] Bugs intended to be fixed in 7.2

2015-12-10 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2451
Bug 2451 depends on bug 2505, which changed state.

Bug 2505 Summary: key_load_private_type: unknown or unsupported key type
https://bugzilla.mindrot.org/show_bug.cgi?id=2505

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |FIXED

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching the reporter of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2499] It would be nice to have a tool to manage ssh connections

2015-12-10 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2499

Damien Miller  changed:

   What|Removed |Added

 Resolution|--- |WONTFIX
 Status|NEW |RESOLVED
 CC||d...@mindrot.org

--- Comment #1 from Damien Miller  ---
We don't plan on offering any connection management tool - generally
we'd like to make the existing unix toolset do this job. Mostly, it
does.

For your first example, you can kill ssh session by user by looking at
the process list. Active session list the username, e.g.

$ ps ax | grep sshd
25092 ??  S   0:05.52 sshd: djm@ttyp0,ttyp1,ttyp2 (sshd)
...

So killing the connection is just a matter of killing that user's
processes. Afterwards, the account can be locked using standard system
account maintenance tools - sshd honours locked passwords (either via
PAM or by directly inspecting the passwords lock string).

Your second example could be done similarly to the above case, with a
little indirection though the existing 'w' or 'who' tools, or the
system logs to find out the source address.

Your third example is something that could be handled via PAM if your
system supports it (most do). E.g.
http://www.linux-pam.org/Linux-PAM-html/sag-pam_time.html -- we do
support some authentication restrictions in sshd_config, but we can't
cover everything...

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2505] key_load_private_type: unknown or unsupported key type

2015-12-10 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2505

--- Comment #1 from Damien Miller  ---
*** Bug 2504 has been marked as a duplicate of this bug. ***

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2503] The sshd log files are insufficient to detect sessions

2015-12-10 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2503

Damien Miller  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |FIXED

--- Comment #3 from Damien Miller  ---
The caching is already triggered as soon as the packet code is informed
of the connection fds. See
https://anongit.mindrot.org/openssh.git/tree/packet.c?id=39736be06c#n298

Anyway, patch is applied - this will be in OpenSSH 7.2. It looks like
this now:

Dec 11 14:28:29 fuyu sshd[15956]: Connection from 203.217.30.82 port
38485 on 203.217.30.81 port 22
Dec 11 14:28:30 fuyu sshd[15956]: Postponed publickey for djm from
203.217.30.82 port 38485 ssh2 [preauth]
Dec 11 14:28:32 fuyu sshd[15956]: Accepted publickey for djm from
203.217.30.82 port 38485 ssh2: ECDSA
SHA256:LmoNaxGFFurT6S2Q67RFuuxIq4is0rVLLdkt6Qgvy66E
Dec 11 14:28:32 fuyu sshd[15956]: User child is on pid 26320
Dec 11 14:28:32 fuyu sshd[26320]: Starting session: shell on ttyp3 for
djm from 203.217.30.82 port 38485
Dec 11 14:28:38 fuyu sshd[26320]: Received disconnect from
203.217.30.82 port 38485:11: disconnected by user
Dec 11 14:28:38 fuyu sshd[26320]: Disconnected from 203.217.30.82 port
38485

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2451] Bugs intended to be fixed in 7.2

2015-12-10 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2451

Damien Miller  changed:

   What|Removed |Added

 Depends on||2505


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2505
[Bug 2505] key_load_private_type: unknown or unsupported key type
-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching the reporter of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2504] New: key_load_private_type: unknown or unsupported key type

2015-12-10 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2504

Bug ID: 2504
   Summary: key_load_private_type: unknown or unsupported key type
   Product: Portable OpenSSH
   Version: 7.1p1
  Hardware: All
OS: All
Status: RESOLVED
  Severity: minor
  Priority: P5
 Component: ssh
  Assignee: unassigned-b...@mindrot.org
  Reporter: imor...@nas.nasa.gov
CC: d...@mindrot.org
CC: d...@mindrot.org
Status: RESOLVED
Resolution: DUPLICATE

When using hostbased authentication as root, and protocol v1 support
has
not been compiled in, ssh(1) complains about an invalid key type:

# ssh testacct@somehost pwd
key_load_private_type: unknown or unsupported key type
/u/testacct

This is due to ssh(1) attempting to load the RSA1 key (assuming that
one
exists) into sensitive_data.keys. This issue only occurs for root.

--- Comment #1 from Damien Miller  ---


*** This bug has been marked as a duplicate of bug 2505 ***

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2451] Bugs intended to be fixed in 7.2

2015-12-10 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2451
Bug 2451 depends on bug 2503, which changed state.

Bug 2503 Summary: The sshd log files are insufficient to detect sessions
https://bugzilla.mindrot.org/show_bug.cgi?id=2503

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |FIXED

-- 
You are receiving this mail because:
You are watching the reporter of the bug.
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2451] Bugs intended to be fixed in 7.2

2015-12-10 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2451

Damien Miller  changed:

   What|Removed |Added

 Depends on||2507


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2507
[Bug 2507] missing or misleading error messages
-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching the reporter of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2451] Bugs intended to be fixed in 7.2

2015-12-10 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2451
Bug 2451 depends on bug 2507, which changed state.

Bug 2507 Summary: missing or misleading error messages
https://bugzilla.mindrot.org/show_bug.cgi?id=2507

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |FIXED

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching the reporter of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2507] missing or misleading error messages

2015-12-10 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2507

Damien Miller  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |FIXED
 CC||d...@mindrot.org
 Blocks||2451

--- Comment #3 from Damien Miller  ---
Patch applied - thanks. This will be in the OpenSSH 7.2 release.


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2451
[Bug 2451] Bugs intended to be fixed in 7.2
-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2503] The sshd log files are insufficient to detect sessions

2015-12-10 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2503

Damien Miller  changed:

   What|Removed |Added

 CC||d...@mindrot.org,
   ||dtuc...@zip.com.au
   Attachment #2765||ok?(dtuc...@zip.com.au)
  Flags||

--- Comment #1 from Damien Miller  ---
Created attachment 2765
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2765=edit
include port number in more places

Loglevel=verbose already gives you most of the information you want:

Dec 11 13:26:53 fuyu sshd[14096]: Connection from 203.217.30.82 port
36726 on 203.217.30.81 port 22
Dec 11 13:26:54 fuyu sshd[14096]: Postponed publickey for djm from
203.217.30.82 port 36726 ssh2 [preauth]
Dec 11 13:26:58 fuyu sshd[14096]: Accepted publickey for djm from
203.217.30.82 port 36726 ssh2: ECDSA
SHA256:LmoNaxGFFurT6S2Q67RFuuxIq4is0rVLLdkt6Qgvy66E
Dec 11 13:26:58 fuyu sshd[14096]: User child is on pid 17347
Dec 11 13:26:58 fuyu sshd[17347]: Starting session: shell on ttyp2 for
djm from 203.217.30.82 port 36726
Dec 11 13:27:13 fuyu sshd[17347]: Received disconnect from
203.217.30.82: 11: disconnected by user
Dec 11 13:27:13 fuyu sshd[17347]: Disconnected from 203.217.30.82

That being said, we could include the port in disconnect messages.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2451] Bugs intended to be fixed in 7.2

2015-12-10 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2451

Damien Miller  changed:

   What|Removed |Added

 Depends on||2503


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2503
[Bug 2503] The sshd log files are insufficient to detect sessions
-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching the reporter of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2503] The sshd log files are insufficient to detect sessions

2015-12-10 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2503

Darren Tucker  changed:

   What|Removed |Added

   Attachment #2765|ok?(dtuc...@zip.com.au) |ok+
  Flags||

--- Comment #2 from Darren Tucker  ---
Comment on attachment 2765
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2765
include port number in more places

ok, but I think we should also explicitly cache these values as early
as practical (ie just after accept, and just after the inetd/reexec
handling) to minimise the chance they'll vanish by the time they're
needed.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2501] VerifyHostKeyDNS & StrictHostKeyChecking

2015-12-10 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2501

Damien Miller  changed:

   What|Removed |Added

 CC||d...@mindrot.org
   Attachment #2753|application/octet-stream|text/plain
  mime type||
   Attachment #2753|0   |1
   is patch||

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2451] Bugs intended to be fixed in 7.2

2015-12-10 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2451

Damien Miller  changed:

   What|Removed |Added

 Depends on||2501


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2501
[Bug 2501] VerifyHostKeyDNS & StrictHostKeyChecking
-- 
You are receiving this mail because:
You are watching the reporter of the bug.
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2501] VerifyHostKeyDNS & StrictHostKeyChecking

2015-12-10 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2501

Damien Miller  changed:

   What|Removed |Added

 Blocks||2451


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2451
[Bug 2451] Bugs intended to be fixed in 7.2
-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2494] kex_protocol_error should send SSH2_MSG_UNIMPLEMENTED

2015-12-10 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2494

Damien Miller  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|ASSIGNED|RESOLVED

--- Comment #5 from Damien Miller  ---
Patch has been applied - will be in OpenSSH 7.2

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2451] Bugs intended to be fixed in 7.2

2015-12-10 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2451
Bug 2451 depends on bug 2494, which changed state.

Bug 2494 Summary: kex_protocol_error should send SSH2_MSG_UNIMPLEMENTED
https://bugzilla.mindrot.org/show_bug.cgi?id=2494

   What|Removed |Added

 Status|ASSIGNED|RESOLVED
 Resolution|--- |FIXED

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching the reporter of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2515] New: Implement diffie-hellman-group{14,15,16)-sha256

2015-12-10 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2515

Bug ID: 2515
   Summary: Implement diffie-hellman-group{14,15,16)-sha256
   Product: Portable OpenSSH
   Version: -current
  Hardware: All
OS: All
Status: ASSIGNED
  Severity: enhancement
  Priority: P3
 Component: ssh
  Assignee: dtuc...@zip.com.au
  Reporter: dtuc...@zip.com.au
Blocks: 2451

The IETF ssh working group has proposed adding MODP groups 15 and 16
with SHA256 and deprecating group14-sha1 (we're already doing the
latter).

https://datatracker.ietf.org/doc/draft-baushke-ssh-dh-group-sha2/


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2451
[Bug 2451] Bugs intended to be fixed in 7.2
-- 
You are receiving this mail because:
You are watching the reporter of the bug.
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2451] Bugs intended to be fixed in 7.2

2015-12-10 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2451

Darren Tucker  changed:

   What|Removed |Added

 Depends on||2515


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2515
[Bug 2515] Implement diffie-hellman-group{14,15,16)-sha256
-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching the reporter of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2515] Implement diffie-hellman-group{14,15,16)-sha256

2015-12-10 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2515

--- Comment #1 from Darren Tucker  ---
Created attachment 2766
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2766=edit
add diffie-hellman-group{14,15,16}-sha256

-- 
You are receiving this mail because:
You are watching the reporter of the bug.
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2515] Implement diffie-hellman-group{14,15,16)-sha256

2015-12-10 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2515

Darren Tucker  changed:

   What|Removed |Added

   Attachment #2766|0   |1
is obsolete||

--- Comment #2 from Darren Tucker  ---
Created attachment 2767
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2767=edit
add diffie-hellman-group{14,15,16}-sha256

Add missing change to ssh_api.c, from Mark D. Baushke.

-- 
You are receiving this mail because:
You are watching the reporter of the bug.
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs