[Bug 2564] ssh_config AddKeysToAgent doesn't set key name/path
https://bugzilla.mindrot.org/show_bug.cgi?id=2564 Damien Millerchanged: What|Removed |Added CC||d...@mindrot.org --- Comment #1 from Damien Miller --- Created attachment 2885 --> https://bugzilla.mindrot.org/attachment.cgi?id=2885=edit probable fix Could you please try this patch? -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2605] ssh-keyscan generates errors in /var/log/secure
https://bugzilla.mindrot.org/show_bug.cgi?id=2605 Damien Millerchanged: What|Removed |Added Status|NEW |RESOLVED CC||d...@mindrot.org Resolution|--- |FIXED --- Comment #5 from Damien Miller --- This is already fixed in openssh-7.3 -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2617] sign_and_send_pubkey: no separate private key for certificate
https://bugzilla.mindrot.org/show_bug.cgi?id=2617 Damien Millerchanged: What|Removed |Added Blocks||2594 Referenced Bugs: https://bugzilla.mindrot.org/show_bug.cgi?id=2594 [Bug 2594] Tracking bug for OpenSSH 7.4 release -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2594] Tracking bug for OpenSSH 7.4 release
https://bugzilla.mindrot.org/show_bug.cgi?id=2594 Damien Millerchanged: What|Removed |Added Depends on||2617 Referenced Bugs: https://bugzilla.mindrot.org/show_bug.cgi?id=2617 [Bug 2617] sign_and_send_pubkey: no separate private key for certificate -- You are receiving this mail because: You are watching the assignee of the bug. You are watching the reporter of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2617] sign_and_send_pubkey: no separate private key for certificate
https://bugzilla.mindrot.org/show_bug.cgi?id=2617 Damien Millerchanged: What|Removed |Added CC||d...@mindrot.org --- Comment #1 from Damien Miller --- Created attachment 2884 --> https://bugzilla.mindrot.org/attachment.cgi?id=2884=edit probable fix I think this patch should fix the problem. Could you please test it? -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2594] Tracking bug for OpenSSH 7.4 release
https://bugzilla.mindrot.org/show_bug.cgi?id=2594 Damien Millerchanged: What|Removed |Added Depends on||2610 Referenced Bugs: https://bugzilla.mindrot.org/show_bug.cgi?id=2610 [Bug 2610] ssh should not complain about "no slots" when PKCS11Provider is specified, but no slot is found nor used -- You are receiving this mail because: You are watching the assignee of the bug. You are watching the reporter of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2610] ssh should not complain about "no slots" when PKCS11Provider is specified, but no slot is found nor used
https://bugzilla.mindrot.org/show_bug.cgi?id=2610 Damien Millerchanged: What|Removed |Added CC||d...@mindrot.org Blocks||2594 Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #1 from Damien Miller --- Thanks - I've committed a variant of this that moves the messages to debug() and adds the provider ID and slot number to the other log calls in there. Referenced Bugs: https://bugzilla.mindrot.org/show_bug.cgi?id=2594 [Bug 2594] Tracking bug for OpenSSH 7.4 release -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2594] Tracking bug for OpenSSH 7.4 release
https://bugzilla.mindrot.org/show_bug.cgi?id=2594 Bug 2594 depends on bug 2610, which changed state. Bug 2610 Summary: ssh should not complain about "no slots" when PKCS11Provider is specified, but no slot is found nor used https://bugzilla.mindrot.org/show_bug.cgi?id=2610 What|Removed |Added Status|NEW |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are watching the assignee of the bug. You are watching the reporter of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2635] New: Unable to use SSH Agent and user level PKCS11Provider configuration directive
https://bugzilla.mindrot.org/show_bug.cgi?id=2635 Bug ID: 2635 Summary: Unable to use SSH Agent and user level PKCS11Provider configuration directive Product: Portable OpenSSH Version: 7.3p1 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5 Component: ssh Assignee: unassigned-b...@mindrot.org Reporter: jamin.coll...@gmail.com I have found that I am unable to connect to an ssh host if I have both my user's ssh config set to use a PCKS11 library and my yubikey based keys loaded into my ssh agent. I have tried both the opensc and yubico pcks11 libraries for accessing the card. The results differ slightly, but both ultimately fail to authenticate if my user's ssh config is set to use the PCKS11 library and the keys have been added to my ssh agent. ** using libykcs11.so from yubico-piv-tool 1.4.2 $ ssh-add -s /usr/lib/libykcs11.so Enter passphrase for PKCS#11: Card added: /usr/lib/libykcs11.so $ ssh-add -L | awk {'print $1,$3}' ssh-rsa /usr/lib/libykcs11.so ssh-rsa /usr/lib/libykcs11.so ssh-rsa /usr/lib/libykcs11.so ssh-rsa /usr/lib/libykcs11.so $ ssh -vv $REMOTEHOST OpenSSH_7.3p1, OpenSSL 1.0.2j 26 Sep 2016 ... debug1: Connecting to $REMOTEHOST [$REMOTEIP] port 22. debug1: Connection established. At this point the connection attempt simply hangs. Hoever if I remove the libykcs11.so library (and keys) from the ssh agent with the following: $ ssh-add -e /usr/lib/libykcs11.so Card removed: /usr/lib/libykcs11.so $ ssh-add -l The agent has no identities. The connection attempt proceeds and I get prompted for my pin: Enter PIN for 'YubiKey PIV': ** using opensc-pkcs11.so from opensc 0.16.0 $ ssh-add -s /lib/pkcs11/opensc-pkcs11.so Enter passphrase for PKCS#11: Card added: /lib/pkcs11/opensc-pkcs11.so $ ssh-add -L | awk {'print $1,$3}' ssh-rsa /lib/pkcs11/opensc-pkcs11.so ssh-rsa /lib/pkcs11/opensc-pkcs11.so ssh-rsa /lib/pkcs11/opensc-pkcs11.so ssh-rsa /lib/pkcs11/opensc-pkcs11.so $ ssh -vv $REMOTEHOST OpenSSH_7.3p1, OpenSSL 1.0.2j 26 Sep 2016 ... debug1: Offering RSA public key: /usr/lib/libykcs11.so debug2: we sent a publickey packet, wait for reply debug1: Server accepts key: pkalg ssh-rsa blen 279 debug2: input_userauth_pk_ok: fp SHA256:... sign_and_send_pubkey: signing failed: agent refused operation ... debug1: Next authentication method: password $USER@$REMOTEHOST's password: If I remove the library (and keys) and try the connection again: $ ssh-add -e /lib/pkcs11/opensc-pkcs11.so Card removed: /lib/pkcs11/opensc-pkcs11.so $ ssh-add -l The agent has no identities. $ ssh -vv $REMOTEHOST OpenSSH_7.3p1, OpenSSL 1.0.2j 26 Sep 2016 ... debug1: Offering RSA public key: /usr/lib/libykcs11.so debug2: we sent a publickey packet, wait for reply debug1: Server accepts key: pkalg ssh-rsa blen 279 debug2: input_userauth_pk_ok: fp SHA256:... Enter PIN for 'PIV_II (PIV Card Holder pin)': If I remove the PKCS11Provider directive from my user's ssh config, the keys loaded in the agent are used and everything works fine. However, if I then attempt to connect to the host without first loading the keys into the agent, I am not prompted for my yubikey pin. Ideally, I should be able to have both the user level PKCS11Provider directive and my keys loaded in the ssh agent. However, it appears that the user level directive is being attempted before trying to use the keys from the agent. I have found that I am unable to connect to an ssh host if I have both my user's ssh config set to use a PCKS11 library and my yubikey based keys loaded into my ssh agent. I have tried both the opensc and yubico pcks11 libraries for accessing the card. The results differ slightly, but both ultimately fail to authenticate if my user's ssh config is set to use the PCKS11 library and the keys have been added to my ssh agent. ** using libykcs11.so from yubico-piv-tool 1.4.2 $ ssh-add -s /usr/lib/libykcs11.so Enter passphrase for PKCS#11: Card added: /usr/lib/libykcs11.so $ ssh-add -L | awk {'print $1,$3}' ssh-rsa /usr/lib/libykcs11.so ssh-rsa /usr/lib/libykcs11.so ssh-rsa /usr/lib/libykcs11.so ssh-rsa /usr/lib/libykcs11.so $ ssh -vv $REMOTEHOST OpenSSH_7.3p1, OpenSSL 1.0.2j 26 Sep 2016 ... debug1: Connecting to $REMOTEHOST [$REMOTEIP] port 22. debug1: Connection established. At this point the connection attempt simply hangs. Hoever if I remove the libykcs11.so library (and keys) from the ssh agent with the following: $ ssh-add -e /usr/lib/libykcs11.so Card removed: /usr/lib/libykcs11.so $ ssh-add -l The agent has no identities. The connection attempt proceeds and I get prompted for my pin: Enter PIN for 'YubiKey PIV': ** using opensc-pkcs11.so from opensc 0.16.0 $ ssh-add -s /lib/pkcs11/opensc-pkcs11.so Enter passphrase for PKCS#11: Card added: /lib/pkcs11/opensc-pkcs11.so $ ssh-add -L | awk {'print $1,$3}' ssh-rsa
[Bug 2319] [PATCH REVIEW] U2F authentication
https://bugzilla.mindrot.org/show_bug.cgi?id=2319 Fabian Peter Hammerlechanged: What|Removed |Added CC||fabian.hamme...@gmail.com -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2634] New: KAKI KAKA PASS 1-855(338-0710) || outlook technical support number / (1 855)338+0710 outlook customer service Number Outlook Tech Support Number
https://bugzilla.mindrot.org/show_bug.cgi?id=2634 Bug ID: 2634 Summary: KAKI KAKA PASS 1-855(338-0710) || outlook technical support number / (1 855)338+0710 outlook customer service Number Outlook Tech Support Number Product: Portable OpenSSH Version: 7.2p2 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: Build system Assignee: unassigned-b...@mindrot.org Reporter: johncr...@usa.com KAKI KAKA PASS 1-855(338-0710) || outlook technical support number / (1 855)338+0710 outlook customer service Number Outlook Tech Support Number (KAKI KAKA PASS 1-855(338-0710) || outlook technical support number / (1 855)338+0710 outlook customer service Number Outlook Tech Support Number)RAJA HAi tera OR RANi KA REKHA +++_Happy Diwali RAJA || outlook technical support number / (1 855)338.0710 outlook customer service Number Outlook Tech Support Number+_+_KAKI KAKA PASS 1-855(338-0710) || outlook technical support number / (1 855)338+0710 outlook customer service Number Outlook Tech Support Number (KAKI KAKA PASS 1-855(338-0710) || outlook technical support number / (1 855)338+0710 outlook customer service Number Outlook Tech Support Number)RAJA HAi tera OR RANi KA REKHA +++_Happy Diwali RAJA || outlook technical support number / (1 855)338.0710 outlook customer service Number Outlook Tech Support Number+_+_KAKI KAKA PASS 1-855(338-0710) || outlook technical support number / (1 855)338+0710 outlook customer service Number Outlook Tech Support Number (KAKI KAKA PASS 1-855(338-0710) || outlook technical support number / (1 855)338+0710 outlook customer service Number Outlook Tech Support Number)RAJA HAi tera OR RANi KA REKHA +++_Happy Diwali RAJA || outlook technical support number / (1 855)338.0710 outlook customer service Number Outlook Tech Support Number+_+_KAKI KAKA PASS 1-855(338-0710) || outlook technical support number / (1 855)338+0710 outlook customer service Number Outlook Tech Support Number (KAKI KAKA PASS 1-855(338-0710) || outlook technical support number / (1 855)338+0710 outlook customer service Number Outlook Tech Support Number)RAJA HAi tera OR RANi KA REKHA +++_Happy Diwali RAJA || outlook technical support number / (1 855)338.0710 outlook customer service Number Outlook Tech Support Number+_+_KAKI KAKA PASS 1-855(338-0710) || outlook technical support number / (1 855)338+0710 outlook customer service Number Outlook Tech Support Number (KAKI KAKA PASS 1-855(338-0710) || outlook technical support number / (1 855)338+0710 outlook customer service Number Outlook Tech Support Number)RAJA HAi tera OR RANi KA REKHA +++_Happy Diwali RAJA || outlook technical support number / (1 855)338.0710 outlook customer service Number Outlook Tech Support Number+_+_KAKI KAKA PASS 1-855(338-0710) || outlook technical support number / (1 855)338+0710 outlook customer service Number Outlook Tech Support Number (KAKI KAKA PASS 1-855(338-0710) || outlook technical support number / (1 855)338+0710 outlook customer service Number Outlook Tech Support Number)RAJA HAi tera OR RANi KA REKHA +++_Happy Diwali RAJA || outlook technical support number / (1 855)338.0710 outlook customer service Number Outlook Tech Support Number+_+_KAKI KAKA PASS 1-855(338-0710) || outlook technical support number / (1 855)338+0710 outlook customer service Number Outlook Tech Support Number (KAKI KAKA PASS 1-855(338-0710) || outlook technical support number / (1 855)338+0710 outlook customer service Number Outlook Tech Support Number)RAJA HAi tera OR RANi KA REKHA +++_Happy Diwali RAJA || outlook technical support number / (1 855)338.0710 outlook customer service Number Outlook Tech Support Number+_+_KAKI KAKA PASS 1-855(338-0710) || outlook technical support number / (1 855)338+0710 outlook customer service Number Outlook Tech Support Number (KAKI KAKA PASS 1-855(338-0710) || outlook technical support number / (1 855)338+0710 outlook customer service Number Outlook Tech Support Number)RAJA HAi tera OR RANi KA REKHA +++_Happy Diwali RAJA || outlook technical support number / (1 855)338.0710 outlook customer service Number Outlook Tech Support Number+_+_KAKI KAKA PASS 1-855(338-0710) || outlook technical support number / (1 855)338+0710 outlook customer service Number Outlook Tech Support Number (KAKI KAKA PASS 1-855(338-0710) || outlook technical support number / (1 855)338+0710 outlook customer service Number Outlook Tech Support Number)RAJA HAi tera OR RANi KA REKHA +++_Happy Diwali RAJA || outlook technical support number / (1 855)338.0710 outlook customer service Number Outlook Tech Support Number+_+_KAKI KAKA PASS 1-855(338-0710) || outlook technical support number / (1 855)338+0710 outlook customer service Number Outlook Tech Support Number (KAKI KAKA PASS 1-855(338-0710) || outlook technical support number / (1 855)338+0710 outlook customer service Number