[Bug 2564] ssh_config AddKeysToAgent doesn't set key name/path

2016-10-27 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2564

Damien Miller  changed:

   What|Removed |Added

 CC||d...@mindrot.org

--- Comment #1 from Damien Miller  ---
Created attachment 2885
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2885=edit
probable fix

Could you please try this patch?

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2605] ssh-keyscan generates errors in /var/log/secure

2016-10-27 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2605

Damien Miller  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 CC||d...@mindrot.org
 Resolution|--- |FIXED

--- Comment #5 from Damien Miller  ---
This is already fixed in openssh-7.3

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2617] sign_and_send_pubkey: no separate private key for certificate

2016-10-27 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2617

Damien Miller  changed:

   What|Removed |Added

 Blocks||2594


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2594
[Bug 2594] Tracking bug for OpenSSH 7.4 release
-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2594] Tracking bug for OpenSSH 7.4 release

2016-10-27 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2594

Damien Miller  changed:

   What|Removed |Added

 Depends on||2617


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2617
[Bug 2617] sign_and_send_pubkey: no separate private key for
certificate
-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching the reporter of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2617] sign_and_send_pubkey: no separate private key for certificate

2016-10-27 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2617

Damien Miller  changed:

   What|Removed |Added

 CC||d...@mindrot.org

--- Comment #1 from Damien Miller  ---
Created attachment 2884
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2884=edit
probable fix

I think this patch should fix the problem. Could you please test it?

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2594] Tracking bug for OpenSSH 7.4 release

2016-10-27 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2594

Damien Miller  changed:

   What|Removed |Added

 Depends on||2610


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2610
[Bug 2610] ssh should not complain about "no slots" when PKCS11Provider
is specified, but no slot is found nor used
-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching the reporter of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2610] ssh should not complain about "no slots" when PKCS11Provider is specified, but no slot is found nor used

2016-10-27 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2610

Damien Miller  changed:

   What|Removed |Added

 CC||d...@mindrot.org
 Blocks||2594
 Status|NEW |RESOLVED
 Resolution|--- |FIXED

--- Comment #1 from Damien Miller  ---
Thanks - I've committed a variant of this that moves the messages to
debug() and adds the provider ID and slot number to the other log calls
in there.


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2594
[Bug 2594] Tracking bug for OpenSSH 7.4 release
-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2594] Tracking bug for OpenSSH 7.4 release

2016-10-27 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2594
Bug 2594 depends on bug 2610, which changed state.

Bug 2610 Summary: ssh should not complain about "no slots" when PKCS11Provider 
is specified, but no slot is found nor used
https://bugzilla.mindrot.org/show_bug.cgi?id=2610

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |FIXED

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching the reporter of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2635] New: Unable to use SSH Agent and user level PKCS11Provider configuration directive

2016-10-27 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2635

Bug ID: 2635
   Summary: Unable to use SSH Agent and user level PKCS11Provider
configuration directive
   Product: Portable OpenSSH
   Version: 7.3p1
  Hardware: Other
OS: Linux
Status: NEW
  Severity: normal
  Priority: P5
 Component: ssh
  Assignee: unassigned-b...@mindrot.org
  Reporter: jamin.coll...@gmail.com

I have found that I am unable to connect to an ssh host if I have both
my user's ssh config set to use a PCKS11 library and my yubikey based
keys loaded into my ssh agent.

I have tried both the opensc and yubico pcks11 libraries for accessing
the card.  The results differ slightly, but both ultimately fail to
authenticate if my user's ssh config is set to use the PCKS11 library
and the keys have been added to my ssh agent.

** using libykcs11.so from yubico-piv-tool 1.4.2

$ ssh-add -s /usr/lib/libykcs11.so
Enter passphrase for PKCS#11: 
Card added: /usr/lib/libykcs11.so

$ ssh-add -L | awk {'print $1,$3}'
ssh-rsa /usr/lib/libykcs11.so
ssh-rsa /usr/lib/libykcs11.so
ssh-rsa /usr/lib/libykcs11.so
ssh-rsa /usr/lib/libykcs11.so

$ ssh -vv $REMOTEHOST
OpenSSH_7.3p1, OpenSSL 1.0.2j  26 Sep 2016
...
debug1: Connecting to $REMOTEHOST [$REMOTEIP] port 22.
debug1: Connection established.

At this point the connection attempt simply hangs.  Hoever if I remove
the libykcs11.so library (and keys) from the ssh agent with the
following:

$ ssh-add -e /usr/lib/libykcs11.so
Card removed: /usr/lib/libykcs11.so
$ ssh-add -l
The agent has no identities.

The connection attempt proceeds and I get prompted for my pin:

Enter PIN for 'YubiKey PIV': 

** using opensc-pkcs11.so from opensc 0.16.0

$ ssh-add -s /lib/pkcs11/opensc-pkcs11.so
Enter passphrase for PKCS#11: 
Card added: /lib/pkcs11/opensc-pkcs11.so

$ ssh-add -L | awk {'print $1,$3}'
ssh-rsa /lib/pkcs11/opensc-pkcs11.so
ssh-rsa /lib/pkcs11/opensc-pkcs11.so
ssh-rsa /lib/pkcs11/opensc-pkcs11.so
ssh-rsa /lib/pkcs11/opensc-pkcs11.so

$ ssh -vv $REMOTEHOST 
OpenSSH_7.3p1, OpenSSL 1.0.2j  26 Sep 2016
...
debug1: Offering RSA public key: /usr/lib/libykcs11.so
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug2: input_userauth_pk_ok: fp SHA256:...
sign_and_send_pubkey: signing failed: agent refused operation
...
debug1: Next authentication method: password
$USER@$REMOTEHOST's password:

If I remove the library (and keys) and try the connection again:

$ ssh-add -e /lib/pkcs11/opensc-pkcs11.so
Card removed: /lib/pkcs11/opensc-pkcs11.so
$ ssh-add -l
The agent has no identities.

$ ssh -vv $REMOTEHOST 
OpenSSH_7.3p1, OpenSSL 1.0.2j  26 Sep 2016
...
debug1: Offering RSA public key: /usr/lib/libykcs11.so
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug2: input_userauth_pk_ok: fp SHA256:...
Enter PIN for 'PIV_II (PIV Card Holder pin)': 

If I remove the PKCS11Provider directive from my user's ssh config, the
keys loaded in the agent are used and everything works fine.  However,
if I then attempt to connect to the host without first loading the keys
into the agent, I am not prompted for my yubikey pin.  Ideally, I
should be able to have both the user level PKCS11Provider directive and
my keys loaded in the ssh agent.  However, it appears that the user
level directive is being attempted before trying to use the keys from
the agent.


I have found that I am unable to connect to an ssh host if I have both
my user's ssh config set to use a PCKS11 library and my yubikey based
keys loaded into my ssh agent.

I have tried both the opensc and yubico pcks11 libraries for accessing
the card.  The results differ slightly, but both ultimately fail to
authenticate if my user's ssh config is set to use the PCKS11 library
and the keys have been added to my ssh agent.

** using libykcs11.so from yubico-piv-tool 1.4.2

$ ssh-add -s /usr/lib/libykcs11.so
Enter passphrase for PKCS#11: 
Card added: /usr/lib/libykcs11.so

$ ssh-add -L | awk {'print $1,$3}'
ssh-rsa /usr/lib/libykcs11.so
ssh-rsa /usr/lib/libykcs11.so
ssh-rsa /usr/lib/libykcs11.so
ssh-rsa /usr/lib/libykcs11.so

$ ssh -vv $REMOTEHOST
OpenSSH_7.3p1, OpenSSL 1.0.2j  26 Sep 2016
...
debug1: Connecting to $REMOTEHOST [$REMOTEIP] port 22.
debug1: Connection established.

At this point the connection attempt simply hangs.  Hoever if I remove
the libykcs11.so library (and keys) from the ssh agent with the
following:

$ ssh-add -e /usr/lib/libykcs11.so
Card removed: /usr/lib/libykcs11.so
$ ssh-add -l
The agent has no identities.

The connection attempt proceeds and I get prompted for my pin:

Enter PIN for 'YubiKey PIV': 

** using opensc-pkcs11.so from opensc 0.16.0

$ ssh-add -s /lib/pkcs11/opensc-pkcs11.so
Enter passphrase for PKCS#11: 
Card added: /lib/pkcs11/opensc-pkcs11.so

$ ssh-add -L | awk {'print $1,$3}'
ssh-rsa

[Bug 2319] [PATCH REVIEW] U2F authentication

2016-10-27 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2319

Fabian Peter Hammerle  changed:

   What|Removed |Added

 CC||fabian.hamme...@gmail.com

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2634] New: KAKI KAKA PASS 1-855(338-0710) || outlook technical support number / (1 855)338+0710 outlook customer service Number Outlook Tech Support Number

2016-10-27 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2634

Bug ID: 2634
   Summary: KAKI KAKA PASS 1-855(338-0710) || outlook technical
support number / (1 855)338+0710 outlook customer
service Number Outlook Tech Support Number
   Product: Portable OpenSSH
   Version: 7.2p2
  Hardware: All
OS: All
Status: NEW
  Severity: normal
  Priority: P5
 Component: Build system
  Assignee: unassigned-b...@mindrot.org
  Reporter: johncr...@usa.com

KAKI KAKA PASS 1-855(338-0710) || outlook technical support number / (1
855)338+0710 outlook customer service Number Outlook Tech Support
Number (KAKI KAKA PASS 1-855(338-0710) || outlook technical support
number / (1 855)338+0710 outlook customer service Number Outlook Tech
Support Number)RAJA HAi tera OR RANi KA REKHA +++_Happy Diwali RAJA ||
outlook technical support number / (1 855)338.0710 outlook customer
service Number Outlook Tech Support Number+_+_KAKI KAKA PASS
1-855(338-0710) || outlook technical support number / (1 855)338+0710
outlook customer service Number Outlook Tech Support Number (KAKI KAKA
PASS 1-855(338-0710) || outlook technical support number / (1
855)338+0710 outlook customer service Number Outlook Tech Support
Number)RAJA HAi tera OR RANi KA REKHA +++_Happy Diwali RAJA || outlook
technical support number / (1 855)338.0710 outlook customer service
Number Outlook Tech Support Number+_+_KAKI KAKA PASS 1-855(338-0710) ||
outlook technical support number / (1 855)338+0710 outlook customer
service Number Outlook Tech Support Number (KAKI KAKA PASS
1-855(338-0710) || outlook technical support number / (1 855)338+0710
outlook customer service Number Outlook Tech Support Number)RAJA HAi
tera OR RANi KA REKHA +++_Happy Diwali RAJA || outlook technical
support number / (1 855)338.0710 outlook customer service Number
Outlook Tech Support Number+_+_KAKI KAKA PASS 1-855(338-0710) ||
outlook technical support number / (1 855)338+0710 outlook customer
service Number Outlook Tech Support Number (KAKI KAKA PASS
1-855(338-0710) || outlook technical support number / (1 855)338+0710
outlook customer service Number Outlook Tech Support Number)RAJA HAi
tera OR RANi KA REKHA +++_Happy Diwali RAJA || outlook technical
support number / (1 855)338.0710 outlook customer service Number
Outlook Tech Support Number+_+_KAKI KAKA PASS 1-855(338-0710) ||
outlook technical support number / (1 855)338+0710 outlook customer
service Number Outlook Tech Support Number (KAKI KAKA PASS
1-855(338-0710) || outlook technical support number / (1 855)338+0710
outlook customer service Number Outlook Tech Support Number)RAJA HAi
tera OR RANi KA REKHA +++_Happy Diwali RAJA || outlook technical
support number / (1 855)338.0710 outlook customer service Number
Outlook Tech Support Number+_+_KAKI KAKA PASS 1-855(338-0710) ||
outlook technical support number / (1 855)338+0710 outlook customer
service Number Outlook Tech Support Number (KAKI KAKA PASS
1-855(338-0710) || outlook technical support number / (1 855)338+0710
outlook customer service Number Outlook Tech Support Number)RAJA HAi
tera OR RANi KA REKHA +++_Happy Diwali RAJA || outlook technical
support number / (1 855)338.0710 outlook customer service Number
Outlook Tech Support Number+_+_KAKI KAKA PASS 1-855(338-0710) ||
outlook technical support number / (1 855)338+0710 outlook customer
service Number Outlook Tech Support Number (KAKI KAKA PASS
1-855(338-0710) || outlook technical support number / (1 855)338+0710
outlook customer service Number Outlook Tech Support Number)RAJA HAi
tera OR RANi KA REKHA +++_Happy Diwali RAJA || outlook technical
support number / (1 855)338.0710 outlook customer service Number
Outlook Tech Support Number+_+_KAKI KAKA PASS 1-855(338-0710) ||
outlook technical support number / (1 855)338+0710 outlook customer
service Number Outlook Tech Support Number (KAKI KAKA PASS
1-855(338-0710) || outlook technical support number / (1 855)338+0710
outlook customer service Number Outlook Tech Support Number)RAJA HAi
tera OR RANi KA REKHA +++_Happy Diwali RAJA || outlook technical
support number / (1 855)338.0710 outlook customer service Number
Outlook Tech Support Number+_+_KAKI KAKA PASS 1-855(338-0710) ||
outlook technical support number / (1 855)338+0710 outlook customer
service Number Outlook Tech Support Number (KAKI KAKA PASS
1-855(338-0710) || outlook technical support number / (1 855)338+0710
outlook customer service Number Outlook Tech Support Number)RAJA HAi
tera OR RANi KA REKHA +++_Happy Diwali RAJA || outlook technical
support number / (1 855)338.0710 outlook customer service Number
Outlook Tech Support Number+_+_KAKI KAKA PASS 1-855(338-0710) ||
outlook technical support number / (1 855)338+0710 outlook customer
service Number Outlook Tech Support Number (KAKI KAKA PASS
1-855(338-0710) || outlook technical support number / (1 855)338+0710
outlook customer service Number