[Bug 2755] [PATCH] sshd_config: allow directories in AuthorizedKeysFile=

2017-09-22 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2755

Damien Miller  changed:

   What|Removed |Added

 CC||d...@mindrot.org

--- Comment #3 from Damien Miller  ---
We're late in preparations for the 7.6 release. We'll look at this
after

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2319] [PATCH REVIEW] U2F authentication

2017-09-22 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2319

David Lang  changed:

   What|Removed |Added

 CC||da...@lang.hm

--- Comment #24 from David Lang  ---
Any update on this (either accepting the optional u2f lgpl lib, asking
Yubico to allow the BSD license, or writing a replacement)?

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2635] Unable to use SSH Agent and user level PKCS11Provider configuration directive

2017-09-22 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2635

--- Comment #7 from Marc 'Zugschlus' Haber  
---
And, after trying with PKCS11Provider option in place, and the agent
refusing operation for the first time, I need to do the ssh-add -D
ssh-add -e, ssh-add -s routine, or the agent will refuse operation even
after removing the PKCS11Provider option:

ssh -F config-with-PKSCS11Provider 
=> agent refused operation
ssh -F config-without-PKCS11Provider
=> agent refused operation
ssh-add -D
ssh-add -e
ssh-add -s
ssh -F config-without-PKCS11Provider
=> works

Whenever ssh says "agent refused operations", ssh-agent started with -d
logs "process_sign_request2: sshkey_sign: error in libcrypto".

Hope this helps.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2635] Unable to use SSH Agent and user level PKCS11Provider configuration directive

2017-09-22 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2635

Marc 'Zugschlus' Haber  changed:

   What|Removed |Added

 CC||mh+openssh-bugzilla@zugschl
   ||us.de

--- Comment #6 from Marc 'Zugschlus' Haber  
---
I have exactly the same issue, on Debian unstable, using OpenSSH 7.5p1
from the Debian packages, and a yubikey 4 Nano. My ssh - output is
the same as Jamin's.

I can provide additional information:
(1) My second Yubikey, a Yubikey Neo, works fine even with the agent
loaded and the PKCS11Provider option in the config.
(2) When using the agent without the PKCS11Provider option, the ssh
-vvv output is the identical same until:

debug3: sign_and_send_pubkey: RSA 
sign_and_send_pubkey: signing failed: agent refused operation
debug1: Offering RSA public key:
/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so

On the working client, things are:
debug3: sign_and_send_pubkey: RSA 
debug3: send packet: type 50
debug3: receive packet: type 52
debug1: Authentication succeeded (publickey).
Authenticated to localhost ([127.0.0.1]:10022).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2752] Allow syscalls for openssl engines on s390x

2017-09-22 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2752

--- Comment #6 from ebarre...@linux.vnet.ibm.com ---
(In reply to Damien Miller from comment #5)
> Yeah, I agree. Would it be feasible to skip using the engines in the
> pre-auth phase entirely?

Hi Damien,

We have on S390 two OpenSSL Engines, one more specific (is specific for
one crypto card) and one more generic that works with different crypto
card/devices. The first is openssl-ibmca and the last one
openssl-ibmpkcs11.

We already did some changes on the seccomp filter (openssh-7.5) for the
ibmca engine, but the getuid and geteuid was missing as it was enabled
on some distro's openssh package but not on others.
Can we get the getuid and geteuid patch integrated for now? 

The other engine, ibmpkcs11, which needs the sysv ipc is not yet
released and we can work on an alternative based on your feedback. 

This works for you? 

Thanks,
Eduardo

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2755] [PATCH] sshd_config: allow directories in AuthorizedKeysFile=

2017-09-22 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2755

--- Comment #2 from Luca BRUNO  ---
As I got no answers so far, this is another gentle ping for a review.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs