bugzilla-daemon at mindrot.org
2023-Mar-25 02:19 UTC
[Bug 3551] New: Which patches fixes the problem of adding smartcard keys to ssh-agent?
https://bugzilla.mindrot.org/show_bug.cgi?id=3551 Bug ID: 3551 Summary: Which patches fixes the problem of adding smartcard keys to ssh-agent? Product: Portable OpenSSH Version: 9.3p1 Hardware: All OS: All Status: NEW Severity: security Priority: P5 Component: ssh-agent Assignee: unassigned-bugs at mindrot.org Reporter: rmsh1216 at 163.com OpenSSH 9.3 was released on 2023-03-15 and the release fixed one security bug about adding martcard keys to ssh-agent(1) with the per-hop destination constraints (ssh-add -h ...) added in OpenSSH 8.9. https://www.openssh.com/releasenotes.html. I've learned about the destination constraints added in OpenSSH 8.9 and something about adding smart card keys to ssh-agent. The fix for this security issue appears to be https://anongit.mindrot.org/openssh.git/commit/?id=54ac4ab2b53c, but I'm not sure if there are other fixes. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2023-Oct-12 03:34 UTC
[Bug 3551] Which patches fixes the problem of adding smartcard keys to ssh-agent?
https://bugzilla.mindrot.org/show_bug.cgi?id=3551 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org Resolution|--- |FIXED Status|NEW |RESOLVED --- Comment #1 from Damien Miller <djm at mindrot.org> --- Yes, that's the correct fix -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
Apparently Analagous Threads
- Example SmartCard enabled OpenSSH agent.
- Example SmartCard enabled OpenSSH agent.
- [Bug 1512] New: Only a single smartcard/PIN is supported by the ssh-agent
- [Bug 1498] New: OpenSC smartcard access should use raw public keys, not X.509 certificates
- [Bug 2682] New: ssh-agent is unable to remove smartcard after introducing whitelist