search for: chadima

Note: I am digest subscriber so if you could copy me directly on any reply to the list I would appreciate it very much. I sent this to the OpenSSH list (secureshell at securityfocus.com) yesterday and received no response so I am asking here in hopes that someone else has run across this problem on CentOS. We have encountered a situation that requires sftp access to one of our server by an

I have an question, why you guys do not let chroot be owned by the user ? It would be a good way to chroot the users Cause like I want to chroot user in /chroot/%u But they can not write in this directory... i need to set another dir to them to be able to write, even when /chroot/ is onewd by root i want to be able to do this user1 be able to write in /chroot/user1 but not able to go

...ource routing Product: Portable OpenSSH Version: 5.2p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy: jchadima at redhat.com --- Comment #0 from jchadima at redhat.com 2009-09-01 21:29:14 EST --- Do not fail on all IP options, only on source-routing -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assigne...

...ot work over IPV6 Product: Portable OpenSSH Version: 5.3p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy: jchadima at redhat.com I'm not sure if it is solved now. In the openssh5.3p1 X forwarding does not work, when connected via IPV6. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.

Hello I've created patch to the openssh which allows to use an agent for obtaining the public keys. It may be the first step towards the implementation of something similar lpk. The solution is independent on the agent, so it may be used with ldap based agent or with any other technology. May be that patch acceptable as the first aproach to the lpk replacement? It is placet in mindrot's

Does anyone knows if there is a patch for OpenSSH in order to make it work with 0.9.8r OpenSSL in FIPS Mode ? I'm having problem with the RSA_public_decrypt() function that is failing in FIPS Mode, I changed it to use RSA_verify instead and setting the flag "RSA_FLAG_NON_FIPS_ALLOW", and it's working fine now, but I'm not sure if this is allowed in FIPS Mode, does anyone

...sshd binary. Product: Portable OpenSSH Version: 5.2p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy: jchadima at redhat.com --- Comment #0 from jchadima at redhat.com 2009-08-31 18:50:02 EST --- Add a --enable-vendor-patchlevel option which allows a ShowPatchLevel option to enable display of a vendor patch level during version exchange -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?ta...

...th ipv6 disabled Product: Portable OpenSSH Version: 5.8p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: unassigned-bugs at mindrot.org ReportedBy: jchadima at redhat.com ssh tries to resolve and use ipv6 addresses even if ipv6 is disabled. This is caused by the inappropriate flags for getaddrinfo. I'm not sure if this is only glibc nuance or it is a global bug. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email -------...

...SELinux roles Product: Portable OpenSSH Version: 5.2p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy: jchadima at redhat.com --- Comment #0 from jchadima at redhat.com 2009-08-31 18:56:15 EST --- Add support for choosing SELinux role from the client (ssh user/role at server) -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- Yo...

...tion Product: Portable OpenSSH Version: 5.2p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Miscellaneous AssignedTo: unassigned-bugs at mindrot.org ReportedBy: jchadima at redhat.com --- Comment #0 from jchadima at redhat.com 2009-08-28 15:22:07 EST --- The locale-relatet environment describes seting of the client terminal. It is very useful thet the server side uses the same environment for the terminal communication. -- Configure bugmail: https://bugzilla.mi...

...linux Product: Portable OpenSSH Version: 5.8p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Miscellaneous AssignedTo: unassigned-bugs at mindrot.org ReportedBy: jchadima at redhat.com This is a concept for entropy management in Linux. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.

...xits Product: Portable OpenSSH Version: 5.3p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Miscellaneous AssignedTo: unassigned-bugs at mindrot.org ReportedBy: jchadima at redhat.com There is the mandatory call RAND_cleanup() before the exit of the program that uses RAND for the fips-140-2 compliance. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of...

...m setuid Product: Portable OpenSSH Version: 5.8p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Miscellaneous AssignedTo: unassigned-bugs at mindrot.org ReportedBy: jchadima at redhat.com the setgid programs are potentially less dangerous than setuid ones. the only setuid program in the openssh suite is ssh-keysign. It need to access private server keys. The solution is to create one dedicated group (ssh_keys). The keys then should be rw-r---- root:ssh_keys The ssh...

...available tomorrow (dated 20121101 or later). If you have an interest in this feature then please help review and test it before out next release. It would be handy if there were a good selection of helper commands ready then for common backends (LDAP at least). The patch was mostly written by Jan Chadima from Redhat, and I apologise for taking too long to polish and integrate it. -d

...es cause segfault Product: Portable OpenSSH Version: 5.8p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy: jchadima at redhat.com There is an assumption that active_state is assigned before calling packet_connection_is_on_socket. Sometimes (early crashes) it is not true. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are wat...

...possible Product: Portable OpenSSH Version: 5.5p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy: jchadima at redhat.com The abstract socket on linux is independent on the fole system and has no file system representation. This is useful when the selinux rules prevents the /tmp directory. (using namespaces) -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are re...

Hello Team, We ship our own software own top of Centos 5.2 OS and install other applications and rpms on top of rpms available in 5.2 Centos. We are in the process of upgrading to a later version of openssh (5.8 version of openssh is already available), however the latest src.rpm version of openssh available on Centos site is still

Hi, We will probably do an openssh-5.5p1 release soon, mainly for the sshd_config:AuthorizedKeysFile bug, but containing a few other small patches too. If you have any portability fixes that need to go in then

...penssh Product: Portable OpenSSH Version: 5.2p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Miscellaneous AssignedTo: unassigned-bugs at mindrot.org ReportedBy: jchadima at redhat.com Created an attachment (id=1646) --> (http://bugzilla.mindrot.org/attachment.cgi?id=1646) patch which solves the problem SCTP is network protocol similar to TCP. Openssh traffic can be transmited by SCTP instead of TCP. -- Configure bugmail: https://bugzilla.mindrot.org/userpr...

http://bugzilla.mindrot.org/show_bug.cgi?id=1329 Summary: stale control sockets prevent connection. Product: Portable OpenSSH Version: 4.6p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: bitbucket at mindrot.org ReportedBy: dwmw2 at