search for: dkg

Processing commands for control at bugs.debian.org: > # changing bug submitter e-mail address from > # dkg-debian.org at fifthhorsemannet to > # dkg at fifthhorseman.net for consolidation > submitter 318123 ! Bug#318123: [CVE-2006-0061] xlockmore: xlock segfaults with libpam-opensc, returns to user session Changed Bug submitter from Daniel Kahn Gillmor <dkg-debian.org at fifthhorseman.net> t...

...e). * i've tried running ssh-add under /usr/bin/nohup However, even with all that, if i feed ssh-add a garbage key as a subprocess of anything that as a controlling terminal, it opens /dev/tty and prompts for a passphrase for the key directly there. You can see what it's doing here: [0 dkg at squeak]$ umask 077 [0 dkg at squeak]$ rm -f x [0 dkg at squeak]$ touch x [0 dkg at squeak]$ unset DISPLAY [0 dkg at squeak]$ unset SSH_ASKPASS [0 dkg at squeak]$ ssh-add x </dev/null >/dev/null 2>/dev/null Enter passphrase for x: ... and at that point it hangs until a carriage retu...

Hi, Currently using openssh-4.5p1 on Solaris 8 in conjunction with Oracle 8i dataguard. Is there a patch available to prevent ssh returning status code 255 for a successful execution of a remote connection/command. Many Thanks, Tim Mann

hi folks: it looks like ssh-keygen -r can''t export SSHFP records for ECDSA keys: 0 dkg@pip:/tmp/cdtemp.oiRYAS$ ssh-keygen -f foobar -t ecdsa -q -P '''' 0 dkg@pip:/tmp/cdtemp.oiRYAS$ ssh-keygen -r foobar -f foobar.pub export_dns_rr: unsupported algorithm 0 dkg@pip:/tmp/cdtemp.oiRYAS$ the first number in my prompt is the return code of the last command; note that ssh-k...

...ttachment Product: Portable OpenSSH Version: 5.1p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Smartcard AssignedTo: unassigned-bugs at mindrot.org ReportedBy: dkg at fifthhorseman.net Created an attachment (id=1559) --> (http://bugzilla.mindrot.org/attachment.cgi?id=1559) patch to retry smartcard if detached reader/card is detected. Currently, if you use an OpenSC-supported smartcard with your ssh-agent, the passphrase is cached while the smartcard is...

...dary to be able to tear it down when it's done too, of course, but i could do without that for now. Here's an example of an attempt which appears to fail for me, with a bit of debugging verbosity thrown in: ("5th" is a host with an IMAP server answering on the loopack address) [dkg at squeak ~]$ ssh -Nf -MS ~/.ssh/controls/fubar -L 9999:localhost:143 5th true [dkg at squeak ~]$ ssh -vvv -Nf -S ~/.ssh/controls/fubar -L 8888:localhost:143 5th true OpenSSH_4.2p1 Debian-5.dkg0, OpenSSL 0.9.8a 11 Oct 2005 debug1: Reading configuration data /home/dkg/.ssh/config debug1: Applying o...

Hi, could somebody be so kind to check in the follwoing patch? It fixes two problems: - contrib/cygwin/Makefile: Installs new docs and stops trying to install RFC.nroff. - contrib/cygwin/ssh-host-config: Fixes a condition which tries to find out if ssh or sshd processes are still running. The old version unfortunately stumbles over user names which contain the substring

...angerous writable bits with the current umask instead: umask(022 | umask(0)); This would make sure that we're not creating group- or other-writable files while still honoring the user's expectations that setting a bit in the umask will actually mask off that bit. Regards, --dkg PS Some tests that i ran that demonstrate this surprising behavior: Here's ssh setting g+r,o+r (explicitly disregarding my umask of 077) when it creates known_hosts for me (tested with OpenSSH 4.8 on OpenBSD 4.3 and OpenSSH 5.1 on Debian testing): $ uname -a OpenBSD openbsdtest.squeak.fifthh...

...9;ll keep rooting around. I'm ok writing a PAM module if that's what I needed. But I have a feeling there's a good bit more to it. And without someone know "knows " - that can be a very long rabbit trail :) Hrm.... On Fri, Feb 6, 2015 at 12:52 PM, Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote: > On Fri 2015-02-06 12:41:38 -0500, Cary FitzHugh wrote: >> The trouble is that the user isn't created on the machine beforehand. >> But I actually don't want the user created, b/c I don't want to litter >> all these servers with litt...

Hello Portable OpenSSH Team! I recently read the man-page of sshd and found: The Match-Statement. Which maybe could solve the problem i have. (Get freeNX running on my UbuntuBox and connect to it with the Windows-Client just using PublicKey Authentication ) But unfortunately the documentation of the Match-Statement refers to the PATTERN section, which is non existent :-( After a little bit of

https://bugzilla.mindrot.org/show_bug.cgi?id=1545 Daniel Kahn Gillmor <dkg at fifthhorseman.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dkg at fifthhorseman.net --- Comment #15 from Daniel Kahn Gillmor <dkg at fifth...

...to a numeric user ID and the other information that is typically found in /etc/passwd. this doesn't write anything to the local disk. > The AuthorzedKeysCommand could then just return the tmp/username information.. Then the AuthorizedKeysCommand can return the proper key material. --dkg

...Ultra Electronics Advanced Tactical Systems, Inc. 4101 Smith School Road Building IV, Suite 100 Austin, TX 78744 USA Trey.Henefield at ultra-ats.com Tel: +1 512 327 6795 ext. 647 Fax: +1 512 327 8043 Mobile: +1 512 541 6450 www.ultra-ats.com -----Original Message----- From: Daniel Kahn Gillmor [dkg at fifthhorseman.net] Received: Thursday, 15 Jan 2015, 4:03PM To: Trey Henefield [trey.henefield at ultra-ats.com]; ?ngel Gonz?lez [keisial at gmail.com] CC: openssh-unix-dev at mindrot.org [openssh-unix-dev at mindrot.org] Subject: RE: OpenSSH v6.7 & NumberOfPasswordPrompts Option ... On Thu...

...uthorized authentication. And of course, ForwardAgent should be kept to a minimum in general for security. However, in the circumstances where ForwardAgent is warranted, i'd like to be able to rely on my local system to alert me to any tampering with the agent from remote hosts. Regards, --dkg -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: ssh-agent-require-confirmation.diff Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20041226/415f2766/attachment.ksh

https://bugzilla.mindrot.org/show_bug.cgi?id=1984 Bug #: 1984 Summary: Add Unix Domain Socket Forwarding Classification: Unclassified Product: Portable OpenSSH Version: 5.9p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: ssh AssignedTo:

...: KnownHostsCommand Product: Portable OpenSSH Version: 5.5p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: unassigned-bugs at mindrot.org ReportedBy: dkg at fifthhorseman.net A useful feature to have for ssh would be KnownHostsCommand, by analogy with KnownHostsFile and ProxyCommand. One possible implementation: if set, KnownHostsCommand would be invoked as a subprocess immediately after receipt of the host's key, with the host name as argv[1...

...enssh-7.3, due in a > couple of months. Will it be configurable? There are situations where people actively don't want to have any IP addresses logged for legal reasons, and ideally it would be easy to get diagnostics without risks of IP addresses being written to log storage. --dkg

...ision themselves provide a fingerprinting mechanism, but those can be disabled on Debian with "DebianBanner no" in sshd_config. We'd want to make sure that distro-specific moduli don't re-introduce fingerprinting for operators who want to hide their choice of distro. --dkg PS Darren, has there been any attempt at generating primality proofs for the values in ./moduli, as opposed to 100 rounds of Miller-Rabin? It would be a shame for a pseudoprime to slip in, however unlikely that would be.

Hello, I'm trying to build a valid public ssh v2 RSA key from a java application but I have some problems understanding how the two numbers (e and n) are base64 encoded into ~/.ssh/id_rsa.pub or ~/.ssh/authorized_keys2 file. My question is what exactly is encoded into the base64 string? For example for this public key: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6p76zG+8aOkFZT1y4O+Y7n

Greetings everyone! I would like to know if adding support for Unix socket to sshd would be a feature that would be consider to be added upstream? (ListenAddress). One of the main reason for this question to you all is that tor now has Unix socket support for hidden services that is traffic of a hidden service can be forwarded to a Unix socket (see HiddenServicePort in tor.1). The rationale