search for: fifthhorseman

Processing commands for control at bugs.debian.org: > # changing bug submitter e-mail address from > # dkg-debian.org at fifthhorsemannet to > # dkg at fifthhorseman.net for consolidation > submitter 318123 ! Bug#318123: [CVE-2006-0061] xlockmore: xlock segfaults with libpam-opensc, returns to user session Changed Bug submitter from Daniel Kahn Gillmor <dkg-debian.org at fifthhorseman.net> to Daniel Kahn Gillmor <dk...

...nt Product: Portable OpenSSH Version: 5.1p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Smartcard AssignedTo: unassigned-bugs at mindrot.org ReportedBy: dkg at fifthhorseman.net Created an attachment (id=1559) --> (http://bugzilla.mindrot.org/attachment.cgi?id=1559) patch to retry smartcard if detached reader/card is detected. Currently, if you use an OpenSC-supported smartcard with your ssh-agent, the passphrase is cached while the smartcard is in use (up until...

https://bugzilla.mindrot.org/show_bug.cgi?id=1545 Daniel Kahn Gillmor <dkg at fifthhorseman.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dkg at fifthhorseman.net --- Comment #15 from Daniel Kahn Gillmor <dkg at fifthhorseman.net>...

https://bugzilla.mindrot.org/show_bug.cgi?id=1984 Bug #: 1984 Summary: Add Unix Domain Socket Forwarding Classification: Unclassified Product: Portable OpenSSH Version: 5.9p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: ssh AssignedTo:

...HostsCommand Product: Portable OpenSSH Version: 5.5p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: unassigned-bugs at mindrot.org ReportedBy: dkg at fifthhorseman.net A useful feature to have for ssh would be KnownHostsCommand, by analogy with KnownHostsFile and ProxyCommand. One possible implementation: if set, KnownHostsCommand would be invoked as a subprocess immediately after receipt of the host's key, with the host name as argv[1], and the public...

https://bugzilla.mindrot.org/show_bug.cgi?id=1759 Summary: allow display of bubblebabble fingerprint when connecting Product: Portable OpenSSH Version: -current Platform: All URL: http://bugs.debian.org/578422 OS/Version: Linux Status: NEW Severity: enhancement Priority: P2

...se Product: Portable OpenSSH Version: 5.8p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Miscellaneous AssignedTo: unassigned-bugs at mindrot.org ReportedBy: dkg at fifthhorseman.net currently, ssh-askpass is used in some situations to actually ask the user for a passphrase. in other situations, it is used to prompt for simple confirmation (e.g. ControlMaster=ask, ssh-add -c). Providing the exact same UI for both scenarios is not only surprising for new users; it is als...

https://bugzilla.mindrot.org/show_bug.cgi?id=69 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org Alias| |generalised-askpass -- Configure bugmail:

https://bugzilla.mindrot.org/show_bug.cgi?id=1808 Summary: "SetupCommand" invoked before connecting Product: Portable OpenSSH Version: 5.6p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: ssh AssignedTo: unassigned-bugs at mindrot.org

https://bugzilla.mindrot.org/show_bug.cgi?id=2493 Bug ID: 2493 Summary: Accept host key fingerprint as the same as 'yes' Product: Portable OpenSSH Version: 6.9p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee:

...of 5.7p1 Product: Portable OpenSSH Version: 5.8p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh-add AssignedTo: unassigned-bugs at mindrot.org ReportedBy: dkg at fifthhorseman.net Created attachment 2001 --> https://bugzilla.mindrot.org/attachment.cgi?id=2001 allow ssh-add to read from FIFOs It looks like ssh-add can no longer read from FIFOs as of 5.7p1 (since the switch from PEM_read_PrivateKey() to PEM_read_bio_PrivateKey(), and reading the file into an ssh bu...

...table OpenSSH Version: 5.1p1 Platform: Other OS/Version: Linux Status: NEW Keywords: patch Severity: normal Priority: P2 Component: Smartcard AssignedTo: unassigned-bugs at mindrot.org ReportedBy: dkg at fifthhorseman.net Created an attachment (id=1555) --> (http://bugzilla.mindrot.org/attachment.cgi?id=1555) patch so that OpenSC uses public keys instead of certificates The OpenSC smartcard framework supports access to both raw public keys and X.509 certificates on crypto tokens. When OpenSSH is compiled...

On Tue 2016-03-29 18:10:00 -0400, Damien Miller wrote: > On Tue, 29 Mar 2016, IMAP List Administration wrote: >> If you haven't already, an you please add the IP address to this message, and >> any similar messages? I'm using version 6.7p1. > > I actually added that recently. It will be in openssh-7.3, due in a > couple of months. Will it be configurable? There

...Electronics Advanced Tactical Systems, Inc. 4101 Smith School Road Building IV, Suite 100 Austin, TX 78744 USA Trey.Henefield at ultra-ats.com Tel: +1 512 327 6795 ext. 647 Fax: +1 512 327 8043 Mobile: +1 512 541 6450 www.ultra-ats.com -----Original Message----- From: Daniel Kahn Gillmor [dkg at fifthhorseman.net] Received: Thursday, 15 Jan 2015, 4:03PM To: Trey Henefield [trey.henefield at ultra-ats.com]; ?ngel Gonz?lez [keisial at gmail.com] CC: openssh-unix-dev at mindrot.org [openssh-unix-dev at mindrot.org] Subject: RE: OpenSSH v6.7 & NumberOfPasswordPrompts Option ... On Thu 2015-01-15 15:47:...

Hello, On Sat, Dec 30, 2017 at 12:16 AM, Daniel Kahn Gillmor <dkg at fifthhorseman.net > wrote: > On Thu 2017-12-28 21:31:28 -0800, Dan Mahoney (Gushi) wrote: > > > > Perhaps if you're dead-set on this being so dangerous, > > It's not the developers who are dead-set on weak-keyed RSA being > insecure, it's the cryptanalysts who have shown t...

https://bugzilla.mindrot.org/show_bug.cgi?id=1663 Summary: Allow to use agent for distribution of public keys. Product: Portable OpenSSH Version: 5.3p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org

...ep rooting around. I'm ok writing a PAM module if that's what I needed. But I have a feeling there's a good bit more to it. And without someone know "knows " - that can be a very long rabbit trail :) Hrm.... On Fri, Feb 6, 2015 at 12:52 PM, Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote: > On Fri 2015-02-06 12:41:38 -0500, Cary FitzHugh wrote: >> The trouble is that the user isn't created on the machine beforehand. >> But I actually don't want the user created, b/c I don't want to litter >> all these servers with little user directori...

On Fri 2015-02-06 14:30:13 -0500, Cary FitzHugh wrote: > Hence - maybe a NSS User Database extension which looks for the > public keys from a webservice (and then maybe writes them to > /tmp/<username>. No, i'm suggesting that when you want to look up the user, use NSS to find the username and map it to a numeric user ID and the other information that is typically found in

...DIR Product: Portable OpenSSH Version: 8.2p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org Reporter: dkg at fifthhorseman.net In some situations, users will want to forward a unix domain socket that lives in XDG_RUNTIME_DIR. for example, the default GnuPG gpg-agent's `agent-socket` lives in $XDG_RUNTIME_DIR/S.gpg-agent. But this isn't known by the client when setting up a RemoteForward. If we could use tok...

...cases Product: Portable OpenSSH Version: 5.8p2 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh-agent AssignedTo: unassigned-bugs at mindrot.org ReportedBy: dkg at fifthhorseman.net As initially reported on the mailing list: http://lists.mindrot.org/pipermail/openssh-unix-dev/2006-April/024144.html Alan P. Barrett wrote: The check_parent_exists() function in ssh-agent.c does this: if (parent_pid != -1 && kill(parent_pid, 0) < 0) however, the kill...