search for: gillmor

...changing bug submitter e-mail address from > # dkg-debian.org at fifthhorsemannet to > # dkg at fifthhorseman.net for consolidation > submitter 318123 ! Bug#318123: [CVE-2006-0061] xlockmore: xlock segfaults with libpam-opensc, returns to user session Changed Bug submitter from Daniel Kahn Gillmor <dkg-debian.org at fifthhorseman.net> to Daniel Kahn Gillmor <dkg at fifthhorseman.net>. > submitter 336101 ! Bug#336101: coreutils: nohup -p <pid> should let you background a running process Changed Bug submitter from Daniel Kahn Gillmor <dkg-debian.org at fifthhorseman.ne...

https://bugzilla.mindrot.org/show_bug.cgi?id=1506 Summary: rationalize agent behavior on smartcard removal/reattachment Product: Portable OpenSSH Version: 5.1p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Smartcard AssignedTo:

https://bugzilla.mindrot.org/show_bug.cgi?id=1545 Daniel Kahn Gillmor <dkg at fifthhorseman.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dkg at fifthhorseman.net --- Comment #15 from Daniel Kahn Gillmor <dkg...

On Tue 2016-03-29 18:10:00 -0400, Damien Miller wrote: > On Tue, 29 Mar 2016, IMAP List Administration wrote: >> If you haven't already, an you please add the IP address to this message, and >> any similar messages? I'm using version 6.7p1. > > I actually added that recently. It will be in openssh-7.3, due in a > couple of months. Will it be configurable? There

On Tue 2015-05-26 14:02:07 -0400, Hubert Kario wrote: > On Tuesday 26 May 2015 13:43:13 Daniel Kahn Gillmor wrote: >> On Tue 2015-05-26 12:57:05 -0400, Hubert Kario wrote: >> > creating composites that will pass even 100000 rounds of Miller-Rabin is >> > relatively simple.... >> > (assuming the values for M-R tests are picked randomly) >> >> Can you point me...

...as discussed briefly. I try to summarize that discussion: Damien Miller and Peter Stuge questioned the difficulties of option 2. A working implementation of that option hasn't been seen yet. Bert Wesarg mentioned his work on ControlCommand. It is slightly related to the task above. Daniel Kahn Gillmor and Jameson Rollins (both from the monkeysphere project) gave additional explanations and generally appreciated this patch. There were no further responses addressing these explanations. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail...

On Thu, Oct 15, 2015 at 04:15:03PM -0400, Daniel Kahn Gillmor wrote: > if the intermediary machine (the "jumphost") is jumphost.example, and > you are trying to reach bar.example.com (which is behind the firewall), > you would do: > ssh -oProxyCommand='ssh jumphost.example -W %h:%p' bar.example.com We use jump host, but there a...

I regularly use ssh-agent with a subcommand; my X11 session is spawned through ssh-agent, and sometimes i'll run a special agent for a certain subset of commands, like this: ssh-agent bash ... and then do work within that shell. From the man page: > If a commandline is given, this is executed as a subprocess of the agent. > When the command dies, so does the agent. But

...I guess I'll keep rooting around. I'm ok writing a PAM module if that's what I needed. But I have a feeling there's a good bit more to it. And without someone know "knows " - that can be a very long rabbit trail :) Hrm.... On Fri, Feb 6, 2015 at 12:52 PM, Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote: > On Fri 2015-02-06 12:41:38 -0500, Cary FitzHugh wrote: >> The trouble is that the user isn't created on the machine beforehand. >> But I actually don't want the user created, b/c I don't want to litter >> all these servers w...

On 04 Feb (10:46:55), Daniel Kahn Gillmor wrote: > On Thu 2016-02-04 07:40:39 -0500, David Goulet wrote: > > > I would like to know if adding support for Unix socket to sshd would be a > > feature that would be consider to be added upstream? (ListenAddress). > > fwiw, i think this is a good idea, but i wouldn'...

I see. From reading that wikipedia article, I'm wondering what gets compressed when compression is enabled in openssh. Is it the ciphertext or the cleartext? Regards, Mark On Fri, 2013-10-25 at 15:47 -0400, Daniel Kahn Gillmor wrote: > On 10/25/2013 03:23 PM, Mark E. Lee wrote: > > Thanks for the response, what kind of problematic interactions would > > occur (other than trying to compress seemingly random data)? > > e.g. https://en.wikipedia.org/wiki/CRIME or similar attacks where the > attacker...

hi folks-- Can a Match block cover a Subsystem directive in sftp? https://bugzilla.mindrot.org/show_bug.cgi?id=1587#c1 suggests that Match can cover Subsystem, but sshd_config (at least, in 5.5p1) doesn't mention Subsystem within the description of Match. What should administrators expect? --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name:

https://bugzilla.mindrot.org/show_bug.cgi?id=1984 Bug #: 1984 Summary: Add Unix Domain Socket Forwarding Classification: Unclassified Product: Portable OpenSSH Version: 5.9p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: ssh AssignedTo:

On Mon 2016-01-04 20:35:05 -0500, Bostjan Skufca wrote: > Would it make sense to refactor (if it is not done yet) openssh to use > generic API for communicating with any SSL implementation? Or is the > general stance on this subject "the new SSL implementation should provide > openssl-compatible API to be usable with openssh"? OpenSSH doesn't use any of the

https://bugzilla.mindrot.org/show_bug.cgi?id=1777 Summary: KnownHostsCommand Product: Portable OpenSSH Version: 5.5p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: unassigned-bugs at mindrot.org ReportedBy: dkg at fifthhorseman.net A

On Tue, Oct 20, 2015 at 01:31:46AM +0200, ?ngel Gonz?lez wrote: > On 16/10/15 12:46, hubert depesz lubaczewski wrote: > >On Thu, Oct 15, 2015 at 04:15:03PM -0400, Daniel Kahn Gillmor wrote: > >>> if the intermediary machine (the "jumphost") is jumphost.example, and > >>> you are trying to reach bar.example.com (which is behind the firewall), > >>> you would do: > >>> ssh -oProxyCommand='ssh jumphost.example -W...

Hello all, We got a report [1], that we miss "p1" suffix in the sshd identification strings in Fedora. I dig in and found out that it is also missing from portable usptream since 2004, when you were rewriting version.h header file with this information. Debian somehow patched this information back during the time in some places (ssh_api.c is missing). It does not look like

On 09/22/2017 03:22 PM, Daniel Kahn Gillmor wrote: > On Thu 2017-09-21 18:12:44 -0400, Joseph S Testa II wrote: >> I gotta say... having a fallback mechanism here seems pretty >> strange. The entire point of the group exchange is to use a dynamic >> group and not a static one. > > fwiw, i think dynamic group...

On Fri, 29 Dec 2017, Daniel Kahn Gillmor wrote: > On Thu 2017-12-28 21:31:28 -0800, Dan Mahoney (Gushi) wrote: > > Why not make minimum key length a tunable, just as the other options are? > > Because the goal of building secure software is to make it easy to > answer the question "are you using it securely?"...

Greetings everyone! I would like to know if adding support for Unix socket to sshd would be a feature that would be consider to be added upstream? (ListenAddress). One of the main reason for this question to you all is that tor now has Unix socket support for hidden services that is traffic of a hidden service can be forwarded to a Unix socket (see HiddenServicePort in tor.1). The rationale