search for: jchadima

https://bugzilla.mindrot.org/show_bug.cgi?id=1402 Summary: [RFE] Support auditing through Linux Audit subsystem Classification: Unclassified Product: Portable OpenSSH Version: 4.7p1 Platform: Other OS/Version: Linux Status: NEW Keywords: patch Severity: normal Priority: P2 Component: sshd

...possible Product: Portable OpenSSH Version: 5.5p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy: jchadima at redhat.com The abstract socket on linux is independent on the fole system and has no file system representation. This is useful when the selinux rules prevents the /tmp directory. (using namespaces) -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are re...

...mes cause segfault Product: Portable OpenSSH Version: 5.8p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy: jchadima at redhat.com There is an assumption that active_state is assigned before calling packet_connection_is_on_socket. Sometimes (early crashes) it is not true. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are wat...

...g after chroot Product: Portable OpenSSH Version: 5.2p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy: jchadima at redhat.com --- Comment #0 from jchadima at redhat.com 2009-08-28 15:32:07 EST --- It is useful to continue to write the logs after chroot to the directory which do not contain the syslog socket in the chroot environment. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=em...

...r linux Product: Portable OpenSSH Version: 5.8p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Miscellaneous AssignedTo: unassigned-bugs at mindrot.org ReportedBy: jchadima at redhat.com This is a concept for entropy management in Linux. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.

...support sshv2 Product: Portable OpenSSH Version: 5.6p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sftp AssignedTo: unassigned-bugs at mindrot.org ReportedBy: jchadima at redhat.com In the case when the server supports protocol 1 only and the client supports 2,1 ssh switches automatically to protocol 1, sftp exits with: "Protocol major versions differ: 2 vs. 1" -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You ar...

...directly Product: Portable OpenSSH Version: 5.8p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy: jchadima at redhat.com there should be intermediate shell to satisfy the policy -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.

...on of public keys. Product: Portable OpenSSH Version: 5.3p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy: jchadima at redhat.com For management of larger sites is useful to use distributed authorized private keys. This patch allows use the agent to obtaining the keys. There are possibility of use popen (agent) instead of open (authorized_keys). The feature is triggered a new configure option. The two sshd_c...

...ith ipv6 disabled Product: Portable OpenSSH Version: 5.8p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: unassigned-bugs at mindrot.org ReportedBy: jchadima at redhat.com ssh tries to resolve and use ipv6 addresses even if ipv6 is disabled. This is caused by the inappropriate flags for getaddrinfo. I'm not sure if this is only glibc nuance or it is a global bug. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email -------...

...sions Product: Portable OpenSSH Version: 5.2p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Miscellaneous AssignedTo: unassigned-bugs at mindrot.org ReportedBy: jchadima at redhat.com Created an attachment (id=1655) --> (http://bugzilla.mindrot.org/attachment.cgi?id=1655) patch solving the problem Using ssh-copy-id to copy a ssh key to a new f11 host that has selinux enabled, the authorized_keys file is created on the remote host with an incorrect context....

...al-sftp Product: Portable OpenSSH Version: 5.2p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sftp-server AssignedTo: unassigned-bugs at mindrot.org ReportedBy: jchadima at redhat.com --- Comment #0 from jchadima at redhat.com 2009-08-28 15:38:36 EST --- The sshd run with ssdh_t context. The sftpd runs with sftpd_t context. Internal-sftp do not use exec.* (2) syscall, so there is a need to switch context manually. -- Configure bugmail: https://bugzilla.mindrot....

Note: I am digest subscriber so if you could copy me directly on any reply to the list I would appreciate it very much. I sent this to the OpenSSH list (secureshell at securityfocus.com) yesterday and received no response so I am asking here in hopes that someone else has run across this problem on CentOS. We have encountered a situation that requires sftp access to one of our server by an

...f stderr is used. Product: Portable OpenSSH Version: 5.4p1 Platform: Other OS/Version: All Status: NEW Severity: major Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy: jchadima at redhat.com According to SSH File Transfer Protocol draft-ietf-secsh-filexfer-13 the usage of stderr may not harm the transfer. The chapter 3.1 says: "Data sent on stderr by the server SHOULD be considered free format debug or supplemental error information, and MAY be displayed to the...

...ssh-keygen Product: Portable OpenSSH Version: 5.4p1 Platform: All OS/Version: Linux Status: NEW Severity: minor Priority: P2 Component: ssh-keygen AssignedTo: unassigned-bugs at mindrot.org ReportedBy: jchadima at redhat.com In the case of unaccessible $HOME the ssh-keygen writes misleading error message -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.

...om setuid Product: Portable OpenSSH Version: 5.8p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Miscellaneous AssignedTo: unassigned-bugs at mindrot.org ReportedBy: jchadima at redhat.com the setgid programs are potentially less dangerous than setuid ones. the only setuid program in the openssh suite is ssh-keysign. It need to access private server keys. The solution is to create one dedicated group (ssh_keys). The keys then should be rw-r---- root:ssh_keys The ssh...

...openssh Product: Portable OpenSSH Version: 5.2p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Miscellaneous AssignedTo: unassigned-bugs at mindrot.org ReportedBy: jchadima at redhat.com Created an attachment (id=1646) --> (http://bugzilla.mindrot.org/attachment.cgi?id=1646) patch which solves the problem SCTP is network protocol similar to TCP. Openssh traffic can be transmited by SCTP instead of TCP. -- Configure bugmail: https://bugzilla.mindrot.org/userpr...

...source routing Product: Portable OpenSSH Version: 5.2p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy: jchadima at redhat.com --- Comment #0 from jchadima at redhat.com 2009-09-01 21:29:14 EST --- Do not fail on all IP options, only on source-routing -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assigne...

...config Product: Portable OpenSSH Version: 5.2p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: unassigned-bugs at mindrot.org ReportedBy: jchadima at redhat.com --- Comment #0 from jchadima at redhat.com 2009-08-31 18:24:57 EST --- Search the path for krb5-config if the prefix wasn't specified. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watchi...

...login auditing Product: Portable OpenSSH Version: 5.2p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy: jchadima at redhat.com --- Comment #0 from jchadima at redhat.com 2009-09-01 17:32:53 EST --- Selinux has ability to audit user logins. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug...

...thers Product: Portable OpenSSH Version: 5.2p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Miscellaneous AssignedTo: unassigned-bugs at mindrot.org ReportedBy: jchadima at redhat.com --- Comment #0 from jchadima at redhat.com 2009-09-01 23:06:16 EST --- It's useful to have askpass dialog visible. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of t...