search for: keysign

OpenSSH Security Advisory: portable-keysign-rand-helper.adv This document may be found at: http://www.openssh.com/txt/portable-keysign-rand-helper.adv 1. Vulnerability Portable OpenSSH's ssh-keysign utility may allow unauthorised local access to host keys on platforms if ssh-rand-helper is used. 2. Affected co...

OpenSSH Security Advisory: portable-keysign-rand-helper.adv This document may be found at: http://www.openssh.com/txt/portable-keysign-rand-helper.adv 1. Vulnerability Portable OpenSSH's ssh-keysign utility may allow unauthorised local access to host keys on platforms if ssh-rand-helper is used. 2. Affected co...

...before) > > ssh server.DOMAIN.COM > Permission denied (hostbased). > > instead, as my user, fails differently for some reason, > > ssh server.DOMAIN.COM > ... > no matching hostkey found for key ED25519 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx > ssh_keysign: no reply > key_sign failed > Permission denied (hostbased). > So, that indicates that you have a problem with your client setup. Since you are trying to use ssh from /usr/local/bin, I take it that it is a local build. As such, some of the files may not be properly located. You can...

http://bugzilla.mindrot.org/show_bug.cgi?id=526 Summary: potential ssh-keysign segfault if pktype == KEY_UNSPEC Product: Portable OpenSSH Version: 3.6p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Miscellaneous AssignedTo: openssh-unix-dev at mindr...

I use ssh in a batch environment (www.pbspro.com) and am using host based authentication to allow sshes between some resources. When I converted from openssh 3.1 to newer versions (up to an including 3.8 where ssh-keysign was moved to a standalone binary) I had issues with ssh-keysign failing with the error "bad fd". A little exploring showed that this was happening because in the batch environment the ssh command did not have a STDIN opened and the socket used for IPC was being created as fd 0. You...

On Fri, Jan 09, 2015 at 13:00:10 -0800, grantksupport at operamail.com wrote: > Hi > > On Fri, Jan 9, 2015, at 12:34 PM, Mark Hahn wrote: > > >> The one you are missing is EnableSSHKeysign. > > > > I suppose it's worth asking: is your ssh-keysign suid root > > (and are the permissions on your host keys sufficiently tight)? > > Note that everything works correctly with other auth methods: pubkey, password, ... > I suspect key perms issues would've...

The latter versions of openssh (3.4,3.5 and 3.6.1) all seem to suffer from a broken ssh-keysign binary. This causes HostbasedAuthentication to fail. We have installed 3.6.1p1 on a Solaris 8 machine using openssl-0.9.6i. This fails thusly ssh server <......some \digits removed - a key perhaps?> ssh_keysign: no reply key_sign failed a at server's password For version 3.4p1 we patch...

http://bugzilla.mindrot.org/show_bug.cgi?id=268 Summary: ssh-keysign build failure on AIX with gcc Product: Portable OpenSSH Version: -current Platform: Other OS/Version: AIX Status: NEW Severity: normal Priority: P2 Component: Miscellaneous AssignedTo: openssh-unix-dev at mindr...

http://bugzilla.mindrot.org/show_bug.cgi?id=304 Summary: ssh-keysign memory freeing bug Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: major Priority: P2 Component: Miscellaneous AssignedTo: openssh-unix-dev at mindrot.org...

...at bewilderbeest.net> --- Created attachment 2303 --> https://bugzilla.mindrot.org/attachment.cgi?id=2303&action=edit Incomplete patch for sshd to use ssh-agent for hostkeys >From mailing list post: ...assuming things look OK thus far, I'm considering how best to handle the ssh-keysign problem. Since it's executed by a user's ssh client, it won't have the server's SSH_AUTH_SOCK environment variable, so finding the socket to connect to is slightly tricky -- any problems with changing it to a (configurable) static, globally-known path? Assuming not, then there'...

The problem I am seeing was introduced between 6.4p1 and 6.5p1 (and still exists in 6.6p1). With HostbasedAuthentication/EnableSSHKeysign turned on, I am seeing one of two sets of messages: no matching hostkey found ssh_keysign: no reply key_sign failed and not a valid request ssh_keysign: no reply key_sign failed Then in either case two password prompts: bowman at HOST.math.utah.edu's password: Permission denied, please t...

I run OpenSSH on linux @ client which ssh /usr/local/bin/ssh ssh -v OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014 @ server which sshd /usr/local/bin/sshd sshd -v unknown option -- V OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014 usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-c host_cert_file] [-E log_file] [-f config_file] [-g login_grace_time]

http://bugzilla.mindrot.org/show_bug.cgi?id=268 ------- Additional Comments From dtucker at zip.com.au 2002-06-07 17:34 ------- Created an attachment (id=108) Conditionally define __progname in ssh-keysign.c ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

...Separation (Portability, Kerberos, PermitRootLogin handling). * ssh(1) prints out all known host keys for a host if it receives an unknown host key of a different type. * Fixed AES/Rijndael EVP integration for OpenSSL < 0.9.7 (caused problems with bounds checking patches for gcc). * ssh-keysign(8) is disabled by default and only enabled if the HostbasedAuthentication option is enabled in the global ssh_config(5) file. * ssh-keysign(8) uses RSA blinding in order to avoid timing attacks against the RSA host key. * A use-after-free bug was fixed in ssh-keysign(8). This bug broke h...

...Separation (Portability, Kerberos, PermitRootLogin handling). * ssh(1) prints out all known host keys for a host if it receives an unknown host key of a different type. * Fixed AES/Rijndael EVP integration for OpenSSL < 0.9.7 (caused problems with bounds checking patches for gcc). * ssh-keysign(8) is disabled by default and only enabled if the HostbasedAuthentication option is enabled in the global ssh_config(5) file. * ssh-keysign(8) uses RSA blinding in order to avoid timing attacks against the RSA host key. * A use-after-free bug was fixed in ssh-keysign(8). This bug broke h...

...to its documented role as provider of defaults. $ ssh -V OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f $ cat .ssh/config Host localhost HostbasedAuthentication yes PreferredAuthentications hostbased $ ssh localhost Hostbased authentication not enabled in /etc/ssh/ssh_config ssh_keysign: no reply key_sign failed Permission denied (publickey,password,keyboard-interactive,hostbased). The situation is rectified by enabling Hostbased authentication in /etc/ssh/ssh_config (as the error message suggests), but this must be done by the systems administrator. Why is the setting in .ssh/c...

https://bugzilla.mindrot.org/show_bug.cgi?id=1912 Summary: 5.8 ssh-keysign lacks ECDSA support Product: Portable OpenSSH Version: 5.8p2 Platform: All OS/Version: All Status: NEW Severity: critical Priority: P2 Component: Miscellaneous AssignedTo: unassigned-bugs at mindrot.org...

OpenSSL_add_all_algorithms has been deprecated with 1.1. Compatibility is needed. Signed-off-by: Rosen Penev <rosenp at gmail.com> --- ssh-keysign.c | 1 + ssh_api.c | 2 ++ 2 files changed, 3 insertions(+) diff --git a/ssh-keysign.c b/ssh-keysign.c index 744ecb4f..bcd1508c 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -40,6 +40,7 @@ #include <openssl/evp.h> #include <openssl/rand.h> #include <openssl/rsa.h> +#in...

http://bugzilla.mindrot.org/show_bug.cgi?id=304 markus at openbsd.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Additional Comments From markus at openbsd.org 2002-06-27

On Wed, 17 Feb 2016, Tom G. Christensen wrote: > On 12/02/16 04:56, Damien Miller wrote: > > Portable OpenSSH is available via Git at > > https://anongit.mindrot.org/openssh.git/ or via a mirror on Github at > > https://github.com/openssh/openssh-portable > > > > I'm seeing a hang in the testsuite on Solaris: > run test transfer.sh ... > transfer data: