Displaying 20 results from an estimated 193 matches for "keysign".
2011 May 03
0
Revised: Portable OpenSSH security advisory: portable-keysign-rand-helper.adv
OpenSSH Security Advisory: portable-keysign-rand-helper.adv
This document may be found at:
http://www.openssh.com/txt/portable-keysign-rand-helper.adv
1. Vulnerability
Portable OpenSSH's ssh-keysign utility may allow unauthorised
local access to host keys on platforms if ssh-rand-helper is
used.
2. Affected co...
2011 May 03
1
Revised: Portable OpenSSH security advisory: portable-keysign-rand-helper.adv
OpenSSH Security Advisory: portable-keysign-rand-helper.adv
This document may be found at:
http://www.openssh.com/txt/portable-keysign-rand-helper.adv
1. Vulnerability
Portable OpenSSH's ssh-keysign utility may allow unauthorised
local access to host keys on platforms if ssh-rand-helper is
used.
2. Affected co...
2015 Jan 09
4
OpenSSH_6.7p1 hostbased authentication failing on linux->linux connection. what's wrong with my config?
...before)
>
> ssh server.DOMAIN.COM
> Permission denied (hostbased).
>
> instead, as my user, fails differently for some reason,
>
> ssh server.DOMAIN.COM
> ...
> no matching hostkey found for key ED25519 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
> ssh_keysign: no reply
> key_sign failed
> Permission denied (hostbased).
>
So, that indicates that you have a problem with your client setup. Since
you are trying to use ssh from /usr/local/bin, I take it that it is a
local build. As such, some of the files may not be properly located.
You can...
2003 Mar 31
1
[Bug 526] potential ssh-keysign segfault if pktype == KEY_UNSPEC
http://bugzilla.mindrot.org/show_bug.cgi?id=526
Summary: potential ssh-keysign segfault if pktype == KEY_UNSPEC
Product: Portable OpenSSH
Version: 3.6p1
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Miscellaneous
AssignedTo: openssh-unix-dev at mindr...
2004 Dec 17
0
ssh-keysign bug?
I use ssh in a batch environment (www.pbspro.com) and am using host based
authentication to allow sshes between some resources. When I converted from
openssh 3.1 to newer versions (up to an including 3.8 where ssh-keysign was
moved to a standalone binary) I had issues with ssh-keysign failing with the
error "bad fd". A little exploring showed that this was happening because
in the batch environment the ssh command did not have a STDIN opened and the
socket used for IPC was being created as fd 0.
You...
2015 Jan 09
2
OpenSSH_6.7p1 hostbased authentication failing on linux->linux connection. what's wrong with my config?
On Fri, Jan 09, 2015 at 13:00:10 -0800, grantksupport at operamail.com wrote:
> Hi
>
> On Fri, Jan 9, 2015, at 12:34 PM, Mark Hahn wrote:
> > >> The one you are missing is EnableSSHKeysign.
> >
> > I suppose it's worth asking: is your ssh-keysign suid root
> > (and are the permissions on your host keys sufficiently tight)?
>
> Note that everything works correctly with other auth methods: pubkey, password, ...
> I suspect key perms issues would've...
2003 Apr 02
1
broken ssh-keysign for openssh 3.6.1p1 on Solaris 8
The latter versions of openssh (3.4,3.5 and 3.6.1) all seem to suffer
from a broken ssh-keysign binary. This causes HostbasedAuthentication to
fail.
We have installed 3.6.1p1 on a Solaris 8 machine using
openssl-0.9.6i. This fails thusly
ssh server
<......some \digits removed - a key perhaps?>
ssh_keysign: no reply
key_sign failed
a at server's password
For version 3.4p1 we patch...
2002 Jun 07
0
[Bug 268] New: ssh-keysign build failure on AIX with gcc
http://bugzilla.mindrot.org/show_bug.cgi?id=268
Summary: ssh-keysign build failure on AIX with gcc
Product: Portable OpenSSH
Version: -current
Platform: Other
OS/Version: AIX
Status: NEW
Severity: normal
Priority: P2
Component: Miscellaneous
AssignedTo: openssh-unix-dev at mindr...
2002 Jun 26
0
[Bug 304] New: ssh-keysign memory freeing bug
http://bugzilla.mindrot.org/show_bug.cgi?id=304
Summary: ssh-keysign memory freeing bug
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: All
Status: NEW
Severity: major
Priority: P2
Component: Miscellaneous
AssignedTo: openssh-unix-dev at mindrot.org...
2013 Jun 26
12
[Bug 1974] Support for encrypted host keys
...at bewilderbeest.net> ---
Created attachment 2303
--> https://bugzilla.mindrot.org/attachment.cgi?id=2303&action=edit
Incomplete patch for sshd to use ssh-agent for hostkeys
>From mailing list post:
...assuming things look OK thus far, I'm considering how best to handle
the ssh-keysign problem. Since it's executed by a user's ssh client,
it
won't have the server's SSH_AUTH_SOCK environment variable, so finding
the
socket to connect to is slightly tricky -- any problems with changing
it to
a (configurable) static, globally-known path? Assuming not, then
there'...
2014 Mar 21
2
Bug? between OpenSSH 6.4p1 and 6.5p1(also 6.6p1)
The problem I am seeing was introduced between 6.4p1 and 6.5p1 (and
still exists in 6.6p1). With HostbasedAuthentication/EnableSSHKeysign
turned on, I am seeing one of two sets of messages:
no matching hostkey found
ssh_keysign: no reply
key_sign failed
and
not a valid request
ssh_keysign: no reply
key_sign failed
Then in either case two password prompts:
bowman at HOST.math.utah.edu's password:
Permission denied, please t...
2015 Jan 09
5
OpenSSH_6.7p1 hostbased authentication failing on linux->linux connection. what's wrong with my config?
I run OpenSSH on linux
@ client
which ssh
/usr/local/bin/ssh
ssh -v
OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014
@ server
which sshd
/usr/local/bin/sshd
sshd -v
unknown option -- V
OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014
usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-c host_cert_file]
[-E log_file] [-f config_file] [-g login_grace_time]
2002 Jun 07
1
[Bug 268] ssh-keysign build failure on AIX with gcc
http://bugzilla.mindrot.org/show_bug.cgi?id=268
------- Additional Comments From dtucker at zip.com.au 2002-06-07 17:34 -------
Created an attachment (id=108)
Conditionally define __progname in ssh-keysign.c
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
2002 Oct 15
3
OpenSSH 3.5 released
...Separation (Portability, Kerberos,
PermitRootLogin handling).
* ssh(1) prints out all known host keys for a host if it receives an
unknown host key of a different type.
* Fixed AES/Rijndael EVP integration for OpenSSL < 0.9.7 (caused
problems with bounds checking patches for gcc).
* ssh-keysign(8) is disabled by default and only enabled if the
HostbasedAuthentication option is enabled in the global ssh_config(5)
file.
* ssh-keysign(8) uses RSA blinding in order to avoid timing attacks
against the RSA host key.
* A use-after-free bug was fixed in ssh-keysign(8). This bug
broke h...
2002 Oct 15
3
OpenSSH 3.5 released
...Separation (Portability, Kerberos,
PermitRootLogin handling).
* ssh(1) prints out all known host keys for a host if it receives an
unknown host key of a different type.
* Fixed AES/Rijndael EVP integration for OpenSSL < 0.9.7 (caused
problems with bounds checking patches for gcc).
* ssh-keysign(8) is disabled by default and only enabled if the
HostbasedAuthentication option is enabled in the global ssh_config(5)
file.
* ssh-keysign(8) uses RSA blinding in order to avoid timing attacks
against the RSA host key.
* A use-after-free bug was fixed in ssh-keysign(8). This bug
broke h...
2002 Nov 15
3
apparent ssh_config fascism
...to its documented role as provider of defaults.
$ ssh -V
OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
$ cat .ssh/config
Host localhost
HostbasedAuthentication yes
PreferredAuthentications hostbased
$ ssh localhost
Hostbased authentication not enabled in /etc/ssh/ssh_config
ssh_keysign: no reply
key_sign failed
Permission denied (publickey,password,keyboard-interactive,hostbased).
The situation is rectified by enabling Hostbased authentication in
/etc/ssh/ssh_config (as the error message suggests), but this must be
done by the systems administrator. Why is the setting in .ssh/c...
2011 Jun 08
5
[Bug 1912] New: 5.8 ssh-keysign lacks ECDSA support
https://bugzilla.mindrot.org/show_bug.cgi?id=1912
Summary: 5.8 ssh-keysign lacks ECDSA support
Product: Portable OpenSSH
Version: 5.8p2
Platform: All
OS/Version: All
Status: NEW
Severity: critical
Priority: P2
Component: Miscellaneous
AssignedTo: unassigned-bugs at mindrot.org...
2018 Oct 22
2
[PATCH] ssh: Add missing openssl-compat.h where needed
OpenSSL_add_all_algorithms has been deprecated with 1.1. Compatibility
is needed.
Signed-off-by: Rosen Penev <rosenp at gmail.com>
---
ssh-keysign.c | 1 +
ssh_api.c | 2 ++
2 files changed, 3 insertions(+)
diff --git a/ssh-keysign.c b/ssh-keysign.c
index 744ecb4f..bcd1508c 100644
--- a/ssh-keysign.c
+++ b/ssh-keysign.c
@@ -40,6 +40,7 @@
#include <openssl/evp.h>
#include <openssl/rand.h>
#include <openssl/rsa.h>
+#in...
2002 Jun 26
0
[Bug 304] ssh-keysign memory freeing bug
http://bugzilla.mindrot.org/show_bug.cgi?id=304
markus at openbsd.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
------- Additional Comments From markus at openbsd.org 2002-06-27
2016 Feb 17
2
Call for testing: OpenSSH 7.2
On Wed, 17 Feb 2016, Tom G. Christensen wrote:
> On 12/02/16 04:56, Damien Miller wrote:
> > Portable OpenSSH is available via Git at
> > https://anongit.mindrot.org/openssh.git/ or via a mirror on Github at
> > https://github.com/openssh/openssh-portable
> >
>
> I'm seeing a hang in the testsuite on Solaris:
> run test transfer.sh ...
> transfer data: