search for: kuthan

...figured Product: Portable OpenSSH Version: 7.3p1 Hardware: Sparc OS: Solaris Status: NEW Severity: minor Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org Reporter: tomas.kuthan at oracle.com When IPv6 loopback is disabled on a host, X11 forwarding fails. tomas at tkuthan-cz:~$ ipadm show-addr lo0 ADDROBJ TYPE STATE ADDR lo0/v4 static ok 127.0.0.1/8 tomas at tkuthan-cz:~$ ssh -XY localhost xterm...

...Product: Portable OpenSSH Version: 6.8p1 Hardware: Sparc OS: Solaris Status: NEW Severity: enhancement Priority: P5 Component: Build system Assignee: unassigned-bugs at mindrot.org Reporter: tomas.kuthan at oracle.com Make it possible to build OpenSSH without Curve25519 support. -- You are receiving this mail because: You are watching the assignee of the bug.

...olaris Product: Portable OpenSSH Version: 6.7p1 Hardware: Sparc OS: Solaris Status: NEW Severity: normal Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org Reporter: tomas.kuthan at oracle.com Created attachment 2497 --> https://bugzilla.mindrot.org/attachment.cgi?id=2497&action=edit Patch disabling uid=0 resetting test on Solaris After the server process drops uid=0, a test is made to make sure uid=0 cannot be reclaimed. On Solaris, if a user is granted ALL pri...

...s dies. Product: Portable OpenSSH Version: 7.5p1 Hardware: Sparc OS: Solaris Status: NEW Severity: minor Priority: P5 Component: sftp Assignee: unassigned-bugs at mindrot.org Reporter: tomas.kuthan at oracle.com When ssh transport process dies (e.g. if remote side hangs up), the user does not learn about it, until they try to execute the next remote command. The sftp process has this information available; it would be prudent to let the user know. -- You are receiving this mail because:...

...Product: Portable OpenSSH Version: 7.5p1 Hardware: Sparc OS: Solaris Status: NEW Severity: enhancement Priority: P5 Component: sftp-server Assignee: unassigned-bugs at mindrot.org Reporter: tomas.kuthan at oracle.com Implement new sftp-server option '-t idle_timeout'. When there is no user activity for idle_timeout seconds, sftp session is forcibly closed by the server. By default there is no time limit. -- You are receiving this mail because: You are watching the assignee of the bug.

...Product: Portable OpenSSH Version: 6.8p1 Hardware: Sparc OS: Solaris Status: NEW Severity: enhancement Priority: P5 Component: PAM support Assignee: unassigned-bugs at mindrot.org Reporter: tomas.kuthan at oracle.com When remote roles are allowed by PAM configuration, OpenSSH should allow login to a role for hostbased authentication. E.g. - if local user testuser has been assigned role testrole - and hostbased authentication has been configured for remote host - and local PAM account stack lists...

...ssified Product: Portable OpenSSH Version: 6.0p1 Hardware: Sparc OS: Solaris Status: NEW Severity: normal Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org Reporter: tomas.kuthan at oracle.com Created attachment 2264 --> https://bugzilla.mindrot.org/attachment.cgi?id=2264&action=edit Bug fix based on Solaris Studio #pragma There is an alignment issue in UMAC implementation, which can cause crash in ssh binary on sparc. Static variable m is defined in mac.c as an...

...Product: Portable OpenSSH Version: 7.2p1 Hardware: Sparc OS: Solaris Status: NEW Severity: major Priority: P5 Component: PAM support Assignee: unassigned-bugs at mindrot.org Reporter: tomas.kuthan at oracle.com The way PAM is implemented in OpenSSH makes pam_set_data unusable for passing data between PAM stacks. This is causing issues with multiple PAM modules: - with pam_zfs_key it precludes mounting encrypted home dirs - with pam_krb5 it precludes storing TGT in user cache and registerin...

...Product: Portable OpenSSH Version: 7.3p1 Hardware: Sparc OS: Solaris Status: NEW Severity: minor Priority: P5 Component: Kerberos support Assignee: unassigned-bugs at mindrot.org Reporter: tomas.kuthan at oracle.com When GSSAPIStrictAcceptorCheck is not explicitely specified, the default value should be yes. It is documented in sshd_config(5) this way and it preserves original behavior. Also GSSAPIStrictAcceptorCheck=no interacts poorly with GSSAPIKeyExchange, where it make the server willing...

...y on EPIPE Product: Portable OpenSSH Version: 7.1p1 Hardware: All OS: Solaris Status: NEW Severity: major Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org Reporter: tomas.kuthan at oracle.com When there is a connectivity problem between the server and the client (network outage, server crash or reboot), the client indefinitely hangs. Trace: -> packet_write_wait(0xa8706c360, 0x0, 0x0, 0x0, 0x0, 0x600000) -> ssh_packet_write_wait(0xa870151e0, 0x0, 0x0, 0x0, 0x0,...

...Product: Portable OpenSSH Version: 6.8p1 Hardware: Sparc OS: Solaris Status: NEW Severity: normal Priority: P5 Component: Kerberos support Assignee: unassigned-bugs at mindrot.org Reporter: tomas.kuthan at oracle.com #include <signal.h> has been removed from kex.h. On Solaris, this causes a compilation error due to sig_atomic_t type being undefined. /usr/gcc/4.7/bin/gcc -m64 -O3 -DSET_USE_PAM -DDEPRECATE_SUNSSH_OPT -DKRB5_BUILD_FIX -DDTRACE_SFTP -DDISABLE_BANNER -DPAM_ENHANCEMENT -DPAM_B...

https://bugzilla.mindrot.org/show_bug.cgi?id=2565 Bug ID: 2565 Summary: High baud rate gets sent, solaris closes pty Product: Portable OpenSSH Version: 7.1p2 Hardware: Sparc OS: Solaris Status: NEW Severity: minor Priority: P5 Component: sshd Assignee: unassigned-bugs at

...Product: Portable OpenSSH Version: 7.1p2 Hardware: Sparc OS: Solaris Status: NEW Severity: enhancement Priority: P5 Component: PAM support Assignee: unassigned-bugs at mindrot.org Reporter: tomas.kuthan at oracle.com Currently OpenSSH runs pam_setcred with 'fake' conversation function sshpam_store_conv. If some PAM module actually tries to converse for pam_setcred, sshpam_store_conv fails with PAM_CONV_ERR. But there are/will be real world PAM modules, that actually need to converse for...

https://bugzilla.mindrot.org/show_bug.cgi?id=2278 Bug ID: 2278 Summary: 'configure --disable-lastlog' should mark PrintLastLog as unsupported in servconf.c Product: Portable OpenSSH Version: 6.6p1 Hardware: All OS: Solaris Status: NEW Severity: minor Priority: P5

https://bugzilla.mindrot.org/show_bug.cgi?id=688 Tomas Kuthan <tomas.kuthan at oracle.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |tomas.kuthan at oracle.com -- You are receiving this mail because: You...

...essages Product: Portable OpenSSH Version: 7.1p1 Hardware: Sparc OS: Solaris Status: NEW Severity: normal Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org Reporter: tomas.kuthan at oracle.com After code refactoring for library-like interfaces, error messages are no longer printed for DSA_do_sign() or RSA_sign() failures in some code paths. When investigating error messaging for signing failures I also noticed, that incorrect messages are printed for sshkey_from_blob() an...

...Product: Portable OpenSSH Version: 7.1p1 Hardware: Sparc OS: Solaris Status: NEW Severity: enhancement Priority: P5 Component: Miscellaneous Assignee: unassigned-bugs at mindrot.org Reporter: tomas.kuthan at oracle.com After code refactoring for library-like interfaces,OpenSSL error string were replaced by generic and vague "error in libcrypto" message. This enhancement asks for returning OpenSSL error strings for SSH_ERR_LIBCRYPTO_ERROR errors. -- You are receiving this mail because:...

...Product: Portable OpenSSH Version: 6.4p1 Hardware: Sparc OS: Solaris Status: NEW Severity: enhancement Priority: P5 Component: Build system Assignee: unassigned-bugs at mindrot.org Reporter: tomas.kuthan at oracle.com Created attachment 2384 --> https://bugzilla.mindrot.org/attachment.cgi?id=2384&action=edit Modify configure to define BROKEN_BSM_API on Solaris version > 11 There is a code in audit-bsm.c to deal with Solaris 11 API changes in audit. This code is guarded by BROKEN_BSM_A...

On 05/29/17 04:13 AM, Damien Miller wrote: > On Fri, 26 May 2017, Tomas Kuthan wrote: > >> Hi team, >> >> Any chance my patch introducing new sftp-server option '-t idle_timout' [1,2] >> could be accepted into openssh/openssh-portable? > > I think the best place to implement a idle timeout is in sshd. Then it > could be made per-cha...

...ached Product: Portable OpenSSH Version: 7.3p1 Hardware: Sparc OS: Solaris Status: NEW Severity: trivial Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org Reporter: tomas.kuthan at oracle.com When MaxStartups of unauthenticated concurrent connections is hit, additional connections are dropped. Dropped connections should be logged. Server administrator should be able to find this information and might be interested in details. -- You are receiving this mail because: Yo...