search for: rmsh1216

...mmer attacks? Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: security Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org Reporter: rmsh1216 at 163.com A new vulnerability (CVE-2023-51767) in openssh has been published, but there seems to be no fix yet. NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-51767 -- You are receiving this mail because: You are watching the assignee of the bug.

...ts happen. Product: Portable OpenSSH Version: 9.1p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org Reporter: rmsh1216 at 163.com In general, ssh will call poll in client_wait_until_can_do_something to wait for poll events with setting timeout to -1. When ssh receives SIGTERM before poll, it will not exit as expected until some events happen or receiving new signals. client_loop client_wait_until_can_do_somet...

...n RFC protocol? Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: sftp Assignee: unassigned-bugs at mindrot.org Reporter: rmsh1216 at 163.com Hi, As we all known, we can execute some commands in local shell or escape to local shell by using '!'. However, I can't find the description in ssh protocols. If this feature is implemented based on an RFC protocol? Please let me know if it is. Thanks. Also, is there a se...

...n number? Product: Portable OpenSSH Version: -current Hardware: Other OS: Linux Status: NEW Severity: security Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org Reporter: rmsh1216 at 163.com Although I know that the sshv2 protocol, rfcrfc4253, describes Protocol Version Exchange, I would like to ask if openssh will consider adding a new switch to allow customers to choose to hide the specific version number of openssh or delete the specific version number in debug logs duri...

...Product: Portable OpenSSH Version: -current Hardware: Other OS: Windows 10 Status: NEW Severity: trivial Priority: P5 Component: ssh-agent Assignee: unassigned-bugs at mindrot.org Reporter: rmsh1216 at 163.com Disallow remote addition of FIDO/PKCS11 provider libraries to ssh-agent by default is introducted in the commit: https://github.com/openssh/openssh-portable/commit/1f2731f5d7a8f8a8385c6031667ed29072c0d92a In my opinion, it is unnecessary for us to check the value of nsession_ids, becau...

https://bugzilla.mindrot.org/show_bug.cgi?id=3526 Bug ID: 3526 Summary: Config option AddressFamily has no effect? Product: Portable OpenSSH Version: 9.0p1 Hardware: amd64 OS: Mac OS X Status: NEW Severity: trivial Priority: P5 Component: ssh Assignee: unassigned-bugs at

...ssh-agent? Product: Portable OpenSSH Version: 9.3p1 Hardware: All OS: All Status: NEW Severity: security Priority: P5 Component: ssh-agent Assignee: unassigned-bugs at mindrot.org Reporter: rmsh1216 at 163.com OpenSSH 9.3 was released on 2023-03-15 and the release fixed one security bug about adding martcard keys to ssh-agent(1) with the per-hop destination constraints (ssh-add -h ...) added in OpenSSH 8.9. https://www.openssh.com/releasenotes.html. I've learned about the destination cons...

...shd. Product: Portable OpenSSH Version: -current Hardware: All OS: Linux Status: NEW Severity: security Priority: P5 Component: sftp-server Assignee: unassigned-bugs at mindrot.org Reporter: rmsh1216 at 163.com Hi! When I try to ssh into an account with an expired password, I'm reminded and can change the password, as shown below, ``` # ssh user at ipaddress Authorized users only. All activities may be monitored and reported. user at ipaddress's password: You are required to change yo...

...userauth"? Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: trivial Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org Reporter: rmsh1216 at 163.com As mentioned in Section 4.7 of RFC2450, the'service name' is used to describe a protocol layer. as we all know, the USERAUTH REQUEST messages belong to the authentication protocol layer. According to my understanding, the service name in the message should be "ssh-userauth...

...TOCOL Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: trivial Priority: P5 Component: Documentation Assignee: unassigned-bugs at mindrot.org Reporter: rmsh1216 at 163.com Created attachment 3777 --> https://bugzilla.mindrot.org/attachment.cgi?id=3777&action=edit Correct the catalogue number of PROTOCOL The protocol number should be 1.10 instead of 1.9 which is documented in previous commit -- You are receiving this mail because: You are watch...

...it messages Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org Reporter: rmsh1216 at 163.com Created attachment 3817 --> https://bugzilla.mindrot.org/attachment.cgi?id=3817&action=edit Fix lost quit messages We should immediately output the buffered data to stderr after jumping out of the loop, rather than after sending the disconnect message, because we may have no c...

...ater attack? Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: security Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org Reporter: rmsh1216 at 163.com The Diffie-Hellman key agreement protocol allows a remote attacker (from the client) to send arbitrary numbers that are not actually public keys and trigger an expensive server-side DHE modular exponentiation, i.e., a D (HE) at or D (HE) ater attack. The issue has been flagged as a vuln...

...d Product: Portable OpenSSH Version: 9.1p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: Build system Assignee: unassigned-bugs at mindrot.org Reporter: rmsh1216 at 163.com Created attachment 3648 --> https://bugzilla.mindrot.org/attachment.cgi?id=3648&action=edit skip scp test multiplex test always failed if there's no scp on remote path, so just skip scp transfer over multiplexed connection -- You are receiving this mail because: You are...