Displaying 20 results from an estimated 50000 matches similar to: "[Bug 339] 3.4p1: UsePrivilegeSeparation breaks key fingerprint logging"
2002 Jul 08
0
[Bug 339] New: 3.4p1: UsePrivilegeSeparation breaks key fingerprint logging
http://bugzilla.mindrot.org/show_bug.cgi?id=339
Summary: 3.4p1: UsePrivilegeSeparation breaks key fingerprint
logging
Product: Portable OpenSSH
Version: -current
Platform: All
URL: http://www.catnook.com/misc/sshd-key-fp-logging.txt
OS/Version: Solaris
Status: NEW
Severity: normal
2017 Aug 06
3
deprecation of UsePrivilegeSeparation breaks container use cases
Hello,
there are emerging container services that restrict regular users to
launch containers under some random uid for security reasons. If such
user needs sshd in their container, they need to turn off
`UsePrivilegeSeparation` so that sshd is executed as the current uid
and not `root`.
I understand that privilege separation [1] is more than changing the
process uid. On the other hand, it is
2002 Jun 27
3
UsePrivilegeSeparation: "fatal: xrealloc: out of memory"
I just upgraded to OpenSSH 3.4p1 from 2.5.2p2 to take advantage of
privilege separation. After installation, when a user tries to login
he gets dropped almost immediately. In the server's
/var/log/messages:
Jun 26 20:15:04 sclp3 sshd[6433]: Accepted password for jason from 128.165.148.66 port 41871 ssh2
Jun 26 20:15:12 sclp3 jason[110]: sshd[6444]: fatal: xrealloc: out of memory (new_size
2002 Aug 09
0
Logging of key fingerprint / comment with 3.4p1
Fwiw, I filed a bug report on this earlier (339).
--
Jos Backus <josb at microsoft.com>
WebTV Networks, Inc., Mountain View, CA
2002 Aug 08
2
Logging of key fingerprint / comment with v3.4p1
Hi,
I'm wondering whether it is possible to log the key fingerprint (or, the comment of the key) that was used for authentication) with the actual available openssh v3.4p1 on solaris?
(with Solaris 8 / UsePrivilegeSeparation yes, if this might be relevant, it seems not)
-Is it possible at all? How?
-Is there a special sshd configuration option neccessary to use?
-Does is only work with a
2013 Mar 24
6
[Bug 2082] New: Please add pubkey fingerprint to authentication log message
https://bugzilla.mindrot.org/show_bug.cgi?id=2082
Bug ID: 2082
Summary: Please add pubkey fingerprint to authentication log
message
Classification: Unclassified
Product: Portable OpenSSH
Version: 6.2p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
2005 Sep 07
4
[Bug 1080] 4.1p1 to 4.2p1 broke UsePrivilegeSeparation on HPUX
http://bugzilla.mindrot.org/show_bug.cgi?id=1080
Summary: 4.1p1 to 4.2p1 broke UsePrivilegeSeparation on HPUX
Product: Portable OpenSSH
Version: 4.2p1
Platform: HPPA
OS/Version: HP-UX
Status: NEW
Severity: security
Priority: P2
Component: sshd
AssignedTo: bitbucket at mindrot.org
2013 Oct 01
2
sshd accepted fingerprint logging
Currently, LogLevel must be set to VERBOSE to see the fingerprint of an
accepted key, and the default LogLevel is INFO. Since this is useful
security information, I would like to propose that the 'Accepted
publickey' message be modified to include the fingerprint of the
accepted key. Is this a reasonable solution?
Here is an example log snippet with LogLevel VERBOSE:
Oct 1 15:23:24
2016 Jul 21
4
Openssh use enumeration
On Wed, Jul 20, 2016 at 09:02:57PM -0600, Selphie Keller wrote:
> I wonder if could be useful to set the fall back account to something user
> defined to avoid suggesting people add passwords to root, though I do like
> root since the account is always there,
Since committing that diff I've heard of people running in production
with no root password (ie *LK*, !! or similar).
2002 May 28
5
Problems with UsePrivilegeSeparation (was: port fwd as user != root?
I just upgraded to OpenSSH3.2.3p1 as it seemed that
UsePrivilegeSeparation yes
might help with my problem (connections forwarded
are owned by root instead of the user I logged in as
on the server), but instead, sshd barfs on receiving
a connection. Without UsePrivilegeSeparation
the server works fine.
# strace -o /tmp/sshd.str sshd -d
debug1: sshd version OpenSSH_3.2.3p1
debug1: private host
2016 Feb 05
0
[Bug 1863] fingerprint for key for stdin
https://bugzilla.mindrot.org/show_bug.cgi?id=1863
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
CC| |djm at mindrot.org
Status|NEW
2008 Jun 23
2
sshd key comment logging
Hi,
I admin a box that has Subversion users authenticate with public keys
to a restricted 'svnuser' account. The comment field of all the keys
describe who they belong to (it has their usernames), but unfortunately,
sshd does not log this when a user successfully authenticates:
Jun 21 08:18:22 localhost sshd[23636]: Accepted publickey for svnuser
from x.x.x.x port 2065 ssh2
Jun
2013 Oct 31
9
[Bug 2167] New: Connection remains when fork() fails.
https://bugzilla.mindrot.org/show_bug.cgi?id=2167
Bug ID: 2167
Summary: Connection remains when fork() fails.
Product: Portable OpenSSH
Version: 5.3p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-bugs at
2011 Jul 02
2
Logging the suggested algorithms of the client during key exchange
Hello,
for a research project I am trying to log the algorithms suggested by the
client during key exchange.
I am using the source of version 5.8p2. I figured the function
kex_buf2prop() in kex.c might be the place to log that information. I am
calling logit() within the for loop ->
for (i = 0; i < PROPOSAL_MAX; i++) {
proposal[i] =
2007 Mar 22
1
ChallengeResponseAuthentication defaults to no?
Hello,
I have just installed OpenSSH 4.6p1 and it appears that ChallengeResponseAuthentication is not allowed unless I explicitly set it to "yes" in the sshd_config file. I am using the same config file as I did with 4.5p1 where it was allowed by default. Also, this is OpenSSH package from sunfreeware, but I believe that both versions were compiled with the same options.
Is this the
2002 Jun 26
5
[PATCH] improved chroot handling
There are a couple of niggles with the sandboxing of the unprivileged
child in the privsep code: the empty directory causes namespace pollution,
and it requires care to ensure that it is set up properly and remains set
up properly. The patch below (against the portable OpenSSH, although the
patch against the OpenBSD version is very similar) replaces the fixed
empty directory with one that is
2016 Dec 13
15
[Bug 2646] New: zombie processes when using privilege separation
https://bugzilla.mindrot.org/show_bug.cgi?id=2646
Bug ID: 2646
Summary: zombie processes when using privilege separation
Product: Portable OpenSSH
Version: 7.2p2
Hardware: ix86
OS: Linux
Status: NEW
Severity: minor
Priority: P5
Component: sshd
Assignee: unassigned-bugs at
2017 Mar 27
2
Is support being removed for ordinary users to run sshd?
Hello Darren,
Could you comment on this issue being raised by myself and
Corinna Vinschen?
This will create big problems for me.
I'm not clear if this is a conscious decision supported by solid
reasons or if it is just collateral damage.
Thank you for all you work!
Jack DoDDs
-------- Original Message --------
Date: Mon, 27 Mar 2017 16:31:03 +0200
Subject: Re: Announce: OpenSSH 7.5
2016 Aug 02
0
[Bug 1863] fingerprint for key for stdin
https://bugzilla.mindrot.org/show_bug.cgi?id=1863
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #2 from Damien Miller <djm at mindrot.org> ---
Close all resolved bugs after 7.3p1 release
2002 Jun 21
5
[Bug 283] UsePrivilegeSeparation fails on AIX, Couldn't set usrinfo:
http://bugzilla.mindrot.org/show_bug.cgi?id=283
------- Additional Comments From janfrode at parallab.uib.no 2002-06-22 09:00 -------
hmm, I lost part of a sentence there.. I meant to say that commenting out:
if (usrinfo(SETUINFO, cp, i) == -1)
fatal("Couldn't set usrinfo: %s", strerror(errno));
from openbsd-compat/port-aix.c makes sshd function with