similar to: [Bug 339] 3.4p1: UsePrivilegeSeparation breaks key fingerprint logging

Displaying 20 results from an estimated 50000 matches similar to: "[Bug 339] 3.4p1: UsePrivilegeSeparation breaks key fingerprint logging"

2002 Jul 08
0
[Bug 339] New: 3.4p1: UsePrivilegeSeparation breaks key fingerprint logging
http://bugzilla.mindrot.org/show_bug.cgi?id=339 Summary: 3.4p1: UsePrivilegeSeparation breaks key fingerprint logging Product: Portable OpenSSH Version: -current Platform: All URL: http://www.catnook.com/misc/sshd-key-fp-logging.txt OS/Version: Solaris Status: NEW Severity: normal
2017 Aug 06
3
deprecation of UsePrivilegeSeparation breaks container use cases
Hello, there are emerging container services that restrict regular users to launch containers under some random uid for security reasons. If such user needs sshd in their container, they need to turn off `UsePrivilegeSeparation` so that sshd is executed as the current uid and not `root`. I understand that privilege separation [1] is more than changing the process uid. On the other hand, it is
2002 Jun 27
3
UsePrivilegeSeparation: "fatal: xrealloc: out of memory"
I just upgraded to OpenSSH 3.4p1 from 2.5.2p2 to take advantage of privilege separation. After installation, when a user tries to login he gets dropped almost immediately. In the server's /var/log/messages: Jun 26 20:15:04 sclp3 sshd[6433]: Accepted password for jason from 128.165.148.66 port 41871 ssh2 Jun 26 20:15:12 sclp3 jason[110]: sshd[6444]: fatal: xrealloc: out of memory (new_size
2002 Aug 09
0
Logging of key fingerprint / comment with 3.4p1
Fwiw, I filed a bug report on this earlier (339). -- Jos Backus <josb at microsoft.com> WebTV Networks, Inc., Mountain View, CA
2002 Aug 08
2
Logging of key fingerprint / comment with v3.4p1
Hi, I'm wondering whether it is possible to log the key fingerprint (or, the comment of the key) that was used for authentication) with the actual available openssh v3.4p1 on solaris? (with Solaris 8 / UsePrivilegeSeparation yes, if this might be relevant, it seems not) -Is it possible at all? How? -Is there a special sshd configuration option neccessary to use? -Does is only work with a
2013 Mar 24
6
[Bug 2082] New: Please add pubkey fingerprint to authentication log message
https://bugzilla.mindrot.org/show_bug.cgi?id=2082 Bug ID: 2082 Summary: Please add pubkey fingerprint to authentication log message Classification: Unclassified Product: Portable OpenSSH Version: 6.2p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5
2005 Sep 07
4
[Bug 1080] 4.1p1 to 4.2p1 broke UsePrivilegeSeparation on HPUX
http://bugzilla.mindrot.org/show_bug.cgi?id=1080 Summary: 4.1p1 to 4.2p1 broke UsePrivilegeSeparation on HPUX Product: Portable OpenSSH Version: 4.2p1 Platform: HPPA OS/Version: HP-UX Status: NEW Severity: security Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org
2013 Oct 01
2
sshd accepted fingerprint logging
Currently, LogLevel must be set to VERBOSE to see the fingerprint of an accepted key, and the default LogLevel is INFO. Since this is useful security information, I would like to propose that the 'Accepted publickey' message be modified to include the fingerprint of the accepted key. Is this a reasonable solution? Here is an example log snippet with LogLevel VERBOSE: Oct 1 15:23:24
2016 Jul 21
4
Openssh use enumeration
On Wed, Jul 20, 2016 at 09:02:57PM -0600, Selphie Keller wrote: > I wonder if could be useful to set the fall back account to something user > defined to avoid suggesting people add passwords to root, though I do like > root since the account is always there, Since committing that diff I've heard of people running in production with no root password (ie *LK*, !! or similar).
2002 May 28
5
Problems with UsePrivilegeSeparation (was: port fwd as user != root?
I just upgraded to OpenSSH3.2.3p1 as it seemed that UsePrivilegeSeparation yes might help with my problem (connections forwarded are owned by root instead of the user I logged in as on the server), but instead, sshd barfs on receiving a connection. Without UsePrivilegeSeparation the server works fine. # strace -o /tmp/sshd.str sshd -d debug1: sshd version OpenSSH_3.2.3p1 debug1: private host
2016 Feb 05
0
[Bug 1863] fingerprint for key for stdin
https://bugzilla.mindrot.org/show_bug.cgi?id=1863 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED CC| |djm at mindrot.org Status|NEW
2008 Jun 23
2
sshd key comment logging
Hi, I admin a box that has Subversion users authenticate with public keys to a restricted 'svnuser' account. The comment field of all the keys describe who they belong to (it has their usernames), but unfortunately, sshd does not log this when a user successfully authenticates: Jun 21 08:18:22 localhost sshd[23636]: Accepted publickey for svnuser from x.x.x.x port 2065 ssh2 Jun
2013 Oct 31
9
[Bug 2167] New: Connection remains when fork() fails.
https://bugzilla.mindrot.org/show_bug.cgi?id=2167 Bug ID: 2167 Summary: Connection remains when fork() fails. Product: Portable OpenSSH Version: 5.3p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at
2011 Jul 02
2
Logging the suggested algorithms of the client during key exchange
Hello, for a research project I am trying to log the algorithms suggested by the client during key exchange. I am using the source of version 5.8p2. I figured the function kex_buf2prop() in kex.c might be the place to log that information. I am calling logit() within the for loop -> for (i = 0; i < PROPOSAL_MAX; i++) { proposal[i] =
2007 Mar 22
1
ChallengeResponseAuthentication defaults to no?
Hello, I have just installed OpenSSH 4.6p1 and it appears that ChallengeResponseAuthentication is not allowed unless I explicitly set it to "yes" in the sshd_config file. I am using the same config file as I did with 4.5p1 where it was allowed by default. Also, this is OpenSSH package from sunfreeware, but I believe that both versions were compiled with the same options. Is this the
2002 Jun 26
5
[PATCH] improved chroot handling
There are a couple of niggles with the sandboxing of the unprivileged child in the privsep code: the empty directory causes namespace pollution, and it requires care to ensure that it is set up properly and remains set up properly. The patch below (against the portable OpenSSH, although the patch against the OpenBSD version is very similar) replaces the fixed empty directory with one that is
2016 Dec 13
15
[Bug 2646] New: zombie processes when using privilege separation
https://bugzilla.mindrot.org/show_bug.cgi?id=2646 Bug ID: 2646 Summary: zombie processes when using privilege separation Product: Portable OpenSSH Version: 7.2p2 Hardware: ix86 OS: Linux Status: NEW Severity: minor Priority: P5 Component: sshd Assignee: unassigned-bugs at
2017 Mar 27
2
Is support being removed for ordinary users to run sshd?
Hello Darren, Could you comment on this issue being raised by myself and Corinna Vinschen? This will create big problems for me. I'm not clear if this is a conscious decision supported by solid reasons or if it is just collateral damage. Thank you for all you work! Jack DoDDs -------- Original Message -------- Date: Mon, 27 Mar 2017 16:31:03 +0200 Subject: Re: Announce: OpenSSH 7.5
2016 Aug 02
0
[Bug 1863] fingerprint for key for stdin
https://bugzilla.mindrot.org/show_bug.cgi?id=1863 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #2 from Damien Miller <djm at mindrot.org> --- Close all resolved bugs after 7.3p1 release
2002 Jun 21
5
[Bug 283] UsePrivilegeSeparation fails on AIX, Couldn't set usrinfo:
http://bugzilla.mindrot.org/show_bug.cgi?id=283 ------- Additional Comments From janfrode at parallab.uib.no 2002-06-22 09:00 ------- hmm, I lost part of a sentence there.. I meant to say that commenting out: if (usrinfo(SETUINFO, cp, i) == -1) fatal("Couldn't set usrinfo: %s", strerror(errno)); from openbsd-compat/port-aix.c makes sshd function with