similar to: [Bug 416] problems with sshd starting up and hostkeys

http://bugzilla.mindrot.org/show_bug.cgi?id=416 Summary: problems with sshd starting up and hostkeys Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: Linux Status: NEW Severity: major Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy:

Wonder if you guys could help me out...have a security problem with sshd wich enables a user to do a password login tough the sshd_config states PasswordAuthentication no My config works fine in both gentoo and openbsd 3.3 but users are able to login with tunneled clear text passwords in both 4.9 and 5.1 Im lost.tried everything I can think of. Here is the config:

This (very quick) patch allows you to connect with the commercial ssh.com windows client and use x509 certs for hostkeys. You have to import your CA cert (ca.crt) in the windows client and certify your hostkey: $ cat << 'EOF' > x509v3.cnf CERTPATHLEN = 1 CERTUSAGE = digitalSignature,keyCertSign CERTIP = 0.0.0.0 [x509v3_CA]

http://bugzilla.mindrot.org/show_bug.cgi?id=179 markus at openbsd.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED ------- Additional Comments From markus at openbsd.org 2002-03-22 22:37 ------- hm, sshd is not sending channel data after

http://bugzilla.mindrot.org/show_bug.cgi?id=216 ------- Additional Comments From markus at openbsd.org 2002-04-16 02:34 ------- please test against latest snapshot. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=412 markus at openbsd.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WORKSFORME ------- Additional Comments From markus at openbsd.org 2002-10-12

http://bugzilla.mindrot.org/show_bug.cgi?id=184 Summary: 3.1p1 openssh fails to build a working sshd on Trusted HP-UX 10.26 Product: Portable OpenSSH Version: -current Platform: HPPA OS/Version: HP-UX Status: NEW Severity: major Priority: P2 Component: sshd AssignedTo:

Hello, I'm running OpenBSD 2.9 (-rOPENBSD_2_9) on i386. Remote port forwarding doesn't work. Attached are 2 logs of ssh -v -R2828:localhost:22 localhost and sshd -p 2222 -d Note that server tries to forward to Connection to port 2828 forwarding to 0.0.0.0 port 0 requested. instead of localhost port 22 as it should. what ssh, what sshd and /etc/sshd_config are also attached. Thanks

http://bugzilla.mindrot.org/show_bug.cgi?id=3 markus at openbsd.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |INVALID ------- Additional Comments From markus at openbsd.org 2001-10-23

http://bugzilla.mindrot.org/show_bug.cgi?id=173 Summary: sshd does not listen on tcp-socket, though GatewayPorts yes Product: Portable OpenSSH Version: 3.1p1 Platform: UltraSparc OS/Version: SunOS Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just uploaded 1.2pre13 to http://violet.ibs.com.au/openssh/ Imporant changes: - - Fixes a single-byte buffer overrun in the PAM code. - - Quite a bit more Solaris support. EGD should work now (please test). - - Lots more autoconf options to enable Kerberos, AFS, TCP Wrappers and S/Key (all untested). - - MD5 passwords for Slackware Linux

I have just uploaded a new snapshot to: http://www.mindrot.org/misc/openssh/openssh-SNAP-20001114.tar.gz This snapshot includes Markus Friedl's new SSH2 RSA authentication work and -R portforwarding for SSH2. Please give these a good test. The new RSA authentications works similar to the current SSH2 DSA keys, but requires a little modification to config files. Currently RSA key cannot be

http://bugzilla.mindrot.org/show_bug.cgi?id=113 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WORKSFORME ------- Additional Comments From djm at mindrot.org 2002-04-17 12:45

Hi, Tavis Ormandy found some bugs in OpenSSL's ASN.1 and buffer code that can be exploited to cause a heap overflow: http://lists.grok.org.uk/pipermail/full-disclosure/2012-April/086585.html Fortunately OpenSSH's sshd is not vulnerable - it has avoided the use of ASN.1 parsing since 2002 when Markus wrote a custom RSA verification function (openssh_RSA_verify):

http://bugzilla.mindrot.org/show_bug.cgi?id=132 markus at openbsd.org changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|markus at openbsd.org |openssh-unix-dev at mindrot.org ------- You are receiving this mail because: ------- You are the assignee for the bug, or are

For those following the portable CVS tree.. I'd suggest holding off for a day or so unless you really want to get dirty. I just commited 32 patches from the OpenBSD tree, but have not worked out all the issues (due to Linux brain damage <sigh..Faster OpenBSD gets SMP..the happer I'll be>). The two things that need to be finished integrated in the configure.in is KRB5 and

http://bugzilla.mindrot.org/show_bug.cgi?id=396 ------- Additional Comments From markus at openbsd.org 2003-06-05 00:09 ------- sending signals could be dangerous, depending on the permissions of the sending process, e.g. a root-owned sshd sending to a setuid process. but i'm not sure. we had similar code there before. ------- You are receiving this mail because: ------- You are the

http://bugzilla.mindrot.org/show_bug.cgi?id=289 Summary: mmap error when trying to use 3.3p1 with privsep Product: Portable OpenSSH Version: 3.1p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: major Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org

http://bugzilla.mindrot.org/show_bug.cgi?id=393 markus at openbsd.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |INVALID ------- Additional Comments From markus at openbsd.org 2002-09-11

I have just uploaded a new snapshot to http://www.mindrot.org/misc/openssh/ Snapshot production is now automated - new snapshots will be made at about 4:30 am (Australian Eastern time) and will be available from the URL above. This snapshot consists of mainly minor fixes over the previous. The race when sshd exits which was causing data loss (as evidenced by "ssh localhost dd