similar to: RSA1 fingerprinting and privsep

Hello there! I have made a patch against OpenSSH 3.0.2p1 which allows the fingerprint of the accepted key to be printed in the log message. It works with SSH1-RSA and SSH2 pubkey (DSA+RSA) authentication. This feature is controllable by the LogKeyFingerprint config option (turned off by default). Michal Kara -------------- next part -------------- diff -u5

On Fri, Jun 04, 2004 at 01:20:54PM -0400, Joey Hess wrote: > My colocated server was refusing both ssh and ssl telnet connections. > It looked like this: > > joey:~>ssh -v kite > OpenSSH_3.8.1p1 Debian 1:3.8.1p1-4, OpenSSL 0.9.7d 17 Mar 2004 > debug1: Reading configuration data /home/joey/.ssh/config > debug1: Applying options for kite > debug1: Reading configuration

http://bugzilla.mindrot.org/show_bug.cgi?id=459 Summary: ssh-keygen doesn't know how to export private keys Product: Portable OpenSSH Version: 3.5p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: ssh-keygen AssignedTo: openssh-unix-dev at mindrot.org

https://bugzilla.mindrot.org/show_bug.cgi?id=2369 Bug ID: 2369 Summary: `ssh-keygen -A` errors on RSA1 when building with SSH1 disabled Product: Portable OpenSSH Version: 6.9p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: ssh-keygen

It was suggested to me that I forward this message to you. ---------- Forwarded Message ---------- Subject: privsep in ssh Date: Fri, 19 Sep 2003 12:22 From: Russell Coker <russell at coker.com.au> To: SE Linux <selinux at tycho.nsa.gov> Cc: Colin Watson <cjwatson at debian.org> #ifdef DISABLE_FD_PASSING if (1) { #else if (authctxt->pw->pw_uid == 0 ||

https://bugzilla.mindrot.org/show_bug.cgi?id=2686 Bug ID: 2686 Summary: SSHD segfaults when trying to load RSA1 host keys Product: Portable OpenSSH Version: 7.4p1 Hardware: Other OS: Linux Status: NEW Keywords: patch Severity: enhancement Priority: P5 Component: sshd

Hi, Can anyone remind me of why FallbackToRsh was removed? I've just had a somewhat irate Debian bug report about it, and don't really have enough information to respond properly. Thanks, -- Colin Watson [cjwatson at flatline.org.uk]

Since packaging OpenSSH 3.8p1 for Debian, I've got a flood of bug reports and confusion about the new untrusted X client configuration. At least part of this seems to be the short (2 minutes!) timeout on the cookie, so that if you're impatient like me and open a connection to a machine that takes a little while to do the key exchange, go off and do something in another window in the

On Fri, Oct 03, 2003 at 09:21:29AM -0500, Dirk Eddelbuettel wrote: > On Fri, Oct 03, 2003 at 08:29:31AM -0500, Douglas Bates wrote: > > edd@debian.org writes: > > > Confirmed. I will pass that along to the R team. As 1.8.0 is in > > > code freeze, this may not get addressed, unfortunately. > > > > I believe Ross Ihaka has already detected and fixed this

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greetings, I am not sure if this is the correct place to ask these question, if I am at the wrong place please advise. I am currently working on some modifications to openssh which record the users rsa/dsa identity comment file to a log file when the user logs in (password authentication is disabled). The ssh1 portion of the modification works

https://bugzilla.mindrot.org/show_bug.cgi?id=1712 Summary: partial server keep-alive implementation for SSH1 Product: Portable OpenSSH Version: 5.3p1 Platform: Other OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: ssh AssignedTo: unassigned-bugs at mindrot.org

http://bugzilla.mindrot.org/show_bug.cgi?id=354 ------- Additional Comments From cjwatson at debian.org 2003-01-03 02:42 ------- Alternatively, perhaps sshd could be configured to setrlimit() everything up to RLIM_INFINITY after forking but before giving up root privileges. It could then rely on pam_limits to set limits back down if the administrator wants that, which would work even with

please test Olaf Kirch's patch. it looks fine to me, but i don't to K5. i'd like to see this in the next release. thx -m -------------- next part -------------- --- openssh-3.4p1/auth-krb5.c.krb Sun Jun 9 21:41:48 2002 +++ openssh-3.4p1/auth-krb5.c Tue Jul 23 15:15:43 2002 @@ -73,18 +73,17 @@ * from the ticket */ int -auth_krb5(Authctxt *authctxt, krb5_data *auth, char

This privsepifies OSF/1 SIA, but I'm still being told the same error occurs. I'm stumped. Without an OSF/1 box near me I can't do too much more help unless someone can either tell me what is wrong or show me why SIA is failing in their logs. (And tell me if it's different w/ or w/out this patch) - Ben Index: auth-sia.c

Ok.. I need wider testing for this. I'm getting reports back it works mostly. 'ssh site ls' fails, but they can login with Privsep enbled. Can I get those who are using Tru64 or OSF/1 that have SIA enabled to test? This should apple to either -cvs or the current snapshot (I would perfer not to use 3.4p1 due to bugs). I'm going on a trip next week and will be around very spotty

Hi, This diff (for portable) makes the chrooted preauth privsep process log via the monitor using a shared socketpair. It removes the need for /dev/log inside /var/empty and makes mandatory sandboxing of the privsep child easier down the road (no more socket() syscall required). Please test. -d Index: log.c =================================================================== RCS file:

https://bugzilla.mindrot.org/show_bug.cgi?id=2513 Bug ID: 2513 Summary: Do not mention rsa1 key type in ssh-keygen usage & in manual pages Product: Portable OpenSSH Version: 7.1p1 Hardware: Other OS: Linux Status: NEW Keywords: patch Severity: enhancement

http://bugzilla.mindrot.org/show_bug.cgi?id=747 Summary: host authentication requires RSA1 keys Product: Portable OpenSSH Version: 3.7.1p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Documentation AssignedTo: openssh-bugs at mindrot.org ReportedBy:

Either this never made it to the list or no one cares about Tru64. This is the last time I'll send this patch to the list. If no one steps up and finishes it or provides me with enough information to fix any remaining bugs (one being complaint that 'ssh site cmd' does not work right). If there is no activity on this for a week. I'll post it to bugzilla and will ignore any

https://bugzilla.mindrot.org/show_bug.cgi?id=626 Colin Watson <cjwatson at debian.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |cjwatson at debian.org --- Comment #3 from Colin Watson <cjwatson at debian.org> --- Isn't this fixed in