similar to: [PATCH] permitremoteopen - to limit remote port forwarding per user

The problem I am seeing was introduced between 6.4p1 and 6.5p1 (and still exists in 6.6p1). With HostbasedAuthentication/EnableSSHKeysign turned on, I am seeing one of two sets of messages: no matching hostkey found ssh_keysign: no reply key_sign failed and not a valid request ssh_keysign: no reply key_sign failed Then in either case two password prompts: bowman at HOST.math.utah.edu's

https://bugzilla.mindrot.org/show_bug.cgi?id=2038 Priority: P5 Bug ID: 2038 Assignee: unassigned-bugs at mindrot.org Summary: permitopen functionality but for remote forwards Severity: enhancement Classification: Unclassified OS: Other Reporter: damonswirled at gmail.com Hardware: Other

Hi, we got a report on the Cygwin mailing list showing that there's a spurious error message when using the -W option. This didn't occur with OpenSSH 6.4p1. Here's an example: $ ssh machine1 -W machine2:22 getsockname failed: Bad file descriptor SSH-2.0-OpenSSH_6.1 The error message is a result of getsockname being called with a file descriptor -1. The call stack at the

https://bugzilla.mindrot.org/show_bug.cgi?id=2716 Bug ID: 2716 Summary: [PATCH] Add "permitlisten" support for -R style forward Product: Portable OpenSSH Version: 7.5p1 Hardware: amd64 OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd

I have been using OpenSSH clients against a number of embedded SSH servers with no problem up till now. Starting with version 6.4p1 password authentication has stopped working against such servers. What happens is that the client enters an infinite loop during the authentication phase. I built OpenSSH 5.9p1 and 6.4p1 in a Linux box so that the client prints out to the screen all of the SSH

I just installed 'openssh-6.5p1' on a Solaris 10 system, and when attempting to 'ssh' anywhere as anybody from the 'root' account, I get a segmentation fault. Debug output as 'root': kraken:/opt/local/src/security/openssh-6.5p1# ./ssh -vvv mimir OpenSSH_6.5, OpenSSL 1.0.1f 6 Jan 2014 debug1: Reading configuration data /etc/ssh/ssh_config debug3: cipher ok:

https://bugzilla.mindrot.org/show_bug.cgi?id=2649 Bug ID: 2649 Summary: Problem with reverse tunnel between SSH client 5.5p1 and SSH server > 6.4p1 Product: Portable OpenSSH Version: 6.7p1 Hardware: amd64 OS: Linux Status: NEW Severity: normal Priority: P5

https://bugzilla.mindrot.org/show_bug.cgi?id=2232 Bug ID: 2232 Summary: curve25519-sha256 at libssh.org Signature Failures When 'ssh' Used with Dropbear, libssh Servers Product: Portable OpenSSH Version: 6.6p1 Hardware: All OS: All Status: NEW Severity: major

https://bugzilla.mindrot.org/show_bug.cgi?id=2233 Bug ID: 2233 Summary: curve25519-sha256 at libssh.org Signature Failures When 'sshd' Used with Dropbear Clients Product: Portable OpenSSH Version: 6.6p1 Hardware: All OS: All Status: NEW Severity: major Priority: P5

https://bugzilla.mindrot.org/show_bug.cgi?id=2239 Bug ID: 2239 Summary: ssh-keygen cannot handle Linux with 64 char long hostname Product: Portable OpenSSH Version: 6.6p1 Hardware: All OS: Linux Status: NEW Severity: minor Priority: P5 Component: ssh-keygen

https://bugzilla.mindrot.org/show_bug.cgi?id=2215 Bug ID: 2215 Summary: Key fingerprint headline slightly broken with ED25519 Product: Portable OpenSSH Version: 6.5p1 Hardware: All OS: All Status: NEW Severity: trivial Priority: P5 Component: ssh Assignee: unassigned-bugs at

https://bugzilla.mindrot.org/show_bug.cgi?id=2365 Bug ID: 2365 Summary: openssh client ignores -o Tunnel=ethernet option, creating an IP tunnel device instead of an ethernet tap device Product: Portable OpenSSH Version: 6.6p1 Hardware: amd64 OS: Linux Status: NEW

https://bugzilla.mindrot.org/show_bug.cgi?id=2173 Bug ID: 2173 Summary: configure fails to find libedit in non-standard location Product: Portable OpenSSH Version: 6.2p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: Build system

Trying to connect to a Dell iDRAC 6. The iDRAC reports it is running OpenSSH 5.2. From Fedora Linux 20 with OpenSSH 6.4p1, connections succeed. From Fedora Linux 23 with OpenSSH 7.2p2, connections succeed. From Fedora Linux 27 with OpenSSH 7.6p1, connections fail prior to prompting for a password. The message is, "Received disconnect from (IP address) port 22:11: Logged out." Trying

$ uname -R 6.5 6.5.19m $ cc -v MIPSpro Compilers: Version 7.4 $ sshd -p 8022 [client]$ ssh -p 8022 -v [host] $ par -s -SS -i -p [pid] ... 12mS sshd(3664039): fork() 12mS sshd(3664039): END-fork() = 3639808 12mS sshd(3639808): END-fork() = 0 13mS sshd(3639808): close(5) OK 13mS sshd(3639808): getuid() = 0, euid=0 14mS

Darren Tucker <dtucker at zip.com.au> writes: > On Tue, Nov 8, 2016 at 3:30 PM, Harry Putnam <reader at newsguy.com> wrote: > [...] >> After having 7.3p1 & 6.8p1 fail with same wording... I tried 6.7p1 and >> find it fails with what looks like the same problem but has slightly >> different wording. > > I set up the same versions (server:OpenSSH_6.6p1,

https://bugzilla.mindrot.org/show_bug.cgi?id=2202 Bug ID: 2202 Summary: [ DRAFT PATCH ] - FIPS 140-2 patch for OpenSSH 6.5p1 Product: Portable OpenSSH Version: 6.5p1 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5 Component: Miscellaneous Assignee:

I have been looking into this over the weekend, and what I have found might be of interest to OpenSSH developers. First, the bug that triggers the problem is in the embedded system. Second, such as things were changed in 6.4p1, the OpenSSH client seems to be open to a potential DoS attack. The infinite loop described in my previous post is embodied in the last four messages of the 6.4p1 traces.

https://bugzilla.mindrot.org/show_bug.cgi?id=1457 Ian Donaldson <iand at ekit-inc.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |iand at ekit-inc.com --- Comment #6 from Ian Donaldson <iand at ekit-inc.com> --- Any updates on this? I

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, the following patch extends the user at host syntax on the ssh command line to allow an additional HostKeyAlias and Port to be given as a single argument, eg: ssh user at localhost%8022,www.tdl.com is equivalent to ssh -o 'HostKeyAlias www.tdl.com' -p 8022 user at localhost The patch is particularly useful when ssh is called from