similar to: Password authentication problem with 6.4p1 (and later) clients: An analysis

I have been using OpenSSH clients against a number of embedded SSH servers with no problem up till now. Starting with version 6.4p1 password authentication has stopped working against such servers. What happens is that the client enters an infinite loop during the authentication phase. I built OpenSSH 5.9p1 and 6.4p1 in a Linux box so that the client prints out to the screen all of the SSH

https://bugzilla.mindrot.org/show_bug.cgi?id=2642 Bug ID: 2642 Summary: [sshconnect2] publickey authentication only properly works if used first: pubkey_prepare doesn't work after pubkey_cleanup Product: Portable OpenSSH Version: 7.3p1 Hardware: amd64 OS: Linux Status:

We are attempting to use openssh sftp to connect to a server that is running some version of the Axway SFTP server. After a publickey auth completes, the server resends publickey as a valid auth. This results in a loop as openssh sftp resubmits the publickey information. This seems similar to a discussion in 2014 that terminated with the thought that it might be nice if the client tracked

Hello my name is Derek Bodin. ? As a personal side project I am trying to create a java SSH2 server.? I have so far been able to work my through the transportation protocol and the user authentication protocol.? My question is when the authentication protocol starts OpenSSH will sit and hang waiting for the server to send a SSH_MSG_USERAUTH_FAILURE packet and a list of appropriate authentication

My keys are secured with a passphrase. That's good for security, but having to type the passphrase either at every login or at every invocation of ssh(1) is annoying. I know I could invoke ssh-add(1) just before invoking ssh(1), if I keep track of whether I invoked it already, or write some hacky scripts; but the rest of OpenSSH is wonderfully usable without any hacks. Hence, this patch.

On Fri, Feb 23, 2018 at 05:01:00PM +1100, Darren Tucker wrote: > You could try this patch which defers resetting the "tried" flag on the > pubkeys until the list of authentication methods changes. I don't have > a server with this behaviour so I'm not sure if it helps (and I'm not > sure it's the right thing to do anyway). I think this is a better way to

The problem I am seeing was introduced between 6.4p1 and 6.5p1 (and still exists in 6.6p1). With HostbasedAuthentication/EnableSSHKeysign turned on, I am seeing one of two sets of messages: no matching hostkey found ssh_keysign: no reply key_sign failed and not a valid request ssh_keysign: no reply key_sign failed Then in either case two password prompts: bowman at HOST.math.utah.edu's

https://bugzilla.mindrot.org/show_bug.cgi?id=2594 Bug ID: 2594 Summary: Tracking bug for OpenSSH 7.4 release Product: Portable OpenSSH Version: -current Hardware: Other OS: All Status: NEW Keywords: meta Severity: normal Priority: P1 Component: Miscellaneous

https://bugzilla.mindrot.org/show_bug.cgi?id=2095 Bug ID: 2095 Summary: ssh client not respecting IdentitiesOnly=yes option Classification: Unclassified Product: Portable OpenSSH Version: 6.2p1 Hardware: All OS: All Status: NEW Severity: trivial Priority: P5 Component: ssh

Allow users to specify certificates to be used for authentication on the command line with the '-z' argument when running ssh. For successful authentication, the key pair associated with the certificate must also be presented during the ssh. Certificates may also be specified in ssh_config as a CertificateFile. This option is meant the address the issue mentioned in the following

https://bugzilla.mindrot.org/show_bug.cgi?id=2649 Bug ID: 2649 Summary: Problem with reverse tunnel between SSH client 5.5p1 and SSH server > 6.4p1 Product: Portable OpenSSH Version: 6.7p1 Hardware: amd64 OS: Linux Status: NEW Severity: normal Priority: P5

A co-worker argues we can login using only password to a "ssh-key restricted host (PasswordAuthentication no)", without being asked by any passphase; just by putting a key (no need to be the private key) on another password-based host. It that true? I do not think so. I would name that as an "important OpenSSH daemon security bug". That is because I think it is not true.

Hi, I believe it would make more sense if, when specifying a key with -i, that key (or keys) should be tried prior to the keys in the agent. Otherwise, if I have many keys in my agent, the server will kick me out. I can see no situation where one would like to use agent keys instead of the ones explicitly stated. Do you agree? The workaround is of course to set the IdentitiesOnly option. Best

With an OpenSSH 6.2p1 client with stock ssh_config and one of the following cases: - I don't have any client keys - I have one or more client keys, but not one of each type - I don't have an authorized_keys on the server - I have an authorized_keys on the server, but it does not list any of the keys I have - One of my client keys is listed, but I don't have an agent and

https://bugzilla.mindrot.org/show_bug.cgi?id=2100 Bug ID: 2100 Summary: Missing dereference when bzeroing unused identities Classification: Unclassified Product: Portable OpenSSH Version: 6.2p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh

http://bugzilla.mindrot.org/show_bug.cgi?id=1270 Summary: Public key (DSA) authentication works on 3.8p1 but not on 4.5p1 Product: Portable OpenSSH Version: v4.5p1 Platform: HPPA OS/Version: HP-UX Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: bitbucket at

Hi, mancha and me debugged a problem with OpenSSH 7.3p1 that was reported on the #openssh freenode channel. Symptoms were that this message was popping on the console during a busy X11 session: kex protocol error: type 7 seq 1234 I managed to reproduce the problem, it is related to the SSH_EXT_INFO packet that is send by the server every time it is sending an SSH_NEWKEYS packet, hence after

https://bugzilla.mindrot.org/show_bug.cgi?id=3213 Bug ID: 3213 Summary: openssh 8.3p1 will not use any type of RSA key for legacy servers if ssh-rsa is not in PubkeyAcceptedKeyTypes Product: Portable OpenSSH Version: 8.3p1 Hardware: Other OS: Linux Status: NEW

Hi, we got a report on the Cygwin mailing list showing that there's a spurious error message when using the -W option. This didn't occur with OpenSSH 6.4p1. Here's an example: $ ssh machine1 -W machine2:22 getsockname failed: Bad file descriptor SSH-2.0-OpenSSH_6.1 The error message is a result of getsockname being called with a file descriptor -1. The call stack at the

https://bugzilla.mindrot.org/show_bug.cgi?id=2173 Bug ID: 2173 Summary: configure fails to find libedit in non-standard location Product: Portable OpenSSH Version: 6.2p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: Build system