similar to: Unix socket support for sshd

On 04 Feb (10:46:55), Daniel Kahn Gillmor wrote: > On Thu 2016-02-04 07:40:39 -0500, David Goulet wrote: > > > I would like to know if adding support for Unix socket to sshd would be a > > feature that would be consider to be added upstream? (ListenAddress). > > fwiw, i think this is a good idea, but i wouldn't implement it as an > explicit ListenAddress option:

https://bugzilla.mindrot.org/show_bug.cgi?id=1984 Bug #: 1984 Summary: Add Unix Domain Socket Forwarding Classification: Unclassified Product: Portable OpenSSH Version: 5.9p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: ssh AssignedTo:

https://bugzilla.mindrot.org/show_bug.cgi?id=1506 Summary: rationalize agent behavior on smartcard removal/reattachment Product: Portable OpenSSH Version: 5.1p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Smartcard AssignedTo:

hi folks: it looks like ssh-keygen -r can''t export SSHFP records for ECDSA keys: 0 dkg@pip:/tmp/cdtemp.oiRYAS$ ssh-keygen -f foobar -t ecdsa -q -P '''' 0 dkg@pip:/tmp/cdtemp.oiRYAS$ ssh-keygen -r foobar -f foobar.pub export_dns_rr: unsupported algorithm 0 dkg@pip:/tmp/cdtemp.oiRYAS$ the first number in my prompt is the return code of the last command; note that

On Tue 2016-03-29 18:10:00 -0400, Damien Miller wrote: > On Tue, 29 Mar 2016, IMAP List Administration wrote: >> If you haven't already, an you please add the IP address to this message, and >> any similar messages? I'm using version 6.7p1. > > I actually added that recently. It will be in openssh-7.3, due in a > couple of months. Will it be configurable? There

I guess I didn't want to litter the users table either - it just seems "wrong" to be actually adding things to the host when it is really so transient. It feels like it should be LDAP-ish. Just ask the server for the keys and do a one-off authentication. But I've seen even LDAP creates the user directories. I see that 2.6 kernels can have some 4B users, which should last me a

https://bugzilla.mindrot.org/show_bug.cgi?id=1808 Summary: "SetupCommand" invoked before connecting Product: Portable OpenSSH Version: 5.6p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: ssh AssignedTo: unassigned-bugs at mindrot.org

https://bugzilla.mindrot.org/show_bug.cgi?id=1777 Summary: KnownHostsCommand Product: Portable OpenSSH Version: 5.5p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: unassigned-bugs at mindrot.org ReportedBy: dkg at fifthhorseman.net A

On Fri 2015-02-06 14:30:13 -0500, Cary FitzHugh wrote: > Hence - maybe a NSS User Database extension which looks for the > public keys from a webservice (and then maybe writes them to > /tmp/<username>. No, i'm suggesting that when you want to look up the user, use NSS to find the username and map it to a numeric user ID and the other information that is typically found in

Hi, Currently using openssh-4.5p1 on Solaris 8 in conjunction with Oracle 8i dataguard. Is there a patch available to prevent ssh returning status code 255 for a successful execution of a remote connection/command. Many Thanks, Tim Mann

https://bugzilla.mindrot.org/show_bug.cgi?id=1759 Summary: allow display of bubblebabble fingerprint when connecting Product: Portable OpenSSH Version: -current Platform: All URL: http://bugs.debian.org/578422 OS/Version: Linux Status: NEW Severity: enhancement Priority: P2

On Fri 2015-05-22 00:06:29 -0400, Darren Tucker wrote: > On Thu, May 21, 2015 at 11:26 PM, Matthew Vernon <matthew at debian.org> wrote: >> >> You will be aware of https://weakdh.org/ by now, I presume; the >> take-home seems to be that 1024-bit DH primes might well be too weak. >> I'm wondering what (if anything!) you propose to do about this issue, >>

On Tue 2015-05-26 14:02:07 -0400, Hubert Kario wrote: > On Tuesday 26 May 2015 13:43:13 Daniel Kahn Gillmor wrote: >> On Tue 2015-05-26 12:57:05 -0400, Hubert Kario wrote: >> > creating composites that will pass even 100000 rounds of Miller-Rabin is >> > relatively simple.... >> > (assuming the values for M-R tests are picked randomly) >> >> Can you

Hello all, We got a report [1], that we miss "p1" suffix in the sshd identification strings in Fedora. I dig in and found out that it is also missing from portable usptream since 2004, when you were rewriting version.h header file with this information. Debian somehow patched this information back during the time in some places (ssh_api.c is missing). It does not look like

https://bugzilla.mindrot.org/show_bug.cgi?id=2493 Bug ID: 2493 Summary: Accept host key fingerprint as the same as 'yes' Product: Portable OpenSSH Version: 6.9p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee:

https://bugzilla.mindrot.org/show_bug.cgi?id=1871 Summary: ssh-askpass should be able to distinguish between a prompt for confirmation and a prompt for an actual passphrase Product: Portable OpenSSH Version: 5.8p1 Platform: All OS/Version: All Status: NEW Severity: normal

Yes, I have tried that option with no difference in behavior. It seems it ignores that option when provided. Just for reference, I am building it on RedHat 5. I have never had this issue on any previous version of OpenSSH. I use the default configuration with only the changes specified in the RHEL 5 STIG applied. I appreciate the security advice. The root account was indicated simply as an

https://bugzilla.mindrot.org/show_bug.cgi?id=1545 Daniel Kahn Gillmor <dkg at fifthhorseman.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dkg at fifthhorseman.net --- Comment #15 from Daniel Kahn Gillmor <dkg at fifthhorseman.net> ---

https://bugzilla.mindrot.org/show_bug.cgi?id=1869 Summary: ssh-add can no longer read from FIFOs as of 5.7p1 Product: Portable OpenSSH Version: 5.8p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh-add AssignedTo: unassigned-bugs at mindrot.org

hi folks-- Can a Match block cover a Subsystem directive in sftp? https://bugzilla.mindrot.org/show_bug.cgi?id=1587#c1 suggests that Match can cover Subsystem, but sshd_config (at least, in 5.5p1) doesn't mention Subsystem within the description of Match. What should administrators expect? --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: