Displaying 20 results from an estimated 10000 matches similar to: "X11 forwarding with IPv6 disabled"
2013 Aug 24
12
[Bug 2143] New: X11 forwarding for ipv4 is broken when ipv6 is disabled on the loopback interface
https://bugzilla.mindrot.org/show_bug.cgi?id=2143
Bug ID: 2143
Summary: X11 forwarding for ipv4 is broken when ipv6 is
disabled on the loopback interface
Product: Portable OpenSSH
Version: 5.3p1
Hardware: All
OS: Linux
Status: NEW
Severity: minor
Priority: P5
2017 Apr 24
5
PKCS#11 URIs in OpenSSH
Hello all,
as PKCS#11 URI became standard (RFC 7512), it would be good to be able
to specify the keys using this notation in openssh.
So far I implemented the minimal subset of this standard allowing to
specify the URI for the ssh tool, in ssh_config and to work with
ssh-agent. It does not bring any new dependency, provides unit and
regress tests (while fixing agent-pkcs11 regress test).
The
2017 Dec 18
2
[SFTP] Possibility for Adding "ForceFilePermission" option
Hi Jakub,
Sorry for the late reply. I was off from work for a few days.
I?ve tried to add the noexec, nosuid and nodev mount options but it seems to have some difficulties to do so with kubernetes nfs-mount. I?ll keep trying to resolve it anyway.
The patch you pasted is exactly the thing I wanna have. I think it?s super useful and I definitely vote yes for merging it to master. I was actually
2020 Jun 16
15
Deprecation of scp protocol and improving sftp client
Hello all,
I believe we all can agree that scp is ugly protocol carried for ages
only for its simplicity of its usage and really no dependencies as it
is installed together with every ssh client. But as we have seen
recently, its simplicity and flexibility comes with security issues
[1], it does not have great performance and there is really no
development in there.
Over the years, we still keep
2018 Oct 14
4
Call for testing: OpenSSH 7.9
On Fri, 12 Oct 2018, Jakub Jelen wrote:
> Something like this can be used to properly initialize new OpenSSL
> versions:
>
> @@ -70,12 +70,19 @@ ssh_compatible_openssl(long headerver, long libver)
> void
> ssh_OpenSSL_add_all_algorithms(void)
> {
> +#if OPENSSL_VERSION_NUMBER < 0x10100000L
> OpenSSL_add_all_algorithms();
>
> /* Enable use of crypto
2016 Dec 14
4
Call for testing: OpenSSH 7.4
On 12/14/2016 02:22 AM, The Doctor wrote:
> run test forwarding.sh ...
> failed copy of /bin/ls
> cmp: EOF on /usr/source/openssh-SNAP-20161214/regress/copy
> corrupted copy of /bin/ls
> Exit request sent.
> failed local and remote forwarding
> *** Error code 1
>
> Stop.
> make[1]: stopped in /usr/source/openssh-SNAP-20161214/regress
> *** Error code 1
>
>
2016 Dec 24
30
[Bug 2652] New: PKCS11 login skipped if login required and no pin set
https://bugzilla.mindrot.org/show_bug.cgi?id=2652
Bug ID: 2652
Summary: PKCS11 login skipped if login required and no pin set
Product: Portable OpenSSH
Version: 7.4p1
Hardware: Other
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: Smartcard
Assignee:
2020 Jul 02
8
[Bug 3190] New: Inconsistent handling of private keys without accompanying public keys
https://bugzilla.mindrot.org/show_bug.cgi?id=3190
Bug ID: 3190
Summary: Inconsistent handling of private keys without
accompanying public keys
Product: Portable OpenSSH
Version: 8.3p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component:
2019 Apr 24
2
Call for testing: OpenSSH 8.0
On Sat, 2019-04-06 at 03:20 +1100, Damien Miller wrote:
> On Fri, 5 Apr 2019, Jakub Jelen wrote:
>
> > There is also changed semantics of the ssh-keygen when listing keys
> > from PKCS#11 modules. In the past, it was not needed to enter a PIN
> > for
> > this, but now.
> >
> > At least, it is not consistent with a comment in the function
> >
2018 Jan 03
3
SSHD and PAM
On Wed, 2018-01-03 at 13:50 +0530, Sudarshan Soma wrote:
> HI, I do see some refernce on it: but seems not closed
> https://marc.info/?l=secure-shell&m=115513863409952&w=2
>
> http://bugzilla.mindrot.org/show_bug.cgi?id=1215
>
>
> Is this patch available in latest versions, 7.6?
No. It never was.
The SSSD is using NSS (Name Service Switch) [1] way of getting
2016 Nov 14
4
OpenSSL 1.1.0 support
On Mon, 14 Nov 2016, Jakub Jelen wrote:
> Thank you for the comments. I understand the upstream directions and
> that the OpenSSL step is not ideal. The distros will probably have to
> carry these patches until the changes will settle down a bit.
AFAIK Red Hat employs at least one OpenSSL maintainer. What is their
view on this situation?
> Other possible solution we were discussing
2020 Feb 27
12
[Bug 3126] New: Mark the RDomain configuration option unsupported on non-openbsd builds
https://bugzilla.mindrot.org/show_bug.cgi?id=3126
Bug ID: 3126
Summary: Mark the RDomain configuration option unsupported on
non-openbsd builds
Product: Portable OpenSSH
Version: 8.2p1
Hardware: Other
OS: Linux
Status: NEW
Keywords: patch
Severity: enhancement
2017 Sep 11
18
[Bug 2775] New: Improve kerberos credential forwarding support
https://bugzilla.mindrot.org/show_bug.cgi?id=2775
Bug ID: 2775
Summary: Improve kerberos credential forwarding support
Product: Portable OpenSSH
Version: 7.5p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: Kerberos support
Assignee:
2019 May 15
2
Re: ​Building openssh7.9p1 and above against openssl1.1.1b
On Wed, 15 May 2019 at 23:14, Samiya Khanum <samiya.khanum at broadcom.com> wrote:
> Hi Darren,
> Thanks for quick response.
> Even with openSSH8.0 version, it is not supported?
8.0p1 should work although I have not tested that specific OpenSSL
version. Between 7.9p1 and 8.0p1 I had it working against what was
OpenSSL head at the time.
--
Darren Tucker (dtucker at dtucker.net)
2020 Aug 07
3
ssh-agent does not accept all forwarded RSA keys on later versions.
Hello,
I've got a problem with newer versions of ssh-agent not accepting all keys
being forwarded to them.
Example:
LOCAL-WORKSTATION
ssh-add -l
4096 SHA256:HFSzrozPapudofYJi8QvXQdA1/vNpFc2iPWH8CGVsEg (none) (RSA)
2048 SHA256:lbjpmHAYtUO+zaLaKvWVxGNYkXRkOumcoOpLdRSVX/U
/home/matt/.ssh/id_rsa_embedded (RSA)
ssh -V
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017
BROKEN-REMOTE
ssh
2015 Dec 04
2
OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
Thanks Jakub.
How does this patch match the OpenSSH source version? Does the patch only
applicable to OpenSSH version 6.6.1, or does other version available as
well?
Thanks.
On Fri, Dec 4, 2015 at 4:26 AM, Jakub Jelen <jjelen at redhat.com> wrote:
>
> On 12/04/2015 03:26 AM, security veteran wrote:
>
>> 3. Is there a way to re-compile OpenSSH by turning on/off some flags
2018 Jan 05
3
SFTP chroot: Writable root
On Fri, 2018-01-05 at 16:00 +1030, David Newall wrote:
> On 05/01/18 02:44, Thomas G?ttler wrote:
> > I set up a chroot sftp server [...]
> > Is there a way to get both?
> >
> > - chroot
> >
> > - writable root
>
> The source code (sftpd.c) seems to require that the root directory
> be
> owned by root and not group or world writable, so I
2015 Dec 07
2
OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
On 12/04/2015 10:02 PM, security veteran wrote:
> Hi Jakub,
>
> Another question I have is, are there any changes in this patch RedHat
> Linux distribution specific? The reason I ask is, if I port the changes to
> other Linux distribution like Debian or Ubuntu, do you see any issues?
I don't think there is something distro-specific. Distro specific parts
are handled in other
2015 Sep 09
0
[Bug 1457] X11 Forwarding doesn't work anymore on a solaris 10 host where ipv6 has not been enabled
https://bugzilla.mindrot.org/show_bug.cgi?id=1457
--- Comment #9 from Ian Donaldson <iand at ekit-inc.com> ---
Ok agreed, my patch reopens that CVE.
The problem is that on Solaris 9 and Solaris 10 if you don't
have IPv6 addresses configured, getaddrinfo() returns both AF_INET and
AF_INET6 entries, and it returns AF_INET6 *first*.
An attempted bind() to an AF_INET6 address on a system
2015 May 05
3
[Bug 2394] New: Provide a global configuration option to disable ControlPersist
https://bugzilla.mindrot.org/show_bug.cgi?id=2394
Bug ID: 2394
Summary: Provide a global configuration option to disable
ControlPersist
Product: Portable OpenSSH
Version: 6.8p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh