similar to: X11 forwarding with IPv6 disabled

Displaying 20 results from an estimated 10000 matches similar to: "X11 forwarding with IPv6 disabled"

2013 Aug 24
12
[Bug 2143] New: X11 forwarding for ipv4 is broken when ipv6 is disabled on the loopback interface
https://bugzilla.mindrot.org/show_bug.cgi?id=2143 Bug ID: 2143 Summary: X11 forwarding for ipv4 is broken when ipv6 is disabled on the loopback interface Product: Portable OpenSSH Version: 5.3p1 Hardware: All OS: Linux Status: NEW Severity: minor Priority: P5
2017 Apr 24
5
PKCS#11 URIs in OpenSSH
Hello all, as PKCS#11 URI became standard (RFC 7512), it would be good to be able to specify the keys using this notation in openssh. So far I implemented the minimal subset of this standard allowing to specify the URI for the ssh tool, in ssh_config and to work with ssh-agent. It does not bring any new dependency, provides unit and regress tests (while fixing agent-pkcs11 regress test). The
2017 Dec 18
2
[SFTP] Possibility for Adding "ForceFilePermission" option
Hi Jakub, Sorry for the late reply. I was off from work for a few days. I?ve tried to add the noexec, nosuid and nodev mount options but it seems to have some difficulties to do so with kubernetes nfs-mount. I?ll keep trying to resolve it anyway. The patch you pasted is exactly the thing I wanna have. I think it?s super useful and I definitely vote yes for merging it to master. I was actually
2020 Jun 16
15
Deprecation of scp protocol and improving sftp client
Hello all, I believe we all can agree that scp is ugly protocol carried for ages only for its simplicity of its usage and really no dependencies as it is installed together with every ssh client. But as we have seen recently, its simplicity and flexibility comes with security issues [1], it does not have great performance and there is really no development in there. Over the years, we still keep
2018 Oct 14
4
Call for testing: OpenSSH 7.9
On Fri, 12 Oct 2018, Jakub Jelen wrote: > Something like this can be used to properly initialize new OpenSSL > versions: > > @@ -70,12 +70,19 @@ ssh_compatible_openssl(long headerver, long libver) > void > ssh_OpenSSL_add_all_algorithms(void) > { > +#if OPENSSL_VERSION_NUMBER < 0x10100000L > OpenSSL_add_all_algorithms(); > > /* Enable use of crypto
2016 Dec 14
4
Call for testing: OpenSSH 7.4
On 12/14/2016 02:22 AM, The Doctor wrote: > run test forwarding.sh ... > failed copy of /bin/ls > cmp: EOF on /usr/source/openssh-SNAP-20161214/regress/copy > corrupted copy of /bin/ls > Exit request sent. > failed local and remote forwarding > *** Error code 1 > > Stop. > make[1]: stopped in /usr/source/openssh-SNAP-20161214/regress > *** Error code 1 > >
2016 Dec 24
30
[Bug 2652] New: PKCS11 login skipped if login required and no pin set
https://bugzilla.mindrot.org/show_bug.cgi?id=2652 Bug ID: 2652 Summary: PKCS11 login skipped if login required and no pin set Product: Portable OpenSSH Version: 7.4p1 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5 Component: Smartcard Assignee:
2020 Jul 02
8
[Bug 3190] New: Inconsistent handling of private keys without accompanying public keys
https://bugzilla.mindrot.org/show_bug.cgi?id=3190 Bug ID: 3190 Summary: Inconsistent handling of private keys without accompanying public keys Product: Portable OpenSSH Version: 8.3p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component:
2019 Apr 24
2
Call for testing: OpenSSH 8.0
On Sat, 2019-04-06 at 03:20 +1100, Damien Miller wrote: > On Fri, 5 Apr 2019, Jakub Jelen wrote: > > > There is also changed semantics of the ssh-keygen when listing keys > > from PKCS#11 modules. In the past, it was not needed to enter a PIN > > for > > this, but now. > > > > At least, it is not consistent with a comment in the function > >
2018 Jan 03
3
SSHD and PAM
On Wed, 2018-01-03 at 13:50 +0530, Sudarshan Soma wrote: > HI, I do see some refernce on it: but seems not closed > https://marc.info/?l=secure-shell&m=115513863409952&w=2 > > http://bugzilla.mindrot.org/show_bug.cgi?id=1215 > > > Is this patch available in latest versions, 7.6? No. It never was. The SSSD is using NSS (Name Service Switch) [1] way of getting
2016 Nov 14
4
OpenSSL 1.1.0 support
On Mon, 14 Nov 2016, Jakub Jelen wrote: > Thank you for the comments. I understand the upstream directions and > that the OpenSSL step is not ideal. The distros will probably have to > carry these patches until the changes will settle down a bit. AFAIK Red Hat employs at least one OpenSSL maintainer. What is their view on this situation? > Other possible solution we were discussing
2020 Feb 27
12
[Bug 3126] New: Mark the RDomain configuration option unsupported on non-openbsd builds
https://bugzilla.mindrot.org/show_bug.cgi?id=3126 Bug ID: 3126 Summary: Mark the RDomain configuration option unsupported on non-openbsd builds Product: Portable OpenSSH Version: 8.2p1 Hardware: Other OS: Linux Status: NEW Keywords: patch Severity: enhancement
2017 Sep 11
18
[Bug 2775] New: Improve kerberos credential forwarding support
https://bugzilla.mindrot.org/show_bug.cgi?id=2775 Bug ID: 2775 Summary: Improve kerberos credential forwarding support Product: Portable OpenSSH Version: 7.5p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: Kerberos support Assignee:
2019 May 15
2
Re: ​Building openssh7.9p1 and above against openssl1.1.1b
On Wed, 15 May 2019 at 23:14, Samiya Khanum <samiya.khanum at broadcom.com> wrote: > Hi Darren, > Thanks for quick response. > Even with openSSH8.0 version, it is not supported? 8.0p1 should work although I have not tested that specific OpenSSL version. Between 7.9p1 and 8.0p1 I had it working against what was OpenSSL head at the time. -- Darren Tucker (dtucker at dtucker.net)
2020 Aug 07
3
ssh-agent does not accept all forwarded RSA keys on later versions.
Hello, I've got a problem with newer versions of ssh-agent not accepting all keys being forwarded to them. Example: LOCAL-WORKSTATION ssh-add -l 4096 SHA256:HFSzrozPapudofYJi8QvXQdA1/vNpFc2iPWH8CGVsEg (none) (RSA) 2048 SHA256:lbjpmHAYtUO+zaLaKvWVxGNYkXRkOumcoOpLdRSVX/U /home/matt/.ssh/id_rsa_embedded (RSA) ssh -V OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017 BROKEN-REMOTE ssh
2015 Dec 04
2
OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
Thanks Jakub. How does this patch match the OpenSSH source version? Does the patch only applicable to OpenSSH version 6.6.1, or does other version available as well? Thanks. On Fri, Dec 4, 2015 at 4:26 AM, Jakub Jelen <jjelen at redhat.com> wrote: > > On 12/04/2015 03:26 AM, security veteran wrote: > >> 3. Is there a way to re-compile OpenSSH by turning on/off some flags
2018 Jan 05
3
SFTP chroot: Writable root
On Fri, 2018-01-05 at 16:00 +1030, David Newall wrote: > On 05/01/18 02:44, Thomas G?ttler wrote: > > I set up a chroot sftp server [...] > > Is there a way to get both? > > > > - chroot > > > > - writable root > > The source code (sftpd.c) seems to require that the root directory > be > owned by root and not group or world writable, so I
2015 Dec 07
2
OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
On 12/04/2015 10:02 PM, security veteran wrote: > Hi Jakub, > > Another question I have is, are there any changes in this patch RedHat > Linux distribution specific? The reason I ask is, if I port the changes to > other Linux distribution like Debian or Ubuntu, do you see any issues? I don't think there is something distro-specific. Distro specific parts are handled in other
2015 Sep 09
0
[Bug 1457] X11 Forwarding doesn't work anymore on a solaris 10 host where ipv6 has not been enabled
https://bugzilla.mindrot.org/show_bug.cgi?id=1457 --- Comment #9 from Ian Donaldson <iand at ekit-inc.com> --- Ok agreed, my patch reopens that CVE. The problem is that on Solaris 9 and Solaris 10 if you don't have IPv6 addresses configured, getaddrinfo() returns both AF_INET and AF_INET6 entries, and it returns AF_INET6 *first*. An attempted bind() to an AF_INET6 address on a system
2015 May 05
3
[Bug 2394] New: Provide a global configuration option to disable ControlPersist
https://bugzilla.mindrot.org/show_bug.cgi?id=2394 Bug ID: 2394 Summary: Provide a global configuration option to disable ControlPersist Product: Portable OpenSSH Version: 6.8p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh