Displaying 20 results from an estimated 6000 matches similar to: "[SFTP] Possibility for Adding "ForceFilePermission" option"
2017 Dec 18
2
[SFTP] Possibility for Adding "ForceFilePermission" option
Hi Jakub,
Sorry for the late reply. I was off from work for a few days.
I?ve tried to add the noexec, nosuid and nodev mount options but it seems to have some difficulties to do so with kubernetes nfs-mount. I?ll keep trying to resolve it anyway.
The patch you pasted is exactly the thing I wanna have. I think it?s super useful and I definitely vote yes for merging it to master. I was actually
2017 Apr 24
5
PKCS#11 URIs in OpenSSH
Hello all,
as PKCS#11 URI became standard (RFC 7512), it would be good to be able
to specify the keys using this notation in openssh.
So far I implemented the minimal subset of this standard allowing to
specify the URI for the ssh tool, in ssh_config and to work with
ssh-agent. It does not bring any new dependency, provides unit and
regress tests (while fixing agent-pkcs11 regress test).
The
2020 Jun 16
15
Deprecation of scp protocol and improving sftp client
Hello all,
I believe we all can agree that scp is ugly protocol carried for ages
only for its simplicity of its usage and really no dependencies as it
is installed together with every ssh client. But as we have seen
recently, its simplicity and flexibility comes with security issues
[1], it does not have great performance and there is really no
development in there.
Over the years, we still keep
2018 Oct 14
4
Call for testing: OpenSSH 7.9
On Fri, 12 Oct 2018, Jakub Jelen wrote:
> Something like this can be used to properly initialize new OpenSSL
> versions:
>
> @@ -70,12 +70,19 @@ ssh_compatible_openssl(long headerver, long libver)
> void
> ssh_OpenSSL_add_all_algorithms(void)
> {
> +#if OPENSSL_VERSION_NUMBER < 0x10100000L
> OpenSSL_add_all_algorithms();
>
> /* Enable use of crypto
2016 Dec 14
4
Call for testing: OpenSSH 7.4
On 12/14/2016 02:22 AM, The Doctor wrote:
> run test forwarding.sh ...
> failed copy of /bin/ls
> cmp: EOF on /usr/source/openssh-SNAP-20161214/regress/copy
> corrupted copy of /bin/ls
> Exit request sent.
> failed local and remote forwarding
> *** Error code 1
>
> Stop.
> make[1]: stopped in /usr/source/openssh-SNAP-20161214/regress
> *** Error code 1
>
>
2016 Dec 24
30
[Bug 2652] New: PKCS11 login skipped if login required and no pin set
https://bugzilla.mindrot.org/show_bug.cgi?id=2652
Bug ID: 2652
Summary: PKCS11 login skipped if login required and no pin set
Product: Portable OpenSSH
Version: 7.4p1
Hardware: Other
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: Smartcard
Assignee:
2020 Jul 02
8
[Bug 3190] New: Inconsistent handling of private keys without accompanying public keys
https://bugzilla.mindrot.org/show_bug.cgi?id=3190
Bug ID: 3190
Summary: Inconsistent handling of private keys without
accompanying public keys
Product: Portable OpenSSH
Version: 8.3p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component:
2019 Apr 24
2
Call for testing: OpenSSH 8.0
On Sat, 2019-04-06 at 03:20 +1100, Damien Miller wrote:
> On Fri, 5 Apr 2019, Jakub Jelen wrote:
>
> > There is also changed semantics of the ssh-keygen when listing keys
> > from PKCS#11 modules. In the past, it was not needed to enter a PIN
> > for
> > this, but now.
> >
> > At least, it is not consistent with a comment in the function
> >
2018 Jan 03
3
SSHD and PAM
On Wed, 2018-01-03 at 13:50 +0530, Sudarshan Soma wrote:
> HI, I do see some refernce on it: but seems not closed
> https://marc.info/?l=secure-shell&m=115513863409952&w=2
>
> http://bugzilla.mindrot.org/show_bug.cgi?id=1215
>
>
> Is this patch available in latest versions, 7.6?
No. It never was.
The SSSD is using NSS (Name Service Switch) [1] way of getting
2016 Nov 14
4
OpenSSL 1.1.0 support
On Mon, 14 Nov 2016, Jakub Jelen wrote:
> Thank you for the comments. I understand the upstream directions and
> that the OpenSSL step is not ideal. The distros will probably have to
> carry these patches until the changes will settle down a bit.
AFAIK Red Hat employs at least one OpenSSL maintainer. What is their
view on this situation?
> Other possible solution we were discussing
2020 Feb 27
12
[Bug 3126] New: Mark the RDomain configuration option unsupported on non-openbsd builds
https://bugzilla.mindrot.org/show_bug.cgi?id=3126
Bug ID: 3126
Summary: Mark the RDomain configuration option unsupported on
non-openbsd builds
Product: Portable OpenSSH
Version: 8.2p1
Hardware: Other
OS: Linux
Status: NEW
Keywords: patch
Severity: enhancement
2019 May 15
2
Re: ​Building openssh7.9p1 and above against openssl1.1.1b
On Wed, 15 May 2019 at 23:14, Samiya Khanum <samiya.khanum at broadcom.com> wrote:
> Hi Darren,
> Thanks for quick response.
> Even with openSSH8.0 version, it is not supported?
8.0p1 should work although I have not tested that specific OpenSSL
version. Between 7.9p1 and 8.0p1 I had it working against what was
OpenSSL head at the time.
--
Darren Tucker (dtucker at dtucker.net)
2015 Dec 04
2
OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
Thanks Jakub.
How does this patch match the OpenSSH source version? Does the patch only
applicable to OpenSSH version 6.6.1, or does other version available as
well?
Thanks.
On Fri, Dec 4, 2015 at 4:26 AM, Jakub Jelen <jjelen at redhat.com> wrote:
>
> On 12/04/2015 03:26 AM, security veteran wrote:
>
>> 3. Is there a way to re-compile OpenSSH by turning on/off some flags
2018 Jan 05
3
SFTP chroot: Writable root
On Fri, 2018-01-05 at 16:00 +1030, David Newall wrote:
> On 05/01/18 02:44, Thomas G?ttler wrote:
> > I set up a chroot sftp server [...]
> > Is there a way to get both?
> >
> > - chroot
> >
> > - writable root
>
> The source code (sftpd.c) seems to require that the root directory
> be
> owned by root and not group or world writable, so I
2015 Dec 07
2
OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
On 12/04/2015 10:02 PM, security veteran wrote:
> Hi Jakub,
>
> Another question I have is, are there any changes in this patch RedHat
> Linux distribution specific? The reason I ask is, if I port the changes to
> other Linux distribution like Debian or Ubuntu, do you see any issues?
I don't think there is something distro-specific. Distro specific parts
are handled in other
2015 May 05
3
[Bug 2394] New: Provide a global configuration option to disable ControlPersist
https://bugzilla.mindrot.org/show_bug.cgi?id=2394
Bug ID: 2394
Summary: Provide a global configuration option to disable
ControlPersist
Product: Portable OpenSSH
Version: 6.8p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
2016 Jan 19
3
How do I enable roaming on the server?
Hi.
I found out the recent roaming vulnerability, but I want to enable
it on the server regardless of the security concern.
Can I specify the timeout etc... for the client to attempt and
reconnect? Will it use the existing settings for the purpose
(ConnectTimeout, ServerAliveInterval etc... )?
2018 Feb 26
3
Outstanding PKCS#11 issues
Hello everyone,
as you could have noticed over the years, there are several bugs for
PKCS#11 improvement and integration which are slipping under the radar
for several releases, but the most painful ones are constantly updated
by community to build, work and make our lives better.
I wrote some of the patches, provided feedback to others, or offered
other help here on mailing list, but did not
2016 Nov 02
5
OpenSSL 1.1.0 support
On Wed, 2 Nov 2016, Stuart Henderson wrote:
> On 2016-11-02, Jakub Jelen <jjelen at redhat.com> wrote:
> > The current set of patches are rebased on current upstream is attached
> > with few more tweaks needed to build, pass testsuite and make it work.
> > The upstream review and insight would be helpful.
>
> Since these are going to break things with LibreSSL,
2020 Aug 26
8
[Bug 3203] New: Could default_ccache_name from krb5.conf be used for GSSAPI connections?
https://bugzilla.mindrot.org/show_bug.cgi?id=3203
Bug ID: 3203
Summary: Could default_ccache_name from krb5.conf be used for
GSSAPI connections?
Product: Portable OpenSSH
Version: 8.3p1
Hardware: ix86
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5