similar to: Some wishes regarding revoked keys

https://bugzilla.mindrot.org/show_bug.cgi?id=2687 Bug ID: 2687 Summary: Coverity scan fixes Product: Portable OpenSSH Version: 7.4p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: Miscellaneous Assignee: unassigned-bugs at mindrot.org

Hi! While reading through PROTOCOL.krl I came across "5. KRL signature sections". If my understanding is correct - and that's basically what I would like to get knocked down for if appropriate ;) - this is a way for SSHDs to ensure they only accept KRLs signed by a trusted CA. However, I cannot seem to find a way to actually _sign_ a KRL with ssh-keygen? The aforementioned

I believe there has been a bug in KRL signature verification that has been present since the KRL feature was first introduced. It prevents signed KRLs from being loaded by OpenSSH [0]. I believe this bug applies to all versions of OpenSSH, although the majority of my effort has been devoted to (and all of my code snippets come from) openssl-portable. The bug is that an offset is incorrectly

https://bugzilla.mindrot.org/show_bug.cgi?id=3659 Bug ID: 3659 Summary: Certificates are ignored when listing revoked items in a (binary) revocation list Product: Portable OpenSSH Version: 9.2p1 Hardware: All OS: All Status: NEW Severity: minor Priority: P5

Hi Daminan! Hmmm... thought about a little... when i use -vvv with ssh-keygen -Qf i see "debug1:..." So i think, debug is compiled in. ssh-keygen --help gives me ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number] file ... so... option -z is not the serial of the certificate, it is the version-number of the KRL-File... My openssh-Verision from Debian is

Hi, OpenSSH 9.4 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a bugfix release. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available via git using the instructions at

https://bugzilla.mindrot.org/show_bug.cgi?id=2313 Bug ID: 2313 Summary: Corrupt KRL file when using multiple CA. Product: Portable OpenSSH Version: 6.5p1 Hardware: Other OS: Linux Status: NEW Severity: major Priority: P5 Component: ssh-keygen Assignee: unassigned-bugs at

Hi, In ssh_krl_from_blob(), krl.c:984, /* Record keys used to sign the KRL */ xrealloc(ca_used, nca_used + 1, sizeof(*ca_used)); ca_used[nca_used++] = key; The result of `xrealloc' is never assigned to `ca_used', which remains a null pointer. Will ca_used[...] crash?. Did I miss anything? Thanks. - xi

Hello, I've hit 2 build issues on rhel-7 using the latest portable tree - HEAD 3dfd8d93dfcc69261f5af99df56f3ff598581979 - rijndael.c:1104:7: error: ?Td4? undeclared (first use in this function) (Td4[(t0 >> 24) ] << 24) ^ ^ introduced in commit a1f8110cd5ed818d59b3a2964fab7de76e92c18e - ./libssh.a(krl.o): In function `ssh_krl_from_blob':

Hi, It's that time again... OpenSSH 6.2 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This release contains some substantial new features and a number of bugfixes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD:

Hi there! What am I doing wrong? I created a ssh-certificate id_user_rsa-cert.pub with this dump: id_user_rsa-cert.pub: root at host # ssh-keygen -Lf id_user_rsa-cert.pub ??????? Type: ssh-rsa-cert-v01 at openssh.com user certificate ??????? Public key: RSA-CERT SHA256:kPitwgxblaUH4viBoFoozSPq9Pblubbedk ??????? Signing CA: ED25519 SHA256:8p2foobarQo3Tfcblubb5+I5cboeckvpnktiHdUs ??????? Key ID:

Hi, OpenSSH 6.7 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a big release containing a number of features, a lot of internal refactoring and some potentially-incompatible changes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD:

Hi, OpenSSH 6.8 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This release contains some substantial new features and a number of bugfixes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is

On 8 June 2018 at 11:21, PGNet Dev <pgnet.dev at gmail.com> wrote: > fyi > > add'l -- and looks unrelated -- issue > /usr/include/pthread.h:251:12: note: previous declaration of ?pthread_join? was here > extern int pthread_join (pthread_t __th, void **__thread_return); What included pthread.h? That's explicitly not supported by sshd: $ grep THREAD

Hi, On RHEL 6.3 with gcc 4.4.6, a number of compiler warnings are emitted when building recent snapshots: These all seem to be harmless, but annoying. readpassphrase.c:127: warning: ignoring return value of ?write?, declared with attribute warn_unused_result readpassphrase.c:146: warning: ignoring return value of ?write?, declared with attribute warn_unused_result make[1]: Leaving directory

Compiling krl.c with clang results in a slew of warnings like this one: /usr/src/secure/lib/libssh/../../../crypto/openssh/krl.c:505:37: warning: format specifies type 'unsigned long long' but the argument has type 'u_int64_t' (aka 'unsigned long') [-Wformat] This comes from incorrectly assuming that u_int64_t is defined as unsigned long long, whereas on

https://bugzilla.mindrot.org/show_bug.cgi?id=3117 Bug ID: 3117 Summary: Tracking bug for 8.2 release Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Keywords: meta Severity: enhancement Priority: P5 Component: Miscellaneous Assignee:

OpenSSH 9.4 has just been released. It will be available from the mirrors listed at https://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested

Compiled on OpenIndiana using GCC 11 :; SunOS 5.11 illumos-2e79e00041 illumos Although snapshot was downloaded, it shows 9.3 version: :; ssh -V OpenSSH_9.3p1-snap20230809, OpenSSL 1.1.1v? 1 Aug 2023 Thanks and regards. On 31.07.2023 08:12, Damien Miller wrote: > Hi, > > OpenSSH 9.4 is almost ready for release, so we would appreciate testing > on as many platforms and systems as

OpenSSH 6.7 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches,