similar to: [PATCH] regression of comment extraction in private key file without passphrase

Hi Le 17/04/2020 ? 05:52, Damien Miller a ?crit?: > On Wed, 15 Apr 2020, Lo?c wrote: > >> Hello, >> >> In one recent change >> (https://anongit.mindrot.org/openssh.git/commit/?id=2b13d3934d5803703c04803ca3a93078ecb5b715), >> I noticed a regression. >> >> If ssh-keygen is given a private file without passphrase and without the >> corresponding

Remove sshkey_load_private(), as this function's role is similar to sshkey_load_private_type(). --- Dependency: This change depends over recently merged change in openbsd: https://github.com/openbsd/src/commit/b0c328c8f066f6689874bef7f338179145ce58d0 Change log: v1->v2 - Remove declaration of sshkey_load_private() in authfile.h authfile.c | 38

https://bugzilla.mindrot.org/show_bug.cgi?id=3068 Bug ID: 3068 Summary: Duplicate code in sshkey_load_private() function Product: Portable OpenSSH Version: 8.0p1 Hardware: Other OS: Windows 10 Status: NEW Severity: enhancement Priority: P5 Component: ssh-keygen Assignee:

On Wed, 17 Feb 2016, Hisashi T Fujinaka wrote: > And in another "oh duh" moment, I think this dumped core on two different > machines and I sent you the bt from the wrong machine. Here's the one > from NetBSD-7. > > #0 0x00007f7ff630e55a in _lwp_kill () from /usr/lib/libc.so.12 > (gdb) bt > #0 0x00007f7ff630e55a in _lwp_kill () from /usr/lib/libc.so.12 >

On Wed, 17 Feb 2016, Hisashi T Fujinaka wrote: > > This one is failing a test assetion - there should be some more useful > > output available from the test itself. > > I think it's this: > > test_hostkeys: > regress/unittests/hostkeys/test_iterate.c:163 test #1 "hostkeys_iterate all > with key parse" > ASSERT_INT_EQ(sshkey_load_public(

Hi, sshd crashes at below location. After compilation, when I start sshd it crashes in ?sshbuf-misc.c? file inside ?sshbuf_b64tod? function at line size_t plen = strlen(b64); The call trace is as below, Sshd main function -> sshkey_load_public -> sshkey_try_load_public -> sshkey_read -> sshbuf_b64tod During compilation a warning is thrown. Is this the trigger point for the crash?

Add private key protection information extraction to shh-keygen using -v option on top of -y option which is already parsing the private key. Technically, the passphrase isn't necessary to do this, but it is the most logical thing to do for me. Adding this to -l option is not appropriate because fingerprinting is using the .pub file when available. An other idea is to add a new option, I

On Tue, 23 Jun 2015, Jakub Jelen wrote: > > On 05/29/2015 09:12 AM, Damien Miller wrote: > > Hi, > > > > OpenSSH 6.9 is almost ready for release, so we would appreciate testing > > on as many platforms and systems as possible. This release contains > > some substantial new features and a number of bugfixes. > Tested basic configuration on Fedora 22. With

On Tue, 16 Feb 2016, Hisashi T Fujinaka wrote: > On Wed, 17 Feb 2016, Damien Miller wrote: > > > > Core was generated by `test_sshkey'. > > > Program terminated with signal SIGSEGV, Segmentation fault. > > > #0 0x000000000041273e in cert_parse (key=0x7f7ff7b120c0, > > > certbuf=0x7f7ff7b16200, b=0x7f7ff7b161b0) at sshkey.c:1896 > > > 1896

https://bugzilla.mindrot.org/show_bug.cgi?id=3155 Bug ID: 3155 Summary: openssh support hostkey encrypt Product: Portable OpenSSH Version: 8.2p1 Hardware: ARM64 OS: Linux Status: NEW Severity: security Priority: P5 Component: ssh-keygen Assignee: unassigned-bugs at mindrot.org

Hello, Could attached patch be reviewed. This patch provides a fix for bug: https://bugzilla.mindrot.org/show_bug.cgi?id=3037 Thanks, Jitendra

Hi, I have not found any way to use a Certificate with ssh-agent when my Key is stored on a pkcs11 device. I can add my key with ssh-add -s /usr/local/lib/opensc-pkcs11.so but ssh-add -s /usr/local/lib/opensc-pkcs11.so ~/.ssh/mykey-cert.pub does not add the certificate to my agent. As far as I undestand, in ssh-add.c line 580 if (pkcs11provider != NULL) { if (update_card(agent_fd,

Hi, OpenSSH 6.9 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This release contains some substantial new features and a number of bugfixes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is

https://bugzilla.mindrot.org/show_bug.cgi?id=3190 Bug ID: 3190 Summary: Inconsistent handling of private keys without accompanying public keys Product: Portable OpenSSH Version: 8.3p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component:

I've architected this in a way that looks future proof at least to the openssl provider transition. What will happen in openssl 3.0.0 is that providers become active and will accept keys via URI. The current file mechanisms will still be available but internally it will become a file URI. To support the provider interface, openssl will have to accept keys by URI instead of file and may

https://bugzilla.mindrot.org/show_bug.cgi?id=2561 Bug ID: 2561 Summary: ssh-keygen -A does not recreate broken zero-sized host keys Product: Portable OpenSSH Version: 7.2p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: ssh-keygen

https://bugzilla.mindrot.org/show_bug.cgi?id=3162 Bug ID: 3162 Summary: Tracking bug for 8.4 release Product: Portable OpenSSH Version: -current Hardware: Other OS: All Status: NEW Keywords: meta Severity: enhancement Priority: P5 Component: Miscellaneous Assignee:

Add support to load additional certificates for already loaded private keys. Useful if the private key is on a PKCS#11 hardware token. The private keys inside ssh-agent are now using a refcount to share the private parts between "Identities". The reason for this change was that the PKCS#11 code might have redirected ("wrap") the RSA functions to a hardware token. We don't

https://bugzilla.mindrot.org/show_bug.cgi?id=2522 Bug ID: 2522 Summary: Key parser should reflect errors from OpenSSL Product: Portable OpenSSH Version: 7.1p1 Hardware: Other OS: Linux Status: NEW Keywords: patch Severity: enhancement Priority: P5 Component: ssh

Engine keys are private key files which are only understood by openssl external engines. ?The problem is they can't be loaded with the usual openssl methods, they have to be loaded via ENGINE_load_private_key(). ?Because they're files, they fit well into openssh pub/private file structure, so they're not very appropriately handled by the pkcs11 interface because it assumes the private