similar to: [Bug 3559] New: Mini memory leak and needless(?) const/static qualifier.

On 2020-02-05 at 20:39 -0500, Phil Pennock wrote: > On 2020-02-06 at 10:29 +1100, Damien Miller wrote: > > OpenSSH 8.2p1 is almost ready for release, so we would appreciate testing > > on as many platforms and systems as possible. This is a feature release. > > > * The RFC8332 RSA SHA-2 signature algorithms rsa-sha2-256/512. These > This actually affects me:

https://bugzilla.mindrot.org/show_bug.cgi?id=2680 Bug ID: 2680 Summary: Regression in server-sig-algs offer in 7.4p1 (Deprecation of SHA1 is not being enforced) Product: Portable OpenSSH Version: 7.4p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5

With the upcoming deprecation of ssh-rsa I was trying to see what keys my version of OpenSSH ( 7.8p1 ) supports. I noticed that "ssh -Q key" does not actually list the suggested algorithms to transition to ( rsa-sha2-256 and rsa-sha2-512 ) even though they are supported. Looking through the code, it looks like an issue with the arguments passed to sshkey_alg_list in ssh.c where it should

https://bugzilla.mindrot.org/show_bug.cgi?id=3560 Bug ID: 3560 Summary: Memory leak in channels.c Product: Portable OpenSSH Version: 8.5p1 Hardware: Other OS: All Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org

On Thu, 6 Feb 2020 at 12:46, Phil Pennock <phil.pennock at globnix.org> wrote: [...] > ssh_config(5) describes for `HostKeyAlgorithms` that: > } The list of available key types may also be obtained using "ssh -Q key" > > Running `ssh -Q key`, the output does not include these proposed > replacements. > > Only in sshd_config(5): > rsa-sha2-512-cert-v01 at

Suppose an SSH server has both RSA and DSA host keys for protocol 2, but I only have the DSA key, and I want to use that. I'm stuck; the OpenSSH client is hard-wired to offer both algorithms in the key exchange, and will select ssh-rsa if it's available (see myproposal.h, KEX_DEFAULT_PK_ALG). Below is a patch adding the client configuration option "PKAlgorithms" for this

https://bugzilla.mindrot.org/show_bug.cgi?id=2527 Bug ID: 2527 Summary: default algorithms mismatch between man pages and myproposal.h Product: Portable OpenSSH Version: 7.1p1 Hardware: All OS: All Status: NEW Severity: major Priority: P5 Component: Documentation

When forwarding a Unix-domain socket, the remote socket path must be absolute (otherwise the forwarding fails later). However, guessing absolute path on the remote end is sometimes not straightforward, because the file system location may vary for many reasons, including the system installation, the choices of NFS mount points, or the remote user ID. To allow ssh clients to request remote socket

Dear list, I have to read some clinical data a file coming from Filemaker on Macintosh (Ugh ! But it could be worse and come from Excel...). Exporting via Excel is out of question since the file has 467 columns and 121 lines (+ headers), which is out of reach of Excel. So I received an "mer"" files, which is what Filemaker exports as a text file. It seems to be a semicolon

Hi, I'm doing some test with a pkcs11 token that can only sign short messages. When connecting to one server, that reports pkalg rsa-sha2-512 blen 151, it fails to sign the pubkey because it is 83 bytes long. (sshd: OpenSSH_7.3p1) A older server that reports pkalg ssh-rsa blen 151, works perfectly as the pubkey signature required is only 35 bytes long. (sshd: OpenSSH_6.7p1) I am not sure

On 2020-02-06 at 13:28 +1100, Darren Tucker wrote: > Like this. > --- a/sshd_config.5 > +++ b/sshd_config.5 The ssh_config.5 also has a copy of this and presumably needs the same change, unless I've misunderstood. -Phil

Hi all, I would like to ask that if you post to this list, please avoid signatures, vcards, and other unnecessary attachments. In order to keep this list virtually spam free, despite the fact that it gets sent spam literally every day, I moderate anything that comes in with text/html or multipart/*. However, it means I have to moderate these things manually, so, to make my life easier,

On Wed, 6 Jun 2001, Markus Friedl posted the following to Bugtraq: > this feature [placing the X11 cookie file in /tmp] was inherited > from ossh and the reason was: > 1) if $HOME is on NFS, then the cookie travels unencrypted > over the network, this defeats the purpose of X11-fwding > 2) $HOME/.Xauthority gets polluted with temorary cookies. > however,

Full_Name: Jelle Goeman Version: 2.4.0 OS: windows XP Submission from: (NULL) (145.88.209.33) Hi, I like to use optimize() to optimize functions whose evaluation is costly in terms of computation time. The Brent algorithm which is implemented in optimize was designed to optimize a function with as few function evaluations as possible. Therefore it bothers me that optimize() always evaluates

No, just no. You do not use goto to skip a code block. You do not return an obvious variable from a singly-inlined function and give the function a return value. You don't put unexplained comments about kmalloc in code which doesn't do dynamic allocation. And you don't leave stray warnings around for no good reason. Also, when possible, it is better to use block scoped variables

No, just no. You do not use goto to skip a code block. You do not return an obvious variable from a singly-inlined function and give the function a return value. You don't put unexplained comments about kmalloc in code which doesn't do dynamic allocation. And you don't leave stray warnings around for no good reason. Also, when possible, it is better to use block scoped variables

When connecting to a host for which there's no known hostkey, check if the relevant key has been accepted for other hostnames. This is useful when connecting to a host with a dymamic IP address or multiple names. --- auth.c | 4 ++-- hostfile.c | 42 ++++++++++++++++++++++++++++-------------- hostfile.h | 8 ++++++-- sshconnect.c | 39 +++++++++++++++++++++++++++++++++------

On Mon, 6 May 2024, openssh at tr.id.au wrote: > ... and I guess your next question will be about compilation environment, so: > > ``` > $ gcc --version > gcc (Gentoo 13.2.1_p20240210 p14) 13.2.1 20240210 > Copyright (C) 2023 Free Software Foundation, Inc. > This is free software; see the source for copying conditions. There is NO > warranty; not even for MERCHANTABILITY

On Sat, 4 May 2024, openssh at tr.id.au wrote: > Hey there, > > I often want different behavior in my ssh client depending on > whether I'm logging into an interactive session or running > a remote non-interactive command. We can see at, say, > https://unix.stackexchange.com/a/499562/305714 that this isn't a > unique wish, and existing solutions are kind of baroque.

In sshconnect.c there are two global variables for server_version_string client_version_string. These are used just in a few functions and can easily be passed as parameters. Also, there is a strange construct, where their memory is allocated to the global pointers, then copies of these pointers are assigned to the kex structure. The kex_free finally frees them via cleanup of the kex