Displaying 20 results from an estimated 60000 matches similar to: "[Bug 1672] add local DNSSEC validation"
2009 Nov 18
11
[Bug 1672] New: add local DNSSEC validation
https://bugzilla.mindrot.org/show_bug.cgi?id=1672
Summary: add local DNSSEC validation
Product: Portable OpenSSH
Version: 5.3p1
Platform: Other
OS/Version: Linux
Status: NEW
Severity: enhancement
Priority: P2
Component: ssh
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: robert.story
2023 Jul 10
0
[Bug 1672] add local DNSSEC validation
https://bugzilla.mindrot.org/show_bug.cgi?id=1672
--- Comment #8 from pva <peter.volkov at gmail.com> ---
What is the status of this patch? It looks like many people don't
realize that without a secure local resolver, SSHFP just hides security
under the carpet: instead of a clear one-time 'yes' it makes this 'yes'
unattended, yet it's still possible for mitm on local
2013 Jun 09
7
[Bug 2119] New: SSHFP with DNSSEC – no trust anchors given, validation always fails
https://bugzilla.mindrot.org/show_bug.cgi?id=2119
Bug ID: 2119
Summary: SSHFP with DNSSEC ? no trust anchors given, validation
always fails
Product: Portable OpenSSH
Version: 6.2p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component:
2015 Aug 11
0
[Bug 2022] ssh segfaults when using ldns, SSHFP, a DNSSEC-enabled resolver and a CNAME
https://bugzilla.mindrot.org/show_bug.cgi?id=2022
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #5 from Damien Miller <djm at mindrot.org> ---
Set all RESOLVED bugs to CLOSED with release
2009 Nov 18
2
local DNSSEC validation for 5.3p1
Attached is a patch that adds local DNSSEC validation to OpenSSH. See
the readme for more detail. Please direct any questions or comments to
users at dnssec-tools.org. Thanks..
--
Robert Story
Senior Software Engineer
SPARTA (dba Cobham Analytic Soloutions)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size:
2011 Jul 20
1
auto-accept keys matching DNSSEC-validated SSHFP records
Hi,
I submitted a patch back in November of 2009 to add local validation of
DNSSEC record to openssh. I recent updated the patch for 5.8, and
figured I do a little marketing while I'm at it. :-)
Someone had previously submitted a patch which simply trusted the AD
bit in the response, which is susceptible to spoofing by anyone who can
inject packets between the resolver and the client. Our
2015 Jun 22
2
Small issue with DNSSEC / SSHFP
Hi,
I found a small issue with DNSSEC validation of SSHFP lookups. (For reference
I used OpenSSH 6.8p1 on FreeBSD 10.1).
The issues is that when DNSSEC valiation fails, ssh displays a confusing
message to the user. When DNSSEC validation of a SSHFP record fails, ssh
presents the user with
"Matching host key fingerprint found in DNS.
"Are you sure you want to continue connecting
2015 Dec 11
4
[Bug 2516] New: ssh client shouldn't trust the DNS AD bit blindly
https://bugzilla.mindrot.org/show_bug.cgi?id=2516
Bug ID: 2516
Summary: ssh client shouldn't trust the DNS AD bit blindly
Product: Portable OpenSSH
Version: 7.1p1
Hardware: All
OS: All
Status: NEW
Severity: security
Priority: P5
Component: ssh
Assignee: unassigned-bugs at
2015 Nov 13
0
[Bug 1860] UseDNS option ignored
https://bugzilla.mindrot.org/show_bug.cgi?id=1860
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |WORKSFORME
Status|NEW |RESOLVED
--- Comment #6 from Damien Miller <djm at
2010 Aug 09
1
[Bug 1296] VerifyHostKeyDNS default domain
https://bugzilla.mindrot.org/show_bug.cgi?id=1296
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
Status|NEW |RESOLVED
Resolution|
2012 Jul 06
0
[Bug 2017] Multiple dynamically allocated remote ports all connect to the same local port
https://bugzilla.mindrot.org/show_bug.cgi?id=2017
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
Status|NEW |RESOLVED
Resolution|---
2015 Jun 05
0
[Bug 1970] GSSAPI mechanisms will be disabled because the following shared libraries could not be loaded: /usr/local/lib/libgssapi_krb5.so
https://bugzilla.mindrot.org/show_bug.cgi?id=1970
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |WORKSFORME
CC| |djm at mindrot.org
Status|NEW
2016 Dec 02
0
[Bug 1592] Fingerprints for SSHD host key don't match (local ssh-keygen -l vs. ssh localhost)
https://bugzilla.mindrot.org/show_bug.cgi?id=1592
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
--- Comment #1 from Damien Miller <djm at mindrot.org> ---
Can you reproduce this with a
2012 Jun 26
2
[Bug 2022] New: ssh segfaults when using ldns, SSHFP, a DNSSEC-enabled resolver and a CNAME
https://bugzilla.mindrot.org/show_bug.cgi?id=2022
Bug #: 2022
Summary: ssh segfaults when using ldns, SSHFP, a DNSSEC-enabled
resolver and a CNAME
Classification: Unclassified
Product: Portable OpenSSH
Version: 6.0p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
2015 Aug 11
0
[Bug 2017] Multiple dynamically allocated remote ports all connect to the same local port
https://bugzilla.mindrot.org/show_bug.cgi?id=2017
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #3 from Damien Miller <djm at mindrot.org> ---
Set all RESOLVED bugs to CLOSED with release
2016 Aug 02
0
[Bug 1970] GSSAPI mechanisms will be disabled because the following shared libraries could not be loaded: /usr/local/lib/libgssapi_krb5.so
https://bugzilla.mindrot.org/show_bug.cgi?id=1970
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #3 from Damien Miller <djm at mindrot.org> ---
Close all resolved bugs after 7.3p1 release
2017 Jun 26
0
[Bug 1592] Fingerprints for SSHD host key don't match (local ssh-keygen -l vs. ssh localhost)
https://bugzilla.mindrot.org/show_bug.cgi?id=1592
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |WORKSFORME
Status|NEW |RESOLVED
--- Comment #3 from Damien Miller <djm at
2000 Sep 03
1
installing OpenSSH rpm on SuSE 6.2
I am taking the liberty of forwarding this message to the list. I am
not subscribed to it. If you want to reply to me, please send email to
faheem at email.unc.edu
Thanks, Faheem Mitha.
---------- Forwarded message ----------
From: Faheem Mitha <faheem at email.unc.edu>
Newsgroups: comp.security.ssh
Subject: installing OpenSSH rpm on SuSE 6.2
Dear people,
I tried
2001 Mar 28
1
OSSH 2.5.2p2: Why is /usr/local/ put into the include & lib p aths under Solaris?
But the main question hasn't been answered: Why is /usr/local placed before
user-specified paths? Hypothetical example: You want to link against OpenSSL
0.96 for OpenSSH, but /usr/local contains 0.95, which is needed for
something else. (Assume it comes binary only on Solaris for the sake of
argument...)
--Matt
> -----Original Message-----
> From: Damien Miller [mailto:djm at
2014 Feb 13
0
[Bug 1975] Support for Match configuration directive to also include subsystems
https://bugzilla.mindrot.org/show_bug.cgi?id=1975
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
--- Comment #1 from Damien Miller <djm at mindrot.org> ---
At present, this is not possible