similar to: Announce: OpenSSH 9.4 released

Compiled on OpenIndiana using GCC 11 :; SunOS 5.11 illumos-2e79e00041 illumos Although snapshot was downloaded, it shows 9.3 version: :; ssh -V OpenSSH_9.3p1-snap20230809, OpenSSL 1.1.1v? 1 Aug 2023 Thanks and regards. On 31.07.2023 08:12, Damien Miller wrote: > Hi, > > OpenSSH 9.4 is almost ready for release, so we would appreciate testing > on as many platforms and systems as

Hi, OpenSSH 9.4 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a bugfix release. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available via git using the instructions at

I believe there has been a bug in KRL signature verification that has been present since the KRL feature was first introduced. It prevents signed KRLs from being loaded by OpenSSH [0]. I believe this bug applies to all versions of OpenSSH, although the majority of my effort has been devoted to (and all of my code snippets come from) openssl-portable. The bug is that an offset is incorrectly

Hi! While reading through PROTOCOL.krl I came across "5. KRL signature sections". If my understanding is correct - and that's basically what I would like to get knocked down for if appropriate ;) - this is a way for SSHDs to ensure they only accept KRLs signed by a trusted CA. However, I cannot seem to find a way to actually _sign_ a KRL with ssh-keygen? The aforementioned

OpenSSH 6.8 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches,

OpenSSH 7.9 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested

https://bugzilla.mindrot.org/show_bug.cgi?id=3574 Bug ID: 3574 Summary: ssh ignores AuthorizedPrincipalsCommand if AuthorizedKeysCommand is also set Product: Portable OpenSSH Version: 9.3p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component:

Hi, On RHEL 6.3 with gcc 4.4.6, a number of compiler warnings are emitted when building recent snapshots: These all seem to be harmless, but annoying. readpassphrase.c:127: warning: ignoring return value of ?write?, declared with attribute warn_unused_result readpassphrase.c:146: warning: ignoring return value of ?write?, declared with attribute warn_unused_result make[1]: Leaving directory

https://bugzilla.mindrot.org/show_bug.cgi?id=3659 Bug ID: 3659 Summary: Certificates are ignored when listing revoked items in a (binary) revocation list Product: Portable OpenSSH Version: 9.2p1 Hardware: All OS: All Status: NEW Severity: minor Priority: P5

OpenSSH 6.7 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches,

Changes since OpenSSH 6.1 ========================= This release introduces a number of new features: Features: * ssh(1)/sshd(8): Added support for AES-GCM authenticated encryption in SSH protocol 2. The new cipher is available as aes128-gcm at openssh.com and aes256-gcm at openssh.com. It uses an identical packet format to the AES-GCM mode specified in RFC 5647, but uses simpler and

https://bugzilla.mindrot.org/show_bug.cgi?id=2313 Bug ID: 2313 Summary: Corrupt KRL file when using multiple CA. Product: Portable OpenSSH Version: 6.5p1 Hardware: Other OS: Linux Status: NEW Severity: major Priority: P5 Component: ssh-keygen Assignee: unassigned-bugs at

Hi, It's that time again... OpenSSH 6.2 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This release contains some substantial new features and a number of bugfixes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD:

Compiling krl.c with clang results in a slew of warnings like this one: /usr/src/secure/lib/libssh/../../../crypto/openssh/krl.c:505:37: warning: format specifies type 'unsigned long long' but the argument has type 'u_int64_t' (aka 'unsigned long') [-Wformat] This comes from incorrectly assuming that u_int64_t is defined as unsigned long long, whereas on

https://bugzilla.mindrot.org/show_bug.cgi?id=2487 Bug ID: 2487 Summary: AuthorizedPrincipalsCommand should probably document whether it only applies to TrustedUserCAKeys CAs Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: enhancement

https://bugzilla.mindrot.org/show_bug.cgi?id=3577 Bug ID: 3577 Summary: CASignatureAlgorithms supports -cert alogrithms Product: Portable OpenSSH Version: 9.3p1 Hardware: amd64 OS: Linux Status: NEW Severity: normal Priority: P5 Component: ssh Assignee: unassigned-bugs at

Hi, OpenSSH 6.8 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This release contains some substantial new features and a number of bugfixes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is

Hi, In ssh_krl_from_blob(), krl.c:984, /* Record keys used to sign the KRL */ xrealloc(ca_used, nca_used + 1, sizeof(*ca_used)); ca_used[nca_used++] = key; The result of `xrealloc' is never assigned to `ca_used', which remains a null pointer. Will ca_used[...] crash?. Did I miss anything? Thanks. - xi

Hello. I am trying to play through the following test scenario about certificate revocation on Ubuntu 18.04, which has OpenSSH of this version: OpenSSH_7.6p1 Ubuntu-4, OpenSSL 1.0.2n? 7 Dec 2017 1. A CA key is created ssh-keygen -t ed25519 -f ca 2. The CA public key is added to ~/.ssh/authorized_keys on some server: cert-authority ssh-ed25519 AAAA...e ca at yoga 3. A user key is created on a

https://bugzilla.mindrot.org/show_bug.cgi?id=3675 Bug ID: 3675 Summary: CASignatureAlgorithms should be verified before verifying signatures Product: Portable OpenSSH Version: 9.7p1 Hardware: Other OS: All Status: NEW Severity: enhancement Priority: P5 Component: