similar to: [Bug 3702] New: sshd fork crashed when compiled with seccomp

Displaying 20 results from an estimated 3000 matches similar to: "[Bug 3702] New: sshd fork crashed when compiled with seccomp"

2019 Oct 31
37
[Bug 3085] New: seccomp issue after upgrading openssl
https://bugzilla.mindrot.org/show_bug.cgi?id=3085 Bug ID: 3085 Summary: seccomp issue after upgrading openssl Product: Portable OpenSSH Version: 8.1p1 Hardware: Other OS: Linux Status: NEW Severity: critical Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org
2023 Dec 02
33
[Bug 3639] New: server thread aborts during client login after receiving SSH2_MSG_KEXINIT
https://bugzilla.mindrot.org/show_bug.cgi?id=3639 Bug ID: 3639 Summary: server thread aborts during client login after receiving SSH2_MSG_KEXINIT Product: Portable OpenSSH Version: 9.2p1 Hardware: ARM OS: Linux Status: NEW Severity: critical Priority: P5 Component:
2022 Dec 20
37
[Bug 3512] New: net-misc/openssh-9.1_p1: stopped accepting connections after upgrade to sys-libs/glibc-2.36 (fatal: ssh_sandbox_violation: unexpected system call)
https://bugzilla.mindrot.org/show_bug.cgi?id=3512 Bug ID: 3512 Summary: net-misc/openssh-9.1_p1: stopped accepting connections after upgrade to sys-libs/glibc-2.36 (fatal: ssh_sandbox_violation: unexpected system call) Product: Portable OpenSSH Version: 9.1p1 Hardware: amd64 OS: Linux
2015 Feb 25
2
[openssh with openssl cryptodev engine] sshd killed by seccomp filter
Hello I have a server with an hardware crypto accelator. For giving userspace access to it I use the cryptodev module (http://cryptodev-linux.org/) I have also the cryptodev engine compiled in openssl. When I modprobe the cryptodev module, I cannot login with ssh on the server. The symptom can be found with dmesg: audit: type=1326 audit(1424784807.257:3): auid=4294967295 uid=22 gid=22
2016 Jun 17
14
[Bug 2590] New: Seccomp filter for missing architectures
https://bugzilla.mindrot.org/show_bug.cgi?id=2590 Bug ID: 2590 Summary: Seccomp filter for missing architectures Product: Portable OpenSSH Version: 7.2p1 Hardware: Other OS: Linux Status: NEW Keywords: patch Severity: enhancement Priority: P5 Component: sshd
2023 Jun 30
1
Subsystem sftp invoked even though forced command created
On 30/06/2023 09:56, Damien Miller wrote: > It's very hard to figure out what is happening here without a debug log. > > You can get one by stopping the listening sshd and running it manually > in debug mode, e.g. "/usr/sbin/sshd -ddd" Or starting one in debug mode on a different port, e.g. "-p99 -ddd"
2020 Jul 07
3
libssh2 is hanging during a file transfert
I'm trying to send data to a server with openssh 7.9p1, but it's hanging somewhere. the client stop at the line : Jul 7 11:52:16 TOTO sshd[19553]: debug3: channel 0: will not send data after close and after 5 minutes the client closes the connection, why ? This is the trace of the server openssh : ( DEBUG3 level) Jul 7 11:52:15 TOTO sshd[31175]: debug3: fd 6 is not O_NONBLOCK Jul
2015 Feb 11
2
[PATCH] seccomp: allow the getrandom system call.
*SSL libraries or the C library may/will require it. --- sandbox-seccomp-filter.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c index b6f6258..846bc08 100644 --- a/sandbox-seccomp-filter.c +++ b/sandbox-seccomp-filter.c @@ -129,6 +129,9 @@ static const struct sock_filter preauth_insns[] = { #else SC_ALLOW(sigprocmask), #endif
2022 May 06
9
[Bug 3430] New: 64 bit time and seccomp conflict
https://bugzilla.mindrot.org/show_bug.cgi?id=3430 Bug ID: 3430 Summary: 64 bit time and seccomp conflict Product: Portable OpenSSH Version: 8.9p1 Hardware: ARM OS: Linux Status: NEW Severity: major Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org
2017 Oct 05
2
seccomp filter for dovecot
Hi, I would like to contribute to dovecot by adding seccomp system call filtering. Is this something you would like to merge into the dovecot codebase? If so, I can put up a PR on github once I complete it. Thanks, Archana
2019 Jun 30
2
Possibly Missing Syscalls from Seccomp Filter
Hi! I'm investigating the seccomp filter in openssh and I wanted to know whether the following system calls should be added to the filter: 1. getgroups - do_authentication2->dispatch_run_fatal->sshpkt_fatal->logdie->cleanup_exit->do_cleanup->temporarily_use_uid->getgroups 2. setgroups -
2024 Sep 06
9
[Bug 3729] New: the new sshd does not work under the supervision of inetd
https://bugzilla.mindrot.org/show_bug.cgi?id=3729 Bug ID: 3729 Summary: the new sshd does not work under the supervision of inetd Product: Portable OpenSSH Version: 9.8p1 Hardware: ARM OS: Linux Status: NEW Severity: major Priority: P5 Component: sshd
2015 Mar 05
31
[Bug 2361] New: seccomp filter (not only) for aarch64
https://bugzilla.mindrot.org/show_bug.cgi?id=2361 Bug ID: 2361 Summary: seccomp filter (not only) for aarch64 Product: Portable OpenSSH Version: 6.7p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at
2018 Nov 22
2
Debian Stretch 9.6: openssh-server and old dropbear client don't work togheter
Hi, I have compatibility issues with the latest version of openssh-server and an old dropbear client, the dopbear client stops at preauth ov 22 14:34:03 myhostname sshd[3905]: debug1: Client protocol version 2.0; client software version dropbear_0.46 Nov 22 14:34:03 myhostname sshd[3905]: debug1: no match: dropbear_0.46 Nov 22 14:34:03 myhostname sshd[3905]: debug1: Local version string
2019 Mar 27
26
Call for testing: OpenSSH 8.0
Hi, OpenSSH 8.0p1 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available via git using the instructions at
2015 Feb 28
2
SAP-2015-3-1 issues
On Sun, Mar 01, 2015 at 03:23:04AM +1100, Damien Miller wrote: > > > On Sat, 28 Feb 2015, The Doctor wrote: > > > BSD/OS issues > > > > with 1.0.2a dev > > Thanks for testing. > You are welcome. > > make tests > > > > regress/netcat.c:656: `on' undeclared (first use in this function) > > regress/netcat.c:656: (Each
2015 Jul 23
3
Cisco vs. 6.9
After upgrading a Linux system from OpenSSH 6.7 to 6.9, Cisco switches/routers can no longer scp config files to/from the system. The last debug entry before the Cisco device closes the connection is "debug1: server_input_channel_open: confirm session". The next line is "Connection closed by x.x.x.x". Anyone else seen this or know of a fix? The Cisco device gives
2014 Dec 23
2
chaining AUTH methods -- adding GoogleAuthenticator 2nd Factor to pubkey auth? can't get the GA prompt :-/
On Tue, 23 Dec 2014, Dmt Ops wrote: > testing goole-authenticator's standalone functionality, it > > > cd google-authenticator/libpam/ > > ./demo > Verification code: 123456 > Login failed > Invalid verification code > > > > fails with an INVALID code, and > > > ./demo > Verification code:
2024 Mar 13
2
ProxyJump does not accept IPv6 for the intermediate host?
Hello, it seems I cannot use: $ ssh -J root at 2a01:4f8:1c1e:528d::1 root at west-coast Invalid -J argument (The west-coast is stored on the jump host in between in /etc/hosts.) $ ssh -J root at 167.235.141.44 root at west-coast Works as expected. Also $ ssh root at 2a01:4f8:1c1e:528d::1 does work as expected. I do have native IPv6. This is on Debian 12 Bookworm: $ ssh -V OpenSSH_9.2p1
2012 Nov 23
1
Public Key Authentication
Hi, I wonder, how can i use openssh Public key authentification with ActivCard pkcs11 x509 certificate store and login to only my account reading/using username provided from certificate DN, or principal name,friendly name ? b111887 and e411617 is administrator on this os. I have rights to put e411617 pub keys to b111887 home folder authorized keys. And because openssh ask's me to provide