Displaying 20 results from an estimated 3000 matches similar to: "[Bug 3702] New: sshd fork crashed when compiled with seccomp"
2019 Oct 31
37
[Bug 3085] New: seccomp issue after upgrading openssl
https://bugzilla.mindrot.org/show_bug.cgi?id=3085
Bug ID: 3085
Summary: seccomp issue after upgrading openssl
Product: Portable OpenSSH
Version: 8.1p1
Hardware: Other
OS: Linux
Status: NEW
Severity: critical
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
2023 Dec 02
33
[Bug 3639] New: server thread aborts during client login after receiving SSH2_MSG_KEXINIT
https://bugzilla.mindrot.org/show_bug.cgi?id=3639
Bug ID: 3639
Summary: server thread aborts during client login after
receiving SSH2_MSG_KEXINIT
Product: Portable OpenSSH
Version: 9.2p1
Hardware: ARM
OS: Linux
Status: NEW
Severity: critical
Priority: P5
Component:
2022 Dec 20
37
[Bug 3512] New: net-misc/openssh-9.1_p1: stopped accepting connections after upgrade to sys-libs/glibc-2.36 (fatal: ssh_sandbox_violation: unexpected system call)
https://bugzilla.mindrot.org/show_bug.cgi?id=3512
Bug ID: 3512
Summary: net-misc/openssh-9.1_p1: stopped accepting connections
after upgrade to sys-libs/glibc-2.36 (fatal:
ssh_sandbox_violation: unexpected system call)
Product: Portable OpenSSH
Version: 9.1p1
Hardware: amd64
OS: Linux
2015 Feb 25
2
[openssh with openssl cryptodev engine] sshd killed by seccomp filter
Hello
I have a server with an hardware crypto accelator.
For giving userspace access to it I use the cryptodev module (http://cryptodev-linux.org/)
I have also the cryptodev engine compiled in openssl.
When I modprobe the cryptodev module, I cannot login with ssh on the server.
The symptom can be found with dmesg:
audit: type=1326 audit(1424784807.257:3): auid=4294967295 uid=22 gid=22
2016 Jun 17
14
[Bug 2590] New: Seccomp filter for missing architectures
https://bugzilla.mindrot.org/show_bug.cgi?id=2590
Bug ID: 2590
Summary: Seccomp filter for missing architectures
Product: Portable OpenSSH
Version: 7.2p1
Hardware: Other
OS: Linux
Status: NEW
Keywords: patch
Severity: enhancement
Priority: P5
Component: sshd
2023 Jun 30
1
Subsystem sftp invoked even though forced command created
On 30/06/2023 09:56, Damien Miller wrote:
> It's very hard to figure out what is happening here without a debug log.
>
> You can get one by stopping the listening sshd and running it manually
> in debug mode, e.g. "/usr/sbin/sshd -ddd"
Or starting one in debug mode on a different port, e.g. "-p99 -ddd"
2020 Jul 07
3
libssh2 is hanging during a file transfert
I'm trying to send data to a server with openssh 7.9p1, but it's hanging
somewhere.
the client stop at the line :
Jul 7 11:52:16 TOTO sshd[19553]: debug3: channel 0: will not send data
after close
and after 5 minutes the client closes the connection, why ?
This is the trace of the server openssh : ( DEBUG3 level)
Jul 7 11:52:15 TOTO sshd[31175]: debug3: fd 6 is not O_NONBLOCK
Jul
2015 Feb 11
2
[PATCH] seccomp: allow the getrandom system call.
*SSL libraries or the C library may/will require it.
---
sandbox-seccomp-filter.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index b6f6258..846bc08 100644
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -129,6 +129,9 @@ static const struct sock_filter preauth_insns[] = {
#else
SC_ALLOW(sigprocmask),
#endif
2022 May 06
9
[Bug 3430] New: 64 bit time and seccomp conflict
https://bugzilla.mindrot.org/show_bug.cgi?id=3430
Bug ID: 3430
Summary: 64 bit time and seccomp conflict
Product: Portable OpenSSH
Version: 8.9p1
Hardware: ARM
OS: Linux
Status: NEW
Severity: major
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
2017 Oct 05
2
seccomp filter for dovecot
Hi,
I would like to contribute to dovecot by adding seccomp system call
filtering.
Is this something you would like to merge into the dovecot codebase? If so,
I can put up a PR on github once I complete it.
Thanks,
Archana
2019 Jun 30
2
Possibly Missing Syscalls from Seccomp Filter
Hi!
I'm investigating the seccomp filter in openssh and I wanted to know
whether the following system calls should be added to the filter:
1. getgroups
-
do_authentication2->dispatch_run_fatal->sshpkt_fatal->logdie->cleanup_exit->do_cleanup->temporarily_use_uid->getgroups
2. setgroups
-
2024 Sep 06
9
[Bug 3729] New: the new sshd does not work under the supervision of inetd
https://bugzilla.mindrot.org/show_bug.cgi?id=3729
Bug ID: 3729
Summary: the new sshd does not work under the supervision of
inetd
Product: Portable OpenSSH
Version: 9.8p1
Hardware: ARM
OS: Linux
Status: NEW
Severity: major
Priority: P5
Component: sshd
2015 Mar 05
31
[Bug 2361] New: seccomp filter (not only) for aarch64
https://bugzilla.mindrot.org/show_bug.cgi?id=2361
Bug ID: 2361
Summary: seccomp filter (not only) for aarch64
Product: Portable OpenSSH
Version: 6.7p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-bugs at
2018 Nov 22
2
Debian Stretch 9.6: openssh-server and old dropbear client don't work togheter
Hi, I have compatibility issues with the latest version of
openssh-server and an old dropbear client, the dopbear client stops at
preauth
ov 22 14:34:03 myhostname sshd[3905]: debug1: Client protocol version
2.0; client software version dropbear_0.46
Nov 22 14:34:03 myhostname sshd[3905]: debug1: no match: dropbear_0.46
Nov 22 14:34:03 myhostname sshd[3905]: debug1: Local version string
2019 Mar 27
26
Call for testing: OpenSSH 8.0
Hi,
OpenSSH 8.0p1 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible.
Snapshot releases for portable OpenSSH are available from
http://www.mindrot.org/openssh_snap/
The OpenBSD version is available in CVS HEAD:
http://www.openbsd.org/anoncvs.html
Portable OpenSSH is also available via git using the
instructions at
2015 Feb 28
2
SAP-2015-3-1 issues
On Sun, Mar 01, 2015 at 03:23:04AM +1100, Damien Miller wrote:
>
>
> On Sat, 28 Feb 2015, The Doctor wrote:
>
> > BSD/OS issues
> >
> > with 1.0.2a dev
>
> Thanks for testing.
>
You are welcome.
> > make tests
> >
> > regress/netcat.c:656: `on' undeclared (first use in this function)
> > regress/netcat.c:656: (Each
2015 Jul 23
3
Cisco vs. 6.9
After upgrading a Linux system from OpenSSH 6.7 to 6.9, Cisco
switches/routers can no longer scp config files to/from the system. The
last debug entry before the Cisco device closes the connection is "debug1:
server_input_channel_open: confirm session". The next line is "Connection
closed by x.x.x.x". Anyone else seen this or know of a fix? The Cisco
device gives
2014 Dec 23
2
chaining AUTH methods -- adding GoogleAuthenticator 2nd Factor to pubkey auth? can't get the GA prompt :-/
On Tue, 23 Dec 2014, Dmt Ops wrote:
> testing goole-authenticator's standalone functionality, it
>
> > cd google-authenticator/libpam/
> > ./demo
> Verification code: 123456
> Login failed
> Invalid verification code
> >
>
> fails with an INVALID code, and
>
> > ./demo
> Verification code:
2024 Mar 13
2
ProxyJump does not accept IPv6 for the intermediate host?
Hello,
it seems I cannot use:
$ ssh -J root at 2a01:4f8:1c1e:528d::1 root at west-coast
Invalid -J argument
(The west-coast is stored on the jump host in between in /etc/hosts.)
$ ssh -J root at 167.235.141.44 root at west-coast
Works as expected. Also
$ ssh root at 2a01:4f8:1c1e:528d::1
does work as expected. I do have native IPv6.
This is on Debian 12 Bookworm:
$ ssh -V
OpenSSH_9.2p1
2012 Nov 23
1
Public Key Authentication
Hi,
I wonder, how can i use openssh Public key authentification with
ActivCard pkcs11 x509 certificate store and login to only my account
reading/using username provided from certificate DN, or principal
name,friendly name ?
b111887 and e411617 is administrator on this os. I have rights to put
e411617 pub keys to b111887 home folder authorized keys. And because
openssh ask's me to provide