Package: openssh-server; Maintainer for openssh-server is Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>; Source for openssh-server is src:openssh (PTS, buildd, popcon).
Reported by: adrian@smop.co.uk
Date: Wed, 26 Aug 2009 14:15:02 UTC
Severity: wishlist
Found in version openssh/1:5.1p1-7
Fixed in versions openssh/1:6.1p1-1, openssh/1:6.2p1-1
Done: Colin Watson <cjwatson@debian.org>
Bug is archived. No further changes may be made.
View this report as an mbox folder, status mbox, maintainer mbox
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#543683; Package openssh-server.
(Wed, 26 Aug 2009 14:15:07 GMT) (full text, mbox, link).
Acknowledgement sent
to adrian@smop.co.uk:
New Bug report received and forwarded. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>.
(Wed, 26 Aug 2009 14:15:07 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: openssh-server Version: 1:5.1p1-7 Severity: wishlist I'm trying to setup a reverse SSH box (i.e. one where people stuck behind NAT can SSH in and initiate a tunnel back to their machine). They use this something like this: ssh login@box -R 2000:localhost:22 I'm trying to lock this down as far as possible - in particular I'd like to disable AllowTcpForwarding, however if I do this it prevents both local _and_ remote tunnels. Leaving AllowTcpForwarding open and setting "PermitOpen 127.0.0.1:65535" gets close - all the reverse tunnels work, but the only local tunnel that will work is "ssh login@box -L xxxx:localhost:65535". I'd like to use "PermitOpen none" (or just blank) however sshd doesn't allow this (just checked the source code). Thanks, Adrian -- Email: adrian@smop.co.uk -*- GPG key available on public key servers Debian GNU/Linux - the maintainable distribution -*- www.debian.org
Reply sent
to Colin Watson <cjwatson@debian.org>:
You have taken responsibility.
(Fri, 07 Sep 2012 00:06:05 GMT) (full text, mbox, link).
Notification sent
to adrian@smop.co.uk:
Bug acknowledged by developer.
(Fri, 07 Sep 2012 00:06:06 GMT) (full text, mbox, link).
Message #10 received at 543683-close@bugs.debian.org (full text, mbox, reply):
Source: openssh
Source-Version: 1:6.1p1-1
We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 543683@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 07 Sep 2012 00:22:44 +0100
Source: openssh
Binary: openssh-client openssh-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source i386 all
Version: 1:6.1p1-1
Distribution: experimental
Urgency: low
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description:
openssh-client - secure shell (SSH) client, for secure access to remote machines
openssh-client-udeb - secure shell client for the Debian installer (udeb)
openssh-server - secure shell (SSH) server, for secure access from remote machines
openssh-server-udeb - secure shell server for the Debian installer (udeb)
ssh - secure shell client and server (metapackage)
ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
ssh-krb5 - secure shell client and server (transitional package)
Closes: 543683
Changes:
openssh (1:6.1p1-1) experimental; urgency=low
.
* New upstream release (http://www.openssh.com/txt/release-6.1).
- Enable pre-auth sandboxing by default for new installs.
- Allow "PermitOpen none" to refuse all port-forwarding requests
(closes: #543683).
Checksums-Sha1:
31821ef37d5fc40257947614a5aba09928256250 2535 openssh_6.1p1-1.dsc
751c92c912310c3aa9cadc113e14458f843fc7b3 1134820 openssh_6.1p1.orig.tar.gz
fb60695097eeb4b8b9d288e55ea8bdac75b8cf43 240560 openssh_6.1p1-1.debian.tar.gz
36be7ba5cc4463d69661a36f924f3c95eab59e7f 1054240 openssh-client_6.1p1-1_i386.deb
a3c3524e04224426051449fa8dbef0e3a7feafe8 343902 openssh-server_6.1p1-1_i386.deb
43c2c5d2fcdb9360d4b521cdc966741eefb9a836 1246 ssh_6.1p1-1_all.deb
a9855546d023b1446bbf9b871d2cc528ae527378 91960 ssh-krb5_6.1p1-1_all.deb
3496a7b1e7d8553323c96aba450ce192dbfe0feb 100522 ssh-askpass-gnome_6.1p1-1_i386.deb
39b1d57ea35060515998fb78c3d0ebac1c92b501 181254 openssh-client-udeb_6.1p1-1_i386.udeb
4c1fd8dce2d6f7c30ed635e344ae7613bcd40ab5 195016 openssh-server-udeb_6.1p1-1_i386.udeb
Checksums-Sha256:
13e4cadc2161a097f37994862376a874446101dceb662457099ae210acb00a09 2535 openssh_6.1p1-1.dsc
d1c157f6c0852e90c191cc7c9018a583b51e3db4035489cb262639d337a1c411 1134820 openssh_6.1p1.orig.tar.gz
adf1ef953a12cffd4ab8494de1278be970688bf32b7a9cf99b230239d9df3083 240560 openssh_6.1p1-1.debian.tar.gz
38ce3bf04862776a2b9d2c0d11e718222087a3cc61d062a67289c3528745308c 1054240 openssh-client_6.1p1-1_i386.deb
f537da6777a32b0157f82f884c9acf200d61a0bba9e699e341ee188e3a0e6cb8 343902 openssh-server_6.1p1-1_i386.deb
8714f35b846ab16e34a754b36b9ed9b81d21eddef3fc3eaf69a427f1bbe3ddc1 1246 ssh_6.1p1-1_all.deb
cae7dbbff588fb585966f559e183a329dc63a3dc0766ab61627319c106f1343a 91960 ssh-krb5_6.1p1-1_all.deb
aa924e429cf4754e746f45e9f45547edbfea672fa30e87e96929b9d65171c33a 100522 ssh-askpass-gnome_6.1p1-1_i386.deb
a13646394c090088f52e6bafe79a949b97c86740977716455559cb92d9ca7d65 181254 openssh-client-udeb_6.1p1-1_i386.udeb
8e65c073b865d5dfc422032deaec6f159201ed186d6aad4d59531980debd3afb 195016 openssh-server-udeb_6.1p1-1_i386.udeb
Files:
a68aa254a91c6ed3f25091b474a90ceb 2535 net standard openssh_6.1p1-1.dsc
3345cbf4efe90ffb06a78670ab2d05d5 1134820 net standard openssh_6.1p1.orig.tar.gz
3a91590153a434f6363e0fda104b4c90 240560 net standard openssh_6.1p1-1.debian.tar.gz
4e94e859083ede5aa67cde334a84cf81 1054240 net standard openssh-client_6.1p1-1_i386.deb
1dba2797030a308dd13957ccca7b4094 343902 net optional openssh-server_6.1p1-1_i386.deb
4025fdb1b68958966683584daef7321b 1246 net extra ssh_6.1p1-1_all.deb
5a378a00613e7771fcf3982f08be89f1 91960 oldlibs extra ssh-krb5_6.1p1-1_all.deb
7ed02c9c1eceb107dec3d9d5090768ba 100522 gnome optional ssh-askpass-gnome_6.1p1-1_i386.deb
cd79ec332c6aeb81223e9af282014a45 181254 debian-installer optional openssh-client-udeb_6.1p1-1_i386.udeb
4b2bdf1872d16c7e8a7f6eedcbb0b038 195016 debian-installer optional openssh-server-udeb_6.1p1-1_i386.udeb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer
iQIVAwUBUEk3azk1h9l9hlALAQhGZA/+NMD5T5kZZosP8NICzdKdUjEmiXDk74Zr
QQ1NOYP/OfepzbrOI6nze0yV3NLtyw1/US1fOS2lrWhGxlQ0LVAfNyUxDlh0BtFk
HxHfW59c5KR40wF8fNmFB/Pbr6rnLZ0nZNEwm9OWMYVyfvKWrR5Y/dchBim0vN/8
v1Oo8d4lg1+WywilsPUjhfx4f/qKhPo27cqHLnrm0XHJAtMntj/fRt3IO9hBfbsv
SYW1BO41GR1UK6VH2zlZj5YLuCFVaDpPNqCtczDXgV0kHq179MwfXr7s/bdOiD3G
Rs2FPzKvL3eBp3cLY/SA6ocBHTOtDjvNZiYjzYdt2674NUehttXcDB/ih1BJ2T3D
VvDJD4TqREeoVO7BQGXbkCCqViS/E7KWJW52wHKCxr6WZu/uweKQl/jQxUkUN58L
bHXwW4uoM+q/GaIrRaCgMamYO09IpweqLuOZqS5K/baezATpJ7i91qquOhxHBCAY
OG/mYYNnlg11nnmJehLWEBj5Q1Uwv6PHYNEFjL8Hm2QVXDK6/Ryq/3J4p/AmLikl
CzLxHWGLsE9LEIBUQzSW9TCg46uuzO6RcV3EaYrkp1NDXl8Lb8WDH3ixHQIAw0h1
wLoyzKYxJW1QzaerG8i8MclaU1JqeY8B5oWUN9/sgsiITOetbB27gbuzi6P9g5nz
yFYz6/aDuYw=
=ZvlP
-----END PGP SIGNATURE-----
Reply sent
to Colin Watson <cjwatson@debian.org>:
You have taken responsibility.
(Tue, 07 May 2013 12:57:16 GMT) (full text, mbox, link).
Notification sent
to adrian@smop.co.uk:
Bug acknowledged by developer.
(Tue, 07 May 2013 12:57:16 GMT) (full text, mbox, link).
Message #15 received at 543683-close@bugs.debian.org (full text, mbox, reply):
Source: openssh
Source-Version: 1:6.2p1-1
We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 543683@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 07 May 2013 11:48:16 +0100
Source: openssh
Binary: openssh-client openssh-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source i386 all
Version: 1:6.2p1-1
Distribution: unstable
Urgency: low
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description:
openssh-client - secure shell (SSH) client, for secure access to remote machines
openssh-client-udeb - secure shell client for the Debian installer (udeb)
openssh-server - secure shell (SSH) server, for secure access from remote machines
openssh-server-udeb - secure shell server for the Debian installer (udeb)
ssh - secure shell client and server (metapackage)
ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
ssh-krb5 - secure shell client and server (transitional package)
Closes: 99785 195716 322228 543683 620428 694282 698612 700102 703906
Changes:
openssh (1:6.2p1-1) unstable; urgency=low
.
* New upstream release (http://www.openssh.com/txt/release-6.2).
- Add support for multiple required authentication in SSH protocol 2 via
an AuthenticationMethods option (closes: #195716).
- Fix Sophie Germain formula in moduli(5) (closes: #698612).
- Update ssh-copy-id to Phil Hands' greatly revised version (closes:
#99785, #322228, #620428; LP: #518883, #835901, #1074798).
* Use dh-autoreconf.
.
openssh (1:6.1p1-4) experimental; urgency=low
.
[ Gunnar Hjalmarsson ]
* debian/openssh-server.sshd.pam: Explicitly state that ~/.pam_environment
should be read, and move the pam_env calls from "auth" to "session" so
that it's also read when $HOME is encrypted (LP: #952185).
.
[ Stéphane Graber ]
* Add ssh-agent upstart user job. This implements something similar to
the 90x11-common_ssh-agent Xsession script. That is, start ssh-agent
and set the appropriate environment variables (closes: #703906).
.
openssh (1:6.1p1-3) experimental; urgency=low
.
* Give ssh and ssh-krb5 versioned dependencies on openssh-client and
openssh-server, to try to reduce confusion when people run 'apt-get
install ssh' or similar and expect that to upgrade everything relevant.
* CVE-2010-5107: Improve DoS resistance by changing default of MaxStartups
to 10:30:100 (closes: #700102).
.
openssh (1:6.1p1-2) experimental; urgency=low
.
* Use xz compression for binary packages.
* Merge from Ubuntu:
- Add support for registering ConsoleKit sessions on login. (This is
currently enabled only when building for Ubuntu.)
- Drop openssh-blacklist and openssh-blacklist-extra to Suggests. It's
been long enough since the relevant vulnerability that we shouldn't
need these installed by default nowadays.
- Add an Upstart job (not currently used by default in Debian).
- Add mention of ssh-keygen in ssh connect warning (Scott Moser).
- Install apport hooks.
* Only build with -j if DEB_BUILD_OPTIONS=parallel=* is used (closes:
#694282).
.
openssh (1:6.1p1-1) experimental; urgency=low
.
* New upstream release (http://www.openssh.com/txt/release-6.1).
- Enable pre-auth sandboxing by default for new installs.
- Allow "PermitOpen none" to refuse all port-forwarding requests
(closes: #543683).
Checksums-Sha1:
fa861bfb805fdfd14c4d93d524abf7bd56f6f291 2571 openssh_6.2p1-1.dsc
8824708c617cc781b2bb29fa20bd905fd3d2a43d 1182181 openssh_6.2p1.orig.tar.gz
1716b29f18e418910eb45850a6bc97b79d07f708 253160 openssh_6.2p1-1.debian.tar.gz
7539a09daa8375089b7a08d2124ad32e6c57b829 1086718 openssh-client_6.2p1-1_i386.deb
4308c9f20a51fcab882273cae0d8d8ecbf16285a 362284 openssh-server_6.2p1-1_i386.deb
84d879ab5ae464ae12c2b5c5334ea95ca7684763 1254 ssh_6.2p1-1_all.deb
8b2ec2b991fff57a0c3a48fabd76c0eb9942cc5e 101876 ssh-krb5_6.2p1-1_all.deb
0752b7533ed37ad335b76d84eb3db89b420477ff 109810 ssh-askpass-gnome_6.2p1-1_i386.deb
69db2b682845d901d044aea876a0e53d7e09599a 183294 openssh-client-udeb_6.2p1-1_i386.udeb
e652c1a1ac7e027f8c03e7e0977418dfce38a72f 208760 openssh-server-udeb_6.2p1-1_i386.udeb
Checksums-Sha256:
910abdd79783349f54a83205d3233b5ccb3b08e5bf99180a3b1cf8ef8bbcfa16 2571 openssh_6.2p1-1.dsc
58690267d7455f444e87c2f8cd9be91fc686ffc0c02d1ebd0be2ab68149f7160 1182181 openssh_6.2p1.orig.tar.gz
858f20d3b10bb1f64a574d5c0641b001526994a2c5f1a2707c3825b51a3334a7 253160 openssh_6.2p1-1.debian.tar.gz
ab1cdd11f86a17f8bd0fff079a7cf67dee2a615611d0d9ce34b5c9995117ceb0 1086718 openssh-client_6.2p1-1_i386.deb
93ceedd92401e5d928c7d9f1d5f55df7147f38d3af62717ec2291f9e5dba1810 362284 openssh-server_6.2p1-1_i386.deb
8042151502df487ea65c89fa3826e5972d78be8e17ca11e6f4ca5b2fe1e73d21 1254 ssh_6.2p1-1_all.deb
e244b416d77b4afd03298a97bfbb0a4958a9aa415fafc24e56e24ef741b7a105 101876 ssh-krb5_6.2p1-1_all.deb
2ec6983294aeda09c0a12feea306aa145367e989d5e9b434bb6d05bca1efc005 109810 ssh-askpass-gnome_6.2p1-1_i386.deb
e3a0ae7d9638e264bd72a6f0cae0cb64291b17e796c3b866be0f76f1e6b84551 183294 openssh-client-udeb_6.2p1-1_i386.udeb
e18ddbba2db08553e853990c18e223ec3d36269a4ea00f539e44d83d3861c187 208760 openssh-server-udeb_6.2p1-1_i386.udeb
Files:
165e43b1f52c115f70274d030d4f28b1 2571 net standard openssh_6.2p1-1.dsc
7b2d9dd75b5cf267ea1737ec75500316 1182181 net standard openssh_6.2p1.orig.tar.gz
06e274652f701c0af1ddeceebd323f33 253160 net standard openssh_6.2p1-1.debian.tar.gz
e1165d97fdef5abb0ab7ab473047164e 1086718 net standard openssh-client_6.2p1-1_i386.deb
b237a9c4d53be3fb23cd1a955078b2b3 362284 net optional openssh-server_6.2p1-1_i386.deb
4afdb945f5405655192cecd80c08f5f8 1254 net extra ssh_6.2p1-1_all.deb
5d766d9ed36265bc0488c2fdae730d42 101876 oldlibs extra ssh-krb5_6.2p1-1_all.deb
f3aab7545b3d803772ec933d0c9bbbfa 109810 gnome optional ssh-askpass-gnome_6.2p1-1_i386.deb
355c20e7de2737837e5aea07d2dd5c98 183294 debian-installer optional openssh-client-udeb_6.2p1-1_i386.udeb
024ac709abec738ad59d541544a3e51e 208760 debian-installer optional openssh-server-udeb_6.2p1-1_i386.udeb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer
iQIVAwUBUYjwuzk1h9l9hlALAQhUEA/+ImnvQg1J2/ZwqK1BOePqb3Lo/qIvB3Qz
1J/esToJGfg0bh9hUo6KxDtM2F9N/wRZlS8lse5YQdDbpsGmJfCdjte8GHRI+cYJ
japKZEn7Wn6lApb2SXNrs7kB7fh6iOwMeUyGxjXXsmSj7dwI3O1CDGE5ZKyfaEHK
3jvVbdXqX4rC/1j1y+tvLyQ+6TQnu7qw0pFDskXRJBEcSYkP7pS7Vy0t0lTdhJaA
poEFfMSs7KUt0RR4mM+VQDa/dZr7MLhzYYEE4emOfOChESbW+gJ9QfOH6Pw+3sPK
7z+m7dmktdvbT21nWNVhqmu0irF9MJC00ufB9QZ1WmDpl9PltZ/kNtqsdIc0sX3D
b0qI568sPoUZZDuvZC4KinyO4zpNPZ8j5k06/U4q3CCx4GLU5GrLXwxrTVSh/+JY
4fC+VXTdnTBvqHmiqnCI2tSne97WcBobRRHLHgeGMR+GAFN+qR6RvcRrgY7ybSs8
EZKhwgUNqRLOnc8fLafDhZIqeRhkSG/sF1u6HJv/xI7mZ2KcLVv3vhqThZV23a1H
bxhsPKn80HMcC+jgz6hoDnW0fikTnP+U2m5LmKtLBI1ehY1Oup8z444t3nceoazs
CVLS1HY+Gp6HH8WBREpwslOOzFeXYNjY0qqH2HFl/XD1ev7Sgg/v3XKrNPYHmylS
0r3ouE/eyBw=
=hUBq
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Thu, 06 Jun 2013 07:30:40 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.