Page MenuHomePhabricator
Feed All Stories

Today

Jakuje added a comment to T130: BUG?: sftp via socks5 with PROXYCOMMAND bails with read_packet(): Packet len too high (1818845806 6c69626e).

FYI, as a workaround, you can use ProxyCommand='ncat -vvv --proxy <proxy server:port> --proxy-type socks5 %h %p' -o'User <user> 2>/dev/null', which drops the stderr. But indeed, this is something to fix in libssh.

Wed, Jun 19, 3:23 PM · Restricted Project
Jakuje closed T88: Unable to connect etm mac's only servers as Resolved.

This was resolved recently by 4a67c191188601c8d98ec73b9d53ce8a2b6c6cf8 which implemented EtM modes of the MACs in libssh and which is available in latest libssh release.

Wed, Jun 19, 3:18 PM · Restricted Project
Jakuje added a comment to T123: Unable to import key files with leading whitespace.

Can you provide example of such key? Do you mean private keys in PEM format or in OpenSSH format? Or public keys?

Wed, Jun 19, 3:13 PM · Restricted Project
Jakuje added a comment to T76: Support keys with line comments.

I think this got resolved over the time and the PEM files are readable including the inline comments (probably because of the removal of the SSH1 protocol, which had special conditions for the old RSA1 keys).

Wed, Jun 19, 3:09 PM · Restricted Project
Jakuje added a comment to T130: BUG?: sftp via socks5 with PROXYCOMMAND bails with read_packet(): Packet len too high (1818845806 6c69626e).

Please, check the following commits in the master-fix branch:

Wed, Jun 19, 2:31 PM · Restricted Project
Jakuje added a comment to T130: BUG?: sftp via socks5 with PROXYCOMMAND bails with read_packet(): Packet len too high (1818845806 6c69626e).

Do you have a minimal reproducer that demonstrates this issue? The following parts do not look correct:

[2019/02/21 16:35:31.187831, 3] callback_receive_banner: ssh_protocol_version_exchange: Ncat: Version 7.70 ( https://nmap.org/ncat )

a bit later is what should be coming -- the SSH identification banner:

[2019/02/21 16:40:54.932576, 3] callback_receive_banner: ssh_protocol_version_exchange: libnsock nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 10 [peer unspecified] (33 bytes): SSH-2.0-1.36_sshlib GlobalSCAPE..`

I am afraid that the ncat dumps some additional data to stderr, which is unintentionally picked up by the libssh. This is caused by the code in the src/socket.c:815, where both stdout and stderr is redirected to libssh

dup2(out,1);
dup2(out,2);

You ca try to drop the second line above, which should let the stderr to be mixed up with the libssh stderr or dropped (not sure from top of my head), but it should let you move on.

Wed, Jun 19, 2:00 PM · Restricted Project
Jakuje added a comment to T151: curve25519-sha256 problems under Valgrind on i386.

The same thing works for me with the current openssh-portable master that I just built in my Fedora VM. Could this be somehow related to the Ubuntu toolchains or packages, rather than to the 32 bits itsef?

Wed, Jun 19, 1:42 PM
Jakuje added a comment to T151: curve25519-sha256 problems under Valgrind on i386.

I tried also the 0.8.7 branch as reported in the previous comment, but with the same result. Could it be an issue in valgrind or some other part of the toolchain?

Wed, Jun 19, 1:23 PM
Jakuje added a comment to T151: curve25519-sha256 problems under Valgrind on i386.

I just installed Fedora 27 i386 image (I was not successful with installing anything newer since it is secondary architecture for several releases and receives close to none testing) and current libssh master and I can not reproduce your issue.

Wed, Jun 19, 1:17 PM

Fri, Jun 14

asn committed rLIBSSHbb98413fc184: Bump version to 0.8.91 (authored by asn).
Bump version to 0.8.91
Fri, Jun 14, 3:36 PM
asn committed rLIBSSH2a8cd81e8f8a: Update ChangeLog (authored by asn).
Update ChangeLog
Fri, Jun 14, 3:36 PM
asn committed rLIBSSH3cb0a1bf023c: Bump SO version to 4.8.1 (authored by asn).
Bump SO version to 4.8.1
Fri, Jun 14, 3:31 PM
asn committed rLIBSSH2d2a4f3784bd: include: Make sure ssh_session_get_known_hosts_entry is added to the API (authored by asn).
include: Make sure ssh_session_get_known_hosts_entry is added to the API
Fri, Jun 14, 3:31 PM
asn committed rLIBSSH70dd8b0348fc: callbacks: Add ssh_threads_get_default() to the callbacks.h (authored by davidwed).
callbacks: Add ssh_threads_get_default() to the callbacks.h
Fri, Jun 14, 3:31 PM
asn committed rLIBSSHc4463ba5e7e6: tests/torture_config: Replace long long with uint64_t (authored by ansasaki).
tests/torture_config: Replace long long with uint64_t
Fri, Jun 14, 3:31 PM
asn committed rLIBSSHab25ca205d8b: channels: Do not mix integer types (authored by ansasaki).
channels: Do not mix integer types
Fri, Jun 14, 3:31 PM
asn committed rLIBSSHfba384ac5879: tests/torture_rekey: Replace long long with uint64_t (authored by ansasaki).
tests/torture_rekey: Replace long long with uint64_t
Fri, Jun 14, 3:31 PM
asn committed rLIBSSH91960409c35b: ed25519: Replace unsigned long long with uint64_t (authored by ansasaki).
ed25519: Replace unsigned long long with uint64_t
Fri, Jun 14, 3:31 PM
asn committed rLIBSSH955d6f1b1795: config: Replace long long with int64_t (authored by ansasaki).
config: Replace long long with int64_t
Fri, Jun 14, 3:30 PM
asn committed rLIBSSHb775e316fa9c: priv.h: Add macro definitions for PRIx32 and PRIx64 (authored by ansasaki).
priv.h: Add macro definitions for PRIx32 and PRIx64
Fri, Jun 14, 3:30 PM
asn committed rLIBSSH0280ff12a533: sftp: Do not mix integer types (authored by ansasaki).
sftp: Do not mix integer types
Fri, Jun 14, 3:30 PM
asn added a comment to T142: torture_proxycommand failing.

Is this using musl libc?

Fri, Jun 14, 12:04 PM · Restricted Project
asn closed T150: test torture_config (Failed) as Resolved.

Should be fixed by 1f43b52117fc97eef95e3627517cadb531b2b43e

Fri, Jun 14, 12:02 PM · Restricted Project
asn closed T152: Match exec with arguments breaks .ssh/config parse as Resolved.
Fri, Jun 14, 12:02 PM · Restricted Project
ansasaki added a comment to T154: Add ssh_threads_get_default() to the callbacks.h.

I just adjusted the documentation comment a bit, and removed the invalid warning from ssh_threads_get_pthread()

Fri, Jun 14, 10:36 AM · Restricted Project
asn assigned T154: Add ssh_threads_get_default() to the callbacks.h to ansasaki.
Fri, Jun 14, 8:01 AM · Restricted Project
asn committed rLIBSSH4fc37bb6fed9: tests: Add more reproducers for valid and invalid Match exec blocks (authored by Jakuje).
tests: Add more reproducers for valid and invalid Match exec blocks
Fri, Jun 14, 8:00 AM
asn committed rLIBSSHed8284ab0976: config: Skip the rest of the line for Match exec (authored by Jakuje).
config: Skip the rest of the line for Match exec
Fri, Jun 14, 8:00 AM
asn committed rLIBSSHdc4d4cc8d4c9: tests/torture_rekey: Do not mix integer types (authored by ansasaki).
tests/torture_rekey: Do not mix integer types
Fri, Jun 14, 8:00 AM

Thu, Jun 13

davidwed updated the task description for T154: Add ssh_threads_get_default() to the callbacks.h.
Thu, Jun 13, 10:55 PM · Restricted Project
davidwed created T154: Add ssh_threads_get_default() to the callbacks.h.
Thu, Jun 13, 10:47 PM · Restricted Project
davidwed closed T145: Add ssh_threads_get_winlock() to the callbacks.h as Invalid.
Thu, Jun 13, 9:27 PM · Restricted Project
davidwed added a comment to T145: Add ssh_threads_get_winlock() to the callbacks.h.

Sounds good to me.

Thu, Jun 13, 9:26 PM · Restricted Project
asn committed rLIBSSHf46eff79e2bb: cmake: Bump API version to 4.8.0 (authored by davidwed).
cmake: Bump API version to 4.8.0
Thu, Jun 13, 5:38 PM
asn committed rLIBSSH658a15099173: channels: Make ssh_message_channel_request_open_reply_accept_channel public (authored by davidwed).
channels: Make ssh_message_channel_request_open_reply_accept_channel public
Thu, Jun 13, 5:38 PM
asn committed rLIBSSH32eec7b41887: SSH_LOG: Adjust log level from SSH_LOG_WARNING to SSH_LOG_PROTOCOL (authored by davidwed).
SSH_LOG: Adjust log level from SSH_LOG_WARNING to SSH_LOG_PROTOCOL
Thu, Jun 13, 5:38 PM
asn closed T153: cmake: Bump API version to 4.8.0 as Resolved by committing rLIBSSHf46eff79e2bb: cmake: Bump API version to 4.8.0.
Thu, Jun 13, 5:38 PM · Restricted Project
asn committed rLIBSSH1f43b52117fc: tests: Fix the glob test on musl libc (authored by asn).
tests: Fix the glob test on musl libc
Thu, Jun 13, 5:38 PM
asn closed T144: Add ssh_message_channel_request_open_reply_accept_channel function as Resolved by committing rLIBSSH658a15099173: channels: Make ssh_message_channel_request_open_reply_accept_channel public.
Thu, Jun 13, 5:38 PM · Restricted Project
asn closed T149: Adjust log level from SSH_LOG_WARNING to SSH_LOG_PROTOCOL as Resolved by committing rLIBSSH32eec7b41887: SSH_LOG: Adjust log level from SSH_LOG_WARNING to SSH_LOG_PROTOCOL.
Thu, Jun 13, 5:38 PM · Restricted Project
asn committed rLIBSSHc0c1454298aa: session: OpenSSH is using SHA256 fingerprints now (authored by Jakuje).
session: OpenSSH is using SHA256 fingerprints now
Thu, Jun 13, 5:38 PM
asn committed rLIBSSHddece69a07a9: .gitlab-ci.yml: Add FIPS tests (authored by Jakuje).
.gitlab-ci.yml: Add FIPS tests
Thu, Jun 13, 5:38 PM
asn committed rLIBSSH5568e5e520dd: tests/pkd: Fix OpenSSH version check (authored by ansasaki).
tests/pkd: Fix OpenSSH version check
Thu, Jun 13, 5:38 PM
asn committed rLIBSSH905b027f0f62: tests/pkd: Check OpenSSH version only once (authored by ansasaki).
tests/pkd: Check OpenSSH version only once
Thu, Jun 13, 5:38 PM
asn committed rLIBSSH57cf0cf23088: tests/torture_server_config: Use only allowed algorithms (authored by ansasaki).
tests/torture_server_config: Use only allowed algorithms
Thu, Jun 13, 5:38 PM
asn committed rLIBSSH73b94abea41d: tests/pkd: Accept certificates with SHA2 in signatures (authored by ansasaki).
tests/pkd: Accept certificates with SHA2 in signatures
Thu, Jun 13, 5:38 PM
asn committed rLIBSSH4416a0dae660: tests/pkd: Add tests using certificates with SHA2 in signatures (authored by ansasaki).
tests/pkd: Add tests using certificates with SHA2 in signatures
Thu, Jun 13, 5:38 PM
asn committed rLIBSSHbd32fb020b4a: tests/pkd: Use only allowed algorithms if in FIPS mode (authored by ansasaki).
tests/pkd: Use only allowed algorithms if in FIPS mode
Thu, Jun 13, 5:37 PM
asn committed rLIBSSHbb36cc30eee9: tests/torture_pki_rsa: Avoid using SHA1 in FIPS mode (authored by ansasaki).
tests/torture_pki_rsa: Avoid using SHA1 in FIPS mode
Thu, Jun 13, 5:37 PM
asn committed rLIBSSHc7c3c16fc8bf: tests: There is no 8B block cipher in FIPS Mode (authored by Jakuje).
tests: There is no 8B block cipher in FIPS Mode
Thu, Jun 13, 5:37 PM
asn committed rLIBSSHb6aef1fdd5fd: tests: Update negative test cases to use EC instead of ED keys (authored by Jakuje).
tests: Update negative test cases to use EC instead of ED keys
Thu, Jun 13, 5:37 PM
asn committed rLIBSSHbfafdab0356a: tests: Use more widely supported RSA key as a hostkey (authored by Jakuje).
tests: Use more widely supported RSA key as a hostkey
Thu, Jun 13, 5:37 PM
asn committed rLIBSSH426c6c132197: tests: Avoid mixing stderr with stdout (authored by Jakuje).
tests: Avoid mixing stderr with stdout
Thu, Jun 13, 5:37 PM
asn committed rLIBSSHa006c3c451c1: tests: Use consistent checking for ssh return code (authored by Jakuje).
tests: Use consistent checking for ssh return code
Thu, Jun 13, 5:37 PM
asn committed rLIBSSH20e58be7d892: tests: Adjust for FIPS and simplify initialization (authored by Jakuje).
tests: Adjust for FIPS and simplify initialization
Thu, Jun 13, 5:37 PM
asn committed rLIBSSH8c59f7f236a4: tests/torture_pki_dsa: Skip completely if in FIPS mode (authored by ansasaki).
tests/torture_pki_dsa: Skip completely if in FIPS mode
Thu, Jun 13, 5:37 PM
asn committed rLIBSSH9ef0b0b02985: tests/torture_pki: Skip some tests if in FIPS mode (authored by ansasaki).
tests/torture_pki: Skip some tests if in FIPS mode
Thu, Jun 13, 5:37 PM
asn committed rLIBSSH39c69893c7b1: tests/torture_options: Use only allowed algorithms if in FIPS mode (authored by ansasaki).
tests/torture_options: Use only allowed algorithms if in FIPS mode
Thu, Jun 13, 5:37 PM
asn committed rLIBSSHce888fd4c0c3: tests/torture_config: Use only allowed algorithms in FIPS mode (authored by ansasaki).
tests/torture_config: Use only allowed algorithms in FIPS mode
Thu, Jun 13, 5:37 PM
asn committed rLIBSSHaf031d8df64d: tests/torture_bind_config: Use allowed algorithms in FIPS mode (authored by ansasaki).
tests/torture_bind_config: Use allowed algorithms in FIPS mode
Thu, Jun 13, 5:36 PM
asn committed rLIBSSH92a0d23eac7f: tests/torture_hostkey: Skip some tests in FIPS mode (authored by ansasaki).
tests/torture_hostkey: Skip some tests in FIPS mode
Thu, Jun 13, 5:36 PM
asn committed rLIBSSH1a6ac291a785: tests/torture_client_config: Adjust lists in FIPS mode (authored by ansasaki).
tests/torture_client_config: Adjust lists in FIPS mode
Thu, Jun 13, 5:36 PM
asn committed rLIBSSHbdb2ef4dcc6f: tests/torture_algorithms: Skip some tests in FIPS mode (authored by ansasaki).
tests/torture_algorithms: Skip some tests in FIPS mode
Thu, Jun 13, 5:36 PM
asn committed rLIBSSH1b7146e28f68: server: Send only allowed algorithms in extension (authored by ansasaki).
server: Send only allowed algorithms in extension
Thu, Jun 13, 5:36 PM
asn committed rLIBSSH03ca994cc048: tests: Use the SHA2 extension by default to avoid issues in FIPS mode (authored by Jakuje).
tests: Use the SHA2 extension by default to avoid issues in FIPS mode
Thu, Jun 13, 5:36 PM
asn committed rLIBSSH41834f228bc4: tests: Use different config if in FIPS mode (authored by ansasaki).
tests: Use different config if in FIPS mode
Thu, Jun 13, 5:36 PM
asn committed rLIBSSH53ae2502f44f: kex: Only advertise allowed signature types (authored by ansasaki).
kex: Only advertise allowed signature types
Thu, Jun 13, 5:36 PM
Jakuje added a comment to T152: Match exec with arguments breaks .ssh/config parse.

If I read correctly the manual page for ssh_config, your example is invalid:

Thu, Jun 13, 4:52 PM · Restricted Project
asn added a comment to T153: cmake: Bump API version to 4.8.0.

I will push that soon, thanks for your contribution!

Thu, Jun 13, 4:41 PM · Restricted Project
asn added a comment to T149: Adjust log level from SSH_LOG_WARNING to SSH_LOG_PROTOCOL.

Looks fine for me, thanks for your contribution!

Thu, Jun 13, 4:40 PM · Restricted Project
asn added a comment to T150: test torture_config (Failed).

My guess would be that the test requires HAVE_GLOB_GL_FLAGS_MEMBER but musl libc doesn't support it.

Thu, Jun 13, 4:36 PM · Restricted Project
asn committed rLIBSSHa3ddc48cb02c: pki: Derive correct algorithm identification for certificate authentication… (authored by Jakuje).
pki: Derive correct algorithm identification for certificate authentication…
Thu, Jun 13, 11:21 AM
asn committed rLIBSSH132ed59d3f2e: agent: Use SHA2 signatures also for RSA certificates (authored by Jakuje).
agent: Use SHA2 signatures also for RSA certificates
Thu, Jun 13, 11:20 AM
asn committed rLIBSSHf91a5fce6eab: tests: Use ed25519 keys explicitly (authored by Jakuje).
tests: Use ed25519 keys explicitly
Thu, Jun 13, 11:20 AM
asn committed rLIBSSH63f477181a86: tests: The DSA is not available in mbedtls (authored by Jakuje).
tests: The DSA is not available in mbedtls
Thu, Jun 13, 11:20 AM
asn committed rLIBSSH2c385c0e13b9: tests/client/torture_auth: Skip some tests if in FIPS mode (authored by ansasaki).
tests/client/torture_auth: Skip some tests if in FIPS mode
Thu, Jun 13, 11:20 AM
asn committed rLIBSSH66755c478cfe: tests: Do not free pcap context while it is in use by the server session (authored by Jakuje).
tests: Do not free pcap context while it is in use by the server session
Thu, Jun 13, 11:20 AM
asn committed rLIBSSH9f178be1fa8b: tests: Cover comparison of public keys, which was missing (authored by Jakuje).
tests: Cover comparison of public keys, which was missing
Thu, Jun 13, 11:20 AM
asn committed rLIBSSH1f66414805be: pki_gcrypt: Do not compare private parts when comparing public keys (authored by Jakuje).
pki_gcrypt: Do not compare private parts when comparing public keys
Thu, Jun 13, 11:20 AM
asn committed rLIBSSH6d5ac15a5112: config: Remove bogus trailing newlines in log messages (authored by Jakuje).
config: Remove bogus trailing newlines in log messages
Thu, Jun 13, 11:20 AM
asn committed rLIBSSH53cee7c9a3b5: kex: List also certificate types in list of allowed public key algorithms (authored by Jakuje).
kex: List also certificate types in list of allowed public key algorithms
Thu, Jun 13, 11:20 AM
asn committed rLIBSSH85241c19e970: kex: Reformat ssh_kex_get_supported_method() (authored by Jakuje).
kex: Reformat ssh_kex_get_supported_method()
Thu, Jun 13, 11:20 AM
asn committed rLIBSSH0cfe4c7ab803: tests/torture_auth: Workaround OpenSSH agent bug (authored by ansasaki).
tests/torture_auth: Workaround OpenSSH agent bug
Thu, Jun 13, 11:20 AM
asn committed rLIBSSHf64c3dec74a6: tests: Add PKCS#8 PEM encrypted private keys (authored by ansasaki).
tests: Add PKCS#8 PEM encrypted private keys
Thu, Jun 13, 11:20 AM

Wed, Jun 12

asn committed rLIBSSH01f404021823: dh: Avoid segmentation fault in GEX if fallback to known moduli (authored by ansasaki).
dh: Avoid segmentation fault in GEX if fallback to known moduli
Wed, Jun 12, 12:45 PM
asn committed rLIBSSH765691195394: bignum: Define bignum_dup(bignum orig, bignum *dest) (authored by ansasaki).
bignum: Define bignum_dup(bignum orig, bignum *dest)
Wed, Jun 12, 12:45 PM
asn committed rLIBSSH9f7f5dee18de: tests: Verify duplicate items are removed from knownhosts entries list (authored by Jakuje).
tests: Verify duplicate items are removed from knownhosts entries list
Wed, Jun 12, 12:45 PM
asn committed rLIBSSH5f01ed027817: tests: Verify duplicate items are removed from knownhosts algorithms (authored by Jakuje).
tests: Verify duplicate items are removed from knownhosts algorithms
Wed, Jun 12, 12:45 PM
asn committed rLIBSSH196361c1f0a7: ssh_known_hosts_get_algorithms: Avoid returning duplicate key types from known… (authored by Jakuje).
ssh_known_hosts_get_algorithms: Avoid returning duplicate key types from known…
Wed, Jun 12, 12:45 PM
asn committed rLIBSSH79cd2618ecaf: ssh_known_hosts_read_entries: Avoid returning duplicate knownhowst items (authored by Jakuje).
ssh_known_hosts_read_entries: Avoid returning duplicate knownhowst items
Wed, Jun 12, 12:45 PM
asn committed rLIBSSH54d76098edda: kex, pki, server, options: Filter algorithms in FIPS mode (authored by ansasaki).
kex, pki, server, options: Filter algorithms in FIPS mode
Wed, Jun 12, 12:45 PM
asn committed rLIBSSH56041dc7840a: torture_hashes: Skip the MD5 tests in FIPS mode (authored by Jakuje).
torture_hashes: Skip the MD5 tests in FIPS mode
Wed, Jun 12, 10:56 AM
asn committed rLIBSSH167aa8bc6cdf: pki_crypto: Use the new OpenSSL API to read PEM files (authored by Jakuje).
pki_crypto: Use the new OpenSSL API to read PEM files
Wed, Jun 12, 10:56 AM
asn committed rLIBSSH0ce1e84d9046: pki_crypto: Use the new OpenSSL API to write new PKCS#8 PEM files (authored by Jakuje).
pki_crypto: Use the new OpenSSL API to write new PKCS#8 PEM files
Wed, Jun 12, 10:56 AM
asn committed rLIBSSHee456104f16b: session: Do not use MD5 in FIPS mode (authored by ansasaki).
session: Do not use MD5 in FIPS mode
Wed, Jun 12, 10:47 AM
asn committed rLIBSSH0fb7d9831a9d: tests: Make sure unknown options are ignored in server config (authored by ansasaki).
tests: Make sure unknown options are ignored in server config
Wed, Jun 12, 10:47 AM
asn committed rLIBSSH55c637f2d3f4: bind_config: Fail if a known option couldn't be set (authored by ansasaki).
bind_config: Fail if a known option couldn't be set
Wed, Jun 12, 10:47 AM
asn committed rLIBSSHd783aec96c3a: kex: Remove unused code (authored by ansasaki).
kex: Remove unused code
Wed, Jun 12, 10:47 AM
asn committed rLIBSSHdc35bbbeb134: server: Use default methods instead of all (authored by ansasaki).
server: Use default methods instead of all
Wed, Jun 12, 10:47 AM
asn committed rLIBSSH2db2a4e170a3: kex: Make order of preferred signature algorithms consistent (authored by ansasaki).
kex: Make order of preferred signature algorithms consistent
Wed, Jun 12, 10:46 AM