[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#951640: marked as done (openssh-client: ssh(1) man page: bad documentation for -Y)

Your message dated Sun, 23 Feb 2020 19:00:20 +0000
with message-id <E1j5wUG-000Aku-Ui@fasolo.debian.org>
and subject line Bug#951640: fixed in openssh 1:8.2p1-1
has caused the Debian Bug report #951640,
regarding openssh-client: ssh(1) man page: bad documentation for -Y
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
951640: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951640
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: openssh-client
Version: 1:8.1p1-5
The manual page says that -Y "does nothing in the default configuration". This is incorrect. The option, like -X, enables X11 forwarding: 

  $ DISPLAY=:42 ssh localhost 'echo DISPLAY=$DISPLAY'
  DISPLAY=

  $ DISPLAY=:42 ssh localhost -Y 'echo DISPLAY=$DISPLAY'
  Warning: No xauth data; using fake authentication data for X11 forwarding.
  DISPLAY=localhost:10.0

--
Jakub Wilk

--- End Message ---
--- Begin Message --- 
Source: openssh
Source-Version: 1:8.2p1-1
Done: Colin Watson <cjwatson@debian.org>

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 951640@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 21 Feb 2020 16:36:37 +0000
Source: openssh
Binary: openssh-client openssh-server openssh-sftp-server openssh-sk-helper openssh-tests ssh ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: all amd64 source
Version: 1:8.2p1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Closes: 275458 631189 845315 951220 951582 951640
Description: 
 openssh-client - secure shell (SSH) client, for secure access to remote machines
 openssh-client-udeb - secure shell client for the Debian installer (udeb)
 openssh-server - secure shell (SSH) server, for secure access from remote machines
 openssh-server-udeb - secure shell server for the Debian installer (udeb)
 openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot
 openssh-sk-helper - OpenSSH helper for FIDO authenticator support
 openssh-tests - OpenSSH regression tests
 ssh        - secure shell client and server (metapackage)
 ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
Changes:
 openssh (1:8.2p1-1) unstable; urgency=medium
 .
   * New upstream release (https://www.openssh.com/txt/release-8.2, closes:
     #951582):
     - ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa"
       (RSA/SHA1) algorithm from those accepted for certificate signatures
       (i.e. the client and server CASignatureAlgorithms option) and will use
       the rsa-sha2-512 signature algorithm by default when the ssh-keygen(1)
       CA signs new certificates.
     - ssh(1), sshd(8): Remove diffie-hellman-group14-sha1 from the default
       key exchange proposal for both the client and server.
     - ssh-keygen(1): The command-line options related to the generation and
       screening of safe prime numbers used by the
       diffie-hellman-group-exchange-* key exchange algorithms have changed.
       Most options have been folded under the -O flag.
     - sshd(8): The sshd listener process title visible to ps(1) has changed
       to include information about the number of connections that are
       currently attempting authentication and the limits configured by
       MaxStartups.
     - Add support for FIDO/U2F hardware authenticators.
     - ssh-keygen(1): Add a "no-touch-required" option when generating
       FIDO-hosted keys, that disables their default behaviour of requiring a
       physical touch/tap on the token during authentication.  Note: not all
       tokens support disabling the touch requirement.
     - sshd(8): Add a sshd_config PubkeyAuthOptions directive that collects
       miscellaneous public key authentication-related options for sshd(8).
       At present it supports only a single option "no-touch-required".  This
       causes sshd to skip its default check for FIDO/U2F keys that the
       signature was authorised by a touch or press event on the token
       hardware.
     - ssh(1), sshd(8), ssh-keygen(1): Add a "no-touch-required" option for
       authorized_keys and a similar extension for certificates.  This option
       disables the default requirement that FIDO key signatures attest that
       the user touched their key to authorize them, mirroring the similar
       PubkeyAuthOptions sshd_config option.
     - ssh-keygen(1): Add support for the writing the FIDO attestation
       information that is returned when new keys are generated via the "-O
       write-attestation=/path" option.  FIDO attestation certificates may be
       used to verify that a FIDO key is hosted in trusted hardware.  OpenSSH
       does not currently make use of this information, beyond optionally
       writing it to disk.
     - Add support for FIDO2 resident keys.
     - sshd(8): Add an Include sshd_config keyword that allows including
       additional configuration files via glob(3) patterns (closes: #631189).
     - ssh(1)/sshd(8): Make the LE (low effort) DSCP code point available via
       the IPQoS directive.
     - ssh(1): When AddKeysToAgent=yes is set and the key contains no
       comment, add the key to the agent with the key's path as the comment.
     - ssh-keygen(1), ssh-agent(1): Expose PKCS#11 key labels and X.509
       subjects as key comments, rather than simply listing the PKCS#11
       provider library path.
     - ssh-keygen(1): Allow PEM export of DSA and ECDSA keys.
     - sshd(8): When clients get denied by MaxStartups, send a notification
       prior to the SSH2 protocol banner according to RFC4253 section 4.2
       (closes: #275458).
     - ssh(1), ssh-agent(1): When invoking the $SSH_ASKPASS prompt program,
       pass a hint to the program to describe the type of desired prompt.
       The possible values are "confirm" (indicating that a yes/no
       confirmation dialog with no text entry should be shown), "none" (to
       indicate an informational message only), or blank for the original
       ssh-askpass behaviour of requesting a password/phrase.
     - ssh(1): Allow forwarding a different agent socket to the path
       specified by $SSH_AUTH_SOCK, by extending the existing ForwardAgent
       option to accepting an explicit path or the name of an environment
       variable in addition to yes/no.
     - ssh-keygen(1): Add a new signature operations "find-principals" to
       look up the principal associated with a signature from an
       allowed-signers file.
     - sshd(8): Expose the number of currently-authenticating connections
       along with the MaxStartups limit in the process title visible to "ps".
     - sshd(8): Make ClientAliveCountMax=0 have sensible semantics: it will
       now disable connection killing entirely rather than the current
       behaviour of instantly killing the connection after the first liveness
       test regardless of success.
     - sshd(8): Clarify order of AllowUsers / DenyUsers vs AllowGroups /
       DenyGroups in the sshd(8) manual page.
     - sshd(8): Better describe HashKnownHosts in the manual page.
     - sshd(8): Clarify that that permitopen=/PermitOpen do no name or
       address translation in the manual page.
     - sshd(8): Allow the UpdateHostKeys feature to function when multiple
       known_hosts files are in use.  When updating host keys, ssh will now
       search subsequent known_hosts files, but will add updated host keys to
       the first specified file only.
     - All: Replace all calls to signal(2) with a wrapper around
       sigaction(2).  This wrapper blocks all other signals during the
       handler preventing races between handlers, and sets SA_RESTART which
       should reduce the potential for short read/write operations.
     - sftp(1): Fix a race condition in the SIGCHILD handler that could turn
       in to a kill(-1).
     - sshd(8): Fix a case where valid (but extremely large) SSH channel IDs
       were being incorrectly rejected.
     - ssh(1): When checking host key fingerprints as answers to new hostkey
       prompts, ignore whitespace surrounding the fingerprint itself.
     - All: Wait for file descriptors to be readable or writeable during
       non-blocking connect, not just readable.  Prevents a timeout when the
       server doesn't immediately send a banner (e.g. multiplexers like
       sslh).
     - sshd_config(5): Document the sntrup4591761x25519-sha512@tinyssh.org
       key exchange algorithm.
   * Add more historical md5sums of /etc/ssh/sshd_config between 1:7.4p1-1
     and 1:7.8p1-1 inclusive (closes: #951220).
   * ssh(1): Explain that -Y is equivalent to -X in the default configuration
     (closes: #951640).
   * Include /etc/ssh/ssh_config.d/*.conf from /etc/ssh/ssh_config and
     /etc/ssh/sshd_config.d/*.conf from /etc/ssh/sshd_config (closes:
     #845315).
Checksums-Sha1: 
 292b9744ed64aad746d45861d0960a0c88b0156d 3406 openssh_8.2p1-1.dsc
 d1ab35a93507321c5db885e02d41ce1414f0507c 1701197 openssh_8.2p1.orig.tar.gz
 d3814ab57572c13bdee2037ad1477e2f7c51e1b0 683 openssh_8.2p1.orig.tar.gz.asc
 3783ae7208865ee1afdbfea4a0923ec338b3c07c 174008 openssh_8.2p1-1.debian.tar.xz
 0bf85be8ef3542842d4bc793590d8a414540c5d8 3678100 openssh-client-dbgsym_8.2p1-1_amd64.deb
 0e1ef83e4d236e921ce3a64fb56a4c82287555e2 293744 openssh-client-udeb_8.2p1-1_amd64.udeb
 dfc3143bf75a9e66ade5bf63a66a6d97fdc208cc 879648 openssh-client_8.2p1-1_amd64.deb
 d275741c0b3a313c24d697f74c42695b6e332942 1080492 openssh-server-dbgsym_8.2p1-1_amd64.deb
 efd8d7cb0304c60c667a3e8f7c265c2abb311e28 318236 openssh-server-udeb_8.2p1-1_amd64.udeb
 344612e06ef8548f2d3212585b2af3edb7090756 377768 openssh-server_8.2p1-1_amd64.deb
 7ac95e6befa7abcd06e0fcd8e1ab99a37aaf8faf 165652 openssh-sftp-server-dbgsym_8.2p1-1_amd64.deb
 44a88d9b666f3498e0aa97c9ca860202a28fa3de 50888 openssh-sftp-server_8.2p1-1_amd64.deb
 d2558312e66d335e5ef99e7cecc72a29e860391d 297932 openssh-sk-helper-dbgsym_8.2p1-1_amd64.deb
 17912295024a3cc1c848917968908f4a2c65070e 111892 openssh-sk-helper_8.2p1-1_amd64.deb
 13deb2c7ca84fa7140a19b800b7ba00bc4932364 2381024 openssh-tests-dbgsym_8.2p1-1_amd64.deb
 9c264e58b942d577e44b02aec147878c7044de25 909288 openssh-tests_8.2p1-1_amd64.deb
 344ac63c864276d897756a5d483b143f6efa5240 18110 openssh_8.2p1-1_amd64.buildinfo
 13a4b885936b2865702871610c410eb8f35619a8 12824 ssh-askpass-gnome-dbgsym_8.2p1-1_amd64.deb
 960f9d97e3c9b9d51d2067e83490ea923ac9749a 260708 ssh-askpass-gnome_8.2p1-1_amd64.deb
 eec2f56def572d5572df04007ffc8f0e6276527c 248860 ssh_8.2p1-1_all.deb
Checksums-Sha256: 
 54d2d9e607f7165d4f36f6ab23ef77e8dda074cec74a50b1f1bfeabd4ff5d9ad 3406 openssh_8.2p1-1.dsc
 43925151e6cf6cee1450190c0e9af4dc36b41c12737619edff8bcebdff64e671 1701197 openssh_8.2p1.orig.tar.gz
 4f358bb57cb5446a7a8bf986ff5cd835fd1e03f33561df883dfd3f893cd6fe86 683 openssh_8.2p1.orig.tar.gz.asc
 1eaac2056fe12fa3f6419505812be13e2dc9cd02727d9cabd7ea2bfdd0934b41 174008 openssh_8.2p1-1.debian.tar.xz
 0ff015a7a56190c46afbed4b2b6ebdf2c24c8ad63e2c7409063b3186ca5ddffc 3678100 openssh-client-dbgsym_8.2p1-1_amd64.deb
 5c9f2d347813a76242b231d48f4bfaf39141da5caa1876bd4db929a608d4ea98 293744 openssh-client-udeb_8.2p1-1_amd64.udeb
 2111ca74489dde96b7c0536ec2f33f71c926512d9a352c57bdf5af44606a088c 879648 openssh-client_8.2p1-1_amd64.deb
 057cafa2221a32b00bc4c245dc6033b1ea88753e535634bbcdabf72bdb4f0b8c 1080492 openssh-server-dbgsym_8.2p1-1_amd64.deb
 36d4b689ba7b6edfbeb959b2a4580bc1c7099a3a1b8e1080a04cb73e28aae0e5 318236 openssh-server-udeb_8.2p1-1_amd64.udeb
 5356bdb5a8342df734ab0259bacbf2d7ebc49ae86af4996da55201c2aa263efe 377768 openssh-server_8.2p1-1_amd64.deb
 ad6fda847bb52eee200b264e3ee8c54d38f17cc3354e770cb8b79276486ff27f 165652 openssh-sftp-server-dbgsym_8.2p1-1_amd64.deb
 dded1951c710ec6827f0d4462892063305a1b5fe70e48aca7eb9b380a9161d5b 50888 openssh-sftp-server_8.2p1-1_amd64.deb
 fdab29f042876125d7c1faf5cc8156f035d4bc7af3805212237e5c6ce76cc1d5 297932 openssh-sk-helper-dbgsym_8.2p1-1_amd64.deb
 20f6eba9b4793da43314631f61283e02b52ec1e8cc277cbdd81cc5615c73caae 111892 openssh-sk-helper_8.2p1-1_amd64.deb
 eb5019b478daf8527f8222a3cc3558373fd2f782e0e7da49833963a8edebde2d 2381024 openssh-tests-dbgsym_8.2p1-1_amd64.deb
 e2c406f30302f13609667dc1652533818e5b4bb5d4b0329fe43f9a2c98e5b415 909288 openssh-tests_8.2p1-1_amd64.deb
 cc9e7da3c547228973a9bf0b92d7b2163a804d3a5e277002d8367a49c88f88f5 18110 openssh_8.2p1-1_amd64.buildinfo
 13531409fca19fa5192635ede75619576b16a6162a723b4c06d175a214e6d9b8 12824 ssh-askpass-gnome-dbgsym_8.2p1-1_amd64.deb
 5972e3d0a16733507ca861bf4bb047e45ffbde397aa1f5cd18458f5b7fbd74b9 260708 ssh-askpass-gnome_8.2p1-1_amd64.deb
 474b7a72466280743b3d65e3b33e1f2ba08b4b430024f85448f980f93ba26115 248860 ssh_8.2p1-1_all.deb
Files: 
 9aec5f2b30e06a45d04486e9f6ee7930 3406 net standard openssh_8.2p1-1.dsc
 3076e6413e8dbe56d33848c1054ac091 1701197 net standard openssh_8.2p1.orig.tar.gz
 8501565a766e1a50a7e6179079f3c671 683 net standard openssh_8.2p1.orig.tar.gz.asc
 c1d3bedcda13837a88845f95e322ee0f 174008 net standard openssh_8.2p1-1.debian.tar.xz
 572338e4b3fa8fcab009fe74385e03da 3678100 debug optional openssh-client-dbgsym_8.2p1-1_amd64.deb
 b35d9d44f3c90438cbdb56b72dbb91f1 293744 debian-installer optional openssh-client-udeb_8.2p1-1_amd64.udeb
 4f1807d2bbff57ec776da4163ded4a45 879648 net standard openssh-client_8.2p1-1_amd64.deb
 47583684aba12aac65b1fc7e5a8c1fb8 1080492 debug optional openssh-server-dbgsym_8.2p1-1_amd64.deb
 93f555206d7fec19a3cfb55c88d43631 318236 debian-installer optional openssh-server-udeb_8.2p1-1_amd64.udeb
 fc40a8f79a5b4df2f49dd0516a387871 377768 net optional openssh-server_8.2p1-1_amd64.deb
 9b1a12083d263985cc42041f5a61d322 165652 debug optional openssh-sftp-server-dbgsym_8.2p1-1_amd64.deb
 6500a3f54fb51c8ea1b281fc1663df69 50888 net optional openssh-sftp-server_8.2p1-1_amd64.deb
 0f3fc541dfcda26f59028d3c3533be0c 297932 debug optional openssh-sk-helper-dbgsym_8.2p1-1_amd64.deb
 b2dc85e631bbe58af0ad6783d7d045db 111892 net optional openssh-sk-helper_8.2p1-1_amd64.deb
 e879ef2489766af8223923ae634a6d56 2381024 debug optional openssh-tests-dbgsym_8.2p1-1_amd64.deb
 97f3e570eb699fcdf6bdf77e78ce2b1a 909288 net optional openssh-tests_8.2p1-1_amd64.deb
 0e43f99d13491c9adb5942e4b63be5e8 18110 net standard openssh_8.2p1-1_amd64.buildinfo
 1059ea07a220bcc9e0cb333f89e25736 12824 debug optional ssh-askpass-gnome-dbgsym_8.2p1-1_amd64.deb
 42df493e070d2d7bbd7364e63d787acb 260708 gnome optional ssh-askpass-gnome_8.2p1-1_amd64.deb
 de859d711d25edbb25a13af10e893289 248860 net optional ssh_8.2p1-1_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAl5QHBgACgkQOTWH2X2G
UAuVXxAAnCvWNqC4F7pY1UOfKIbYLhYSCniVNvopy6J5aWWO/P2aZ0tBocKIs4xf
63lsMP62tBO+Nf9wLl6FwhgVnkIdFVMH/9Qom6dVOin7+3Y3HuH61y5YYTbyGIq6
qFztghzFCwhmMILj6P4kYnJb+q+DL+ckyO3R+OIakNpWqR8yDO+czyQhU50ECEY+
nuohRdAl2av5JfRTaGhHiEqIcQqU6OC/9NJpes0NFIFm8U3/8kioO1Drnkf0JrGG
8bU+CM1hHYE0idZRXGhNAxmpLfA2O+JWQVrYbC45fvQOjfYmBBCdVZhTDI87qPNw
ZSYbBGrtRh2+LKGVml7bZqTDWyIoorYiYCDKCjHvO6havKPoRdOp/A7csVPO+XmR
PYCziV7JloakmxJKFWC7tWEgnvr0FlMfMasCChjMFJc9kS3HJgetuq5jSkyMpInB
sjKiqpk5lLJa4O020tx/0mhLc1Lets6bqNCx9zhLfppDduwcG5dxwfqxAOk197j8
Kr+sfxpizUCNMey9sk1k+fWRvEMmL4t/jUf6tgVpvECKeiKh8qPFeuz8ztojGb/R
+jktFgb2oJ1YIzQ9eEvfHB2uCsoec8T6gVuAm/NmnzP+b+2+p3JLf2w4Ph7oxPWJ
5VU7felUgelhy72e9dz/Y3AZgIgsatdb45nd5SvAmFVrJMMAohw=
=D97J
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: