Bug#245714: marked as done (ssh-add and ssh-keygen echo password to tty)
Your message dated Sat, 1 May 2004 12:46:50 +0100
with message-id <20040501114650.GH1916@riva.ucam.org>
and subject line Bug#245714: ssh-add and ssh-keygen echo password to tty
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 24 Apr 2004 20:41:02 +0000
>From phil@ipom.com Sat Apr 24 13:41:02 2004
Return-path: <phil@ipom.com>
Received: from dsl81-phil3.usc.edu (rider.ipom.net) [128.125.81.146]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1BHTxN-0008Nt-00; Sat, 24 Apr 2004 13:41:01 -0700
Received: from rider.ipom.net (localhost [127.0.0.1])
by rider.ipom.net (8.12.11/8.12.11/Debian-5) with ESMTP id i3OKf1bH023166;
Sat, 24 Apr 2004 13:41:01 -0700
Received: (from phil@localhost)
by rider.ipom.net (8.12.11/8.12.11/Debian-5) id i3OKf0fo023163;
Sat, 24 Apr 2004 13:41:00 -0700
Message-Id: <200404242041.i3OKf0fo023163@rider.ipom.net>
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Phil Dibowitz <phil@ipom.com>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: ssh-add and ssh-keygen echo password to tty
X-Mailer: reportbug 2.58
Date: Sat, 24 Apr 2004 13:41:00 -0700
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-7.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
X-CrossAssassin-Score: 1
Package: ssh
Version: 1:3.8p1-3
Severity: normal
Tags: sid
Both ssh-add and ssh-keygen echo your password to the tty in the new 3.8p1-3 version that I just dist-upgraded to. This is a pretty large security problem.
I looked for another bug report on this, but don't see one. I hope this isn't a duplicate.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.3
Locale: LANG=C, LC_CTYPE=C
Versions of packages ssh depends on:
ii adduser 3.52 Add and remove users and groups
ii debconf 1.4.22 Debian configuration management sy
ii dpkg 1.10.20 Package maintenance system for Deb
ii libc6 2.3.2.ds1-12 GNU C Library: Shared libraries an
ii libpam-modules 0.76-19 Pluggable Authentication Modules f
ii libpam-runtime 0.76-19 Runtime support for the PAM librar
ii libpam0g 0.76-19 Pluggable Authentication Modules l
ii libssl0.9.7 0.9.7d-1 SSL shared libraries
ii libwrap0 7.6-ipv6.1-3 Wietse Venema's TCP wrappers libra
ii zlib1g 1:1.2.1-5 compression library - runtime
-- debconf information:
* ssh/privsep_tell:
ssh/insecure_rshd:
ssh/privsep_ask: true
ssh/ssh2_keys_merged:
* ssh/user_environment_tell:
* ssh/forward_warning:
ssh/insecure_telnetd:
ssh/new_config: true
* ssh/use_old_init_script: true
* ssh/protocol2_only: true
ssh/encrypted_host_key_but_no_keygen:
* ssh/run_sshd: true
* ssh/SUID_client: false
---------------------------------------
Received: (at 245714-done) by bugs.debian.org; 1 May 2004 11:46:53 +0000
>From cjwatson@flatline.org.uk Sat May 01 04:46:53 2004
Return-path: <cjwatson@flatline.org.uk>
Received: from chiark.greenend.org.uk [193.201.200.170] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1BJsxI-0006K3-00; Sat, 01 May 2004 04:46:52 -0700
Received: from [192.168.124.112] (helo=riva.lab.dotat.at)
by chiark.greenend.org.uk (Debian Exim 3.35 #1) with esmtp
id 1BJsxG-000801-00; Sat, 01 May 2004 12:46:50 +0100
Received: from cjwatson by riva.lab.dotat.at with local (Exim 3.35 #1 (Debian))
id 1BJsxG-0000oP-00; Sat, 01 May 2004 12:46:50 +0100
Date: Sat, 1 May 2004 12:46:50 +0100
From: Colin Watson <cjwatson@debian.org>
To: "Adam D. Barratt" <debian-bts@adam-barratt.org.uk>,
245714-done@bugs.debian.org
Subject: Re: Bug#245714: ssh-add and ssh-keygen echo password to tty
Message-ID: <20040501114650.GH1916@riva.ucam.org>
References: <200404242041.i3OKf0fo023163@rider.ipom.net> <20040424211346.GB31327@riva.ucam.org> <408ADDAE.7090600@ipom.com> <20040425104240.GD31327@riva.ucam.org> <408C1FE4.8070500@ipom.com> <062201c42c74$217e4b90$eb00010a@andromeda>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <062201c42c74$217e4b90$eb00010a@andromeda>
User-Agent: Mutt/1.3.28i
Delivered-To: 245714-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-5.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
X-CrossAssassin-Score: 1
On Tue, Apr 27, 2004 at 05:24:35PM +0100, Adam D. Barratt wrote:
> Phil Dibowitz wrote, Sunday, April 25, 2004 9:30 PM
> > Colin Watson wrote:
> > > I can't reproduce this either on i386 or powerpc with either pterm or
> > > xterm. Can you get me an strace?
> >
> > Someone else pointed this out on this bug report (I saw it on the site
> > last night): its not a ssh bug, its a makedev bug. I downgraded makedev
> > and it went away.
> >
> > Doing so also seems to fix bug 245718 which I opened yesterday.
>
> Since an updated makedev should now have propagated, I'm assuming this bug
> (sh|c)ould now be closed?
Indeed it can. Thanks.
--
Colin Watson [cjwatson@flatline.org.uk]
Reply to: