[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#500445: marked as done (please provide a second openssh-client package)

Your message dated Sat, 10 Apr 2010 00:33:58 +0000
with message-id <E1O0Oe6-0005ZC-Cx@ries.debian.org>
and subject line Bug#231472: fixed in openssh 1:5.4p1-2
has caused the Debian Bug report #231472,
regarding please provide a second openssh-client package
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
231472: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=231472
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: openssh-client
Version: 1:5.1p1-2
Severity: wishlist
Tags: patch

Hi,

might you please enable opensc-support in openssh? My first patch enable
this via debian/rules and add build depends to libopensc2-dev.
The second patch allow to type the token pin if using 'ssh -I'. ssh-add
in combination with ssh-agent works without the second patch.

Greetings,
Christoph

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.27-rc7-00094-gc0f4d6d (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=de_DE@euro, LC_CTYPE=de_DE@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages openssh-client depends on:
ii  adduser               3.110              add and remove users and groups
ii  debconf [debconf-2.0] 1.5.22             Debian configuration management sy
ii  dpkg                  1.14.22            Debian package management system
ii  libc6                 2.7-13             GNU C Library: Shared libraries
ii  libcomerr2            1.41.0-3           common error description library
ii  libedit2              2.11~20080614-1    BSD editline and history libraries
ii  libkrb53              1.6.dfsg.4~beta1-4 MIT Kerberos runtime libraries
ii  libncurses5           5.6+20080830-1     shared libraries for terminal hand
ii  libopensc2            0.11.4-5           SmartCard library with support for
ii  libssl0.9.8           0.9.8g-13          SSL shared libraries
ii  passwd                1:4.1.1-5          change and administer password and
ii  zlib1g                1:1.2.3.3.dfsg-12  compression library - runtime

Versions of packages openssh-client recommends:
ii  openssh-blacklist             0.4.1      list of default blacklisted OpenSS
pn  openssh-blacklist-extra       <none>     (no description available)
ii  xauth                         1:1.0.3-2  X authentication utility

Versions of packages openssh-client suggests:
pn  keychain                      <none>     (no description available)
pn  libpam-ssh                    <none>     (no description available)
ii  ssh-askpass-gnome [ssh-askpas 1:5.1p1-2  interactive X program to prompt us

-- no debconf information

From 6c743d8da70d04d7c044c781e16c2bf0c353c273 Mon Sep 17 00:00:00 2001
From: Christoph Goehre <christoph.goehre@gmx.de>
Date: Sat, 27 Sep 2008 19:07:34 +0200
Subject: [PATCH] build with-opensc

---
 debian/control |    2 +-
 debian/rules   |    1 +
 2 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/debian/control b/debian/control
index 27b27e7..c037d1b 100644
--- a/debian/control
+++ b/debian/control
@@ -2,7 +2,7 @@ Source: openssh
 Section: net
 Priority: standard
 Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
-Build-Depends: libwrap0-dev | libwrap-dev, zlib1g-dev (>= 1:1.2.3-1), libssl-dev (>= 0.9.8-1), libpam0g-dev | libpam-dev, libgtk2.0-dev, libedit-dev, debhelper (>= 5.0.22), sharutils, libselinux1-dev [alpha amd64 arm armeb armel hppa i386 ia64 lpia m68k mips mipsel powerpc ppc64 s390 sparc], libkrb5-dev | heimdal-dev
+Build-Depends: libwrap0-dev | libwrap-dev, zlib1g-dev (>= 1:1.2.3-1), libssl-dev (>= 0.9.8-1), libpam0g-dev | libpam-dev, libgtk2.0-dev, libedit-dev, debhelper (>= 5.0.22), sharutils, libselinux1-dev [alpha amd64 arm armeb armel hppa i386 ia64 lpia m68k mips mipsel powerpc ppc64 s390 sparc], libkrb5-dev | heimdal-dev, libopensc2-dev
 Standards-Version: 3.7.3
 Uploaders: Colin Watson <cjwatson@debian.org>, Matthew Vernon <matthew@debian.org>
 
diff --git a/debian/rules b/debian/rules
index fb3f3a1..b0b06ba 100755
--- a/debian/rules
+++ b/debian/rules
@@ -84,6 +84,7 @@ confflags += --with-ssl-engine
 ifeq ($(DEB_HOST_ARCH_OS),linux)
 confflags += --with-selinux
 endif
+confflags += --with-opensc
 
 # The deb build wants xauth; the udeb build doesn't.
 confflags += --with-xauth=/usr/bin/X11/xauth
-- 
1.5.6.5


From b576575b2a4887378bede9b0064f9c1126c06c36 Mon Sep 17 00:00:00 2001
From: Christoph Goehre <christoph.goehre@gmx.de>
Date: Sat, 27 Sep 2008 19:30:21 +0200
Subject: [PATCH] apply smartcard-ask-for-passphrase-patch

from OpenSSH Bugzilla (Bug 608)
https://bugzilla.mindrot.org/show_bug.cgi?id=608
---
 scard-opensc.c |   44 +++++++++++++++++++++++++++++++++++---------
 scard.c        |    3 +++
 scard.h        |    2 ++
 ssh.c          |    3 +++
 4 files changed, 43 insertions(+), 9 deletions(-)

diff --git a/scard-opensc.c b/scard-opensc.c
index 36dae05..042544a 100644
--- a/scard-opensc.c
+++ b/scard-opensc.c
@@ -43,6 +43,8 @@
 #include "misc.h"
 #include "scard.h"
 
+int ask_for_pin=0;
+
 #if OPENSSL_VERSION_NUMBER < 0x00907000L && defined(CRYPTO_LOCK_ENGINE)
 #define USE_ENGINE
 #define RSA_get_default_method RSA_get_default_openssl_method
@@ -124,6 +126,7 @@ sc_prkey_op_init(RSA *rsa, struct sc_pkcs15_object **key_obj_out,
 	struct sc_pkcs15_prkey_info *key;
 	struct sc_pkcs15_object *pin_obj;
 	struct sc_pkcs15_pin_info *pin;
+	char *passphrase = NULL;
 
 	priv = (struct sc_priv_data *) RSA_get_app_data(rsa);
 	if (priv == NULL)
@@ -161,24 +164,47 @@ sc_prkey_op_init(RSA *rsa, struct sc_pkcs15_object **key_obj_out,
 		goto err;
 	}
 	pin = pin_obj->data;
+
+	if (sc_pin)
+		passphrase = sc_pin;
+	else if (ask_for_pin) {
+		/* we need a pin but don't have one => ask for the pin */
+		char prompt[64];
+
+		snprintf(prompt, sizeof(prompt), "Enter PIN for %s: ",
+			key_obj->label ? key_obj->label : "smartcard key");
+		passphrase = read_passphrase(prompt, 0);
+		if (!passphrase || !strcmp(passphrase, ""))
+			goto err;
+	} else 
+		/* no pin => error */
+		goto err;
+
 	r = sc_lock(card);
 	if (r) {
 		error("Unable to lock smartcard: %s", sc_strerror(r));
 		goto err;
 	}
-	if (sc_pin != NULL) {
-		r = sc_pkcs15_verify_pin(p15card, pin, sc_pin,
-					 strlen(sc_pin));
-		if (r) {
-			sc_unlock(card);
-			error("PIN code verification failed: %s",
-			      sc_strerror(r));
-			goto err;
-		}
+	r = sc_pkcs15_verify_pin(p15card, pin, passphrase,
+				 strlen(passphrase));
+	if (r) {
+		sc_unlock(card);
+		error("PIN code verification failed: %s",
+		      sc_strerror(r));
+		goto err;
 	}
+
 	*key_obj_out = key_obj;
+	if (!sc_pin) {
+		memset(passphrase, 0, strlen(passphrase));
+		xfree(passphrase);
+	}
 	return 0;
 err:
+	if (!sc_pin && passphrase) {
+		memset(passphrase, 0, strlen(passphrase));
+		xfree(passphrase);
+	}
 	sc_close();
 	return -1;
 }
diff --git a/scard.c b/scard.c
index 9fd3ca1..e2d2812 100644
--- a/scard.c
+++ b/scard.c
@@ -40,6 +40,9 @@
 #include "misc.h"
 #include "scard.h"
 
+/* currently unused */
+int ask_for_pin = 0;
+
 #if OPENSSL_VERSION_NUMBER < 0x00907000L
 #define USE_ENGINE
 #define RSA_get_default_method RSA_get_default_openssl_method
diff --git a/scard.h b/scard.h
index 82efe48..fe8d659 100644
--- a/scard.h
+++ b/scard.h
@@ -31,6 +31,8 @@
 #define SCARD_ERROR_NOCARD	-2
 #define SCARD_ERROR_APPLET	-3
 
+extern int ask_for_pin;
+
 Key	**sc_get_keys(const char *, const char *);
 void	 sc_close(void);
 int	 sc_put_key(Key *, const char *);
diff --git a/ssh.c b/ssh.c
index e2e2ef4..23e8451 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1243,6 +1243,9 @@ load_public_identity_files(void)
 #ifdef SMARTCARD
 	Key **keys;
 
+	if (!options.batch_mode)
+		ask_for_pin = 1;
+
 	if (options.smartcard_device != NULL &&
 	    options.num_identity_files < SSH_MAX_IDENTITY_FILES &&
 	    (keys = sc_get_keys(options.smartcard_device, NULL)) != NULL) {
-- 
1.5.6.5

Attachment: signature.asc
Description: Digital signature


--- End Message ---
--- Begin Message --- 
Source: openssh
Source-Version: 1:5.4p1-2

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive:

openssh-client-udeb_5.4p1-2_i386.udeb
  to main/o/openssh/openssh-client-udeb_5.4p1-2_i386.udeb
openssh-client_5.4p1-2_i386.deb
  to main/o/openssh/openssh-client_5.4p1-2_i386.deb
openssh-server-udeb_5.4p1-2_i386.udeb
  to main/o/openssh/openssh-server-udeb_5.4p1-2_i386.udeb
openssh-server_5.4p1-2_i386.deb
  to main/o/openssh/openssh-server_5.4p1-2_i386.deb
openssh_5.4p1-2.debian.tar.gz
  to main/o/openssh/openssh_5.4p1-2.debian.tar.gz
openssh_5.4p1-2.dsc
  to main/o/openssh/openssh_5.4p1-2.dsc
ssh-askpass-gnome_5.4p1-2_i386.deb
  to main/o/openssh/ssh-askpass-gnome_5.4p1-2_i386.deb
ssh-krb5_5.4p1-2_all.deb
  to main/o/openssh/ssh-krb5_5.4p1-2_all.deb
ssh_5.4p1-2_all.deb
  to main/o/openssh/ssh_5.4p1-2_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 231472@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 10 Apr 2010 01:08:59 +0100
Source: openssh
Binary: openssh-client openssh-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source i386 all
Version: 1:5.4p1-2
Distribution: unstable
Urgency: low
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description: 
 openssh-client - secure shell (SSH) client, for secure access to remote machines
 openssh-client-udeb - secure shell client for the Debian installer (udeb)
 openssh-server - secure shell (SSH) server, for secure access from remote machines
 openssh-server-udeb - secure shell server for the Debian installer (udeb)
 ssh        - secure shell client and server (metapackage)
 ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
 ssh-krb5   - secure shell client and server (transitional package)
Closes: 231472 572049
Changes: 
 openssh (1:5.4p1-2) unstable; urgency=low
 .
   * Borrow patch from Fedora to add DNSSEC support: if glibc 2.11 is
     installed, the host key is published in an SSHFP RR secured with DNSSEC,
     and VerifyHostKeyDNS=yes, then ssh will no longer prompt for host key
     verification (closes: #572049).
   * Convert to dh(1), and use dh_installdocs --link-doc.
   * Drop lpia support, since Ubuntu no longer supports this architecture.
   * Use dh_install more effectively.
   * Add a NEWS.Debian entry about changes in smartcard support relative to
     previous unofficial builds (closes: #231472).
Checksums-Sha1: 
 ea065da0e91177a3c8ca887f3a68406d8466277f 1690 openssh_5.4p1-2.dsc
 2d3006e63aa153214c7c175fcd401996c4af7c86 234525 openssh_5.4p1-2.debian.tar.gz
 89c2caf631701fc2a8f52f1622c490db541565fa 876046 openssh-client_5.4p1-2_i386.deb
 20514d8bec72ec19563c7af480afd8acea14cd12 297258 openssh-server_5.4p1-2_i386.deb
 9db91b10991b8f130454462311e69a778b5452b9 1244 ssh_5.4p1-2_all.deb
 2a96b0e4dc2d99678c3b06480983ddd0f01215e9 93252 ssh-krb5_5.4p1-2_all.deb
 4d9f2487628608f04a51d26fa792e604385fefbf 100820 ssh-askpass-gnome_5.4p1-2_i386.deb
 4cbeb61c06224280f3fd62006f89333f59d166dc 193214 openssh-client-udeb_5.4p1-2_i386.udeb
 9bcc826cee302b59fc93e8d534d7a35fb6c5223e 218002 openssh-server-udeb_5.4p1-2_i386.udeb
Checksums-Sha256: 
 db66d52a2485dc4f3aeb93fd0c0c852f5ccf546251e9d1312b16e9a03bebb062 1690 openssh_5.4p1-2.dsc
 a31b5362c427d2d635646d0fdde1beff5f05f44323c087d5b96c32cbe387073c 234525 openssh_5.4p1-2.debian.tar.gz
 b38e81eaf0945ff5a029ff8e6e64d3b3d63b4230d76294eed65aadc2cafcfc85 876046 openssh-client_5.4p1-2_i386.deb
 51271b715e7e679dffbfe242d504ad3025711996e691e5fa3974cce7c216bdfe 297258 openssh-server_5.4p1-2_i386.deb
 400bc095d6a50768c953e2ece951eb214db848d03c8dd6e95c6b96d2e8cb1786 1244 ssh_5.4p1-2_all.deb
 119ecc41350872385bc387bb9aeed093b357f4de1cce0b40f8f04ae1e670cacf 93252 ssh-krb5_5.4p1-2_all.deb
 3020b14d1683bb1ad2a1b61cb3a07ef71535f3dec86768ca29f09f2f7c636d89 100820 ssh-askpass-gnome_5.4p1-2_i386.deb
 8efbd59ee4b6b94fddd67e251b83c637df17e4a05bfb6f76699c965d268ab318 193214 openssh-client-udeb_5.4p1-2_i386.udeb
 c01a7200be37edaef85a3a85322680d2d6f2da92beb860f1c01578ba26361a49 218002 openssh-server-udeb_5.4p1-2_i386.udeb
Files: 
 4356514555f30830abcb74e1167d3539 1690 net standard openssh_5.4p1-2.dsc
 360bbaddd6801be9f97eb02d311a5ef5 234525 net standard openssh_5.4p1-2.debian.tar.gz
 767be5bb371d9f8550dff606b6375e99 876046 net standard openssh-client_5.4p1-2_i386.deb
 395055e7be48a79e4cead6c1c485ee08 297258 net optional openssh-server_5.4p1-2_i386.deb
 b55894e809be15c7af2ff2ba610dac1b 1244 net extra ssh_5.4p1-2_all.deb
 280c1c5ca100b6cb5a74f8c0c7d425c9 93252 net extra ssh-krb5_5.4p1-2_all.deb
 b1dad13e8357941454014c899e04f5d2 100820 gnome optional ssh-askpass-gnome_5.4p1-2_i386.deb
 afe3eeb8a65d31946e0a4f4fec525481 193214 debian-installer optional openssh-client-udeb_5.4p1-2_i386.udeb
 b06ae35d1c0de66a0652b2b3257aa207 218002 debian-installer optional openssh-server-udeb_5.4p1-2_i386.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer

iD8DBQFLv8NI9t0zAhD6TNERAgSfAJsG24Xqgk8l0PyqUhhjlrZoWfLGrwCeLeTa
ToPqurN9XXN/51IdACeujhI=
=7/BA
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: