Your message dated Sat, 10 Apr 2010 00:33:58 +0000 with message-id <E1O0Oe6-0005ZC-Cx@ries.debian.org> and subject line Bug#231472: fixed in openssh 1:5.4p1-2 has caused the Debian Bug report #231472, regarding please provide a second openssh-client package to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 231472: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=231472 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: openssh-client: compile with --with-opensc
- From: Christoph Goehre <christoph.goehre@gmx.de>
- Date: Sun, 28 Sep 2008 13:20:46 +0200
- Message-id: <20080928112046.GA15621@oxana.chris.lan>
Package: openssh-client Version: 1:5.1p1-2 Severity: wishlist Tags: patch Hi, might you please enable opensc-support in openssh? My first patch enable this via debian/rules and add build depends to libopensc2-dev. The second patch allow to type the token pin if using 'ssh -I'. ssh-add in combination with ssh-agent works without the second patch. Greetings, Christoph -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.27-rc7-00094-gc0f4d6d (SMP w/2 CPU cores; PREEMPT) Locale: LANG=de_DE@euro, LC_CTYPE=de_DE@euro (charmap=ISO-8859-15) Shell: /bin/sh linked to /bin/bash Versions of packages openssh-client depends on: ii adduser 3.110 add and remove users and groups ii debconf [debconf-2.0] 1.5.22 Debian configuration management sy ii dpkg 1.14.22 Debian package management system ii libc6 2.7-13 GNU C Library: Shared libraries ii libcomerr2 1.41.0-3 common error description library ii libedit2 2.11~20080614-1 BSD editline and history libraries ii libkrb53 1.6.dfsg.4~beta1-4 MIT Kerberos runtime libraries ii libncurses5 5.6+20080830-1 shared libraries for terminal hand ii libopensc2 0.11.4-5 SmartCard library with support for ii libssl0.9.8 0.9.8g-13 SSL shared libraries ii passwd 1:4.1.1-5 change and administer password and ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime Versions of packages openssh-client recommends: ii openssh-blacklist 0.4.1 list of default blacklisted OpenSS pn openssh-blacklist-extra <none> (no description available) ii xauth 1:1.0.3-2 X authentication utility Versions of packages openssh-client suggests: pn keychain <none> (no description available) pn libpam-ssh <none> (no description available) ii ssh-askpass-gnome [ssh-askpas 1:5.1p1-2 interactive X program to prompt us -- no debconf informationFrom 6c743d8da70d04d7c044c781e16c2bf0c353c273 Mon Sep 17 00:00:00 2001 From: Christoph Goehre <christoph.goehre@gmx.de> Date: Sat, 27 Sep 2008 19:07:34 +0200 Subject: [PATCH] build with-opensc --- debian/control | 2 +- debian/rules | 1 + 2 files changed, 2 insertions(+), 1 deletions(-) diff --git a/debian/control b/debian/control index 27b27e7..c037d1b 100644 --- a/debian/control +++ b/debian/control @@ -2,7 +2,7 @@ Source: openssh Section: net Priority: standard Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org> -Build-Depends: libwrap0-dev | libwrap-dev, zlib1g-dev (>= 1:1.2.3-1), libssl-dev (>= 0.9.8-1), libpam0g-dev | libpam-dev, libgtk2.0-dev, libedit-dev, debhelper (>= 5.0.22), sharutils, libselinux1-dev [alpha amd64 arm armeb armel hppa i386 ia64 lpia m68k mips mipsel powerpc ppc64 s390 sparc], libkrb5-dev | heimdal-dev +Build-Depends: libwrap0-dev | libwrap-dev, zlib1g-dev (>= 1:1.2.3-1), libssl-dev (>= 0.9.8-1), libpam0g-dev | libpam-dev, libgtk2.0-dev, libedit-dev, debhelper (>= 5.0.22), sharutils, libselinux1-dev [alpha amd64 arm armeb armel hppa i386 ia64 lpia m68k mips mipsel powerpc ppc64 s390 sparc], libkrb5-dev | heimdal-dev, libopensc2-dev Standards-Version: 3.7.3 Uploaders: Colin Watson <cjwatson@debian.org>, Matthew Vernon <matthew@debian.org> diff --git a/debian/rules b/debian/rules index fb3f3a1..b0b06ba 100755 --- a/debian/rules +++ b/debian/rules @@ -84,6 +84,7 @@ confflags += --with-ssl-engine ifeq ($(DEB_HOST_ARCH_OS),linux) confflags += --with-selinux endif +confflags += --with-opensc # The deb build wants xauth; the udeb build doesn't. confflags += --with-xauth=/usr/bin/X11/xauth -- 1.5.6.5From b576575b2a4887378bede9b0064f9c1126c06c36 Mon Sep 17 00:00:00 2001 From: Christoph Goehre <christoph.goehre@gmx.de> Date: Sat, 27 Sep 2008 19:30:21 +0200 Subject: [PATCH] apply smartcard-ask-for-passphrase-patch from OpenSSH Bugzilla (Bug 608) https://bugzilla.mindrot.org/show_bug.cgi?id=608 --- scard-opensc.c | 44 +++++++++++++++++++++++++++++++++++--------- scard.c | 3 +++ scard.h | 2 ++ ssh.c | 3 +++ 4 files changed, 43 insertions(+), 9 deletions(-) diff --git a/scard-opensc.c b/scard-opensc.c index 36dae05..042544a 100644 --- a/scard-opensc.c +++ b/scard-opensc.c @@ -43,6 +43,8 @@ #include "misc.h" #include "scard.h" +int ask_for_pin=0; + #if OPENSSL_VERSION_NUMBER < 0x00907000L && defined(CRYPTO_LOCK_ENGINE) #define USE_ENGINE #define RSA_get_default_method RSA_get_default_openssl_method @@ -124,6 +126,7 @@ sc_prkey_op_init(RSA *rsa, struct sc_pkcs15_object **key_obj_out, struct sc_pkcs15_prkey_info *key; struct sc_pkcs15_object *pin_obj; struct sc_pkcs15_pin_info *pin; + char *passphrase = NULL; priv = (struct sc_priv_data *) RSA_get_app_data(rsa); if (priv == NULL) @@ -161,24 +164,47 @@ sc_prkey_op_init(RSA *rsa, struct sc_pkcs15_object **key_obj_out, goto err; } pin = pin_obj->data; + + if (sc_pin) + passphrase = sc_pin; + else if (ask_for_pin) { + /* we need a pin but don't have one => ask for the pin */ + char prompt[64]; + + snprintf(prompt, sizeof(prompt), "Enter PIN for %s: ", + key_obj->label ? key_obj->label : "smartcard key"); + passphrase = read_passphrase(prompt, 0); + if (!passphrase || !strcmp(passphrase, "")) + goto err; + } else + /* no pin => error */ + goto err; + r = sc_lock(card); if (r) { error("Unable to lock smartcard: %s", sc_strerror(r)); goto err; } - if (sc_pin != NULL) { - r = sc_pkcs15_verify_pin(p15card, pin, sc_pin, - strlen(sc_pin)); - if (r) { - sc_unlock(card); - error("PIN code verification failed: %s", - sc_strerror(r)); - goto err; - } + r = sc_pkcs15_verify_pin(p15card, pin, passphrase, + strlen(passphrase)); + if (r) { + sc_unlock(card); + error("PIN code verification failed: %s", + sc_strerror(r)); + goto err; } + *key_obj_out = key_obj; + if (!sc_pin) { + memset(passphrase, 0, strlen(passphrase)); + xfree(passphrase); + } return 0; err: + if (!sc_pin && passphrase) { + memset(passphrase, 0, strlen(passphrase)); + xfree(passphrase); + } sc_close(); return -1; } diff --git a/scard.c b/scard.c index 9fd3ca1..e2d2812 100644 --- a/scard.c +++ b/scard.c @@ -40,6 +40,9 @@ #include "misc.h" #include "scard.h" +/* currently unused */ +int ask_for_pin = 0; + #if OPENSSL_VERSION_NUMBER < 0x00907000L #define USE_ENGINE #define RSA_get_default_method RSA_get_default_openssl_method diff --git a/scard.h b/scard.h index 82efe48..fe8d659 100644 --- a/scard.h +++ b/scard.h @@ -31,6 +31,8 @@ #define SCARD_ERROR_NOCARD -2 #define SCARD_ERROR_APPLET -3 +extern int ask_for_pin; + Key **sc_get_keys(const char *, const char *); void sc_close(void); int sc_put_key(Key *, const char *); diff --git a/ssh.c b/ssh.c index e2e2ef4..23e8451 100644 --- a/ssh.c +++ b/ssh.c @@ -1243,6 +1243,9 @@ load_public_identity_files(void) #ifdef SMARTCARD Key **keys; + if (!options.batch_mode) + ask_for_pin = 1; + if (options.smartcard_device != NULL && options.num_identity_files < SSH_MAX_IDENTITY_FILES && (keys = sc_get_keys(options.smartcard_device, NULL)) != NULL) { -- 1.5.6.5Attachment: signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
- To: 231472-close@bugs.debian.org
- Subject: Bug#231472: fixed in openssh 1:5.4p1-2
- From: Colin Watson <cjwatson@debian.org>
- Date: Sat, 10 Apr 2010 00:33:58 +0000
- Message-id: <E1O0Oe6-0005ZC-Cx@ries.debian.org>
Source: openssh Source-Version: 1:5.4p1-2 We believe that the bug you reported is fixed in the latest version of openssh, which is due to be installed in the Debian FTP archive: openssh-client-udeb_5.4p1-2_i386.udeb to main/o/openssh/openssh-client-udeb_5.4p1-2_i386.udeb openssh-client_5.4p1-2_i386.deb to main/o/openssh/openssh-client_5.4p1-2_i386.deb openssh-server-udeb_5.4p1-2_i386.udeb to main/o/openssh/openssh-server-udeb_5.4p1-2_i386.udeb openssh-server_5.4p1-2_i386.deb to main/o/openssh/openssh-server_5.4p1-2_i386.deb openssh_5.4p1-2.debian.tar.gz to main/o/openssh/openssh_5.4p1-2.debian.tar.gz openssh_5.4p1-2.dsc to main/o/openssh/openssh_5.4p1-2.dsc ssh-askpass-gnome_5.4p1-2_i386.deb to main/o/openssh/ssh-askpass-gnome_5.4p1-2_i386.deb ssh-krb5_5.4p1-2_all.deb to main/o/openssh/ssh-krb5_5.4p1-2_all.deb ssh_5.4p1-2_all.deb to main/o/openssh/ssh_5.4p1-2_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 231472@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Colin Watson <cjwatson@debian.org> (supplier of updated openssh package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sat, 10 Apr 2010 01:08:59 +0100 Source: openssh Binary: openssh-client openssh-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb Architecture: source i386 all Version: 1:5.4p1-2 Distribution: unstable Urgency: low Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org> Changed-By: Colin Watson <cjwatson@debian.org> Description: openssh-client - secure shell (SSH) client, for secure access to remote machines openssh-client-udeb - secure shell client for the Debian installer (udeb) openssh-server - secure shell (SSH) server, for secure access from remote machines openssh-server-udeb - secure shell server for the Debian installer (udeb) ssh - secure shell client and server (metapackage) ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad ssh-krb5 - secure shell client and server (transitional package) Closes: 231472 572049 Changes: openssh (1:5.4p1-2) unstable; urgency=low . * Borrow patch from Fedora to add DNSSEC support: if glibc 2.11 is installed, the host key is published in an SSHFP RR secured with DNSSEC, and VerifyHostKeyDNS=yes, then ssh will no longer prompt for host key verification (closes: #572049). * Convert to dh(1), and use dh_installdocs --link-doc. * Drop lpia support, since Ubuntu no longer supports this architecture. * Use dh_install more effectively. * Add a NEWS.Debian entry about changes in smartcard support relative to previous unofficial builds (closes: #231472). Checksums-Sha1: ea065da0e91177a3c8ca887f3a68406d8466277f 1690 openssh_5.4p1-2.dsc 2d3006e63aa153214c7c175fcd401996c4af7c86 234525 openssh_5.4p1-2.debian.tar.gz 89c2caf631701fc2a8f52f1622c490db541565fa 876046 openssh-client_5.4p1-2_i386.deb 20514d8bec72ec19563c7af480afd8acea14cd12 297258 openssh-server_5.4p1-2_i386.deb 9db91b10991b8f130454462311e69a778b5452b9 1244 ssh_5.4p1-2_all.deb 2a96b0e4dc2d99678c3b06480983ddd0f01215e9 93252 ssh-krb5_5.4p1-2_all.deb 4d9f2487628608f04a51d26fa792e604385fefbf 100820 ssh-askpass-gnome_5.4p1-2_i386.deb 4cbeb61c06224280f3fd62006f89333f59d166dc 193214 openssh-client-udeb_5.4p1-2_i386.udeb 9bcc826cee302b59fc93e8d534d7a35fb6c5223e 218002 openssh-server-udeb_5.4p1-2_i386.udeb Checksums-Sha256: db66d52a2485dc4f3aeb93fd0c0c852f5ccf546251e9d1312b16e9a03bebb062 1690 openssh_5.4p1-2.dsc a31b5362c427d2d635646d0fdde1beff5f05f44323c087d5b96c32cbe387073c 234525 openssh_5.4p1-2.debian.tar.gz b38e81eaf0945ff5a029ff8e6e64d3b3d63b4230d76294eed65aadc2cafcfc85 876046 openssh-client_5.4p1-2_i386.deb 51271b715e7e679dffbfe242d504ad3025711996e691e5fa3974cce7c216bdfe 297258 openssh-server_5.4p1-2_i386.deb 400bc095d6a50768c953e2ece951eb214db848d03c8dd6e95c6b96d2e8cb1786 1244 ssh_5.4p1-2_all.deb 119ecc41350872385bc387bb9aeed093b357f4de1cce0b40f8f04ae1e670cacf 93252 ssh-krb5_5.4p1-2_all.deb 3020b14d1683bb1ad2a1b61cb3a07ef71535f3dec86768ca29f09f2f7c636d89 100820 ssh-askpass-gnome_5.4p1-2_i386.deb 8efbd59ee4b6b94fddd67e251b83c637df17e4a05bfb6f76699c965d268ab318 193214 openssh-client-udeb_5.4p1-2_i386.udeb c01a7200be37edaef85a3a85322680d2d6f2da92beb860f1c01578ba26361a49 218002 openssh-server-udeb_5.4p1-2_i386.udeb Files: 4356514555f30830abcb74e1167d3539 1690 net standard openssh_5.4p1-2.dsc 360bbaddd6801be9f97eb02d311a5ef5 234525 net standard openssh_5.4p1-2.debian.tar.gz 767be5bb371d9f8550dff606b6375e99 876046 net standard openssh-client_5.4p1-2_i386.deb 395055e7be48a79e4cead6c1c485ee08 297258 net optional openssh-server_5.4p1-2_i386.deb b55894e809be15c7af2ff2ba610dac1b 1244 net extra ssh_5.4p1-2_all.deb 280c1c5ca100b6cb5a74f8c0c7d425c9 93252 net extra ssh-krb5_5.4p1-2_all.deb b1dad13e8357941454014c899e04f5d2 100820 gnome optional ssh-askpass-gnome_5.4p1-2_i386.deb afe3eeb8a65d31946e0a4f4fec525481 193214 debian-installer optional openssh-client-udeb_5.4p1-2_i386.udeb b06ae35d1c0de66a0652b2b3257aa207 218002 debian-installer optional openssh-server-udeb_5.4p1-2_i386.udeb Package-Type: udeb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Colin Watson <cjwatson@debian.org> -- Debian developer iD8DBQFLv8NI9t0zAhD6TNERAgSfAJsG24Xqgk8l0PyqUhhjlrZoWfLGrwCeLeTa ToPqurN9XXN/51IdACeujhI= =7/BA -----END PGP SIGNATURE-----
--- End Message ---