Bug#549858: marked as done (openssh-server: Support AuthorizedKeysFile in Match block?)

To: Colin Watson <cjwatson@debian.org>
Subject: Bug#549858: marked as done (openssh-server: Support AuthorizedKeysFile in Match block?)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Tue, 24 Aug 2010 00:03:10 +0000
Message-id: <handler.549858.D549858.128260814416569.ackdone@bugs.debian.org>
References: <E1Ongy5-0001L9-VH@franck.debian.org> <8763at62ij.fsf@qurzaw.linpro.no>

Your message dated Tue, 24 Aug 2010 00:02:21 +0000
with message-id <E1Ongy5-0001L9-VH@franck.debian.org>
and subject line Bug#549858: fixed in openssh 1:5.6p1-1
has caused the Debian Bug report #549858,
regarding openssh-server: Support AuthorizedKeysFile in Match block?
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
549858: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=549858
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <maintonly@bugs.debian.org>
Subject: openssh-server: Support AuthorizedKeysFile in Match block?
From: Tollef Fog Heen <tfheen@debian.org>
Date: Mon, 05 Oct 2009 21:53:40 +0200
Message-id: <8763at62ij.fsf@qurzaw.linpro.no>

Package: openssh-server
Version: 1:5.1p1-7
Severity: minor

Hi,

it would be quite useful to be able to specify AuthorizedKeysFile in a
Match block in sshd_config.  The use-case is having different groups
whose ssh keys are distributed through multiple systems (think something
resembling userdir-ldap + puppet + manual copying).  We are currently
working around this by using AuthorizedKeysFile and AuthorizedKeysFile2,
but this doesn't scale beyond two locations and is a bit of a hack.

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing'), (50, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.30-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=nb_NO.UTF-8, LC_CTYPE=nb_NO.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages openssh-server depends on:
ii  adduser                3.111             add and remove users and groups
ii  debconf [debconf-2.0]  1.5.27            Debian configuration management sy
ii  dpkg                   1.15.3.1+b1       Debian package management system
ii  libc6                  2.9-25            GNU C Library: Shared libraries
ii  libcomerr2             1.41.9-1          common error description library
ii  libgssapi-krb5-2       1.7dfsg~beta3-1   MIT Kerberos runtime libraries - k
ii  libk5crypto3           1.7dfsg~beta3-1   MIT Kerberos runtime libraries - C
ii  libkrb5-3              1.7dfsg~beta3-1   MIT Kerberos runtime libraries
ii  libpam-modules         1.1.0-4           Pluggable Authentication Modules f
ii  libpam-runtime         1.1.0-4           Runtime support for the PAM librar
ii  libpam0g               1.1.0-4           Pluggable Authentication Modules l
ii  libselinux1            2.0.85-4          SELinux runtime shared libraries
ii  libssl0.9.8            0.9.8k-5          SSL shared libraries
ii  libwrap0               7.6.q-18          Wietse Venema's TCP wrappers libra
ii  lsb-base               3.2-23            Linux Standard Base 3.2 init scrip
ii  openssh-blacklist      0.4.1             list of default blacklisted OpenSS
ii  openssh-client         1:5.1p1-7         secure shell client, an rlogin/rsh
ii  procps                 1:3.2.8-1.1       /proc file system utilities
ii  zlib1g                 1:1.2.3.3.dfsg-15 compression library - runtime

Versions of packages openssh-server recommends:
ii  openssh-blacklist-extra       0.4.1      list of non-default blacklisted Op
ii  xauth                         1:1.0.3-2  X authentication utility

Versions of packages openssh-server suggests:
pn  molly-guard                   <none>     (no description available)
pn  rssh                          <none>     (no description available)
pn  ssh-askpass                   <none>     (no description available)
pn  ufw                           <none>     (no description available)

-- debconf information:
  ssh/vulnerable_host_keys:
  ssh/new_config: true
* ssh/use_old_init_script: true
  ssh/encrypted_host_key_but_no_keygen:
  ssh/disable_cr_auth: false

-- 
Tollef Fog Heen 
Redpill Linpro -- Changing the game!
t: +47 21 54 41 73

--- End Message ---

--- Begin Message ---

To: 549858-close@bugs.debian.org
Subject: Bug#549858: fixed in openssh 1:5.6p1-1
From: Colin Watson <cjwatson@debian.org>
Date: Tue, 24 Aug 2010 00:02:21 +0000
Message-id: <E1Ongy5-0001L9-VH@franck.debian.org>

Source: openssh
Source-Version: 1:5.6p1-1

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive:

openssh-client-udeb_5.6p1-1_i386.udeb
  to main/o/openssh/openssh-client-udeb_5.6p1-1_i386.udeb
openssh-client_5.6p1-1_i386.deb
  to main/o/openssh/openssh-client_5.6p1-1_i386.deb
openssh-server-udeb_5.6p1-1_i386.udeb
  to main/o/openssh/openssh-server-udeb_5.6p1-1_i386.udeb
openssh-server_5.6p1-1_i386.deb
  to main/o/openssh/openssh-server_5.6p1-1_i386.deb
openssh_5.6p1-1.debian.tar.gz
  to main/o/openssh/openssh_5.6p1-1.debian.tar.gz
openssh_5.6p1-1.dsc
  to main/o/openssh/openssh_5.6p1-1.dsc
openssh_5.6p1.orig.tar.gz
  to main/o/openssh/openssh_5.6p1.orig.tar.gz
ssh-askpass-gnome_5.6p1-1_i386.deb
  to main/o/openssh/ssh-askpass-gnome_5.6p1-1_i386.deb
ssh-krb5_5.6p1-1_all.deb
  to main/o/openssh/ssh-krb5_5.6p1-1_all.deb
ssh_5.6p1-1_all.deb
  to main/o/openssh/ssh_5.6p1-1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 549858@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 24 Aug 2010 00:37:54 +0100
Source: openssh
Binary: openssh-client openssh-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source i386 all
Version: 1:5.6p1-1
Distribution: experimental
Urgency: low
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description: 
 openssh-client - secure shell (SSH) client, for secure access to remote machines
 openssh-client-udeb - secure shell client for the Debian installer (udeb)
 openssh-server - secure shell (SSH) server, for secure access from remote machines
 openssh-server-udeb - secure shell server for the Debian installer (udeb)
 ssh        - secure shell client and server (metapackage)
 ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
 ssh-krb5   - secure shell client and server (transitional package)
Closes: 335697 350898 454787 500573 549858 550262
Changes: 
 openssh (1:5.6p1-1) experimental; urgency=low
 .
   * New upstream release (http://www.openssh.com/txt/release-5.6):
     - Added a ControlPersist option to ssh_config(5) that automatically
       starts a background ssh(1) multiplex master when connecting.  This
       connection can stay alive indefinitely, or can be set to automatically
       close after a user-specified duration of inactivity (closes: #335697,
       #350898, #454787, #500573, #550262).
     - Support AuthorizedKeysFile, AuthorizedPrincipalsFile,
       HostbasedUsesNameFromPacketOnly, and PermitTunnel in sshd_config(5)
       Match blocks (closes: #549858).
     - sftp(1): fix ls in working directories that contain globbing
       characters in their pathnames (LP: #530714).
Checksums-Sha1: 
 e18304779a8c7ae8ece0c4e4174cbadbaab95444 2251 openssh_5.6p1-1.dsc
 347dd39c91c3529f41dae63714d452fb95efea1e 1117952 openssh_5.6p1.orig.tar.gz
 e5684e1362853302e70edcb834af87db48a497f2 235299 openssh_5.6p1-1.debian.tar.gz
 0933f291e40fff6ecae7fde592aa19b94aefe499 899528 openssh-client_5.6p1-1_i386.deb
 1453ef41f9cf7d6d3b0aa8d5ef558683065689ae 301116 openssh-server_5.6p1-1_i386.deb
 a32f400d23195ff9bd16498502ebcc014a623b9b 1242 ssh_5.6p1-1_all.deb
 ca943245abf59d51e260e7a3c82fa42a427df84d 102954 ssh-krb5_5.6p1-1_all.deb
 74868b9f6edd455361852724882075aa4f63c184 110366 ssh-askpass-gnome_5.6p1-1_i386.deb
 f6abe6d20bfde446629e65757ffdd31f6349c7a2 198770 openssh-client-udeb_5.6p1-1_i386.udeb
 9a5beb5c08fe0ffe7aa7c285ba60f426d3cb06a8 222878 openssh-server-udeb_5.6p1-1_i386.udeb
Checksums-Sha256: 
 12fab1bd9edf33bbcd3a2808e7443fa040c4d8e17f589ba9613d817bf121e487 2251 openssh_5.6p1-1.dsc
 538af53b2b8162c21a293bb004ae2bdb141abd250f61b4cea55244749f3c6c2b 1117952 openssh_5.6p1.orig.tar.gz
 5af0105c72eee38af8619b906eddc428e3a9e86cd9916ee6139a8c59f3314191 235299 openssh_5.6p1-1.debian.tar.gz
 187227671bdfcc3d4ffcebf95bb9eac51016d6aeb6053454aeeaa1bba1027b3d 899528 openssh-client_5.6p1-1_i386.deb
 95c735254b22cf0e0caabaafd2e424520177aca7596ef05112af1ce2bbe4c52b 301116 openssh-server_5.6p1-1_i386.deb
 8c25adb78c7dbc2ce62bb205772a0f1e30cca824a3f38a171ddd8815ddc7430e 1242 ssh_5.6p1-1_all.deb
 5ced1c48c722771742dd260cf61d912c0c41ca53d0694f9b78dead14bf4c5f4b 102954 ssh-krb5_5.6p1-1_all.deb
 4817b4503ca0f1e96e4b25f046cf65f708f513238fde57340dcb0ece96300b5b 110366 ssh-askpass-gnome_5.6p1-1_i386.deb
 9156bb6d4388043826b61ffb7975f027c608d40ae5bfd744020f180c1cf83d85 198770 openssh-client-udeb_5.6p1-1_i386.udeb
 0a2511d14af758ef8c77c6047262a548cc1cc0db3570d065e3a75bc3a269d9f3 222878 openssh-server-udeb_5.6p1-1_i386.udeb
Files: 
 567aa4098adb222a220c13bb89f01e0f 2251 net standard openssh_5.6p1-1.dsc
 e6ee52e47c768bf0ec42a232b5d18fb0 1117952 net standard openssh_5.6p1.orig.tar.gz
 a0d941d78aad7839cb0c84805dff0b9a 235299 net standard openssh_5.6p1-1.debian.tar.gz
 8aa7996bace06dad849fdafd01dcb97a 899528 net standard openssh-client_5.6p1-1_i386.deb
 d0ab84c1e4fdd1b02556397679fd485c 301116 net optional openssh-server_5.6p1-1_i386.deb
 9bb3230a149c9000f1bb3135e52ab529 1242 net extra ssh_5.6p1-1_all.deb
 e1e38e99a481362c2c8887dc6b22789a 102954 net extra ssh-krb5_5.6p1-1_all.deb
 d4a2d2867f7815ca389fe02d3bc94300 110366 gnome optional ssh-askpass-gnome_5.6p1-1_i386.deb
 172863fa89b4c2071354df7c1dada0d6 198770 debian-installer optional openssh-client-udeb_5.6p1-1_i386.udeb
 451568610ad7a6ac4002e24df826cd28 222878 debian-installer optional openssh-server-udeb_5.6p1-1_i386.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer

iQIVAwUBTHMIHzk1h9l9hlALAQgcmA/+KlY0zwd2tLaWjc+JDHD2siPz2S02EH0d
E4GkH8Pm0xn7iUrlRcYyWY6xUMZW/CfwPAPcSfgvIBnB1O75tNSqnpXhjkyHThIY
MywS8j/GtWSU62Vb/MJWstHYA/SV9xPM6b65/Ib7C2p6Nuj/s19iVTU35acg5rzX
UbXtG/CDK8NScB+Q1GMj76pdoROF49PnQ2v9tFD3KSUgL+aLd5Xbr9HGa/me0Teo
0SgTfl4Pb0PNwOZWp13/9EaBL60Jov3evjsxGABSTmLDO8lUDEA3ARGRbVFFLNBG
nOXlMqla/pTBuX3TAfm9HqeHT12nfUW/Xak8s/OVyw51Imf8OgeGeHbX/4j28Epm
N1OQbvrImO30Frf5jgRnBbD6OQjYRxdwjUdXe5Ptqf51R4DT3NCEo1dl22HmWO29
fKLYRLfrAUfq4lOC9TT22YNCMh8g8V335XZ0Lfok/BBSpunDelDyO25918231pG/
tljdTn2KOM5qSNysE7MyQSJqf5L1WFpwQYfoj6pb2R15c4gSV3hQqbh+5EQbeKwA
y8O88NQYfg+wu10MLHC5DR0S33p3+NznW3q3IvbfSOZd6CF54qk8No69QhsA0bnA
JihC7HPBtwAWaPF3v+Hzl6B0XX6KnTHlQviLrE/TpQ0lhoaSbd5TcN5D0NE9kSaH
HuzDM/bKu0c=
=DX+3
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: Bug#500573: marked as done (openssh-client: ControlTimeout option)
Next by Date: Bug#550262: marked as done (all sessions should be slaves of a backgrounded master)
Previous by thread: Bug#500573: marked as done (openssh-client: ControlTimeout option)
Next by thread: Bug#550262: marked as done (all sessions should be slaves of a backgrounded master)
Index(es):
- Date
- Thread