Bug#778807: marked as done ("kernel: [537088.405962] traps: sshd[27582] general protection ip:7f349cde6664 sp:7fffaf183ee8 error:0 in libc-2.19.so[7f349cd6a000+19f000]" when PermitOpen=none)
- To: Colin Watson <cjwatson@debian.org>
- Subject: Bug#778807: marked as done ("kernel: [537088.405962] traps: sshd[27582] general protection ip:7f349cde6664 sp:7fffaf183ee8 error:0 in libc-2.19.so[7f349cd6a000+19f000]" when PermitOpen=none)
- From: owner@bugs.debian.org (Debian Bug Tracking System)
- Date: Thu, 20 Aug 2015 10:09:30 +0000
- Message-id: <[🔎] handler.778807.D778807.144006515322570.ackdone@bugs.debian.org>
- References: <E1ZSMjH-0002Nf-Ti@franck.debian.org> <20150220035217.10611.51679.reportbug@heisenberg.scientia.net>
Your message dated Thu, 20 Aug 2015 10:05:51 +0000
with message-id <E1ZSMjH-0002Nf-Ti@franck.debian.org>
and subject line Bug#778807: fixed in openssh 1:6.9p1-1
has caused the Debian Bug report #778807,
regarding "kernel: [537088.405962] traps: sshd[27582] general protection ip:7f349cde6664 sp:7fffaf183ee8 error:0 in libc-2.19.so[7f349cd6a000+19f000]" when PermitOpen=none
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
778807: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778807
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: "kernel: [537088.405962] traps: sshd[27582] general protection ip:7f349cde6664 sp:7fffaf183ee8 error:0 in libc-2.19.so[7f349cd6a000+19f000]" when PermitOpen=none
- From: Christoph Anton Mitterer <calestyo@scientia.net>
- Date: Fri, 20 Feb 2015 04:52:17 +0100
- Message-id: <20150220035217.10611.51679.reportbug@heisenberg.scientia.net>
Package: openssh-server
Version: 1:6.7p1-3
Severity: important
Tags: upstream
Forwarded: https://bugzilla.mindrot.org/show_bug.cgi?id=2355
Hey.
I found a "special" situation in which ssh connections crash every few
tries and sometimes (but not always) one get's any of these along:
[527879.021049] traps: sshd[14583] general protection ip:7fbc7f04a664 sp:7fff3939fe58 error:0 in libc-2.19.so[7fbc7efce000+19f000]
[527945.727953] traps: sshd[14660] general protection ip:7f069558d664 sp:7fffc4223c88 error:0 in libc-2.19.so[7f0695511000+19f000]
[528046.264330] traps: sshd[14826] general protection ip:7f1b26eed664 sp:7fff521d7178 error:0 in libc-2.19.so[7f1b26e71000+19f000]
[536582.887955] traps: sshd[26078] general protection ip:7f96158b4664 sp:7fff2fef4a08 error:0 in libc-2.19.so[7f9615838000+19f000]
[536628.489940] traps: sshd[26206] general protection ip:7f9cc14a9664 sp:7fffdacfb478 error:0 in libc-2.19.so[7f9cc142d000+19f000]
[536734.550558] traps: sshd[26320] general protection ip:7f260fc18664 sp:7ffffb25be88 error:0 in libc-2.19.so[7f260fb9c000+19f000]
[536841.887230] traps: sshd[26513] general protection ip:7f168b350664 sp:7fff8a85a2c8 error:0 in libc-2.19.so[7f168b2d4000+19f000]
[536860.256030] traps: sshd[26572] general protection ip:7fba93937664 sp:7ffffcf18928 error:0 in libc-2.19.so[7fba938bb000+19f000]
[536949.787928] sshd[27137]: segfault at 8100000038 ip 00007f84523e666 sp 00007fff2cc1d908 error 4 in libc-2.19.so[7f845236a000+19f000]
[537088.405962] traps: sshd[27582] general protection ip:7f349cde6664 sp:7fffaf183ee8 error:0 in libc-2.19.so[7f349cd6a000+19f000]
What I do is basically the following:
Having sshd running (my sshd_config is attached), and gitolite3
(from sid) installed.
Gitolite (which I use with the "git" username) in turn has entries
like these:
command="/usr/share/gitolite3/gitolite-shell admin",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-ed25519 ...
in its authorized_key files
Then I repeatedly do:
$ ssh git@myserver info
Sometimes this works and I get:
> hello someName, this is git@myserver running gitolite3 3.6.1-3 (Debian) on git 2.1.4
But more than every 2nd time it fails and I get
> Write failed: Broken pipe
Sometimes (not always) with a general protection or segfault.
>From my sshd_config, which uses a Match block for the git
user (for reasons of hardening), I found that the
> PermitOpen none
line is the cause of the problem
When I comment it, then the connections *always* succeed (well at least
from about ~20 successive tries).
I should probably further notice: systemd/logind/PAM is used (not sure
if this could somehow interfere).
Also, I'm a bit unsure whether the "main" sshd is crashing or whethr
it's just the processes of the sessions.
I didn't manually restart sshd, but it might be that systemd does that
automatically? How would I find out?
So some bug is hidden there...
Cheers,
Chris
-- System Information:
Debian Release: 8.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_DE.utf8, LC_CTYPE=en_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages openssh-server depends on:
ii adduser 3.113+nmu3
ii debconf [debconf-2.0] 1.5.55
ii dpkg 1.17.23
ii init-system-helpers 1.22
ii libc6 2.19-15
ii libcomerr2 1.42.12-1
ii libgssapi-krb5-2 1.12.1+dfsg-18
ii libkrb5-3 1.12.1+dfsg-18
ii libpam-modules 1.1.8-3.1
ii libpam-runtime 1.1.8-3.1
ii libpam0g 1.1.8-3.1
ii libselinux1 2.3-2
ii libssl1.0.0 1.0.1k-1
ii libwrap0 7.6.q-25
ii lsb-base 4.1+Debian13+nmu1
ii openssh-client 1:6.7p1-3
ii openssh-sftp-server 1:6.7p1-3
ii procps 2:3.3.9-8
ii zlib1g 1:1.2.8.dfsg-2+b1
Versions of packages openssh-server recommends:
ii ncurses-term 5.9+20140913-1
ii xauth 1:1.0.9-1
Versions of packages openssh-server suggests:
pn molly-guard <none>
pn monkeysphere <none>
ii rssh 2.3.4-4+b1
pn ssh-askpass <none>
pn ufw <none>
-- debconf information excluded
#*******************************************************************************
#*** General ***
#*******************************************************************************
##LogLevel INFO
##SyslogFacility AUTH
##PidFile /var/run/sshd.pid
##StrictModes yes
#*******************************************************************************
#*** System Techniques ***
#*******************************************************************************
UsePrivilegeSeparation sandbox
#*******************************************************************************
#*** Networking ***
#*******************************************************************************
##AddressFamily any
##Port 22
ListenAddress localhost
ListenAddress ip6-localhost
ListenAddress foobar
TCPKeepAlive no
##IPQoS lowdelay throughput
##UseDNS yes
##MaxStartups 10:30:100
##MaxSessions 10
#*******************************************************************************
#*** Secure Shell (SSH) Protocol ***
#*******************************************************************************
Protocol 2
##VersionAddendum none
##DebianBanner yes
##Banner
Compression no
ClientAliveInterval 15
ClientAliveCountMax 8
GSSAPIKeyExchange no
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com
ServerKeyBits 4096
KeyRegenerationInterval 10m
RekeyLimit default 1h
#*******************************************************************************
#*** Server Authentication ***
#*******************************************************************************
HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_rsa_key
#Note: SSH Version 2 DSA host keys are implicitly disabled.
##HostKey /etc/ssh/ssh_host_dsa_key
#Note: SSH Version 1 RSA host keys are implicitly disabled.
##HostKey /etc/ssh/ssh_host_key
##HostKeyAgent
##HostCertificate
#*******************************************************************************
#*** Client Authentication Methods ***
#*******************************************************************************
PasswordAuthentication no
PermitEmptyPasswords no
KbdInteractiveAuthentication no
ChallengeResponseAuthentication no
RhostsRSAAuthentication no
HostbasedAuthentication no
HostbasedUsesNameFromPacketOnly no
KerberosAuthentication no
KerberosOrLocalPasswd no
##KerberosGetAFSToken no
##KerberosTicketCleanup yes
GSSAPIAuthentication no
GSSAPIStrictAcceptorCheck yes
##GSSAPIStoreCredentialsOnRekey no
##GSSAPICleanupCredentials yes
RSAAuthentication no
PubkeyAuthentication yes
IgnoreUserKnownHosts yes
IgnoreRhosts yes
#*******************************************************************************
#*** Client Authentication And Authorisation ***
#*******************************************************************************
AuthenticationMethods publickey
LoginGraceTime 60
MaxAuthTries 4
##RevokedKeys
##AuthorizedKeysCommand none
AuthorizedKeysCommandUser invalid
AuthorizedKeysFile .ssh/authorized_keys
##TrustedUserCAKeys
##AuthorizedPrincipalsFile
#Note: These directives are processed in the following order: DenyUsers, AllowUsers, DenyGroups, AllowGroups
##DenyUsers
AllowUsers root git
##DenyGroups
##AllowGroups *
PermitRootLogin without-password
#*******************************************************************************
#*** Session ***
#*******************************************************************************
UsePAM yes
##UseLogin no
##PermitTTY yes
##AllowAgentForwarding yes
##PermitUserRC yes
AcceptEnv LANG LC_ALL LC_ADDRESS LC_COLLATE LC_CTYPE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME
PermitUserEnvironment no
##PrintLastLog yes
PrintMotd no
##ChrootDirectory
##ForceCommand
#*******************************************************************************
#*** Forwarding ***
#*******************************************************************************
##AllowStreamLocalForwarding yes
StreamLocalBindMask 0177
StreamLocalBindUnlink no
##AllowTcpForwarding yes
##PermitOpen any
PermitTunnel no
X11Forwarding yes
X11UseLocalhost yes
##X11DisplayOffset 10
##XAuthLocation /usr/bin/xauth
GatewayPorts no
#*******************************************************************************
#*** Subsystems ***
#*******************************************************************************
Subsystem sftp /usr/lib/openssh/sftp-server
#*******************************************************************************
#*** Conditional Directive Blocks ***
#*******************************************************************************
#for the user “git” used with Gitolite
Match User git
#Note: Gitolite via SSH must only be used with the public key authentication method, therefore the following completely disables all others. However, the former isn’t explicitily enabled here, but rather “inherited” from the “global” configuration.
PasswordAuthentication no
PermitEmptyPasswords no
KbdInteractiveAuthentication no
RhostsRSAAuthentication no
HostbasedAuthentication no
HostbasedUsesNameFromPacketOnly no
KerberosAuthentication no
GSSAPIAuthentication no
RSAAuthentication no
###PubkeyAuthentication yes
AuthenticationMethods publickey
#Note: As of now, Gitolite doesn’t make use of an “authorized keys command”. It could have been “inherited” from the “global” configuration, therefore the following disables it explicitly.
AuthorizedKeysCommand none
AuthorizedKeysCommandUser invalid
#Note: Gitolite always expects the authorized keys to be found at “~/.ssh/authorized_keys”. A different value could have been “inherited” from the “global” configuration, therefore the following sets it explicitly.
AuthorizedKeysFile .ssh/authorized_keys
#Note: The following makes sure that it is really the user “git” which is used and that it isn’t an “alias for root” (in other words: any user name having the user ID 0).
AllowUsers git
PermitRootLogin no
#Note: The following restricts miscellaneous things which shouldn’t be necessary for respectively used with git or Gitolite.
PermitTTY no
AllowAgentForwarding no
PermitUserRC no
AcceptEnv LANG LC_ALL LC_ADDRESS LC_COLLATE LC_CTYPE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME
AllowStreamLocalForwarding no
StreamLocalBindMask 0777
StreamLocalBindUnlink no
AllowTcpForwarding no
PermitOpen none
PermitTunnel no
X11Forwarding no
X11UseLocalhost yes
GatewayPorts no
#Note: The following effectively forbids SSH channel multiplexing, which might have security implications (simplified: further channels “inherit” some parameters from the initiating one) if allowed.
MaxSessions 1
#TODO: Consider running Gitolite from within a chroot.
#ChrootDirectory
#TODO: Currently, “ForceCommand” cannot be used with Gitolite, but reconsider this once it should become possible.
#ForceCommand
--- End Message ---
--- Begin Message ---
Source: openssh
Source-Version: 1:6.9p1-1
We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 778807@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 20 Aug 2015 10:38:58 +0100
Source: openssh
Binary: openssh-client openssh-server openssh-sftp-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source amd64 all
Version: 1:6.9p1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description:
openssh-client - secure shell (SSH) client, for secure access to remote machines
openssh-client-udeb - secure shell client for the Debian installer (udeb)
openssh-server - secure shell (SSH) server, for secure access from remote machines
openssh-server-udeb - secure shell server for the Debian installer (udeb)
openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot
ssh - secure shell client and server (metapackage)
ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
ssh-krb5 - secure shell client and server (transitional package)
Closes: 241119 481133 740307 740494 767648 774369 778807 781469 787037 787776 790798 793616 795711
Changes:
openssh (1:6.9p1-1) unstable; urgency=medium
.
* New upstream release (http://www.openssh.com/txt/release-6.8):
- sshd(8): UseDNS now defaults to 'no'. Configurations that match
against the client host name (via sshd_config or authorized_keys) may
need to re-enable it or convert to matching against addresses.
- Add FingerprintHash option to ssh(1) and sshd(8), and equivalent
command-line flags to the other tools to control algorithm used for
key fingerprints. The default changes from MD5 to SHA256 and format
from hex to base64.
Fingerprints now have the hash algorithm prepended. An example of the
new format: SHA256:mVPwvezndPv/ARoIadVY98vAC0g+P/5633yTC4d/wXE
Please note that visual host keys will also be different.
- ssh(1), sshd(8): Experimental host key rotation support. Add a
protocol extension for a server to inform a client of all its
available host keys after authentication has completed. The client
may record the keys in known_hosts, allowing it to upgrade to better
host key algorithms and a server to gracefully rotate its keys.
The client side of this is controlled by a UpdateHostkeys config
option (default off).
- ssh(1): Add a ssh_config HostbasedKeyType option to control which host
public key types are tried during host-based authentication.
- ssh(1), sshd(8): Fix connection-killing host key mismatch errors when
sshd offers multiple ECDSA keys of different lengths.
- ssh(1): When host name canonicalisation is enabled, try to parse host
names as addresses before looking them up for canonicalisation. Fixes
bz#2074 and avoids needless DNS lookups in some cases.
- ssh(1), ssh-keysign(8): Make ed25519 keys work for host based
authentication.
- sshd(8): SSH protocol v.1 workaround for the Meyer, et al,
Bleichenbacher Side Channel Attack. Fake up a bignum key before RSA
decryption.
- sshd(8): Remember which public keys have been used for authentication
and refuse to accept previously-used keys. This allows
AuthenticationMethods=publickey,publickey to require that users
authenticate using two _different_ public keys.
- sshd(8): add sshd_config HostbasedAcceptedKeyTypes and
PubkeyAcceptedKeyTypes options to allow sshd to control what public
key types will be accepted (closes: #481133). Currently defaults to
all.
- sshd(8): Don't count partial authentication success as a failure
against MaxAuthTries.
- ssh(1): Add RevokedHostKeys option for the client to allow text-file
or KRL-based revocation of host keys.
- ssh-keygen(1), sshd(8): Permit KRLs that revoke certificates by serial
number or key ID without scoping to a particular CA.
- ssh(1): Add a "Match canonical" criteria that allows ssh_config Match
blocks to trigger only in the second config pass.
- ssh(1): Add a -G option to ssh that causes it to parse its
configuration and dump the result to stdout, similar to "sshd -T".
- ssh(1): Allow Match criteria to be negated. E.g. "Match !host".
- ssh-keyscan(1): ssh-keyscan has been made much more robust against
servers that hang or violate the SSH protocol (closes: #241119).
- ssh(1), ssh-keygen(1): Fix regression bz#2306: Key path names were
being lost as comment fields (closes: #787776).
- ssh(1): Allow ssh_config Port options set in the second config parse
phase to be applied (they were being ignored; closes: #774369).
- ssh(1): Tweak config re-parsing with host canonicalisation - make the
second pass through the config files always run when host name
canonicalisation is enabled (and not whenever the host name changes)
- ssh(1): Fix passing of wildcard forward bind addresses when connection
multiplexing is in use.
- ssh-keygen(1): Fix broken private key conversion from non-OpenSSH
formats.
- ssh-keygen(1): Fix KRL generation bug when multiple CAs are in use.
* New upstream release (http://www.openssh.com/txt/release-6.9):
- CVE-2015-5352: ssh(1): When forwarding X11 connections with
ForwardX11Trusted=no, connections made after ForwardX11Timeout expired
could be permitted and no longer subject to XSECURITY restrictions
because of an ineffective timeout check in ssh(1) coupled with "fail
open" behaviour in the X11 server when clients attempted connections
with expired credentials (closes: #790798). This problem was reported
by Jann Horn.
- SECURITY: ssh-agent(1): Fix weakness of agent locking (ssh-add -x) to
password guessing by implementing an increasing failure delay, storing
a salted hash of the password rather than the password itself and
using a timing-safe comparison function for verifying unlock attempts.
This problem was reported by Ryan Castellucci.
- sshd(8): Support admin-specified arguments to AuthorizedKeysCommand
(closes: #740494).
- sshd(8): Add AuthorizedPrincipalsCommand that allows retrieving
authorized principals information from a subprocess rather than a
file.
- ssh(1), ssh-add(1): Support PKCS#11 devices with external PIN entry
devices.
- ssh-keygen(1): Support "ssh-keygen -lF hostname" to search known_hosts
and print key hashes rather than full keys.
- ssh-agent(1): Add -D flag to leave ssh-agent in foreground without
enabling debug mode.
- ssh(1), sshd(8): Deprecate legacy SSH2_MSG_KEX_DH_GEX_REQUEST_OLD
message and do not try to use it against some 3rd-party SSH
implementations that use it (older PuTTY, WinSCP).
- ssh(1), sshd(8): Cap DH-GEX group size at 4Kbits for Cisco
implementations as some would fail when attempting to use group sizes
>4K (closes: #740307, LP: #1287222).
- ssh(1): Fix out-of-bound read in EscapeChar configuration option
parsing.
- sshd(8): Fix application of PermitTunnel, LoginGraceTime,
AuthenticationMethods and StreamLocalBindMask options in Match blocks.
- ssh(1), sshd(8): Improve disconnection message on TCP reset.
- ssh(1): Remove failed remote forwards established by multiplexing from
the list of active forwards.
- sshd(8): Make parsing of authorized_keys "environment=" options
independent of PermitUserEnv being enabled.
- sshd(8): Fix post-auth crash with permitopen=none (closes: #778807).
- ssh(1), ssh-add(1), ssh-keygen(1): Allow new-format private keys to be
encrypted with AEAD ciphers.
- ssh(1): Allow ListenAddress, Port and AddressFamily configuration
options to appear in any order.
- sshd(8): Check for and reject missing arguments for VersionAddendum
and ForceCommand.
- ssh(1), sshd(8): Don't treat unknown certificate extensions as fatal.
- ssh-keygen(1): Make stdout and stderr output consistent.
- ssh(1): Mention missing DISPLAY environment in debug log when X11
forwarding requested.
- sshd(8): Correctly record login when UseLogin is set.
- sshd(8): Add some missing options to sshd -T output and fix output of
VersionAddendum and HostCertificate.
- Document and improve consistency of options that accept a "none"
argument: TrustedUserCAKeys, RevokedKeys, AuthorizedPrincipalsFile.
- ssh(1): Include remote username in debug output.
- sshd(8): Avoid compatibility problem with some versions of Tera Term,
which would crash when they received the hostkeys notification message
(hostkeys-00@openssh.com).
- sshd(8): Mention ssh-keygen -E as useful when comparing legacy MD5
host key fingerprints.
- ssh(1): Clarify pseudo-terminal request behaviour and make manual
language consistent.
- ssh(1): Document that the TERM environment variable is not subject to
SendEnv and AcceptEnv; bz#2386
- sshd(8): Format UsePAM setting when using sshd -T (closes: #767648).
- moduli(5): Update DH-GEX moduli (closes: #787037).
* There are some things I want to fix before upgrading to 7.0p1, though I
intend to do that soon. In the meantime, backport some patches, mainly
to fix security issues:
- SECURITY: sshd(8): OpenSSH 6.8 and 6.9 incorrectly set TTYs to be
world-writable. Local attackers may be able to write arbitrary
messages to logged-in users, including terminal escape sequences.
Reported by Nikolay Edigaryev.
- SECURITY: sshd(8): Fixed a privilege separation weakness related to
PAM support. Attackers who could successfully compromise the
pre-authentication process for remote code execution and who had valid
credentials on the host could impersonate other users. Reported by
Moritz Jodeit.
- SECURITY: sshd(8): Fixed a use-after-free bug related to PAM support
that was reachable by attackers who could compromise the
pre-authentication process for remote code execution (closes:
#795711). Also reported by Moritz Jodeit.
- CVE-2015-5600: sshd(8): Fix circumvention of MaxAuthTries using
keyboard-interactive authentication (closes: #793616). By specifying
a long, repeating keyboard-interactive "devices" string, an attacker
could request the same authentication method be tried thousands of
times in a single pass. The LoginGraceTime timeout in sshd(8) and any
authentication failure delays implemented by the authentication
mechanism itself were still applied. Found by Kingcope.
- Let principals-command.sh work for noexec /var/run.
* Thanks to Jakub Jelen of Red Hat for Fedora's rebased version of the
GSSAPI key exchange patch.
* Document the Debian-specific change to the default value of
ForwardX11Trusted in ssh(1) (closes: #781469).
Checksums-Sha1:
b91d4b642bcfdb846b27c4d60df3e7f5fd08f5d1 2737 openssh_6.9p1-1.dsc
86ab57f00d0fd9bf302760f2f6deac1b6e9df265 1487617 openssh_6.9p1.orig.tar.gz
2750a007db7992180da53a9ad7c350c6945b36e3 152088 openssh_6.9p1-1.debian.tar.xz
8b9a289f4896fc17110925047e8fcd686925024f 276064 openssh-client-udeb_6.9p1-1_amd64.udeb
b5908b9cc647753758c756c64ca9704252170735 750044 openssh-client_6.9p1-1_amd64.deb
6d909d6bde219dc94ab071eb561232694950fb13 291822 openssh-server-udeb_6.9p1-1_amd64.udeb
14ae09a3d4226b109a725934fa7c391a0a41c8f5 343632 openssh-server_6.9p1-1_amd64.deb
7dabbfc8173344bb5cd8a0e546325f42bde1c1de 38060 openssh-sftp-server_6.9p1-1_amd64.deb
4b72a5bb5803fd4734d992846e2b7eaabc5621af 172736 ssh-askpass-gnome_6.9p1-1_amd64.deb
5e3946bb0f2736659d592e7c6ea257f6e862654b 164754 ssh-krb5_6.9p1-1_all.deb
6e0297c65b52a7733422f400c02d707f3b90f27c 165262 ssh_6.9p1-1_all.deb
Checksums-Sha256:
74d1a4ab5d34d49a1342e1aa33f66072c35a2ced2d1dcf730dc8791e51eb6a67 2737 openssh_6.9p1-1.dsc
6e074df538f357d440be6cf93dc581a21f22d39e236f217fcd8eacbb6c896cfe 1487617 openssh_6.9p1.orig.tar.gz
60f1ad506db206af12746adbe2e8f0b089f12062f4ae48ae1d7557dda431e72b 152088 openssh_6.9p1-1.debian.tar.xz
4c9fc7c4d106fbae9824268e348344ae2eb898e62bf22a08932b733aa08a41e1 276064 openssh-client-udeb_6.9p1-1_amd64.udeb
917bb164ba62d5ff63716f240a144fe80eb82e66e35e7ee21ccca7f613246ee5 750044 openssh-client_6.9p1-1_amd64.deb
335a4ed0b2fafd50768df61b2472f0bbdcb5e7503f385a21096d0e54a765688b 291822 openssh-server-udeb_6.9p1-1_amd64.udeb
25b2f402819e457473d971f9006b8b0aca2278549b6b79a843d2d70da6cc3fac 343632 openssh-server_6.9p1-1_amd64.deb
54174d42c6f47e0ba4573c86ea712c7912264eba755c3846e1fb81733c37124e 38060 openssh-sftp-server_6.9p1-1_amd64.deb
a96927b80c57ae14c357b9f40b8d2a3280f02f930d220fa7e8e3de704e1488ea 172736 ssh-askpass-gnome_6.9p1-1_amd64.deb
c74e73ab2725c5cf7a355189f9fbcdf8ba9502b9aeca411413724680b3b8e436 164754 ssh-krb5_6.9p1-1_all.deb
24b0bf44885459a4d1f2872487b29b2493d6014d4fc405b41e850f6f21536ebc 165262 ssh_6.9p1-1_all.deb
Files:
e6d84ae7b755f5930b1de1e0ce5782e8 2737 net standard openssh_6.9p1-1.dsc
0b161c44fc31fbc6b76a6f8ae639f16f 1487617 net standard openssh_6.9p1.orig.tar.gz
5b2a9b8a8af3e970b4ed6bc4d4d5fb1c 152088 net standard openssh_6.9p1-1.debian.tar.xz
281a8956fd843c06fc5ee5ec826a0045 276064 debian-installer optional openssh-client-udeb_6.9p1-1_amd64.udeb
342f5257442ee205090195dc9f31f439 750044 net standard openssh-client_6.9p1-1_amd64.deb
7431682f6265e2fbcb36e4683e83c2ca 291822 debian-installer optional openssh-server-udeb_6.9p1-1_amd64.udeb
d20a3188f00833d75859347860d3aea0 343632 net optional openssh-server_6.9p1-1_amd64.deb
8643f752217cdbcbb9de16ddf94d09f9 38060 net optional openssh-sftp-server_6.9p1-1_amd64.deb
7b48502bac8ea0558e51854dda7807cc 172736 gnome optional ssh-askpass-gnome_6.9p1-1_amd64.deb
d8f0628c50ee8dea35f10d55bbd8a23c 164754 oldlibs extra ssh-krb5_6.9p1-1_all.deb
74bd0e4061276deaccaf1221c0bf2695 165262 net extra ssh_6.9p1-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer
iQIVAwUBVdWiKjk1h9l9hlALAQjZ6Q/5AY5sgM+EcnFafR3el0Vl29joLvRmureU
9iXd6TbrgaXUWLZIUbjmKPA0kP5HplfHqWIowrq3d1FlASXryljktIpV3LeUn+OO
j7dFkt/8ShJ2z6a+tZZPZJbjP2S30RQbTR6AtUoCcSmkjE98fjctpQ87sMDNpyn+
rkbXkEOYqVzJjIMF+A0u+09uWkQjQ0SKokAm23kyJAJ+N3nM+gORdWgfBmObLwyl
7PpN2rzhoxrGscGCH+KPjRYY4HBx3OsI4XNb2BTGYX+B9mgKhFaKB9DF6TsDDUf2
tg9jNJrLICMa1h8bVxRO4tFqFyNwXJDmVkbGVEaAxjcIKJB23jMuFQ/VlbA5BSMk
4fVaOIr9eRLKZzUtvWoPH4LSn2xZIscHPUs4DKIC55mDlbmPRldsLgCNt3nPv3KZ
jcJgrPkhvs08Cb17xTAasHzdDIQpSFUy+sU9pBxkm44dWnxSH517w3NjFIFbeW90
Jd17Ncpoa+LQHAaTkcFrkd3og5P82eFnUhvW8Yugwn3VtqqS3udqSoe+1ix/JxaI
Ujp20iMTKECLqCwTPebbJ3fO5f107I8TI112wZjXo83OrJojpKLuF+XvTP9EZmu1
YgwnjRTb4aMZJgJTMmW+qOaSJMIGUbYpI8NhosFVJ51l6/U93oqcXwnxuUIYUVgx
K6KkYm89+38=
=Udiw
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: