[Bug 209447] Re: gnome-keyring-daemon does not honor constrained ssh identities

Tue Jan 26 14:00:08 GMT 2010

This bug was fixed in the package openssh - 1:5.3p1-1ubuntu1

---------------
openssh (1:5.3p1-1ubuntu1) lucid; urgency=low

  * Resynchronise with Debian.  Remaining changes:
    - Add support for registering ConsoleKit sessions on login.
    - Drop openssh-blacklist and openssh-blacklist-extra to Suggests; they
      take up a lot of CD space, and I suspect that rolling them out in
      security updates has covered most affected systems now.
    - Convert to Upstart.  The init script is still here for the benefit of
      people running sshd in chroots.

openssh (1:5.3p1-1) unstable; urgency=low

  * New upstream release.
  * Update to GSSAPI patch from
    http://www.sxw.org.uk/computing/patches/openssh-5.3p1-gsskex-all-20100124.patch.
  * Backport from upstream:
    - Do not fall back to adding keys without contraints (ssh-add -c / -t
      ...) when the agent refuses the constrained add request. This was a
      useful migration measure back in 2002 when constraints were new, but
      just adds risk now (LP: #209447).
  * Drop change from 1:3.8p1-3 to avoid setresuid() and setresgid() system
    calls.  This only applied to Linux 2.2, which it's no longer feasible to
    run anyway (see 1:5.2p1-2 changelog).
 -- Colin Watson <cjwatson at ubuntu.com>   Tue, 26 Jan 2010 13:07:40 +0000

** Changed in: openssh (Ubuntu)
       Status: Fix Committed => Fix Released

-- 
gnome-keyring-daemon does not honor constrained ssh identities
https://bugs.launchpad.net/bugs/209447
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in ubuntu.