In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Openssh | Openbsd | 8.9 (including) | 9.6 (excluding) |
Openssh | Ubuntu | bionic | * |
Openssh | Ubuntu | devel | * |
Openssh | Ubuntu | fips-preview/jammy | * |
Openssh | Ubuntu | fips-updates/jammy | * |
Openssh | Ubuntu | jammy | * |
Openssh | Ubuntu | lunar | * |
Openssh | Ubuntu | mantic | * |
Openssh | Ubuntu | noble | * |
Openssh | Ubuntu | oracular | * |
Openssh | Ubuntu | trusty | * |
Openssh | Ubuntu | upstream | * |
Openssh | Ubuntu | xenial | * |
Openssh-ssh1 | Ubuntu | bionic | * |
Openssh-ssh1 | Ubuntu | lunar | * |
Openssh-ssh1 | Ubuntu | mantic | * |
Openssh-ssh1 | Ubuntu | upstream | * |