search for: activepe

On Mon, 6 May 2024, openssh at tr.id.au wrote: > ... and I guess your next question will be about compilation environment, so: > > ``` > $ gcc --version > gcc (Gentoo 13.2.1_p20240210 p14) 13.2.1 20240210 > Copyright (C) 2023 Free Software Foundation, Inc. > This is free software; see the source for copying conditions. There is NO > warranty; not even for MERCHANTABILITY

... and I guess your next question will be about compilation environment, so: ``` $ gcc --version gcc (Gentoo 13.2.1_p20240210 p14) 13.2.1 20240210 Copyright (C) 2023 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. ``` I'm running on gentoo. I tested that the

On Sat, 4 May 2024, openssh at tr.id.au wrote: > Hey there, > > I often want different behavior in my ssh client depending on > whether I'm logging into an interactive session or running > a remote non-interactive command. We can see at, say, > https://unix.stackexchange.com/a/499562/305714 that this isn't a > unique wish, and existing solutions are kind of baroque.

https://bugzilla.mindrot.org/show_bug.cgi?id=3122 Bug ID: 3122 Summary: New Include functionality does not work as documented Product: Portable OpenSSH Version: 8.2p1 Hardware: amd64 OS: Linux Status: NEW Severity: normal Priority: P5 Component: sshd Assignee: unassigned-bugs

Hey there, I often want different behavior in my ssh client depending on whether I'm logging into an interactive session or running a remote non-interactive command. We can see at, say, https://unix.stackexchange.com/a/499562/305714 that this isn't a unique wish, and existing solutions are kind of baroque. Typical reasons to do this are to immediately go into a screen or tmux session; for

Hi, Here is a patch for release 1.2.2 that allows the use of '=' instead of whitespace when specifying options. For options on the commandline, it can be useful to be able to avoid whitespace in some situations. best regards and thanks for the patch regarding segfaulting with PAM, Stefan ------------------------------------------------------------------- Email: Stefan.Heinrichs at

Hi All. For various reasons, we're currently looking at extending (or even overhauling) the config parser used for sshd_config. Right now the syntax I'm looking at is a cumulative "Match" keyword that matches when all of the specified criteria are met. This would be similar the the Host directive used in ssh_config, although it's still limiting (eg you can't easily

Hello, we've run a coverity scan on the openssh sources and it found several issues. Although the scan was run on patched rhel sources, some results are applicable to vanilla sources too. * servconf.c:1458:dead_error_line ? Execution cannot reach this statement "*intptr = *intptr + 1;" --- a/servconf.c +++ b/servconf.c @@ -1451,12 +1451,8 @@

Hi all, this is a patch to make Ciphers, MACs and KexAlgorithms available in Match blocks. Now I can reach a -current machine with some Android terminal app without changing the default ciphers for all clients: Match Address 192.168.1.2 Ciphers aes128-cbc MACs hmac-sha1 KexAlgorithms diffie-hellman-group-exchange-sha1 Index: servconf.c

Hello, I am trying to force a command for all users *except* for users in the "wheel" group. My idea was to do the following in sshd_config: ForceCommand /usr/bin/validate-ssh-command Match Group wheel ForceCommand But obviously this doesn't work, because ForceCommand requires an argument. I couldn't find a way to achieve what I want. I wrote a patch that adds a

This allows the localhost percent-style escapes in arguments to the Include directive. These are useful for including host-specific ssh configuration. --- readconf.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/readconf.c b/readconf.c index 4e3791cb7cc6..6d99d2efae92 100644 --- a/readconf.c +++ b/readconf.c @@ -1044,7 +1044,8 @@

Hello! I'm hoping that Gmail won't HTML format this mail so that I'll get flamed :) Anyway, my question relates to ssh_config. The problem I find is that the Host pattern is only applied to the argument given on the command line, as outlined in the man page: "The host is the hostname argument given on the command line (i.e. the name is not converted to a canonicalized host name

To all, i think i've found a minor bug in openssh. i'm writing to the list toget input on whether it's really a bug, or an undocumented limit, or maybe it's even documented somewhere (although i didn't see it documented in ssh_config(5)). if there is a consensus that this is indeed a bug, i'll file it in bugzilla. i would also like to submit the fix. the bug is that

Because ForwardX11 and ForwardAgent are so useful but introduce risk when used to a not well-secured server, I added a "warn" value to the ForwardX11 and ForwardAgent options which causes the ssh client to print a big warning whenever the forwarding is actually used. I plan to make "ForwardX11=warn" the default in my ssh_config distribution. I'm not proposing that this

This patch series consists of minor fixes and cleanups I made during update to openssh V_4_6 branch. openssh/auth-pam.c | 9 ++++----- openssh/auth2.c | 2 -- openssh/readconf.c | 7 ++++--- openssh/servconf.c | 14 ++++++++------ openssh/sftp-server.c | 9 ++++++--- openssh/sshd.c | 2 +- 6 files changed, 23 insertions(+), 20 deletions(-) -- ldv

Hi! The following patch adds ability to configure the ssh client to send SSH[2]_MSG_IGNORE packets of random length at random times whithin a user-specified interval. The function is configured by setting the config-file options BogusTrafficIntervalMax and BogusTrafficIntervalMin, which defines the interval in seconds in which the packets are randomly sent. It is disabled by default. It suffices

FINALLY, it's here. You can now tell SSH which address to bind to for every single port forwarding option! This patch allows you to pass the following as ssh command line options: ssh -L 192.168.1.55:1234:localhost:80 -R ::11:22:aa:bb/80/localhost/80 etc. Or as normal config file options: LocalForward ::11:22:33/1234 localhost/80 RemoteForward 1.2.3.4:80 localhost:80 It will also

Hello everybody, I'm a C/C++ consultant working for Ericsson. I changed the OpenSSH-Portable code to add a new criteria into the Match sshd_config option read by the sshd server. The new criteria is "Subsystem"; so a conditional block based on subsystem client request can now be added to the sshd_config configuration server file to override settings in its global section.

Heya, Most of the windows ssh clients (putty, securecrt) have anti-idle features. They offer either a null packet or protocol no-op or user defined string to be sent over every x seconds. Is this possible or planned with the OpenSSH client? Our draconian firewall admins have started timing out ssh sessions. Yes I'm aware I could hack up a port forwarding dumb traffic process, but was

Hi, Just a usecase that I'm sure has been covered before but just in case its not an openssh solution would be very helpful. I was trying to install software on a server that was firewalled so no outbound http connections would work. I was also tunnelling via another server. Outbound ssh connections also were a convenient option. What would have been nice would be a remote version of