search for: globalknownhostsfil

On Sun, 4 Oct 2020, Christoph Anton Mitterer wrote: > On Sun, 2020-10-04 at 14:02 +1100, Damien Miller wrote: > > This is strictly no worse than continuing to use the old key, so I > > don't consider it a problem. > > Well but in reality it will lead to people never again replace their > key by proper means. Well, first I disagree that this method is improper. The

...p 16 million RRs to cover 172.0.0.0/8 in preparation, sslip.io might be helpful. https://sslip.io/ Otherwise, and assuming a *manageable* (mainly, enumerable) population of remote sites, I wonder whether this approach might work, too? Host Perth-47 HostName 172.23.45.47 ProxyJump Perth-GW GlobalKnownHostsFile /dev/null UserKnownHostsFile ~/.ssh/known-in-Perth Host Adelaide-11 HostName 172.45.67.11 ProxyJump Adelaide-GW GlobalKnownHostsFile /dev/null UserKnownHostsFile ~/.ssh/known-in-Adelaide (Yes, I realize that with target IPs being *potentially dynamic* per DHCP, having known hostkeys index...

...ConnectTimeout ControlMaster ControlPath + ControlBindMask + ControlAllowUsers + ControlAllowGroups + ControlDenyUsers + ControlDenyGroups GlobalKnownHostsFile GSSAPIAuthentication GSSAPIDelegateCredentials Index: scp.1 =================================================================== --- scp.1 (revision 15802) +++ scp.1 (revision 15803) @@ -130,6 +130,11 @@ .It ConnectTimeout .It ControlMaster .It ControlPath...

http://bugzilla.mindrot.org/show_bug.cgi?id=393 markus at openbsd.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |INVALID ------- Additional Comments From markus at openbsd.org 2002-09-11

...in the attachment, if I've been snipping too much (I hope it doesn't get stripped off by the mailing list software). Some basic configuration info: ssh_config (stripped): Host hostname.domainname.tld PreferredAuthentications hostbased,publickey,password HostbasedAuthentication yes GlobalKnownHostsFile /etc/ssh/ssh_known_hosts2 CheckHostIP yes StrictHostKeyChecking ask Protocol 2 sshd_config (stripped): Protocol 2 HostbasedAuthentication yes IgnoreRhosts no shosts.equiv (stripped): 192.168.1.5 hostname.domainname.tld + + (Last line just for testing, obviously.) ls /etc/...

...419,11 +419,13 @@ For full details of the options listed b .It ConnectTimeout .It ControlMaster .It ControlPath +.It ControlPersist .It DynamicForward .It EscapeChar .It ExitOnForwardFailure .It ForwardAgent .It ForwardX11 +.It ForwardX11Timeout .It ForwardX11Trusted .It GatewayPorts .It GlobalKnownHostsFile @@ -438,6 +440,7 @@ For full details of the options listed b .It IdentityFile .It IdentitiesOnly .It IPQoS +.It KbdInteractiveAuthentication .It KbdInteractiveDevices .It KexAlgorithms .It LocalCommand

...he actual command is similar to the following (parameters inserted to protect the source): > (print ${FQDN} ; print ${Environment} ; cat ${OutFileXML}) | \ > ssh -Ti ${EmbeddedPrivateKey} \ > -o HostKeyAlias="${Alias}" \ > -o GlobalKnownHostsFile="${EmbeddedKnownHosts}" \ > -o UserKnownHostsFile="${ClientSpecificKnownHosts}" \ > -o StrictHostKeyChecking="yes" \ > -o CheckHostIP="no" \ > -o NumberOfPasswordPrompts=0 \ &gt...

...ntain /etc/hosts changes persistently. > Otherwise, and assuming a *manageable* (mainly, enumerable) population > of remote sites, I wonder whether this approach might work, too? > > Host??? Perth-47 > ????HostName??????? 172.23.45.47 > ????ProxyJump??????? Perth-GW > ????GlobalKnownHostsFile??? /dev/null > ????UserKnownHostsFile??? ~/.ssh/known-in-Perth > Host??? Adelaide-11 > ????HostName??????? 172.45.67.11 > ????ProxyJump??????? Adelaide-GW > ????GlobalKnownHostsFile??? /dev/null > ????UserKnownHostsFile??? ~/.ssh/known-in-Adelaide > > (Yes, I realize...

As far as I can tell, there currently isn't a straightforward way to use password authentication for connecting to hosts where the host key changes frequently. I realize this is a fairly niche use case, but when developing software for devices that often get reimaged (resulting in a host key change), it can get pretty tedious to attempt to connect, get a warning, remove the old host key via

...erver side but fixed on the client side. On the client, always _PATH_HOST_KEY_FILE, _PATH_HOST_DSA_KEY_FILE, _PATH_HOST_RSA_KEY_FILE are used (in this order), whereas on the server, the paths can be specified by up to three HostKey options as arbitrary names in arbitrary sequence. Similarly, option GlobalKnownHostsFile is configurable for the client only but fixed as _PATH_SSH_SYSTEM_HOSTFILE for the server. (Well, here the meaning is slightly different, thus this may be o.k.)

Hello everybody, I have a problem specifying identities with the -i option. For easier ssh invocations, I have setup my ssh_config files with entries like the following: Host *.domain.name Port 23457 StrictHostKeyChecking yes UserKnownHostsFile /dev/null GlobalKnownHostsFile /etc/ssh/known-hosts/domain.name IdentityFile ~/.ssh/%h-dsa IdentityFile ~/.ssh/%h-rsa IdentityFile ~/.ssh/domain.name-dsa IdentityFile ~/.ssh/domain.name-rsa In addition, I've set up a system similar to gitolite, which uses a dedicated account with authorized_keys set up like this: co...

...hd_config(5)'s AuthorizedKeysFile now accepts multiple paths, separated by whitespace. The undocumented AuthorizedKeysFile2 option is deprecated (though the default for AuthorizedKeysFile includes .ssh/authorized_keys2) * sshd_config(5): similarly deprecate UserKnownHostsFile2 and GlobalKnownHostsFile2 by making UserKnownHostsFile and GlobalKnownHostsFile accept multiple options and default to include known_hosts2 * Retain key comments when loading v.2 keys. These will be visible in "ssh-add -l" and other places. bz#439 * ssh(1) and sshd(8): set IPv6 traffic class from IP...

...hd_config(5)'s AuthorizedKeysFile now accepts multiple paths, separated by whitespace. The undocumented AuthorizedKeysFile2 option is deprecated (though the default for AuthorizedKeysFile includes .ssh/authorized_keys2) * sshd_config(5): similarly deprecate UserKnownHostsFile2 and GlobalKnownHostsFile2 by making UserKnownHostsFile and GlobalKnownHostsFile accept multiple options and default to include known_hosts2 * Retain key comments when loading v.2 keys. These will be visible in "ssh-add -l" and other places. bz#439 * ssh(1) and sshd(8): set IPv6 traffic class from IP...

...o the following (parameters inserted to > > protect the source): > > (print ${FQDN} ; print ${Environment} ; cat ${OutFileXML}) | \ > > ssh -Ti ${EmbeddedPrivateKey} \ > > -o HostKeyAlias="${Alias}" \ > > -o GlobalKnownHostsFile="${EmbeddedKnownHosts}" \ > > -o UserKnownHostsFile="${ClientSpecificKnownHosts}" \ > > -o StrictHostKeyChecking="yes" \ > > -o CheckHostIP="no" \ > > -o NumberOfPas...

...acketOnly yes + #HostbasedUsesNameFromPacketOnly yes - PubkeyAuthentication yes + PubkeyAuthentication no PasswordAuthentication no ... I already have the server's key in the known hosts file on the client. @ client cat ssh_config ... GlobalKnownHostsFile /usr/local/etc/ssh/ssh_known_hosts UserKnownHostsFile /usr/local/etc/ssh/ssh_known_hosts ... ssh-keyscan -t ed25519 server.DOMAIN.COM >> /usr/local/etc/ssh/ssh_known_hosts and @server ssh-keyscan -t ed25519 client.DOMAIN.COM >> /usr/local/etc/ssh/ssh_known_hosts with all of...

hi, this is not the same as http://bugs.centos.org/view.php?id=6298 I can login with ssh but not with freenx With 6.3 this worked, I just spinned some new servers and now I can no longer use freenx. in /var/log/messages: pr 3 22:05:11 testthuis nxserver[3435]: (nx) Failed login for user=admin from IP=192.168.0.160 Apr 3 22:06:01 testthuis nxserver[3619]: (nx) Failed login for user=admin

...yes RhostsRSAAuthentication yes RSAAuthentication yes PasswordAuthentication yes FallBackToRsh yes UseRsh no BatchMode no CheckHostIP yes StrictHostKeyChecking no GlobalKnownHostsFile /var/ssh/ssh_known_hosts IdentityFile ~/.ssh/identity Port 22 Protocol 1,2 Cipher blowfish EscapeChar ~ KeepAlive yes NumberOfPasswordPrompts...

...* sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths, separated by space. The undocumented AuthorizedKeysFile2 option is deprecated (though the default for AuthorizedKeysFile includes .ssh/authorized_keys2) * sshd_config(5): similarly deprecate UserKnownHostsFile2 and GlobalKnownHostsFile2 by making UserKnownHostsFile and GlobalKnownHostsFile accept multiple options and default to include known_hosts2 * retain key comments when loading v.2 keys. These will be visible in "ssh-add -l" and other places. bz#439 * ssh(1) and sshd(8): set IPv6 traffic class from IP...

I run OpenSSH on linux @ client which ssh /usr/local/bin/ssh ssh -v OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014 @ server which sshd /usr/local/bin/sshd sshd -v unknown option -- V OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014 usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-c host_cert_file] [-E log_file] [-f config_file] [-g login_grace_time]

...uthorizedKeysFile now accepts multiple paths, > separated by space. The undocumented AuthorizedKeysFile2 option is > deprecated (though the default for AuthorizedKeysFile includes > .ssh/authorized_keys2) > > * sshd_config(5): similarly deprecate UserKnownHostsFile2 and > GlobalKnownHostsFile2 by making UserKnownHostsFile and > GlobalKnownHostsFile accept multiple options and default to include > known_hosts2 > > * retain key comments when loading v.2 keys. These will be visible in > "ssh-add -l" and other places. bz#439 > > * ssh(1) and sshd(8):...