Displaying 20 results from an estimated 24 matches for "globalknownhostsfile".
2020 Oct 04
2
UpdateHostkeys now enabled by default
On Sun, 4 Oct 2020, Christoph Anton Mitterer wrote:
> On Sun, 2020-10-04 at 14:02 +1100, Damien Miller wrote:
> > This is strictly no worse than continuing to use the old key, so I
> > don't consider it a problem.
>
> Well but in reality it will lead to people never again replace their
> key by proper means.
Well, first I disagree that this method is improper. The
2023 Aug 18
2
Host key verification (known_hosts) with ProxyJump/ProxyCommand
...p 16 million RRs to cover 172.0.0.0/8 in preparation, sslip.io
might be helpful.
https://sslip.io/
Otherwise, and assuming a *manageable* (mainly, enumerable) population
of remote sites, I wonder whether this approach might work, too?
Host Perth-47
HostName 172.23.45.47
ProxyJump Perth-GW
GlobalKnownHostsFile /dev/null
UserKnownHostsFile ~/.ssh/known-in-Perth
Host Adelaide-11
HostName 172.45.67.11
ProxyJump Adelaide-GW
GlobalKnownHostsFile /dev/null
UserKnownHostsFile ~/.ssh/known-in-Adelaide
(Yes, I realize that with target IPs being *potentially dynamic* per
DHCP, having known hostkeys indexe...
2006 Feb 10
0
OpenSSH ControlAllowUsers, et al Patch
...ConnectTimeout
ControlMaster
ControlPath
+ ControlBindMask
+ ControlAllowUsers
+ ControlAllowGroups
+ ControlDenyUsers
+ ControlDenyGroups
GlobalKnownHostsFile
GSSAPIAuthentication
GSSAPIDelegateCredentials
Index: scp.1
===================================================================
--- scp.1 (revision 15802)
+++ scp.1 (revision 15803)
@@ -130,6 +130,11 @@
.It ConnectTimeout
.It ControlMaster
.It ControlPath...
2002 Sep 10
8
[Bug 393] 'known_hosts' file should be indexed by IP:PORT, not just IP
http://bugzilla.mindrot.org/show_bug.cgi?id=393
markus at openbsd.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
------- Additional Comments From markus at openbsd.org 2002-09-11
2024 Nov 12
0
[PATCH 1/2] Add test to cover multiple server hostkeys with agent
...222d424bd..3fa80655e 100644
--- a/regress/hostkey-agent.sh
+++ b/regress/hostkey-agent.sh
@@ -82,6 +82,37 @@ for k in $SSH_CERTTYPES ; do
fi
done
+# Run sshd with multiple keys handeled by agent
+
+cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy
+
+mv $OBJ/ssh_proxy $OBJ/ssh_proxy.orig
+grep -vi 'globalknownhostsfile' $OBJ/ssh_proxy.orig > $OBJ/ssh_proxy
+echo "UpdateHostkeys=yes" >> $OBJ/ssh_proxy
+echo "GlobalKnownHostsFile=none" >> $OBJ/ssh_proxy
+
+read -p "Doing the multiple keys (y/n)? " answer
+for k in $SSH_KEYTYPES ; do
+ verbose "Addkey type $k&quo...
2003 Dec 07
1
hostbased failing and can't derive reason of failure in debugging output
...in the attachment, if I've been snipping too much (I
hope it doesn't get stripped off by the mailing list software).
Some basic configuration info:
ssh_config (stripped):
Host hostname.domainname.tld
PreferredAuthentications hostbased,publickey,password
HostbasedAuthentication yes
GlobalKnownHostsFile /etc/ssh/ssh_known_hosts2
CheckHostIP yes
StrictHostKeyChecking ask
Protocol 2
sshd_config (stripped):
Protocol 2
HostbasedAuthentication yes
IgnoreRhosts no
shosts.equiv (stripped):
192.168.1.5
hostname.domainname.tld
+ +
(Last line just for testing, obviously.)
ls /etc/s...
2011 Aug 25
1
Add missing -o options in ssh(1) manual
...419,11 +419,13 @@ For full details of the options listed b
.It ConnectTimeout
.It ControlMaster
.It ControlPath
+.It ControlPersist
.It DynamicForward
.It EscapeChar
.It ExitOnForwardFailure
.It ForwardAgent
.It ForwardX11
+.It ForwardX11Timeout
.It ForwardX11Trusted
.It GatewayPorts
.It GlobalKnownHostsFile
@@ -438,6 +440,7 @@ For full details of the options listed b
.It IdentityFile
.It IdentitiesOnly
.It IPQoS
+.It KbdInteractiveAuthentication
.It KbdInteractiveDevices
.It KexAlgorithms
.It LocalCommand
2024 Nov 12
2
[PATCH 0/2] Specify signature algorithm during server hostkeys prove
From: Maxime Rey <maximejeanrey at gmail.com>
Hello,
I've discovered an issue with sshd when it's configured to use the SSH agent
alongside multiple host keys. Specifically, this problem happens during the
hostkeys-prove-00 at openssh.com request, when the server attempts to
demonstrate ownership of the host keys by calling the agent.
The issue occurs because, while processing the
2023 Jul 03
1
Subsystem sftp invoked even though forced command created
...he actual command is similar to the following (parameters inserted to protect the source):
> (print ${FQDN} ; print ${Environment} ; cat ${OutFileXML}) | \
> ssh -Ti ${EmbeddedPrivateKey} \
> -o HostKeyAlias="${Alias}" \
> -o GlobalKnownHostsFile="${EmbeddedKnownHosts}" \
> -o UserKnownHostsFile="${ClientSpecificKnownHosts}" \
> -o StrictHostKeyChecking="yes" \
> -o CheckHostIP="no" \
> -o NumberOfPasswordPrompts=0 \
>...
2023 Aug 18
1
Host key verification (known_hosts) with ProxyJump/ProxyCommand
...ntain /etc/hosts changes persistently.
> Otherwise, and assuming a *manageable* (mainly, enumerable) population
> of remote sites, I wonder whether this approach might work, too?
>
> Host??? Perth-47
> ????HostName??????? 172.23.45.47
> ????ProxyJump??????? Perth-GW
> ????GlobalKnownHostsFile??? /dev/null
> ????UserKnownHostsFile??? ~/.ssh/known-in-Perth
> Host??? Adelaide-11
> ????HostName??????? 172.45.67.11
> ????ProxyJump??????? Adelaide-GW
> ????GlobalKnownHostsFile??? /dev/null
> ????UserKnownHostsFile??? ~/.ssh/known-in-Adelaide
>
> (Yes, I realize t...
2019 Mar 14
7
prompt to update a host key
As far as I can tell, there currently isn't a straightforward way to
use password authentication for connecting to hosts where the host key
changes frequently. I realize this is a fairly niche use case, but
when developing software for devices that often get reimaged
(resulting in a host key change), it can get pretty tedious to attempt
to connect, get a warning, remove the old host key via
2001 Oct 24
3
Inconsistent server/client configuration
...erver side but fixed on the client side.
On the client, always _PATH_HOST_KEY_FILE, _PATH_HOST_DSA_KEY_FILE,
_PATH_HOST_RSA_KEY_FILE are used (in this order), whereas on the server,
the paths can be specified by up to three HostKey options as arbitrary names
in arbitrary sequence.
Similarly, option GlobalKnownHostsFile is configurable for the client only
but fixed as _PATH_SSH_SYSTEM_HOSTFILE for the server. (Well, here the meaning
is slightly different, thus this may be o.k.)
2013 Sep 20
1
Key preference
Hello everybody,
I have a problem specifying identities with the -i option.
For easier ssh invocations, I have setup my ssh_config files with entries like
the following:
Host *.domain.name
Port 23457
StrictHostKeyChecking yes
UserKnownHostsFile /dev/null
GlobalKnownHostsFile /etc/ssh/known-hosts/domain.name
IdentityFile ~/.ssh/%h-dsa
IdentityFile ~/.ssh/%h-rsa
IdentityFile ~/.ssh/domain.name-dsa
IdentityFile ~/.ssh/domain.name-rsa
In addition, I've set up a system similar to gitolite, which uses a dedicated
account with authorized_keys set up like this:
com...
2011 Sep 06
2
Announce: OpenSSH 5.9 released
...hd_config(5)'s AuthorizedKeysFile now accepts multiple paths,
separated by whitespace. The undocumented AuthorizedKeysFile2
option is deprecated (though the default for AuthorizedKeysFile
includes .ssh/authorized_keys2)
* sshd_config(5): similarly deprecate UserKnownHostsFile2 and
GlobalKnownHostsFile2 by making UserKnownHostsFile and
GlobalKnownHostsFile accept multiple options and default to
include known_hosts2
* Retain key comments when loading v.2 keys. These will be visible
in "ssh-add -l" and other places. bz#439
* ssh(1) and sshd(8): set IPv6 traffic class from IPQ...
2011 Sep 06
2
Announce: OpenSSH 5.9 released
...hd_config(5)'s AuthorizedKeysFile now accepts multiple paths,
separated by whitespace. The undocumented AuthorizedKeysFile2
option is deprecated (though the default for AuthorizedKeysFile
includes .ssh/authorized_keys2)
* sshd_config(5): similarly deprecate UserKnownHostsFile2 and
GlobalKnownHostsFile2 by making UserKnownHostsFile and
GlobalKnownHostsFile accept multiple options and default to
include known_hosts2
* Retain key comments when loading v.2 keys. These will be visible
in "ssh-add -l" and other places. bz#439
* ssh(1) and sshd(8): set IPv6 traffic class from IPQ...
2023 Jul 05
1
Subsystem sftp invoked even though forced command created
...o the following (parameters inserted to
> > protect the source):
> > (print ${FQDN} ; print ${Environment} ; cat ${OutFileXML}) | \
> > ssh -Ti ${EmbeddedPrivateKey} \
> > -o HostKeyAlias="${Alias}" \
> > -o GlobalKnownHostsFile="${EmbeddedKnownHosts}" \
> > -o UserKnownHostsFile="${ClientSpecificKnownHosts}" \
> > -o StrictHostKeyChecking="yes" \
> > -o CheckHostIP="no" \
> > -o NumberOfPass...
2015 Jan 09
5
OpenSSH_6.7p1 hostbased authentication failing on linux->linux connection. what's wrong with my config?
...acketOnly yes
+ #HostbasedUsesNameFromPacketOnly yes
- PubkeyAuthentication yes
+ PubkeyAuthentication no
PasswordAuthentication no
...
I already have the server's key in the known hosts file on the client.
@ client
cat ssh_config
...
GlobalKnownHostsFile /usr/local/etc/ssh/ssh_known_hosts
UserKnownHostsFile /usr/local/etc/ssh/ssh_known_hosts
...
ssh-keyscan -t ed25519 server.DOMAIN.COM >> /usr/local/etc/ssh/ssh_known_hosts
and @server
ssh-keyscan -t ed25519 client.DOMAIN.COM >> /usr/local/etc/ssh/ssh_known_hosts
with all of...
2013 Apr 03
6
freenx not working with newly installed centos 6.4
hi,
this is not the same as http://bugs.centos.org/view.php?id=6298
I can login with ssh but not with freenx
With 6.3 this worked, I just spinned some new servers and now I can no
longer use freenx.
in /var/log/messages:
pr 3 22:05:11 testthuis nxserver[3435]: (nx) Failed login for user=admin
from IP=192.168.0.160
Apr 3 22:06:01 testthuis nxserver[3619]: (nx) Failed login for user=admin
2001 Apr 11
1
openssh 2.5.2p2/Solaris 5.8 problems
...yes
RhostsRSAAuthentication yes
RSAAuthentication yes
PasswordAuthentication yes
FallBackToRsh yes
UseRsh no
BatchMode no
CheckHostIP yes
StrictHostKeyChecking no
GlobalKnownHostsFile /var/ssh/ssh_known_hosts
IdentityFile ~/.ssh/identity
Port 22
Protocol 1,2
Cipher blowfish
EscapeChar ~
KeepAlive yes
NumberOfPasswordPrompts...
2011 Aug 14
10
Call for testing: OpenSSH-5.9
...* sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths,
separated by space. The undocumented AuthorizedKeysFile2 option is
deprecated (though the default for AuthorizedKeysFile includes
.ssh/authorized_keys2)
* sshd_config(5): similarly deprecate UserKnownHostsFile2 and
GlobalKnownHostsFile2 by making UserKnownHostsFile and
GlobalKnownHostsFile accept multiple options and default to include
known_hosts2
* retain key comments when loading v.2 keys. These will be visible in
"ssh-add -l" and other places. bz#439
* ssh(1) and sshd(8): set IPv6 traffic class from IPQ...