search for: globalknownhostsfile

Displaying 20 results from an estimated 24 matches for "globalknownhostsfile".

2020 Oct 04
2
UpdateHostkeys now enabled by default
On Sun, 4 Oct 2020, Christoph Anton Mitterer wrote: > On Sun, 2020-10-04 at 14:02 +1100, Damien Miller wrote: > > This is strictly no worse than continuing to use the old key, so I > > don't consider it a problem. > > Well but in reality it will lead to people never again replace their > key by proper means. Well, first I disagree that this method is improper. The
2023 Aug 18
2
Host key verification (known_hosts) with ProxyJump/ProxyCommand
...p 16 million RRs to cover 172.0.0.0/8 in preparation, sslip.io might be helpful. https://sslip.io/ Otherwise, and assuming a *manageable* (mainly, enumerable) population of remote sites, I wonder whether this approach might work, too? Host Perth-47 HostName 172.23.45.47 ProxyJump Perth-GW GlobalKnownHostsFile /dev/null UserKnownHostsFile ~/.ssh/known-in-Perth Host Adelaide-11 HostName 172.45.67.11 ProxyJump Adelaide-GW GlobalKnownHostsFile /dev/null UserKnownHostsFile ~/.ssh/known-in-Adelaide (Yes, I realize that with target IPs being *potentially dynamic* per DHCP, having known hostkeys indexe...
2006 Feb 10
0
OpenSSH ControlAllowUsers, et al Patch
...ConnectTimeout ControlMaster ControlPath + ControlBindMask + ControlAllowUsers + ControlAllowGroups + ControlDenyUsers + ControlDenyGroups GlobalKnownHostsFile GSSAPIAuthentication GSSAPIDelegateCredentials Index: scp.1 =================================================================== --- scp.1 (revision 15802) +++ scp.1 (revision 15803) @@ -130,6 +130,11 @@ .It ConnectTimeout .It ControlMaster .It ControlPath...
2002 Sep 10
8
[Bug 393] 'known_hosts' file should be indexed by IP:PORT, not just IP
http://bugzilla.mindrot.org/show_bug.cgi?id=393 markus at openbsd.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |INVALID ------- Additional Comments From markus at openbsd.org 2002-09-11
2024 Nov 12
0
[PATCH 1/2] Add test to cover multiple server hostkeys with agent
...222d424bd..3fa80655e 100644 --- a/regress/hostkey-agent.sh +++ b/regress/hostkey-agent.sh @@ -82,6 +82,37 @@ for k in $SSH_CERTTYPES ; do fi done +# Run sshd with multiple keys handeled by agent + +cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy + +mv $OBJ/ssh_proxy $OBJ/ssh_proxy.orig +grep -vi 'globalknownhostsfile' $OBJ/ssh_proxy.orig > $OBJ/ssh_proxy +echo "UpdateHostkeys=yes" >> $OBJ/ssh_proxy +echo "GlobalKnownHostsFile=none" >> $OBJ/ssh_proxy + +read -p "Doing the multiple keys (y/n)? " answer +for k in $SSH_KEYTYPES ; do + verbose "Addkey type $k&quo...
2003 Dec 07
1
hostbased failing and can't derive reason of failure in debugging output
...in the attachment, if I've been snipping too much (I hope it doesn't get stripped off by the mailing list software). Some basic configuration info: ssh_config (stripped): Host hostname.domainname.tld PreferredAuthentications hostbased,publickey,password HostbasedAuthentication yes GlobalKnownHostsFile /etc/ssh/ssh_known_hosts2 CheckHostIP yes StrictHostKeyChecking ask Protocol 2 sshd_config (stripped): Protocol 2 HostbasedAuthentication yes IgnoreRhosts no shosts.equiv (stripped): 192.168.1.5 hostname.domainname.tld + + (Last line just for testing, obviously.) ls /etc/s...
2011 Aug 25
1
Add missing -o options in ssh(1) manual
...419,11 +419,13 @@ For full details of the options listed b .It ConnectTimeout .It ControlMaster .It ControlPath +.It ControlPersist .It DynamicForward .It EscapeChar .It ExitOnForwardFailure .It ForwardAgent .It ForwardX11 +.It ForwardX11Timeout .It ForwardX11Trusted .It GatewayPorts .It GlobalKnownHostsFile @@ -438,6 +440,7 @@ For full details of the options listed b .It IdentityFile .It IdentitiesOnly .It IPQoS +.It KbdInteractiveAuthentication .It KbdInteractiveDevices .It KexAlgorithms .It LocalCommand
2024 Nov 12
2
[PATCH 0/2] Specify signature algorithm during server hostkeys prove
From: Maxime Rey <maximejeanrey at gmail.com> Hello, I've discovered an issue with sshd when it's configured to use the SSH agent alongside multiple host keys. Specifically, this problem happens during the hostkeys-prove-00 at openssh.com request, when the server attempts to demonstrate ownership of the host keys by calling the agent. The issue occurs because, while processing the
2023 Jul 03
1
Subsystem sftp invoked even though forced command created
...he actual command is similar to the following (parameters inserted to protect the source): > (print ${FQDN} ; print ${Environment} ; cat ${OutFileXML}) | \ > ssh -Ti ${EmbeddedPrivateKey} \ > -o HostKeyAlias="${Alias}" \ > -o GlobalKnownHostsFile="${EmbeddedKnownHosts}" \ > -o UserKnownHostsFile="${ClientSpecificKnownHosts}" \ > -o StrictHostKeyChecking="yes" \ > -o CheckHostIP="no" \ > -o NumberOfPasswordPrompts=0 \ >...
2023 Aug 18
1
Host key verification (known_hosts) with ProxyJump/ProxyCommand
...ntain /etc/hosts changes persistently. > Otherwise, and assuming a *manageable* (mainly, enumerable) population > of remote sites, I wonder whether this approach might work, too? > > Host??? Perth-47 > ????HostName??????? 172.23.45.47 > ????ProxyJump??????? Perth-GW > ????GlobalKnownHostsFile??? /dev/null > ????UserKnownHostsFile??? ~/.ssh/known-in-Perth > Host??? Adelaide-11 > ????HostName??????? 172.45.67.11 > ????ProxyJump??????? Adelaide-GW > ????GlobalKnownHostsFile??? /dev/null > ????UserKnownHostsFile??? ~/.ssh/known-in-Adelaide > > (Yes, I realize t...
2019 Mar 14
7
prompt to update a host key
As far as I can tell, there currently isn't a straightforward way to use password authentication for connecting to hosts where the host key changes frequently. I realize this is a fairly niche use case, but when developing software for devices that often get reimaged (resulting in a host key change), it can get pretty tedious to attempt to connect, get a warning, remove the old host key via
2001 Oct 24
3
Inconsistent server/client configuration
...erver side but fixed on the client side. On the client, always _PATH_HOST_KEY_FILE, _PATH_HOST_DSA_KEY_FILE, _PATH_HOST_RSA_KEY_FILE are used (in this order), whereas on the server, the paths can be specified by up to three HostKey options as arbitrary names in arbitrary sequence. Similarly, option GlobalKnownHostsFile is configurable for the client only but fixed as _PATH_SSH_SYSTEM_HOSTFILE for the server. (Well, here the meaning is slightly different, thus this may be o.k.)
2013 Sep 20
1
Key preference
Hello everybody, I have a problem specifying identities with the -i option. For easier ssh invocations, I have setup my ssh_config files with entries like the following: Host *.domain.name Port 23457 StrictHostKeyChecking yes UserKnownHostsFile /dev/null GlobalKnownHostsFile /etc/ssh/known-hosts/domain.name IdentityFile ~/.ssh/%h-dsa IdentityFile ~/.ssh/%h-rsa IdentityFile ~/.ssh/domain.name-dsa IdentityFile ~/.ssh/domain.name-rsa In addition, I've set up a system similar to gitolite, which uses a dedicated account with authorized_keys set up like this: com...
2011 Sep 06
2
Announce: OpenSSH 5.9 released
...hd_config(5)'s AuthorizedKeysFile now accepts multiple paths, separated by whitespace. The undocumented AuthorizedKeysFile2 option is deprecated (though the default for AuthorizedKeysFile includes .ssh/authorized_keys2) * sshd_config(5): similarly deprecate UserKnownHostsFile2 and GlobalKnownHostsFile2 by making UserKnownHostsFile and GlobalKnownHostsFile accept multiple options and default to include known_hosts2 * Retain key comments when loading v.2 keys. These will be visible in "ssh-add -l" and other places. bz#439 * ssh(1) and sshd(8): set IPv6 traffic class from IPQ...
2011 Sep 06
2
Announce: OpenSSH 5.9 released
...hd_config(5)'s AuthorizedKeysFile now accepts multiple paths, separated by whitespace. The undocumented AuthorizedKeysFile2 option is deprecated (though the default for AuthorizedKeysFile includes .ssh/authorized_keys2) * sshd_config(5): similarly deprecate UserKnownHostsFile2 and GlobalKnownHostsFile2 by making UserKnownHostsFile and GlobalKnownHostsFile accept multiple options and default to include known_hosts2 * Retain key comments when loading v.2 keys. These will be visible in "ssh-add -l" and other places. bz#439 * ssh(1) and sshd(8): set IPv6 traffic class from IPQ...
2023 Jul 05
1
Subsystem sftp invoked even though forced command created
...o the following (parameters inserted to > > protect the source): > > (print ${FQDN} ; print ${Environment} ; cat ${OutFileXML}) | \ > > ssh -Ti ${EmbeddedPrivateKey} \ > > -o HostKeyAlias="${Alias}" \ > > -o GlobalKnownHostsFile="${EmbeddedKnownHosts}" \ > > -o UserKnownHostsFile="${ClientSpecificKnownHosts}" \ > > -o StrictHostKeyChecking="yes" \ > > -o CheckHostIP="no" \ > > -o NumberOfPass...
2015 Jan 09
5
OpenSSH_6.7p1 hostbased authentication failing on linux->linux connection. what's wrong with my config?
...acketOnly yes + #HostbasedUsesNameFromPacketOnly yes - PubkeyAuthentication yes + PubkeyAuthentication no PasswordAuthentication no ... I already have the server's key in the known hosts file on the client. @ client cat ssh_config ... GlobalKnownHostsFile /usr/local/etc/ssh/ssh_known_hosts UserKnownHostsFile /usr/local/etc/ssh/ssh_known_hosts ... ssh-keyscan -t ed25519 server.DOMAIN.COM >> /usr/local/etc/ssh/ssh_known_hosts and @server ssh-keyscan -t ed25519 client.DOMAIN.COM >> /usr/local/etc/ssh/ssh_known_hosts with all of...
2013 Apr 03
6
freenx not working with newly installed centos 6.4
hi, this is not the same as http://bugs.centos.org/view.php?id=6298 I can login with ssh but not with freenx With 6.3 this worked, I just spinned some new servers and now I can no longer use freenx. in /var/log/messages: pr 3 22:05:11 testthuis nxserver[3435]: (nx) Failed login for user=admin from IP=192.168.0.160 Apr 3 22:06:01 testthuis nxserver[3619]: (nx) Failed login for user=admin
2001 Apr 11
1
openssh 2.5.2p2/Solaris 5.8 problems
...yes RhostsRSAAuthentication yes RSAAuthentication yes PasswordAuthentication yes FallBackToRsh yes UseRsh no BatchMode no CheckHostIP yes StrictHostKeyChecking no GlobalKnownHostsFile /var/ssh/ssh_known_hosts IdentityFile ~/.ssh/identity Port 22 Protocol 1,2 Cipher blowfish EscapeChar ~ KeepAlive yes NumberOfPasswordPrompts...
2011 Aug 14
10
Call for testing: OpenSSH-5.9
...* sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths, separated by space. The undocumented AuthorizedKeysFile2 option is deprecated (though the default for AuthorizedKeysFile includes .ssh/authorized_keys2) * sshd_config(5): similarly deprecate UserKnownHostsFile2 and GlobalKnownHostsFile2 by making UserKnownHostsFile and GlobalKnownHostsFile accept multiple options and default to include known_hosts2 * retain key comments when loading v.2 keys. These will be visible in "ssh-add -l" and other places. bz#439 * ssh(1) and sshd(8): set IPv6 traffic class from IPQ...