search for: globnix

...Product: Portable OpenSSH Version: 6.6p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: ssh-add Assignee: unassigned-bugs at mindrot.org Reporter: phil.pennock at globnix.org Under SSH Agent Forwarding, when using an ssh-agent with keys loaded for key-types not recognized by the remote host, running "ssh-add -l" on the remote host will abort with fatal() when it sees the unrecognized key-type. If stdout is a tty, then stdio is line-buffered and the first...

also sprach Phil Pennock <phil.pennock at globnix.org> [2017-11-15 19:41 +0100]: > So, instead of running no command server side, would a suitable > workaround be to run 'while sleep 1; do echo .; done' as the server > command and discard stdout from ssh on the client side? That way, the > server side should detect the drop...

I've just written this patch, it's undergone minimal testing and "works for me" and I'm after feedback as to acceptability of approach, anything I should be doing differently for the feature to be acceptable upstream and what I should be doing about automated testing. Use-case: you have the host's SSH fingerprints via an out-of-band mechanism which you trust and want to

On Sat, May 30, 2015 at 10:38 AM, Phil Pennock <phil.pennock at globnix.org> wrote: > On 2015-05-30 at 15:00 +0200, Kasper Dupont wrote: >> On my laptop I have key1 and key2. I can use key1 to log in >> on server1, and I can use key2 to log in on server2. I want >> neither key to leave the laptop, and only key2 is allowed >> to be forwarde...

On Thu, 6 Feb 2020 at 12:46, Phil Pennock <phil.pennock at globnix.org> wrote: [...] > ssh_config(5) describes for `HostKeyAlgorithms` that: > } The list of available key types may also be obtained using "ssh -Q key" > > Running `ssh -Q key`, the output does not include these proposed > replacements. > > Only in sshd_config(5): &g...

On Wed, 5 Feb 2020, Phil Pennock wrote: > On 2020-02-06 at 10:29 +1100, Damien Miller wrote: > > * sshd(8): allow the UpdateHostKeys feature to function when > > multiple known_hosts files are in use. When updating host keys, > > ssh will now search subsequent known_hosts files, but will add > > updated host keys to the first specified file only. bz2738 >

On Thu, Oct 15, 2015 at 07:02:58PM -0400, Nico Kadel-Garcia wrote: > On Thu, Oct 15, 2015 at 10:34 AM, hubert depesz lubaczewski > <depesz at depesz.com> wrote: > > Hi, > > > > I'm in a situation where I'm using multiple SSH keys, each to connect to > > different set of servers. > > > > I can't load/unload keys on demand, as I usually am

On 30/05/15 08.34, Nico Kadel-Garcia wrote: > On Sat, May 30, 2015 at 8:00 AM, Kasper Dupont > <kasperd at kdxdx.23.may.2015.kasperd.net> wrote: > > As far as I can tell when the ssh command uses an agent to > > authenticate to a server and then forwards an agent to that > > server, it will always use the same agent for both purposes. > > > > Has there

Hello, I'm tasked with establishing a persistent SSH connection across a very unreliable link, for a remote port forward (always port 2217). I figured I'd use ServerAliveInterval to make sure that the ssh(1) process dies when the connection appears down, and I use systemd to restart it in this case. This works fine. What does not work fine, however, is the server-side. If the connection

Hi, OpenSSH 8.2p1 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a feature release. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available via git using the instructions at

This is the patch part of contrib/chroot.diff updated to be appliable against openssh-2.9p2. Tested on FreeBSD (various 3.x and 4.x) without PAM or UseLogin. Also, as part of deployment (replacing emergency-withdrawal of Telnet access) I've chosen to get sftp on the relevant boxes. The deployment had a scriptlet doing the config/make/etc and after the "make install" would change

Folks, MacOSX 10.6.x (Snow Leopard) runs { ssh-agent -l }; that's not an s/ssh-add/ssh-agent/ typo. It appears to be an undocumented addition (the man-pages were not updated). I *suspect* that it just tells the agent to honour whatever pre-existing value of $SSH_AUTH_SOCK it inherits and to try to listen to that. I don't know for sure. Does anyone have details on what exactly it does,

[ After looking over the openssh.com website, this seems to be the list to use, including for OpenBSD users? I've subscribed. ] I'm using OpenSSH_2.5.0 as currently found in OpenBSD's OPENBSD_2_8 CVS branch. I'm now finding a strange error when I try to su, _within_ the connection. The client side is _not_ OpenSSH. Every single time that I type "su -", and local

Folks, I read the 5.7 release announcement and updated, to try out ECDSA. Most parts worked very smoothly. The inability to create SSHFP records is understandable, since IANA haven't allocated a code yet. One apparent bug: I think StrictHostKeyChecking=ask is broken for ECDSA. % ssh -o HostKeyAlgorithms=ecdsa-sha2-nistp256 localhost

This one has me perplexed. OpenSSH6.4p1 on a FreeBSD 7 box (I know it's old; it's being replaced this month). I can't spot anything changed in OpenSSH commit logs or git blame of the current file. I ssh into the box from a system with OpenSSH6.6p1 and three keys loaded, RSA, ECDSA and ED25519. As expected, key_from_blob and key_fingerprint complain about the ED25519 key in the

On 2020-02-06 at 13:28 +1100, Darren Tucker wrote: > Like this. > --- a/sshd_config.5 > +++ b/sshd_config.5 The ssh_config.5 also has a copy of this and presumably needs the same change, unless I've misunderstood. -Phil

On 2020-02-05 at 20:39 -0500, Phil Pennock wrote: > On 2020-02-06 at 10:29 +1100, Damien Miller wrote: > > OpenSSH 8.2p1 is almost ready for release, so we would appreciate testing > > on as many platforms and systems as possible. This is a feature release. > > > * The RFC8332 RSA SHA-2 signature algorithms rsa-sha2-256/512. These > This actually affects me:

I'm using an OpenBSD 2.9 snapshot on i386. "ssh -V" reveals OpenSSH_2.9, yada yada. I generated a keypair using ssh-keygen and accepting defaults. I copied the public key to another box, stuck it in ~/.ssh/authorized_keys with host restriction and then tried to use it. Failed. Removed the host restriction, still failed. Just get asked for password. So I cut out the extra box.