search for: host_key_alias

Here are some problems with the latest snapshot on Mac OS X: I am by no means an autoconf expert, but here is what happens after a "autoreconf": autoconf: Undefined macros: configure.in:1291:AC_CHECK_MEMBERS([struct stat.st_blksize]) configure.in:2168:AC_CONFIG_FILES([Makefile openbsd-compat/Makefile scard/Makefile ssh_prng_cmds]) configure.in:26:AC_SYS_LARGEFILE

...er to use a separate option to allow manipulation of the password prompt. Alternatively, perhaps some logic could be added to limit the circumstances where the key alias rather than the hostname is used in the prompt. A potential fix (for our environment) might be: const char *host = (options.host_key_alias && !options.proxy_command) ? options.host_key_alias : authctxt->host; -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.

...; + case oProxyServer: + charptr = &options->proxy_server; + goto parse_string; + + case oProxyPort: + intptr = &options->proxy_port; + goto parse_int; + case oPort: intptr = &options->port; parse_int: @@ -765,6 +776,8 @@ options->hostname = NULL; options->host_key_alias = NULL; options->proxy_command = NULL; + options->proxy_server = NULL; + options->proxy_port = -1; options->user = NULL; options->escape_char = -1; options->system_hostfile = NULL; @@ -894,6 +907,7 @@ if (options->log_level == (LogLevel) - 1) options->log_level...

..." [-L port:host:hostport] [-l login_name] [-m mac_spec] [-o option]\n" - -" [-p port] [-R port:host:hostport] [-S ctl] [user@]hostname [command]\n" +" [-p port] [-R port:host:hostport] [-S ctl]\n" +" [user@]hostname[%%port][,host_key_alias] [command]\n" ); exit(1); } @@ -176,7 +177,7 @@ int i, opt, exit_status; u_short fwd_port, fwd_host_port; char sfwd_port[6], sfwd_host_port[6]; - - char *p, *cp, *line, buf[256]; + char *p, *cp, *line, buf[256], *host_key_aliasp; struct stat st; struct passwd *pw; int dummy; @...

Howdy -- I have a number of servers with host keys validated by certificates. These systems are behind a load-balanced frontend, and the certificates are signed as valid for the DNS name used by that common frontend address. This works well for the primary use case of the systems; however, when wishing to address only a single unit within the pool, the certificate cannot be used to validate that

Hello! I'm hoping that Gmail won't HTML format this mail so that I'll get flamed :) Anyway, my question relates to ssh_config. The problem I find is that the Host pattern is only applied to the argument given on the command line, as outlined in the man page: "The host is the hostname argument given on the command line (i.e. the name is not converted to a canonicalized host name

...wordAuthentication Port PreferredAuthentications Index: readconf.h --- openssh-3.8p1.orig/readconf.h (.../.transvn:beginning) (revision 25) +++ openssh-3.8p1/readconf.h (revision 25) @@ -72,6 +72,8 @@ char *hostname; /* Real host to connect. */ char *host_key_alias; /* hostname alias for .ssh/known_hosts */ char *proxy_command; /* Proxy command for connecting the host. */ + char *open_command; /* Open command for before connecting the host. */ + char *close_command; /* Close command for after connecting the host. */ char *user; /* User to log in...

...NULL) - host = options.hostname; + + if (options.hostname != NULL) { + options.hostname = percent_expand(options.hostname,"h",host); + host = options.hostname; + } /* force lowercase for hostkey matching */ if (options.host_key_alias != NULL) { // Michael -- Michael Madsen - mkm at cs.au.dk

Hi, (I'm not subscribed to the list, so please CC me on reply.) I'd like to request adding a feature to OpenSSH: Task: ~~~~~ It is quite sometime useful to invoke a program prior to connecting to an ssh server. The most common use case will probably be port knocking. That is a small program sends certain packets to a server and the server reacts to this by unlocking the ssh port, which

...hers; /* SSH2 ciphers in order of preference. */ char *macs; /* SSH2 macs in order of preference. */ + char *pkalgorithms; /* SSH2 server key types in order of preference. */ int protocol; /* Protocol in order of preference. */ char *hostname; /* Real host to connect. */ char *host_key_alias; /* hostname alias for .ssh/known_hosts */ *** ../../openssh-2.5.1p2/sshconnect2.c Thu Feb 15 20:34:57 2001 --- sshconnect2.c Wed Mar 7 00:06:05 2001 *************** *** 94,99 **** --- 94,102 ---- myproposal[PROPOSAL_MAC_ALGS_CTOS] = myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; }...

...g to ssh server by IP address (or another DNS name), with HostKeyAlias set to the name of the principal signed by the CA, one gets: > key_cert_check_authority: invalid certificate > Certificate invalid: name is not a listed principal The proposed patch changes this behavior by using options.host_key_alias in the contingency that it is set. -- You are receiving this mail because: You are watching the assignee of the bug.

...char *ciphers; /* SSH2 ciphers in order of preference. */ char *macs; /* SSH2 macs in order of preference. */ + char *pkalg; /* SSH2 PK_ALG list to use */ int protocol; /* Protocol in order of preference. */ char *hostname; /* Real host to connect. */ char *host_key_alias; /* hostname alias for .ssh/known_hosts */ diff -c3 -r orig/openssh-2.5.1p1/sshconnect2.c openssh-2.5.1p1/sshconnect2.c *** orig/openssh-2.5.1p1/sshconnect2.c Fri Feb 16 01:34:57 2001 --- openssh-2.5.1p1/sshconnect2.c Sun Mar 11 23:15:37 2001 *************** *** 94,99 **** --- 94,104 ---- mypro...

...ocation; goto parse_string; @@ -1625,6 +1672,7 @@ initialize_options(Options * options) options->hostkeyalgorithms = NULL; options->protocol = SSH_PROTO_UNKNOWN; options->num_identity_files = 0; + options->num_certificate_files = 0; options->hostname = NULL; options->host_key_alias = NULL; options->proxy_command = NULL; diff --git a/readconf.h b/readconf.h index bb2d552..f839016 100644 --- a/readconf.h +++ b/readconf.h @@ -94,6 +94,11 @@ typedef struct { char *identity_files[SSH_MAX_IDENTITY_FILES]; int identity_file_userprovided[SSH_MAX_IDENTITY_FILES]; struc...

Hi, OpenSSH 5.6 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a moderately large release, with a number of new features and bug fixes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH