search for: hostkeyalias

http://bugzilla.mindrot.org/show_bug.cgi?id=1039 Summary: Incomplete application of HostKeyAlias in ssh Product: Portable OpenSSH Version: 4.0p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: bitbucket at mindrot.org ReportedBy: cdmclain at ll.mit...

...------------------------------------------------ CC| |imorgan at nas.nasa.gov --- Comment #13 from Iain Morgan <imorgan at nas.nasa.gov> --- My apologies for re-opening a long-closed bug, but this feature seems like a bad idea. The description of HostKeyAlias in ssh_config(5) only refers to using the alias for the purpose of looking up or storing keys. Thus, having it also affect the password prompt is quite unexpected. While the current behaviour addresses one issue, it creates others: In our environment, we use a proxy command to implement load-balan...

https://bugzilla.mindrot.org/show_bug.cgi?id=2728 Bug ID: 2728 Summary: HostKeyAlias not respected for certificate authority host key validation Product: Portable OpenSSH Version: 7.5p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: ssh...

...inst a user-specified name that differs from that address seems a legitimate request -- one may also have a situation where name resolution is not available, for instance, and wish to connect to a system whose name is known by IP without the situation posited above. I'd like to propose that if HostKeyAlias is set, this be used as a second name against which a certificate may be considered valid, should it match. A trivial patch implementing this behavior is attached.

https://bugzilla.mindrot.org/show_bug.cgi?id=2359 Bug ID: 2359 Summary: [PATCH] Allow HostKeyAlias to be used in hostname check against certificate principal Product: Portable OpenSSH Version: 6.7p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: ssh...

http://bugzilla.mindrot.org/show_bug.cgi?id=1039 ------- Additional Comments From djm at mindrot.org 2005-06-17 13:54 ------- I don't understand: you know the alias hostname, because it is there on the commandline, so the prompt is providing you more, real information. Can you give me a real-life scenario where showing the alias hostname would be important? ------- You are receiving

http://bugzilla.mindrot.org/show_bug.cgi?id=1039 ------- Comment #8 from dtucker at zip.com.au 2005-11-24 19:47 ------- (In reply to comment #7) > I don't understand: you know the alias hostname, because it is there on the > commandline, so the prompt is providing you more, real information. > > Can you give me a real-life scenario where showing the alias hostname would be

https://bugzilla.mindrot.org/show_bug.cgi?id=1039 Darren Tucker <dtucker at zip.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #12 from Darren Tucker <dtucker at zip.com.au> 2010-03-26 10:51:05 EST --- With the

http://bugzilla.mindrot.org/show_bug.cgi?id=910 mindrot at askneil.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mindrot at askneil.com ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the

...Status|NEW |RESOLVED Resolution| |INVALID ------- Additional Comments From markus at openbsd.org 2002-09-11 06:18 ------- i don't think this will happen any time soon. what does ip:port mean for hostbased authentication? why does HostKeyAlias not help? why should i have 10 entries for the hostkey if i run sshd on 10 different ports on the same machine? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

...the right way since I had enabled the daily digest and I'm not sure if it's the right way to use Thunderbirds "Reply List" feature on this digest. If it's wrong this way I apologize. I turned of the daily digest so my next messages should be correct. > Are you aware of HostKeyAlias? Yes I read that but as far as I understand the feature is more like aliasing commands in linux (so i.e if I have a server which I use as webserver I could create the alias "webserver", configure the hostname, port etc. and then just use the alias "webserver" instead of typin...

The .ssh/known_hosts table cannot handle reaching different sshd servers behind a NAT router. The machines are selected by having the SSHDs respond to differnt ports. A second request would be to allow known_hosts checking solely on the dns name, wildcarding the IP address. This would be useful to avoid continuously warning the user every time you connect to a machine with a changing IP address

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, the following patch extends the user at host syntax on the ssh command line to allow an additional HostKeyAlias and Port to be given as a single argument, eg: ssh user at localhost%8022,www.tdl.com is equivalent to ssh -o 'HostKeyAlias www.tdl.com' -p 8022 user at localhost The patch is particularly useful when ssh is called from other programs or scripts and the ssh connection is to be esta...

On Fri, 18 Aug 2023 at 17:18, Stuart Longland VK4MSL <me at vk4msl.com> wrote: > On 18/8/23 15:39, Darren Tucker wrote: [...] > > I think you just need "HostKeyAlias mytarget" here. > > Ahh, in my scanning through the `ssh_config` manpage, I missed this, and > change logs seem to indicate this feature has been around since at least > 2017, so should not cause compatibility issues with the other users. The OpenSSH Release Notes page is a good w...

I have had a brief discussion with Damien Miller (below) about storing host port values in the known_hosts file so as to track multiple ssh sessions (with independant keys) that run on a single host but accept connections on different ports. If it were possible to state that a given key for a remote host belonged to that host's ssh session on port 23 and that another key belonged to that

Hello. We are currently installing a new firewall, and would like to use a mixture of NAT and port mapping to have a single "gateway" host address which exposes a range of open ports, each of which maps to sshd of a different host in our internal network (e.g. ssh.jesus.cam.ac.uk on port 6789 maps to internal host1 port 22 whereas ssh.jesus.cam.ac.uk on port 6790 maps to internal

...form/SUNW,Ultra-30/lib/libc_psr.so.1...done. Reading symbols from /usr/lib/nss_files.so.1...done. #0 0xef4a5400 in strlen () (gdb) where #0 0xef4a5400 in strlen () #1 0xef4dc7e4 in _doprnt () #2 0xef4e5c88 in vsnprintf () #3 0x42bfc in do_log (level=SYSLOG_LEVEL_DEBUG1, fmt=0xb9e28 "using hostkeyalias: %s", args=0xefffe510) at log.c:385 #4 0x42574 in debug (fmt=0xb9e28 "using hostkeyalias: %s") at log.c:159 #5 0x20c04 in check_host_key (host=0x5a "", hostaddr=0xf3560, host_key=0xffaa8, readonly=0, user_hostfile=0x81 "", system_hostfile=0x69 " -v...

...|Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WORKSFORME ------- Additional Comments From djm at mindrot.org 2002-01-26 09:59 ------- You can use the HostKeyAlias option in ~/.ssh/config or /etc/ssh_config to "rename" hosts to avoid these collisions. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=80 ------- Additional Comments From eric-ossh at brouhaha.com 2002-08-22 04:57 ------- This "HostKeyAlias" business seems like a flimsy excuse for not implmeenting a feature that users want. In this age of ubiquitous firewalls and NAT, it is NOT reasonable to assume that two ports on the same IP address refer to the same host, or to the same SSH server. Even if you run two SSH daemons on one hos...

...rictHostKeyChecking accept-new" option but when I tried to check that it works correctly, I got confused. How do I pretend that the host key has changed? I thought it would be enough to change the corresponding key in .ssh/known_hosts, but this just causes a new entry to be added with the same HostKeyAlias: # first I deleted the key from .ssh/known_hosts $ grep TH1LmIM .ssh/known_hosts [1]$ ssh -F /dev/null -o "StrictHostKeyChecking accept-new" -o HostKeyAlias=foo ofb.net echo hi Warning: Permanently added 'foo,104.197.242.163' (ECDSA) to the list of known hosts....