search for: kasperd

As far as I can tell when the ssh command uses an agent to authenticate to a server and then forwards an agent to that server, it will always use the same agent for both purposes. Has there been any attempt to make it possible for the ssh command to use two different agents, such that I can use one agent to authenticate and then forward a different agent to the server? -- Kasper Dupont --

On 25/05/15 09.51, Damien Miller wrote: > I'm not sure it should be part of the banner exchange, though there is > no other trivial way to do it and maintain backwards compatibility. Even if backwards compatibility wasn't a requirement, I don't see any better way it could be done. > I don't much like it because it reveals host identity information > in the clear. So

On 27/05/15 11.07, Dirk-Willem van Gulik wrote: > As a practical suggestion - we ran for a while with a hack where we abuse the version human readable string with a > base64 string of a _salted_ hash of the server we where trying to get to. > > Sharing both salt and hash. > > This let the server figure out the right key to present without too much ado; but without leaking all

On 30/05/15 08.34, Nico Kadel-Garcia wrote: > On Sat, May 30, 2015 at 8:00 AM, Kasper Dupont > <kasperd at kdxdx.23.may.2015.kasperd.net> wrote: > > As far as I can tell when the ssh command uses an agent to > > authenticate to a server and then forwards an agent to that > > server, it will always use the same agent for both purposes. > > > > Has there been any attemp...

I am working on a proxy which can be hosted on a single IP address and dispatch requests to different backends depending on which hostname the client used to connect to this IP address. Currently such a proxy can be build to support HTTP, HTTPS, SMTP, and DNS. However SSH support is impossible due to the ssh client not sending the information such a proxy would need. I am not the first to want

On 26/05/15 15.50, Daniel Kahn Gillmor wrote: > The argument that the DNS lookup leaks this metadata is a bad argument: > if we followed this line of reasoning, then every problem that has > multiple contributors could never be solved (A says "but my fixing > things is useless if B does nothing", while B says "but my fixing things > is useless if A does nothing"

On 27/05/15 01.42, ?ngel Gonz?lez wrote: > Why do you want the hostname being used to "be visible to the administrator > of the SSH server"? In case the AAAA record used by the proxy to find the server for some reason points to the wrong IP address, I want to ensure that the administrator of the server has the opportunity to see the DNS record causing connections to end up on

On 26/05/15 18.29, Daniel Kahn Gillmor wrote: > On Tue 2015-05-26 17:42:40 -0400, Kasper Dupont wrote: > > But it does not address all my requirements. I have a > > requirement that the hostname being used must be visible > > to the administrator of the SSH server. And it must be > > visible with minimal effort without requiring any software > > changes on the