search for: knownhostscommand

https://bugzilla.mindrot.org/show_bug.cgi?id=3643 Bug ID: 3643 Summary: order_hostkeyalgs can't find host-key in KnownHostsCommand if it contains port Product: Portable OpenSSH Version: 9.5p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org...

https://bugzilla.mindrot.org/show_bug.cgi?id=3652 Bug ID: 3652 Summary: KnownHostsCommand should expand tokens and environment variables on first argument Product: Portable OpenSSH Version: 9.6p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: ssh...

...(optionally) a couple of times to > deal with UpdateHostkeys messages from the server. UpdateHostKeys seems like it's about modifying the stored keys, right? that's a different thing than just reading it. We'd need to specify some sort of interface for sending back updates to the KnownHostsCommand as well, and this isn't something that was specified in the initial feature request. > This could result in the KnownHostsCommand being run a bunch of > times and, unless it was very efficient, could make ssh pretty slow. even with caching and a single run for reading, a slow KnownHosts...

https://bugzilla.mindrot.org/show_bug.cgi?id=1777 Summary: KnownHostsCommand Product: Portable OpenSSH Version: 5.5p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: unassigned-bugs at mindrot.org ReportedBy: dkg at fifthhorsema...

...fairly inefficient. ssh reads known_hosts a couple of times during connection. At least once to figure out what host key algorithms are in use, then again to verify the hostkey sent and (optionally) a couple of times to deal with UpdateHostkeys messages from the server. This could result in the KnownHostsCommand being run a bunch of times and, unless it was very efficient, could make ssh pretty slow. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1777 Guilhem <guilhem at fripost.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |guilhem at fripost.org -- You are receiving this mail because: You are watching the assignee of the bug.

I'm working on a small server written in Go to add short-lived user certificates to the forwarded agents of authorized users. https://github.com/rorycl/sshagentca This seems to work quite well for accessing sshd servers with the appropriately configured "TrustedUserCAKeys" directive. I have been in a debate about how similarly adding host certificates to forwarded agents could

...barely understand IPv4!) Port forwarding will require a lot of manual piss-farting around on the router's config webpage? and will likely break if the embedded DHCPd decides to not assign the static IP the target machine was supposed to get. In the `ssh_config` man page, I see there is a `KnownHostsCommand` option, which could possibly be employed here, however since the files are "shared" by multiple users, there's the issue of paths, since I'll bet the `KnownHostsCommand` is relative to ${PWD} and not ~/.ssh/config or any config file imported by it. User or Global `known_host...

https://bugzilla.mindrot.org/show_bug.cgi?id=3628 Bug ID: 3628 Summary: tracking bug for openssh-9.6 Product: Portable OpenSSH Version: -current Hardware: Other OS: Linux Status: NEW Keywords: meta Severity: enhancement Priority: P5 Component: Miscellaneous Assignee:

https://bugzilla.mindrot.org/show_bug.cgi?id=1808 Summary: "SetupCommand" invoked before connecting Product: Portable OpenSSH Version: 5.6p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: ssh AssignedTo: unassigned-bugs at mindrot.org

...rded agent > > replace the necessity for a '@cert-authority' line in a user's known_hosts > > file? > > I'm not sure I want to add yet another path (the agent) to ssh's already > twisty host key verification logic. However, a few people have requsted > a KnownHostsCommand option that allows the output of a subprocess to > be used in addition to the usual known_hosts. Would this work for you? > > > Secondly, would there be any alteration to the requirement for a > > "HostCertificate" CA-signed public key (from a private "HostKey&quot...