search for: nohostauthenticationforlocalhost

...'s no way to disable ProxyCommand in another host section. I need this to still have the possibility to access localhost without host key checking [1], i.e. I'd like to have something like Host localhost ProxyCommand - That'd be necessary because as soon as a ProxyCommand is active, NoHostAuthenticationForLocalhost is ignored because OpenSSH no longer has a way to tell whether "localhost" is really the loopback interface. So, is there any way to achieve what I want without adding support for something like "ProxyCommand -" (and without having to add each and every host that should be acce...

It looks like host based authentication will not work if you attempt to set EnableSSHKeysign on a per host basis. Ie. This does not work. ------- Host ou8 HostName ou8.somedomain.com HostbasedAuthentication yes EnableSSHKeysign yes NoHostAuthenticationForLocalhost yes ------- Unless you also add ----- Host * EnableSSHKeysign yes ----- Is this the intended behavior? -- Tim Rice Multitalents (707) 887-1469 tim at multitalents.net

https://bugzilla.mindrot.org/show_bug.cgi?id=2293 Bug ID: 2293 Summary: ssh should have an option to automatically trust a local sshd's host key for a given set of names Product: Portable OpenSSH Version: 6.7p1 Hardware: All OS: All Status: NEW Severity: enhancement

I run OpenSSH on linux @ client which ssh /usr/local/bin/ssh ssh -v OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014 @ server which sshd /usr/local/bin/sshd sshd -v unknown option -- V OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014 usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-c host_cert_file] [-E log_file] [-f config_file] [-g login_grace_time]

Hi, On Fri, Jan 9, 2015, at 10:48 AM, Tim Rice wrote: > My ssh_config has > Host * > HostbasedAuthentication yes > EnableSSHKeysign yes > NoHostAuthenticationForLocalhost yes > > NoHostAuthenticationForLocalhost is not necessary. > The one you are missing is EnableSSHKeysign. > > Additionally, you made no mention of your ssh_known_hosts files. Make > sure the client's public keys are in the server's ssh_known_hosts file. On Fri, Jan 9,...

...+++ openssh-3.2.2p1/readconf.c Tue May 21 15:40:06 2002 @@ -115,7 +115,8 @@ oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, oHostKeyAlgorithms, oBindAddress, oSmartcardDevice, - oClearAllForwardings, oNoHostAuthenticationForLocalhost + oClearAllForwardings, oNoHostAuthenticationForLocalhost, + oConnectTimeout } OpCodes; /* Textual representations of the tokens. */ @@ -187,6 +188,7 @@ { "smartcarddevice", oSmartcardDevice }, { "clearallforwardings", oClearAllForwardings }, { "nohostauthenticati...

...Index: ssh.1 --- openssh-3.8p1.orig/ssh.1 (.../.transvn:beginning) (revision 25) +++ openssh-3.8p1/ssh.1 (revision 25) @@ -614,6 +614,7 @@ .It CheckHostIP .It Cipher .It Ciphers +.It CloseCommand .It ClearAllForwardings .It Compression .It CompressionLevel @@ -639,6 +640,7 @@ .It MACs .It NoHostAuthenticationForLocalhost .It NumberOfPasswordPrompts +.It OpenCommand .It PasswordAuthentication .It Port .It PreferredAuthentications Index: sshconnect.h --- openssh-3.8p1.orig/sshconnect.h (.../.transvn:beginning) (revision 25) +++ openssh-3.8p1/sshconnect.h (revision 25) @@ -34,6 +34,10 @@ }; int +ssh_run_comma...

...onst char *fmt, va_list args); --- openssh-snap/readconf.c Thu Oct 4 02:39:39 2001 +++ openssh/readconf.c Mon Oct 15 17:34:26 2001 @@ -187,7 +193,7 @@ { "smartcarddevice", oSmartcardDevice }, { "clearallforwardings", oClearAllForwardings }, { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost - { NULL, 0 } + { NULL, (OpCodes)0 } }; /* --- openssh-snap/servconf.c Thu Sep 13 01:32:15 2001 +++ openssh/servconf.c Mon Oct 15 17:34:26 2001 @@ -317,7 +330,7 @@ { "authorizedkeysfile", sAuthorizedKeysFile },...

As of version 3.0.2p1 and perhaps earlier localhost forwarded connections are checked in known_hosts. The difficulty is that if you have multiple forwards, only one of them will exist as a valid host key for localhost. All the others will be treated as a "Changed" key prompting reduced functionality including disallowing agent-forwarding. Depending on StrictHostKeyChecking being set,

...---------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Additional Comments From markus at openbsd.org 2002-03-13 20:07 ------- the pre-3.x behaviour can be restored with this option: NoHostAuthenticationForLocalhost This option can be used if the home directory is shared across machines. In this case localhost will refer to a different ma- chine on each of the machines and the user will get many warnings about changed host keys. However, this option disable...

...3 19:39:39 2001 +++ readconf.c Sat Jan 26 21:44:35 2002 @@ -115,7 +115,8 @@ oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, oHostKeyAlgorithms, oBindAddress, oSmartcardDevice, - oClearAllForwardings, oNoHostAuthenticationForLocalhost + oClearAllForwardings, oNoHostAuthenticationForLocalhost, + oConnectTimeout } OpCodes; /* Textual representations of the tokens. */ @@ -187,6 +188,7 @@ { "smartcarddevice", oSmartcardDevice }, { "clearallforwardings", oClearAllForwardings }, { "nohostauthentica...

https://bugzilla.mindrot.org/show_bug.cgi?id=1839 Summary: ssh/scp to localhost/127.0.0.1 should not update known_hosts Product: Portable OpenSSH Version: 5.3p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: Miscellaneous AssignedTo:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hello, There seems to be just a bit to do with the latest openssh (5.8p1) and ControlPersist. I encountered two problems: 1. When I use ControlPersist in combination with ProxyCommand to reach a other host over that proxy I get the following message: Bad packet length 1397966893. Disconnecting: Paket corrupt When I fist ssh to

...+++ openssh-3.0.1p1/readconf.c Sat Nov 17 22:49:47 2001 @@ -115,7 +115,8 @@ oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, oHostKeyAlgorithms, oBindAddress, oSmartcardDevice, - oClearAllForwardings, oNoHostAuthenticationForLocalhost + oClearAllForwardings, oNoHostAuthenticationForLocalhost, + oConnectTimeout } OpCodes; /* Textual representations of the tokens. */ @@ -187,6 +188,7 @@ { "smartcarddevice", oSmartcardDevice }, { "clearallforwardings", oClearAllForwardings }, { "nohostauthentica...

...----------- --- openssh-3.6.1p1/readconf.c.ORIG Tue Apr 15 23:06:30 2003 +++ openssh-3.6.1p1/readconf.c Tue Apr 15 23:09:43 2003 @@ -114,7 +114,7 @@ oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, oHostKeyAlgorithms, oBindAddress, oSmartcardDevice, oClearAllForwardings, oNoHostAuthenticationForLocalhost, - oEnableSSHKeysign, + oEnableSSHKeysign, oConnectTimeout, oDeprecated } OpCodes; @@ -188,6 +188,7 @@ { "clearallforwardings", oClearAllForwardings }, { "enablesshkeysign", oEnableSSHKeysign }, { "nohostauthenticationforlocalhost", oNoHostAuthenticationForL...

...02 +++ openssh-3.1p1/readconf.c Wed Apr 3 23:34:34 2002 @@ -115,7 +115,8 @@ oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, oHostKeyAlgorithms, oBindAddress, oSmartcardDevice, - oClearAllForwardings, oNoHostAuthenticationForLocalhost + oClearAllForwardings, oNoHostAuthenticationForLocalhost, + oConnectTimeout } OpCodes; /* Textual representations of the tokens. */ @@ -187,6 +188,7 @@ { "smartcarddevice", oSmartcardDevice }, { "clearallforwardings", oClearAllForwardings }, { "nohostauthenticati...

...Cm MatchHostName +This option matches the value of +.Cm HostName +against any subsequent +.Cm Host +entries. +.Cm MatchHostName +may be set at any point, but only takes effect once +.Cm HostName +is set. +The argument to this keyword must be +.Dq yes +or +.Dq no . +The default is +.Dq no . .It Cm NoHostAuthenticationForLocalhost This option can be used if the home directory is shared across machines. In this case localhost will refer to a different machine on each of Index: usr.bin/ssh/readconf.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/readconf.c,v retrieving rev...

...support in protocol v1 (KerbIV and KerbV) 4) backward compatibility with older commercial SSH versions >= 2.0.10 5) getopt(3) is now used by all programs 6) dynamic forwarding (use ssh(1) as your socks server) 7) ClearAllForwardings in ssh(1) 8) ssh(1) now checks the hostkey for localhost (NoHostAuthenticationForLocalhost yes/no). 9) -F option in ssh(1) 10) ssh(1) now has a '-b bindaddress' option 11) scp(1) allows "scp /file localhost:/file" 12) The AuthorizedKeysFile option allows specification of alternative files that contain the public keys that can be used for user authentication...

...-------------- --- openssh-3.5p1/readconf.c.ORIG Tue Jul 9 16:06:40 2002 +++ openssh-3.5p1/readconf.c Wed Oct 16 14:59:12 2002 @@ -114,7 +114,7 @@ oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, oHostKeyAlgorithms, oBindAddress, oSmartcardDevice, oClearAllForwardings, oNoHostAuthenticationForLocalhost, - oDeprecated + oConnectTimeout, oDeprecated } OpCodes; /* Textual representations of the tokens. */ @@ -186,6 +186,7 @@ { "smartcarddevice", oSmartcardDevice }, { "clearallforwardings", oClearAllForwardings }, { "nohostauthenticationforlocalhost", oNoHostAu...

...+++ openssh-3.0.2p1S/readconf.c Sat Jan 19 14:49:50 2002 @@ -115,7 +115,7 @@ oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, oHostKeyAlgorithms, oBindAddress, oSmartcardDevice, - oClearAllForwardings, oNoHostAuthenticationForLocalhost + oClearAllForwardings, oNoHostAuthenticationForLocalhost, oSleep } OpCodes; /* Textual representations of the tokens. */ @@ -187,6 +187,7 @@ { "smartcarddevice", oSmartcardDevice }, { "clearallforwardings", oClearAllForwardings }, { "nohostauthenticationforloc...