search for: rfc4252

Hi I'm trying to integration a Java application using SSHJ <https://github.com/hierynomus/sshj> client-side - into OpenSSH 7.4. This is fine, except where I get to a password expiry situation. Looking at RFC4252 <https://www.ietf.org/rfc/rfc4252.txt> (which is supported by SSHJ) I don't see any SSH_MSG_USERAUTH_PASSWD_CHANGEREQ [60] messages getting passed from OpenSSH. SSHJ expects these to allow prompting for new password. The only references to SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ in the O...

https://bugzilla.mindrot.org/show_bug.cgi?id=2058 Bug ID: 2058 Summary: SSH Banner message displays UTF-8 multibyte char incorrrectly Classification: Unclassified Product: Portable OpenSSH Version: 6.1p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5

We are attempting to use openssh sftp to connect to a server that is running some version of the Axway SFTP server. After a publickey auth completes, the server resends publickey as a valid auth. This results in a loop as openssh sftp resubmits the publickey information. This seems similar to a discussion in 2014 that terminated with the thought that it might be nice if the client tracked

https://bugzilla.mindrot.org/show_bug.cgi?id=3590 Bug ID: 3590 Summary: Why is the service name in the USERAUTH REQUEST message "ssh-connect" instead of "ssh-userauth"? Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: trivial

Philipp Marek wrote: > An easy workaround is to use a password manager (a plain file as a minimum) If you can/want to use a file then consider using a key instead. publickey authentication is non-interactive on the wire and the key is already unlocked so packet timing leaks nothing about your passphrase. //Peter

Hi! Is it possible to override in OpenSSH so that the shell specified in the /etc/passwd (or what comes from the LDAP server) is not executed at login? We have na?vely tried to specify this with subsystem but found out that by default the ssh client does not specify any subsystem. So how to override something that is unset from the client? /John -- John Olsson Ericsson AB BSC/BSS System

A user at a Windows PC uses our SSH client software (Anzio) to access a Linux sshd. User would like the banner from the server to display BEFORE entering a login name. According to the SSH spec, this should be allowed. But the OpenSSH source seems to have specifically prevented this. Is there a good reason for this? Regards, ....Bob Rasmussen, President, Rasmussen Software, Inc.

Hi there, We could set AuthorizedKeysCommand script, this will allow only to replace authorized_keys file with keys stored in a database... But why this command is so limited? Why i can't just set a command script which will get a username and public key as arguments and let him do it's own authorization?? I think this will allow for much more powerful tricks. For example do to an

...omponent: Documentation Assignee: unassigned-bugs at mindrot.org Reporter: jjelen at redhat.com To the set of related bugs (2398, 2397) for AuthenticationMethods option, there is one documentation issue. I know that there is "none" authentication method, specified by RFC4252, but the usage in the above mentioned option can be misleading, since the "none" value can be used in other options as a safe default. >From my point of view, there should be short note about this value in the documentation, for example like this: > The special meaning has method...

https://bugzilla.mindrot.org/show_bug.cgi?id=2319 Bug ID: 2319 Summary: [PATCH REVIEW] U2F authentication Product: Portable OpenSSH Version: 6.7p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: Miscellaneous Assignee: unassigned-bugs at