search for: ssh_known_hosts

Hi , I was testing puppet exported resources as in http://docs.puppetlabs.com/guides/exported_resources.html and I had this test class (code is from another post). class ssh_known_hosts{ case $sshrsakey { '''': { alert("No sshrsakey found for $fqdn") } default: { @@sshkey { $fqdn: ensure => present, host_aliases => [$hostname, $ipadd...

http://bugzilla.mindrot.org/show_bug.cgi?id=666 Summary: 'BatchMode yes' makes ssh(1) look for /usr/local/etc/ssh_known_hosts Product: Portable OpenSSH Version: 3.7.1p1 Platform: Alpha OS/Version: OSF/1 Status: NEW Severity: critical Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: mmokrejs at n...

...4 -mtune=native -pipe' 'LDFLAGS=-m64' successful. gmake produces error: root @ khorne /patch/openssh-7.3p1 # gmake conffile=`echo sshd_config.out | sed 's/.out$//'`; \ /opt/csw/gnu/sed -e 's|/etc/ssh/ssh_config|/usr/local/etc/ssh_config|g' -e 's|/etc/ssh/ssh_known_hosts|/usr/local/etc/ssh_known_hosts|g' -e 's|/etc/ssh/sshd_config|/usr/local/etc/sshd_config|g' -e 's|/usr/libexec|/usr/local/libexec|g' -e 's|/etc/shosts.equiv|/usr/local/etc/shosts.equiv|g' -e 's|/etc/ssh/ssh_host_key|/usr/local/etc/ssh_host_key|g' -e 's|/etc/ss...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 With this change built ok. But patch must be quite different on my platform (see attached) for portable version. And, of course, after autoreconf run. 02.08.2016 10:55, Darren Tucker ?????: > --- a/configure.ac > +++ b/configure.ac > @@ -754,6 +754,9 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))

I run OpenSSH on linux @ client which ssh /usr/local/bin/ssh ssh -v OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014 @ server which sshd /usr/local/bin/sshd sshd -v unknown option -- V OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014 usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-c host_cert_file] [-E log_file] [-f config_file] [-g login_grace_time]

...ssh_config has > Host * > HostbasedAuthentication yes > EnableSSHKeysign yes > NoHostAuthenticationForLocalhost yes > > NoHostAuthenticationForLocalhost is not necessary. > The one you are missing is EnableSSHKeysign. > > Additionally, you made no mention of your ssh_known_hosts files. Make > sure the client's public keys are in the server's ssh_known_hosts file. On Fri, Jan 9, 2015, at 11:40 AM, Iain Morgan wrote: > To begin with, don't complicate the situation by requiring two forms of > authentication before you've gotten a single form of auth...

...p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Documentation AssignedTo: openssh-bugs at mindrot.org ReportedBy: gbburkhardt at aaahawk.com The documentation indicates that /etc/ssh/ssh_known_hosts can be built from entries in the per-user ~/.ssh/known_hosts file. However, the entry must have an RSA1 key; any other key type will not work. In the 'ssh' man page: "If the server machine does not have the client's host key in /etc/ssh/ssh_known_hosts, it can be stored in $HO...

...s class that just makes sure that all my Puppet managed hosts get the same set of hosts keys using the "sshkey" type. I also am starting to play with OSSEC HIDS which is a host based intrusion detection system. OSSEC HIDS has been letting me know that the MD5 and SHA1 hashes of /etc/ssh/ssh_known_hosts has been changing regularly as Puppet runs. Now, I''ve not added or changed anything with my ssh keys so I would expect either: a) it sees that the keys haven''t changed and thus doesn''t regenerate the /etc/ssh/ssh_known_hosts file b) it always regenerates the...

...O2 -Wall -Wpointer-arith -Wno-uninitialized Preprocessor flags: Linker flags: Libraries: -lutil -lz -lnsl -lcrypto -lcrypt # make conffile=`echo sshd_config.out | sed 's/.out$//'`; \ /usr/bin/perl ./fixpaths -D/etc/ssh/ssh_config=/usr/local/etc/ssh_config -D/etc/ssh/ssh_known_hosts=/usr/local/etc/ssh_known_hosts -D/etc/ssh/sshd_config=/usr/local/etc/sshd_config -D/usr/libexec=/usr/local/libexec -D/etc/shosts.equiv=/usr/local/etc/shosts.equiv -D/etc/ssh/ssh_host_key=/usr/local/etc/ssh_host_key -D/etc/ssh/ssh_host_dsa_key=/usr/local/etc/ssh_host_dsa_key -D/etc/ssh/ssh_host_rsa_...

I'm trying to use HostbasedAuthentication. Running ssh -v -v -v user at host the following error occurs: debug3: authmethod_is_enabled hostbased debug1: next auth method to try is hostbased debug2: userauth_hostbased: chost <host> debug2: we did not send a packet, disable method What does this mean ? I enabled HostbasedAuthentication in /etc/ssh/ssh_config and as it looks, this setting

...e experimentation with 5.4p1 and a cursory examination of the source code, it doesn't look like hostbased authentication takes advantage of certificates other than to authenticate the server. Is that correct? In cluster environments, hostbased authentication is still useful but the size of the ssh_known_hosts file can become unwieldy in large clusters. As an example, a few months back a colleague mentioned that in some cases where the node being logged into was under a high load, the login grace time had expired before the ssh_known_hosts file had been fully parsed. In cases where compute nodes use the...

I. most of ssh manual and all sshd manual present server and client as one machine, called host. All files mentioned are placed on one machine. This is incorrect, and makes the explanation unclear. For example, man sshd SSH_KNOWN_HOSTS FILE FORMAT suggests to copy keys from /etc/ssh/ssh_host_key.pub into /etc/ssh/ssh_known_hosts, as if those files are on the same machine. II. a general presentation of ssh workings is missing, and makes the decryption of those manuals even more difficult. i suppose, but i am not sure that: bot...

Hello. I am running OpenSSH 7.9p1 on my client and server. ssh-keyscan shows the server has ssh-rsa, ssh-ed25519, and ecdsa-sha2-nistp256 host keys. My /etc/ssh/ssh_known_hosts file contains the server's ssh-ed25519 host key. When I try to SSH to the server I get this error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE...

...9;. This means that users can circumvent the system policy and login from disallowed source IP addresses. Important Changes: ================== OpenSSH 2.9.9 might have upgrade issues introduced by the long time between releases, which may affect people in unforseen ways: 1) The files /etc/ssh_known_hosts2 ~/.ssh/known_hosts2 ~/.ssh/authorized_keys2 are now obsolete, you can use /etc/ssh_known_hosts ~/.ssh/known_hosts ~/.ssh/authorized_keys For backward compatibility ~/.ssh/authorized_keys2 is still used for authentication and hostkeys are still read from the known_hosts2. However,...

...a problem since I want to use openssh in a production environment. Is there any way to turn these messages off? 2. I used to be able to logon automaticaly from one machine to another (using ssh 1.2.x) but now openssh allways asks for a password. (Note: I'm using the same host keys and ssh_known_hosts file as before. Any help would be apreciated. Nico -------------------------------------------------------- "It has been said that there are only two businesses refer to customers as users: illegal drug trade and the computer industry." -------------------------...

Hi, I''m attempting to distribute a known host ssh key (for github) to an Ubuntu 10.04 host. Puppet is distributing the key into /etc/ssh/ ssh_known_hosts as: github.com ssh-rsa [really long ssh-rsa key] However, Ubuntu seems to expect the key in this format: |1|[really long ssh-rsa key] (note all the keys in my known_hosts and ssh_known_hosts not managed by puppet are prepended with ''|1|'' on my Ubuntu boxes). Am i missing some...

...p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Documentation AssignedTo: openssh-bugs at mindrot.org ReportedBy: gbburkhardt at aaahawk.com The documentation indicates that /etc/ssh/ssh_known_hosts can be built from entries in the per-user ~/.ssh/known_hosts file. However, the entry must have an RSA1 key; any other key type will not work. In the 'ssh' man page: "If the server machine does not have the client's host key in /etc/ssh/ssh_known_hosts, it can be stored in $HO...

This question should be asked before, but I fail to find the discussion. What options can be used for storing host/users pubkeys in a publically available places? I know openssh currently provide option except if /etc/ssh_known_hosts and ~/.ssh/known_hosts. But what about many machines? Think of e.g. pgp keyservers. Note that pgp keyservers isn't a good solution *always*. The best one IMHO will be to use a mechanism similar to name service switch (as found on solaris and now on linux/glibc, and on other systems as well)....

...have problems getting it working properly. I've read posts about it on this list, and the openssh-unix-dev list, and nothing I have tried seems to work. My question is this, does it matter which key, either ssh_host_key.pub or ssh_host_rsa_key.pub or ssh_host_dsa_key.pub, you put in /etc/ssh/ssh_known_hosts??? I have tried all three, and continue to get this error from sshd -d -d -d debug1: userauth_hostbased: cuser root chost mckinley. pkalg ssh-dss slen 55 debug3: mm_key_allowed entering debug3: mm_request_send entering: type 20 debug3: monitor_read: checking request 20 debug3: mm_answer_keyallow...

I am attempting to remove an old ssh host key from /etc/ssh/ssh_known_hosts. In my manifest, I have the following: # add keys @@sshkey { $hostname: ensure => present, type => "rsa", key => $sshrsakey, } # remove key @@sshkey { "foohost": ensure => absent, type => "rsa", } Sshkey <<| |>> But...