search for: sshds

Hi! While reading through PROTOCOL.krl I came across "5. KRL signature sections". If my understanding is correct - and that's basically what I would like to get knocked down for if appropriate ;) - this is a way for SSHDs to ensure they only accept KRLs signed by a trusted CA. However, I cannot seem to find a way to actually _sign_ a KRL with ssh-keygen? The aforementioned PROTOCOL.krl says that KRL_SECTION_SIGNATURE is optional in the file structure, so am I right to assume that ssh-keygen simply does not impleme...

...Version: 3.5p1 Platform: Other OS/Version: Linux Status: NEW Severity: minor Priority: P2 Component: ssh AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: bugzilla.mindrot.org at tange.dk I run 2 completely seperate sshds on different ports. The sshds are used for different purposes and therefore use different configurations. Normally people will only connect to one of the the 2 sshds, but a few people need to connect to both. This makes sshd complain that the identifcations has changed - even though it has not....

The .ssh/known_hosts table cannot handle reaching different sshd servers behind a NAT router. The machines are selected by having the SSHDs respond to differnt ports. A second request would be to allow known_hosts checking solely on the dns name, wildcarding the IP address. This would be useful to avoid continuously warning the user every time you connect to a machine with a changing IP address (e.g. dynamic-ip DSL home machine). With...

> > Yes, you can "police" these things as a sysadmin. How? Use > /usr/proc/bin/ptree, ps, lsof and what not to find all sshd > processes and their associated ptys - the sshds that have no > children processes but whose master pty's slave pty still has > processes associated with said pty, those are the sshds that must be > killed in order to clean up (or you could kill -HUP the background > processes). sure, that's real practical. I just log on to e...

...gt; > Subject: Re: so called hang-on-exit bug > > > > > > > > > > Yes, you can "police" these things as a sysadmin. How? Use > > > /usr/proc/bin/ptree, ps, lsof and what not to find all sshd > > > processes and their associated ptys - the sshds that have no > > > children processes but whose master pty's slave pty still has > > > processes associated with said pty, those are the sshds that must be > > > killed in order to clean up (or you could kill -HUP the background > > > processes). > > &g...

Hi, We'd like sshd to listen on port 22 with PasswordAuthentication = no and port 2222 with PasswordAuthentication = yes. At the moment, it seems the only way to do this is to run two sshds, one per port. Since Match blocks already allow PasswordAuthentication to be set, if the Match keyword itself allowed testing of the server port to which the incoming connection was made then we could do PasswordAuthentication no ... Match ServerPort 2222 PasswordAuthentication y...

I'm having trouble with the rsync wrapper's I've found online: rsync_wrapper[8458]: SSH_ORIGINAL_COMMAND environment variable apparently not set rsync: connection unexpectedly closed (0 bytes read so far) rsync error: error in rsync protocol data stream (code 12) at io.c(189) I'm not sure if this is a problem of incompatibility between my RHES3 and the wrappers I've found or

anybody use them on Gluster? They seem to be almost the same cost as spinning metal these days. In fact I was trying to get some 2.5 inch 2TB drives on a vendor and all they had was the firecuda SSHDs or the really expensive "Enterprise" variety. Our use case would be for VM hosting (Rep2 + Arb). I'm not sure how the SSD cache would pan out with the shards. I've googled and the various responses are all over the map, but the responses range from "can't hurt but pr...

Hi All, Sorry to interrupt, but I recently downloaded and installed a pre-compiled package of OpenSSH 3.9p1 for Solaris. After installation everything seems to work well, but I notice that all of the child sshd daemons are running with a flag '-R' i.e. sh-3.00# ps -ef | grep sshd root 475 1 0 13:45:23 ? 0:00 /usr/local/sbin/sshd -4 root 643 475 0 14:10:55 ?

http://bugzilla.mindrot.org/show_bug.cgi?id=1279 Summary: Address- and/or port-specific HostKeys support Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org ReportedBy:

Howdy, The string of notices on BugTraq about RSAref being vulnerable to overflows has me concerned. After trying to sort through all the messages, I can't figure out whether I need to update OpenSSL (a check of their website indicates no new patches), OpenSSH, both, or neither. I am aware there is no known exploit for it yet. I could be a bad boy and just run all

https://bugzilla.mindrot.org/show_bug.cgi?id=2648 Bug ID: 2648 Summary: allow max connections config Product: Portable OpenSSH Version: 7.4p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org

Hi, I found a small issue with DNSSEC validation of SSHFP lookups. (For reference I used OpenSSH 6.8p1 on FreeBSD 10.1). The issues is that when DNSSEC valiation fails, ssh displays a confusing message to the user. When DNSSEC validation of a SSHFP record fails, ssh presents the user with "Matching host key fingerprint found in DNS. "Are you sure you want to continue connecting

Hi, folks, We're experiencing an odd ten-second delay intermittently when logging into any of our Linux boxes which authenticate against LDAP. Here's where it happens: Jul 13 11:54:23 console2 sshd[1853]: debug1: temporarily_use_uid: <my uid\gid> (e=0/0) Jul 13 11:54:35 console2 sshd[1853]: debug1: trying public key file <my key file> My assumption is there's

...s public key, but keep rest of the users file accessible only with another, supposedly more secure key. I found a way to do this by running a separate sshd on a different port with 'ChrootDirectory /some-dir' and 'ForceCommand internal-sftp' configuration variables, but running two sshds is rather inelegent. Is there a way to force this kind of configuration to only some keys? If not, could the Match keyword be extended to match only certain keys, or even better, could a 'chrootdir' option be added to the Authorized keys format? Teemu

On Mon, Jun 24, 2002 at 03:00:10PM -0600, Theo de Raadt wrote: > Date: Mon, 24 Jun 2002 15:00:10 -0600 > From: Theo de Raadt <deraadt at cvs.openbsd.org> > Subject: Upcoming OpenSSH vulnerability > To: bugtraq at securityfocus.com > Cc: announce at openbsd.org > Cc: dsi at iss.net > Cc: misc at openbsd.org > > There is an upcoming OpenSSH vulnerability that

On Mon, Jun 24, 2002 at 03:00:10PM -0600, Theo de Raadt wrote: > Date: Mon, 24 Jun 2002 15:00:10 -0600 > From: Theo de Raadt <deraadt at cvs.openbsd.org> > Subject: Upcoming OpenSSH vulnerability > To: bugtraq at securityfocus.com > Cc: announce at openbsd.org > Cc: dsi at iss.net > Cc: misc at openbsd.org > > There is an upcoming OpenSSH vulnerability that

https://bugzilla.mindrot.org/show_bug.cgi?id=3598 Bug ID: 3598 Summary: Dead lock of sshd and Defunct of sshd Product: Portable OpenSSH Version: 9.1p1 Hardware: ix86 OS: Linux Status: NEW Severity: normal Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org

Hello. I am trying to play through the following test scenario about certificate revocation on Ubuntu 18.04, which has OpenSSH of this version: OpenSSH_7.6p1 Ubuntu-4, OpenSSL 1.0.2n? 7 Dec 2017 1. A CA key is created ssh-keygen -t ed25519 -f ca 2. The CA public key is added to ~/.ssh/authorized_keys on some server: cert-authority ssh-ed25519 AAAA...e ca at yoga 3. A user key is created on a