search for: user_hostfiles

Hi list, I use ssh a lot and I often need to connect to hosts whose host key has changed. If a host key of the remote host changes ssh terminates and the user has to manually delete the offending host key from known_hosts. I had to do this so many times that I no longer like the idea ;-) I would really like ssh to ask me if the new host key is OK and if I want to add it to known_hosts. I talked

...er = 0; - struct hostkeys *host_hostkeys, *ip_hostkeys; + struct hostkeys *host_hostkeys, *ip_hostkeys, *key_hostkeys = NULL; u_int i; /* @@ -758,17 +758,17 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, host_hostkeys = init_hostkeys(); for (i = 0; i < num_user_hostfiles; i++) - load_hostkeys(host_hostkeys, host, user_hostfiles[i]); + load_hostkeys(host_hostkeys, host, NULL, user_hostfiles[i]); for (i = 0; i < num_system_hostfiles; i++) - load_hostkeys(host_hostkeys, host, system_hostfiles[i]); + load_hostkeys(host_hostkeys, host, NULL, system_hostfiles[i]...

...f (cert) + host_key = cert; if (options.check_host_ip && ip_status == HOST_NEW) { snprintf(hostline, sizeof(hostline), "%s,%s", host, ip); hostp = hostline; if (options.hash_known_hosts) { /* Add hash of host and IP separately */ r = add_host_to_hostfile(user_hostfiles[0], - host, host_key, options.hash_known_hosts) && - add_host_to_hostfile(user_hostfiles[0], ip, - host_key, options.hash_known_hosts); + host, host_key, options.hash_known_hosts); + /* Don't add an IP entry if we're writing out a cert */ + if (!r &...

OpenSSH 3.0 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. This release contains many portability bug-fixes (listed in the ChangeLog) as well as several new features (listed below). We would like to thank the

Hi, I've reported this problem a month ago on this list, and probably no-one is interested? Binaries were configured with krb4 and afs enabled. However, only the second crash seems to be related to krb4. Any thoughts? I had to add one line to includes.h: #include <sys/types.h> #include <sys/socket.h> #include <sys/ioctl.h> +#include <sys/ioccom.h> #include

Hi, below is a patch to simply mention 'ssh-keygen' when a fingerprint does not match between the known_hosts file and the remote. I find that many people are unaware that ssh-keygen can do this for them. adding a copy-and-pasteable message in the warning will make users more aware. Description: Mention ssh-keygen in ssh fingerprint changed warning Author: Scott Moser <smoser at

The attached patch implements a feature that would make my interaction with ssh somewhat more secure. When connecting to a host whose key is not in the known_hosts file, this patch makes ssh tell the user about any other hosts in the known_hosts file that have the same key. For example, if I have host A in my known_hosts file, and try to connect to host B which is an alias for A, ssh will tell

https://bugzilla.mindrot.org/show_bug.cgi?id=2738 Bug ID: 2738 Summary: UpdateHostKeys does not check keys in secondary known_hosts files Product: Portable OpenSSH Version: 7.4p1 Hardware: amd64 OS: Linux Status: NEW Severity: minor Priority: P5 Component: ssh

...enough */ + +#define SSH_BIND_ADDRESS_ANY "any" /* any address mark, used in configuration file */ +#define SSH_BIND_ADDRESS_ANYlen strlen(SSH_BIND_ADDRESS_ANY) typedef struct { int forward_agent; /* Forward authentication agent. */ @@ -89,7 +93,10 @@ typedef struct { u_int num_user_hostfiles; /* Path for $HOME/.ssh/known_hosts */ char *user_hostfiles[SSH_MAX_HOSTS_FILES]; char *preferred_authentications; - char *bind_address; /* local socket address for connection to sshd */ + + char *bind_addresses[SSH_MAX_BIND_ADDRESSES]; /* local socket address list for connection to ssh...

Scenario: I have access to a semi-public (about 30 users) server where I keep my webpage. Occasionally, especially if I'm on the road. I use this as a bounce point to get to "secured" systems which only allow ssh from certian IP's. (Ignoring the discussion on spoofing, since we have host keys) But host keys are the problem. If anyone gets root on this hypothetical

Here is a little patch against 2.9p1 that performs the SNK (also known as TIS authserv) challenge-response automaticly instead of asking the user. hope you find it useful. --larry -------------- next part -------------- diff -NuBw openssh-2.9p1/Makefile.in openssh/Makefile.in --- openssh-2.9p1/Makefile.in Thu Apr 26 20:31:08 2001 +++ openssh/Makefile.in Wed Jun 6 16:15:56 2001 @@ -43,9 +43,9