similar to: [Bug 910] known_hosts port numbers

In the current implementation, ssh always uses the hostname supplied by the user directly for the SSHFP DNS record lookup. This causes problems when using the domain search path, e.g. I have "search example.com" in my resolv.conf and then do a "ssh host", I will connect to host.example.com, but ssh will query the DNS for an SSHFP record of "host.", not

Have you seen this? https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742513 --mancha

In sshconnect.c there are two global variables for server_version_string client_version_string. These are used just in a few functions and can easily be passed as parameters. Also, there is a strange construct, where their memory is allocated to the global pointers, then copies of these pointers are assigned to the kex structure. The kex_free finally frees them via cleanup of the kex

Howdy -- I have a number of servers with host keys validated by certificates. These systems are behind a load-balanced frontend, and the certificates are signed as valid for the DNS name used by that common frontend address. This works well for the primary use case of the systems; however, when wishing to address only a single unit within the pool, the certificate cannot be used to validate that

http://bugzilla.mindrot.org/show_bug.cgi?id=910 fullung at gmail.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fullung at gmail.com ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the

http://bugzilla.mindrot.org/show_bug.cgi?id=418 dirk.meyer at dinoex.sub.org changed: What |Removed |Added ---------------------------------------------------------------------------- Component|Miscellaneous |Build system ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the

Scenario: I have access to a semi-public (about 30 users) server where I keep my webpage. Occasionally, especially if I'm on the road. I use this as a bounce point to get to "secured" systems which only allow ssh from certian IP's. (Ignoring the discussion on spoofing, since we have host keys) But host keys are the problem. If anyone gets root on this hypothetical

Hi, I've reported this problem a month ago on this list, and probably no-one is interested? Binaries were configured with krb4 and afs enabled. However, only the second crash seems to be related to krb4. Any thoughts? I had to add one line to includes.h: #include <sys/types.h> #include <sys/socket.h> #include <sys/ioctl.h> +#include <sys/ioccom.h> #include

On Thu, Jun 07, 2018 at 06:14:42PM -0700, PGNet Dev wrote: > On 6/7/18 6:08 PM, Darren Tucker wrote: > > Well the intent is you should be able to set CC and LD to whatever you > > want as long as they work. In this case, the OSSH_CHECK_LDFLAG_LINK > > test invokes autoconf's AC_LINK_IFELSE with uses CC not LD. I'm not > > sure what to do about it yet though. I

Hi list members, just tried to get some old records out of my known_hosts, which is 'HashKnownHosts yes'. Is there a way to unhash host names and/or IPs? Google tells about, how to add hosts, but not the opposite, may be I miss some thing. Is this does not work at all, is there a best practice for cleaning old hosts and keys out? Thanks, Martin! -- Martin GnuPG Key Fingerprint, KeyID

Hi, (I'm not subscribed to the list, so please CC me on reply.) I'd like to request adding a feature to OpenSSH: Task: ~~~~~ It is quite sometime useful to invoke a program prior to connecting to an ssh server. The most common use case will probably be port knocking. That is a small program sends certain packets to a server and the server reacts to this by unlocking the ssh port, which

Hey all, I came across a security news article, referenced by http://www.linux.org/news, at http://www.techworld.com/security/news/index.cfm?NewsID=3668 talking about an SSH weakness involving the known_hosts file. I apologize if this issue has already been addressed, but the mailing list archives didn't turn up anything when i tried searching for something relevant. So; not to knee-jerk or

http://bugzilla.mindrot.org/show_bug.cgi?id=910 devin.nate at bridgecomm.net changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #980 is|0 |1 obsolete| | ------- Comment #39 from devin.nate at bridgecomm.net 2006-02-21 14:08

The variable local_user was allocated by xstrdup and is not freed or pointed to in this branch. This patch adds the xfree. This entire set of patches passed the regression tests on my system. Bug found by Coverity. Signed-off-by: Kylene Hall <kjhall at us.ibm.com> --- sshconnect.c | 1 + 1 files changed, 1 insertion(+) diff -uprN openssh-4.3p2/sshconnect.c

Is there any way to remove old entries from the known_hosts file? With the hashed 'names' one can't easily see which entries are which. I have around 150 lines in my known hosts but in reality I only ssh to a dozen or so systems. All the redundant ones are because I have a mixed population of Raspberry Pis and such on my LAN and they get rebuilt fairly frequently and thus, each time,

http://bugzilla.mindrot.org/show_bug.cgi?id=910 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ildefonso_camargo at yahoo.com ------- Comment #42 from dtucker at zip.com.au 2006-06-20 09:32 ------- *** Bug 1198 has been marked

http://bugzilla.mindrot.org/show_bug.cgi?id=910 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #920 is|0 |1 obsolete| | ------- Additional Comments From dtucker at zip.com.au 2005-08-09 23:09 -------

http://bugzilla.mindrot.org/show_bug.cgi?id=910 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #954 is|0 |1 obsolete| | Attachment #1052 is|0 |1 obsolete|

On Sat, Jan 7, 2017 at 2:30 PM, Peter Moody <mindrot at hda3.com> wrote: > so I spent a bit of time looking at this and it seems like the only > way to go, at least if I want to keep it in ssh_connect_direct(), is > to use pthreads. further, it seems like getting that accepted is > something of a long shot: Sorry, pthreads is a non-starter. I would have thought that using

http://bugzilla.mindrot.org/show_bug.cgi?id=910 mindrot at askneil.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mindrot at askneil.com ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the