Displaying 20 results from an estimated 1000 matches similar to: "[Bug 1159] %u and %h not handled in IdentityFile"
2003 Jan 18
0
[Patch] User-dependent IdentityFile
Here is the user-dependent IdentityFile patch for openssh3.5 (BSD version),
which allows private key files to be placed system wide (for all users) in
a secure (non-NFS) mounted location.
This addresses an important security hole on systems where home directories
are NFS mounted, particularly if there are users who use blank passphrases
(or when lpd is tunneled through ssh on systems running lpd
2002 Jan 27
1
[PATCH] Add user-dependent IdentityFile to OpenSSH-3.0.2p1
Here is a patch to allow private key files to be placed system wide (for
all users) in a secure (non-NFS) mounted location on systems where home
directories are NFS mounted. This is especially important for users who use
blank passphrases rather than ssh-agent (a good example of where this is
necessary is for tunnelling lpd through ssh on systems that run lpd as user
lp).
IdentityFile now accepts
2019 Oct 09
3
[Bug 3080] New: Document IdentityFile=none and clarify interaction of defaults with IdentitiesOnly
https://bugzilla.mindrot.org/show_bug.cgi?id=3080
Bug ID: 3080
Summary: Document IdentityFile=none and clarify interaction of
defaults with IdentitiesOnly
Product: Portable OpenSSH
Version: 8.0p1
Hardware: Other
OS: All
Status: NEW
Severity: normal
Priority: P5
2023 May 12
0
[Bug 3570] New: Add substitution token for explicitly selected IdentityFile for ControlPath selection
https://bugzilla.mindrot.org/show_bug.cgi?id=3570
Bug ID: 3570
Summary: Add substitution token for explicitly selected
IdentityFile for ControlPath selection
Product: Portable OpenSSH
Version: 9.3p1
Hardware: All
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
2004 Jun 20
0
key management with ssh-agent, IdentityFile and info leakage
editors note: just now found something about IdentitiesOnly that might do the
trick. there's some other stuff in here too.
about preventing info leakage [keys for other sites] from appearing in the
client<-->server key negotiation with ssh-agent and IdentityFile.
ssh/config:IdentityFile - seems to indicate that only the specified key will
be tried, and if that key fails, no other keys
2011 Dec 13
3
ssh-agent and IdentityFile
I've noticed that the ssh-agent applies any keys it already has
passwords for (via ssh-add) first, overriding the ssh config files for
preferred identity file from .ssh/config and -i. This seems a
documented behavior.
However, this causes problems with some tool chains that use the
authorized_keys command directive to change behavior based on which
key is used.
In my case, I use gitolite for
2017 May 31
1
[PATCH 0/1] Process the IdentityFile option from the included files
Hello,
This change is to get the IdentityFile option processed
from the included configuration files.
Regards,
Oleg
Oleg Zhurakivskyy (1):
Process the IdentityFile option from the included files
readconf.c | 14 ++++++--------
1 file changed, 6 insertions(+), 8 deletions(-)
--
2.9.3
2019 Apr 01
2
IdentityFile vs IdentitiesOnly
Hi folks,
I've got a moderate number of keys in my ssh config file.
Problem: Very often I get an error message like
Received disconnect from 2001:db8::8077 port 999:2: Too many authentication failures
Authentication failed.
AFAIU the ssh-agent is to blame here, trying out all keys
he has ever seen. This conflicts with MaxAuthTries 6, set by
default on the peer.
The solution seems to be to
2019 Apr 02
2
IdentityFile vs IdentitiesOnly
Hi Darren,
On 4/1/19 10:41 AM, Darren Tucker wrote:
> On Mon, 1 Apr 2019 at 08:12, Harald Dunkel <harald.dunkel at aixigo.de> wrote:
>> I've got a moderate number of keys in my ssh config file.
>> Problem: Very often I get an error message like
> [...]
>> The solution seems to be to set IdentitiesOnly, e.g.:
> [...]
>> Shouldn't an explicit
2002 Jan 15
1
User-Dependent Identity File
On Tue, Jan 15, 2002 at 06:00:50PM -0000, John Bowman wrote:
> > Date: Tue, 15 Jan 2002 17:29:44 +0100
> > From: Markus Friedl <markus at openbsd.org>
> > Cc: openssh at openbsd.org
> > Content-Type: text/plain; charset=us-ascii
> > Content-Disposition: inline
> > User-Agent: Mutt/1.3.25i
> >
> > On Tue, Jan 15, 2002 at 03:46:15PM -0000, John
2011 May 02
12
[Bug 1898] New: possible unreasonable behaviour when using ProxyCommand with multiple IdentityFile(s)
https://bugzilla.mindrot.org/show_bug.cgi?id=1898
Summary: possible unreasonable behaviour when using
ProxyCommand with multiple IdentityFile(s)
Product: Portable OpenSSH
Version: 5.8p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: Miscellaneous
2018 Sep 28
2
Support for RFC4252 in sshd with PAM
Hi
I'm trying to integration a Java application using SSHJ
<https://github.com/hierynomus/sshj> client-side - into OpenSSH 7.4. This
is fine, except where I get to a password expiry situation.
Looking at RFC4252 <https://www.ietf.org/rfc/rfc4252.txt> (which is
supported by SSHJ) I don't see any SSH_MSG_USERAUTH_PASSWD_CHANGEREQ [60]
messages getting passed from
2002 Oct 03
0
[Bug 410] New: when -i or IdentityFile is specified, agent keys are still tried first
http://bugzilla.mindrot.org/show_bug.cgi?id=410
Summary: when -i or IdentityFile is specified, agent keys are
still tried first
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: All
Status: NEW
Severity: minor
Priority: P2
Component: ssh-agent
AssignedTo:
2002 Oct 04
1
[Bug 410] when -i or IdentityFile is specified, agent keys are still tried first
http://bugzilla.mindrot.org/show_bug.cgi?id=410
------- Additional Comments From markus at openbsd.org 2002-10-04 17:34 -------
it's not documented that -i or IdentityFile overwrite
the agent and it's to late to even consider this change.
if you don't want to use the agent, unset SSH_AUTH_SOCK
------- You are receiving this mail because: -------
You are the assignee for the
2020 Jun 24
2
[Bug 3186] New: ProxyJump should include IdentityFile when specified
https://bugzilla.mindrot.org/show_bug.cgi?id=3186
Bug ID: 3186
Summary: ProxyJump should include IdentityFile when specified
Product: Portable OpenSSH
Version: 8.3p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee:
2006 Apr 27
1
IdentityFile option escape sequences
Hello,
I'm using openssh-4.3p2 compiled for sparc-sun-solaris2.8. I'm trying
to use the IdentityFile option with the escape sequences for the remote
host name (%h) and remote user name (%r) as documented in ssh-config
<http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config&sektion=5&arch=&apropos=0&manpath=OpenBSD+Current>.
It seems the escape sequences do not
2002 Jan 27
0
IdentityFile patch
By the way, I noticed in the previous IdentityFile patch I forgot to
expand tilde. I fixed this by making the change in ssh.c instead of
readconf.c, which is probably where it belongs, as far as the existing code
is concerned:
diff -ur openssh-3.0.2p1/auth.c openssh-3.0.2p1I/auth.c
--- openssh-3.0.2p1/auth.c Sun Nov 11 17:06:07 2001
+++ openssh-3.0.2p1I/auth.c Sun Jan 27 12:05:14 2002
@@ -44,7
2015 Mar 06
3
[Bug 2362] New: Please add a possibility to disable IdentityFiles
https://bugzilla.mindrot.org/show_bug.cgi?id=2362
Bug ID: 2362
Summary: Please add a possibility to disable IdentityFiles
Product: Portable OpenSSH
Version: 6.7p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs
2013 Jul 12
0
[Bug 1898] possible unreasonable behaviour when using ProxyCommand with multiple IdentityFile(s)
https://bugzilla.mindrot.org/show_bug.cgi?id=1898
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|REOPENED |RESOLVED
Resolution|--- |FIXED
--- Comment #15 from Damien Miller <djm at
2015 Aug 11
0
[Bug 1898] possible unreasonable behaviour when using ProxyCommand with multiple IdentityFile(s)
https://bugzilla.mindrot.org/show_bug.cgi?id=1898
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #16 from Damien Miller <djm at mindrot.org> ---
Set all RESOLVED bugs to CLOSED with