similar to: [Bug 1194] .host is known, .00host isn't ... or is it?

http://bugzilla.mindrot.org/show_bug.cgi?id=1194 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WONTFIX CC|

Hello. We are currently installing a new firewall, and would like to use a mixture of NAT and port mapping to have a single "gateway" host address which exposes a range of open ports, each of which maps to sshd of a different host in our internal network (e.g. ssh.jesus.cam.ac.uk on port 6789 maps to internal host1 port 22 whereas ssh.jesus.cam.ac.uk on port 6790 maps to internal

https://bugzilla.mindrot.org/show_bug.cgi?id=1194 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #3 from Damien Miller <djm at mindrot.org>

The .ssh/known_hosts table cannot handle reaching different sshd servers behind a NAT router. The machines are selected by having the SSHDs respond to differnt ports. A second request would be to allow known_hosts checking solely on the dns name, wildcarding the IP address. This would be useful to avoid continuously warning the user every time you connect to a machine with a changing IP address

Hello Bob and thank you for your reply, first of all I hope that I'm answering in the right way since I had enabled the daily digest and I'm not sure if it's the right way to use Thunderbirds "Reply List" feature on this digest. If it's wrong this way I apologize. I turned of the daily digest so my next messages should be correct. > Are you aware of HostKeyAlias?

https://bugzilla.mindrot.org/show_bug.cgi?id=3226 Bug ID: 3226 Summary: Feature request: Prempt fingerprint prompt when connecting to new server Product: Portable OpenSSH Version: 8.4p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component:

I have had a brief discussion with Damien Miller (below) about storing host port values in the known_hosts file so as to track multiple ssh sessions (with independant keys) that run on a single host but accept connections on different ports. If it were possible to state that a given key for a remote host belonged to that host's ssh session on port 23 and that another key belonged to that

http://bugzilla.mindrot.org/show_bug.cgi?id=80 ------- Additional Comments From eric-ossh at brouhaha.com 2002-08-22 04:57 ------- This "HostKeyAlias" business seems like a flimsy excuse for not implmeenting a feature that users want. In this age of ubiquitous firewalls and NAT, it is NOT reasonable to assume that two ports on the same IP address refer to the same host, or to the

Hi all, When I set up multiple tunnels from remote hosts to ports on localhost, I get the following error when I try to use them: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! (even though the keys haven't

I have a small LAN. The entire system is within my view - all the hosts, the switch and the wire. If someone is in a a position to do a "man in the middle" attack, there's no need - they already have me. Over the other side of the room, and beside my desk, I have test systems. I use disk caddies (see www.vipower.com for examples) and can switch operating systems in about the

http://bugzilla.mindrot.org/show_bug.cgi?id=910 mindrot at askneil.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mindrot at askneil.com ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the

Hi, it becomes more and more common to have machines with dynamically assigned IP addresses online (e.g. DSL), which can be found through dynamic DNS entries. Unfortunately, the "Known Hosts" mechanism doesn't work for these machines: Since the entry is made for the IP address, there's a new entry every time the address changes. Therefore, an option should be invented

Hello, Maybe I did not understand correctly the PKI trust, so forgive me if I am wrong. For example, I have multiple hosts that all serves as monitoring server, I would like to trust only these hosts, so I enrol a certificate for these using "monitoring" principal, so I can connect only to these. At first I thought we can do Match statement at ssh_config, however, the Match is being

http://bugzilla.mindrot.org/show_bug.cgi?id=393 markus at openbsd.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |INVALID ------- Additional Comments From markus at openbsd.org 2002-09-11

Hi all, I noticed a bit of an odd issue with maintaining `known_hosts` when the target machine is behind a bastion using `ProxyJump` or `ProxyCommand` with host key clashes. Client for me right now is OpenSSH_9.3p1 on Gentoo Linux/AMD64. I'm a member of a team, and most of us use Ubuntu (yes, I'm a rebel). Another team who actually maintain this fleet often access the same machines

http://bugzilla.mindrot.org/show_bug.cgi?id=1039 Summary: Incomplete application of HostKeyAlias in ssh Product: Portable OpenSSH Version: 4.0p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: bitbucket at mindrot.org ReportedBy: cdmclain

https://bugzilla.mindrot.org/show_bug.cgi?id=1602 --- Comment #8 from Marc Herbert <marc.herbert+mindrot at gmail.com> --- Fun fact: ssh _does_ produce brackets for IPv6 addresses in .ssh/known_hosts: [review.openstack.org]:29418,[104.130.246.32]:29418 ssh-rsa AAAAB3NzaC1yc2... [review.openstack.org]:29418,[2001:4800:7819:103:be76:4eff:fe04:9229]:29418 ssh-rsa AAAAB3Nza... But it

On 23/04/2018 11:49, Michael Felt wrote: > On 21/04/2018 16:21, Michael Felt wrote: > > > Question: I have not dug into the tests yet. Will copy to a "local" > directory, and not build out of tree and see if that fixes it (as it > does for many other packages). However, just in case it does not - how > can I fast-forward the tests to the "agent" tests?

http://bugzilla.mindrot.org/show_bug.cgi?id=910 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #954 is|0 |1 obsolete| | Attachment #1052 is|0 |1 obsolete|

On Fri, 18 Aug 2023 at 17:18, Stuart Longland VK4MSL <me at vk4msl.com> wrote: > On 18/8/23 15:39, Darren Tucker wrote: [...] > > I think you just need "HostKeyAlias mytarget" here. > > Ahh, in my scanning through the `ssh_config` manpage, I missed this, and > change logs seem to indicate this feature has been around since at least > 2017, so should not cause