similar to: patch to select pkalg

Here is a quick patch against openssh-2.5.1p1 to add a new config option (pkalg) for the ssh client allowing the selection of which public keys are obtained/verified. --cut-here- diff -c3 -r orig/openssh-2.5.1p1/key.c openssh-2.5.1p1/key.c *** orig/openssh-2.5.1p1/key.c Mon Feb 5 18:16:28 2001 --- openssh-2.5.1p1/key.c Sun Mar 11 23:10:10 2001 *************** *** 534,539 **** --- 534,567 ----

Hi, The firewall at work doesn't allow me to make a direct SSH connection to the Internet, so I use the ProxyCommand to tunnel SSH through a HTTP proxy. This works fine, except for the fact that the HTTP proxy server closes the connection after 60 seconds of inactivity. Attached below is a patch that implements a new configuration option called "Idle" that lets you specify the

Attached is a patch to allow a user to turn on TCP keepalives for port forwarded connections. It's mainly useful when the connections to the ssh listener are coming from many different boxes, some of which crash, leaving the service on the other side of the port forwarder waiting on connections indefinitely. It creates a new option named "KeepAliveForward" to control this behavior.

Attached is a patch which adds a ConnectionTimeout option, and corrects the ConnectionAttempts documentation. Previously, ssh would try to make a connection ConnectionAttempts times, sleeping 1 second between tries. But each connection attempt could take a very long time to fail if the packets die before the get to the host. So if ssh is being run in a script or what-have-you, it might be

The following patch against openssh-SNAP-20000823 allows to override the compile-time "ssh_prng_cmds" file at run time by adding new options to the server and client configurations. (We move binaries around a bit, and this was the only absolute path that couldn't be fixed at run-time). Regards Jan diff -ur openssh-SNAP-20000823.orig/entropy.c openssh-SNAP-20000823.new/entropy.c

The attached patch adds an option (off by default to preserve current behavior) to set a timeout on the select() statement that waits for input in clientloop.c. This fixes a timeout issue for me (explained below) and probably also fixes the timeouts mentioned in last month's thread "Idle time out". The patch is also available by http from:

Being rather aggrevated when testing at the enforced 1 second delay between each connection attempt and the useless 1 second delay done after all connection attempts have failed I wrote a patch to make the number of seconds delayed between each connection attempt configurable. Stephen -------------- next part -------------- diff -u --recursive openssh-2.3.0p1/ChangeLog

I have attached a patch which adds null packet keepalive functionality to the client. This patch is made against the current CVS tree as of 3/14/01. Please consider this patch for inclusion in the OpenSSH main tree. This patch is based upon and includes code from the Chris Lightfoot (chris at ex-parrot.com) patch posted 2/23. The original patch from Chris is at:

Hi! The following patch adds ability to configure the ssh client to send SSH[2]_MSG_IGNORE packets of random length at random times whithin a user-specified interval. The function is configured by setting the config-file options BogusTrafficIntervalMax and BogusTrafficIntervalMin, which defines the interval in seconds in which the packets are randomly sent. It is disabled by default. It suffices

ssh client has the ability to set the destination of debug logs via the `-E` flag. ssh_config lacks an equivalent keyword to set the same option via configs. This patch follows the same semantics of other `*Path` type keywords and creates a new ssh_config keyword `LogPath`. [0] Bugzilla: https://bugzilla.mindrot.org/show_bug.cgi?id=3683 [1] GitHub PR:

Hi, I'm not a subscriber to this list so please CC: me in any replies. I found myself in a situation where I was behind a corporate firewall that allowed only web requests to the outside world (and furthermore those requests had to be via their proxy server). Therefore, I couldn't SSH to the outside world. However, the HTTP proxy 'CONNECT' method, which is normally used to

This patch against OpenBSD -current adds a simple form of PKI to OpenSSH. We'll be using it at work. See README.certkey (the first chunk of the patch) for details. Everything below is BSD licensed, sponsored by Allamanda Networks AG. Daniel --- /dev/null Wed Nov 15 15:14:20 2006 +++ README.certkey Wed Nov 15 15:13:45 2006 @@ -0,0 +1,176 @@ +OpenSSH Certkey + +INTRODUCTION + +Certkey allows

Hello OpenSSH developers, openssh 4.2p1 breaks old openssh clients up to 3.4p1 when they try to use compression: # ssh-3.4p1 -C remote-host-with-4.2p1 pwd no matching comp found: client zlib server none,zlib at openssh.com option "-vv" shows ... debug2: kex_parse_kexinit: zlib ... debug2: kex_parse_kexinit: none,zlib at openssh.com ... debug2: mac_init: found hmac-md5 no

this (uncomplete) patch makes various features compile time options and saves up to 24K in the resulting ssh/sshd binaries. i don't know whether this should be added to the CVS since it makes the code less readable. perhaps WITH_COMPRESSION should be added, since it removes the dependency on libz -m Index: Makefile.inc =================================================================== RCS

Hi, So I screwed up when writing the support for the curve25519 KEX method that doesn't depend on OpenSSL's BIGNUM type - a bug in my code left leading zero bytes where they should have been skipped. The impact of this is that OpenSSH 6.5 and 6.6 will fail during key exchange with a peer that implements curve25519-sha256 at libssh.org properly about 0.2% of the time (one in every 512ish

Hi, I am happy to (re)send a set of patches for compiling OpenSSH 4.7p1 with FIPS 140-2 OpenSSL. These are based on previously reported patches by Steve Marquess <marquess at ieee.org> and Ben Laurie <ben at algroup.co.uk>, for ver. OpenSSH 3.8. Note that these patches are NOT OFFICIAL, and MAY be used freely by anyone. Issues [partially] handled: SSL FIPS Self test. RC4,

The attached patches fixes and cleans up the build when configured with --without-openssl. Summary: * Fix KEX_SERVER_ENCRYPT macro in myproposal.h * Fix unresolved symbols in ssh-keygen.c * Isolate openssl code and extend WITH_OPENSSL wrappers around it * Make ed25519 default key type in ssh-keygen when configured --without-openssl -------------- next part -------------- A non-text attachment was

Hello everyone.. I am fairly new to the patching format.. so I just decided to post a basic info about how to remove group1 and group14 diffie key exchange in OpenSSH. I know that they are listed as required in RFC 4253 but I don't want a client to have the choice to use a 1024 bit prime for the key exchange. If someone is getting into my system.. they should upgrade to a new client. I am a

Here is a patch to add the missing scp -1 and -2 options to eliminate confusion for users familiar with the commercial version of SSH. This patch and others are maintained on the secure nfs (SNFS) web page: http://www.math.ualberta.ca/imaging/snfs/ -- John Bowman University of Alberta diff -ur openssh-3.0.2p1/scp.c openssh-3.0.2p1J2/scp.c --- openssh-3.0.2p1/scp.c Sun Oct 21 18:53:59 2001 +++

I ask because the removal of diffie-hellman-group-exchange-sha1 happened accidently in 7.8 due to a mistake in a change to readconf.c. I noticed this and filed a bug about it along with a patch to fix readconf.c to use KEX_CLIENT_* like it used to: https://github.com/openssh/openssh-portable/commit/1b9dd4aa https://bugzilla.mindrot.org/show_bug.cgi?id=2967 Its clear the removal was unintentional