similar to: Defaults for protocol and ssh-keygen (and an introduction)

Hi, I tripped over the effects of commit 660854 [0] when moving some infrastructure from Debian 7 to 8 (openssh 6.0 to 6.7); our ansible module used "return 0, but no output" for 'host not found in known_hosts file', and now complains that ssh-keygen is returning an error status. I don't think this change in API was announced in the release notes? i.e. ssh-keygen -F

Hi, A bug I've had reported is that scp doesn't work with large files (Debian bug number 106809). The problem seems to be scp.c:504: if ((fd = open(name, O_RDONLY, 0)) < 0) Is there some reason why making that if ((fd = open(name, O_RDONLY|O_LARGEFILE, 0)) < 0) would break things? It seems a simple fix to me... Thanks, Matthew -- "At least you know where you are

Hi, It seems from the source code that there are a couple of quirks with this option: firstly, in the code it's mis-spelt as "challenge_reponse_authentication" and secondly, the default for the client (in readconf.c) seems to be off, whereas for the server (servconf.c) seems to be on: readconf.c: if (options->challenge_reponse_authentication == -1) readconf.c:

Hi, ssh-keygen is unable to change version 2 keys' comments (this was true in 2.9p2, and the changelog doesn't make me think this has changed), so I think this should be documented. Here's a patch to ssh-keygen.1 (It's based on an ssh-keygen patched with my previous patch). Cheers, Matthew --- ssh-keygen.1.orig Thu Sep 27 20:31:48 2001 +++ ssh-keygen.1 Thu Sep 27 20:40:32 2001

Hi, Some systems (sysvinit-using ones, at least, such as linux) do not have /etc/rc, so the references to it in ssh-keygen.1 are not very helpful. Here's a quick patch to remove those references. Cheers, Matthew --- ssh-keygen.1.orig Thu Sep 27 20:31:48 2001 +++ ssh-keygen.1 Thu Sep 27 20:34:34 2001 @@ -99,8 +99,7 @@ or .Pa $HOME/.ssh/id_rsa . Additionally, the system

Hi, protocolkeepalives sends ssh_msg_ignore, which the ssh2 server handles incorrectly (i.e. it produces some output to syslog, instead of ignoring the packet): Jul 9 11:58:07 ren sshd[16580]: error: Hm, dispatch protocol error: type 32 plen 4 This patch implements a highly advanced function to ignore these packets ;) Matthew -------------- next part -------------- An embedded and

Hi, Several people have asked that scp support the -1 and -2 options, so I wrote this patch. Cheers, Matthew -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: scp.diff Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20010722/7e096fab/attachment.ksh -------------- next part -------------- -- "At least you know

Hi, Debian have #defined out this function in entropy.c for some time (since it causes things to break too often, given I don't maintain openssl). Does it serve a useful function security-wise? Thanks, Matthew -- "At least you know where you are with Microsoft." "True. I just wish I'd brought a paddle." http://www.debian.org

Hi, These patches are from Robert Bihlmeyer to make ssh build on Hurd. If you have queries about them, I suggest contacting debian-hurd at lists.debian.org. Cheers, Matthew -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: openssh-2.9-hurd.diff Url:

Hi, This patch (mostly my work, except for protocolkeepalives, which rjk at greenend.org.uk wrote for 2.5, and I forward-ported) came out our usage for VPN tunnels of ssh, where it was useful for ssh to notice if the server went away. It includes documentation, and is pretty self-explanatory. Matthew -------------- next part -------------- An embedded and charset-unspecified text was

Hi, Quick change to ssh.1 to document ~/.ssh/identity_rsa and _dsa. Cheers, Matthew -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: sshman.diff Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20010722/a6d628e2/attachment.ksh -------------- next part -------------- -- "At least you know where you are with

Hi, Man page: -q Quiet mode. Causes all warning and diagnostic messages to be suppressed. Only fatal errors are displayed. But in log.h: typedef enum { SYSLOG_LEVEL_QUIET, SYSLOG_LEVEL_FATAL, so in log.c: void do_log(LogLevel level, const char *fmt, va_list args) { char msgbuf[MSGBUFSIZ]; char fmtbuf[MSGBUFSIZ]; char *txt = NULL; int pri = LOG_INFO; if (level

Hi, Patch from Adam McKenna (via Debian BTS) to improve how we document scp -r: --- scp.1.orig Thu Sep 27 21:28:12 2001 +++ scp.1 Thu Sep 27 21:29:22 2001 @@ -72,7 +72,9 @@ Preserves modification times, access times, and modes from the original file. .It Fl r -Recursively copy entire directories. +Recursively copy entire directories. A trailing slash (/) on a source file +name means

Hi, There seems to be a problem with the arc4random code on mips/mipsel, producing the following error message: Couldn't obtain random bytes (error 604389476) To quote the bug submitter: "On mips and mipsel, the above error message is frequently seen when calling ssh with a command, usually several times in rapid succession, although that is not always the case. The error appears to

Hi, quick patch to ssh-copy-id to make it set the file modes more correctly. Thanks, Matthew --- contrib/ssh-copy-id.orig Thu Sep 27 21:47:44 2001 +++ contrib/ssh-copy-id Thu Sep 27 21:47:52 2001 @@ -33,7 +33,7 @@ exit 1 fi -{ eval "$GET_ID" ; } | ssh $1 "test -d .ssh || mkdir .ssh ; cat >> .ssh/authori zed_keys ; chmod g-w . .ssh .ssh/authorized_keys" +{ eval

Hi, if I do the following: ssh -X localhost su - another_user xterm I get: X connection to ming:10.0 broken (explicit kill or server shutdown). Where what is really wanted was something like: Xlib: connection to ":0.0" refused by server Xlib: Client is not authorized to connect to Server xterm Xt error: Can't open display: :0.0 'tis easy to reproduce the bug, but the debug

Hi, I get the following, having built openssh 3.0.1p1 on a linux system - this is the result of trying to ssh to localhost. OpenSSH_3.0.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090601f debug1: Reading configuration data /etc/ssh/ssh_config debug1: Seeding random number generator debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: restore_uid debug1:

I am trying to automate ssh-keygen creating keys without a passphrase. How can I run a script that calls ssh-keygen so that it does NOT require a passphrase? When I was testing on the command line I created a file that contained 2 line feeds and piped it into stdin. I got a message mentioning that ssh-askpass could not be found and it completed. I did not try the keys but I would like to be

I am reading: https://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-bind-rndc.html I have bind installed and default config running. I have not applied my customizations yet. The first step I am taking is getting rndc.key created. So reading the guide I am trying to run (while logged in as root, and in /etc): dnssec-keygen -a hmac-md5 -b 256 -n HOST rndc.key The system is just

On Fri, Feb 17, 2017 at 09:28:52AM +1100, Darren Tucker wrote: [...] > so yeah, ssh-keygen should have probably errored out "unsupported key type". diff --git a/sshkey.c b/sshkey.c index 4768790..f45e239 100644 --- a/sshkey.c +++ b/sshkey.c @@ -89,7 +89,9 @@ static const struct keytype keytypes[] = { { "ssh-ed25519-cert-v01 at openssh.com", "ED25519-CERT",