Displaying 20 results from an estimated 10000 matches similar to: "Public storage for public keys"
2001 Sep 26
3
OpenSSH 2.9.9
OpenSSH 2.9.9 has just been uploaded. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH 2.9.9 fixes a weakness in the key file option handling,
including source IP based access control.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.
This release contains many portability
2013 Aug 13
2
Collector not realizing own exported resources when filtering on tags
I''m trying to create a ssh class where the /etc/ssh/ssh_known_hosts and
/etc/ssh/shosts.equiv stays updated. The issue i''m finding is that if I
include a "tag == anything" in the Collector filter, it collects all
resources EXCEPT it''s own. In this case, the known_hosts and .equiv files
will have all the other hostnames, but not it''s own hostname.
2020 Sep 16
2
ssh-ed25519 and ecdsa-sha2-nistp256 host keys
Hello.
I am running OpenSSH 7.9p1 on my client and server. ssh-keyscan shows
the server has ssh-rsa, ssh-ed25519, and ecdsa-sha2-nistp256 host
keys. My /etc/ssh/ssh_known_hosts file contains the server's
ssh-ed25519 host key. When I try to SSH to the server I get this
error:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!
2003 Oct 20
12
[Bug 747] host authentication requires RSA1 keys
http://bugzilla.mindrot.org/show_bug.cgi?id=747
Summary: host authentication requires RSA1 keys
Product: Portable OpenSSH
Version: 3.7.1p1
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Documentation
AssignedTo: openssh-bugs at mindrot.org
ReportedBy:
2024 Jan 01
2
ssh keys hostname VS fqdn - offends?
Hi guys
Though being a mere user, - as opposed to an expert - in
many long years of ssh in my use this, is new:
-> $ ssh box5.proxmox.mine hostname -i
10.3.1.78
-> $ ssh box5 hostname -i
Warning: the RSA host key for 'box5' differs from the key
for the IP address '10.3.1.78'
Offending key for IP in /root/.ssh/known_hosts:2
Matching host key in /etc/ssh/ssh_known_hosts:2
2001 Oct 29
5
HostbasedAuthentication problem
I'm trying to use HostbasedAuthentication. Running ssh -v -v -v user at host
the following error occurs:
debug3: authmethod_is_enabled hostbased
debug1: next auth method to try is hostbased
debug2: userauth_hostbased: chost <host>
debug2: we did not send a packet, disable method
What does this mean ? I enabled HostbasedAuthentication in
/etc/ssh/ssh_config and as it looks, this setting
2015 Jan 09
5
OpenSSH_6.7p1 hostbased authentication failing on linux->linux connection. what's wrong with my config?
Hi,
On Fri, Jan 9, 2015, at 10:48 AM, Tim Rice wrote:
> My ssh_config has
> Host *
> HostbasedAuthentication yes
> EnableSSHKeysign yes
> NoHostAuthenticationForLocalhost yes
>
> NoHostAuthenticationForLocalhost is not necessary.
> The one you are missing is EnableSSHKeysign.
>
> Additionally, you made no mention of your ssh_known_hosts files. Make
> sure
2010 Mar 29
18
please decrypt your manuals
I. most of ssh manual and all sshd manual present server and client as one machine, called host. All files mentioned are placed on one machine. This is incorrect, and makes the explanation unclear. For example, man sshd SSH_KNOWN_HOSTS FILE FORMAT suggests to copy keys from /etc/ssh/ssh_host_key.pub into /etc/ssh/ssh_known_hosts, as if those files are on the same machine.
II. a general
2011 Oct 03
2
sshkey resource type in Ubuntu 10.04
Hi,
I''m attempting to distribute a known host ssh key (for github) to an
Ubuntu 10.04 host. Puppet is distributing the key into /etc/ssh/
ssh_known_hosts as:
github.com ssh-rsa [really long ssh-rsa key]
However, Ubuntu seems to expect the key in this format:
|1|[really long ssh-rsa key]
(note all the keys in my known_hosts and ssh_known_hosts not managed
by puppet are prepended with
2001 Nov 06
13
OpenSSH 3.0
OpenSSH 3.0 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.
This release contains many portability bug-fixes (listed in the
ChangeLog) as well as several new features (listed below).
We would like to thank the
2019 Aug 06
2
Dovecot replication and userdb "noreplicate".
On 06.08.2019 23:17, Reio Remma via dovecot wrote:
> On 24.06.2019 16:25, Reio Remma wrote:
>> On 24.06.2019 8:21, Aki Tuomi wrote:
>>> On 22.6.2019 22.00, Reio Remma via dovecot wrote:
>>>> Jun 22 16:55:22 host dovecot: dsync-local(user at host.ee)<>: Error:
>>>> Remote command returned error 84: ssh -i /home/vmail/.ssh/vmail.pem -l
>>>>
2024 Oct 17
2
Re: Re: SSH host key rotation – known_hosts file not updated
On Mon, Oct 14, 2024 at 5:33?AM Jan Eden via openssh-unix-dev
<openssh-unix-dev at mindrot.org> wrote:
redacted hostname and port ? sorry, should have mentioned that.
>
> > Anyway, in answer to your question. The "host key found matching a different
> > name/address" is triggered when a key received from the server in an update
> > already exists under a
2024 Jun 18
1
Call for testing: openssh-9.8
On 18.06.24 13:36, Stuart Henderson wrote:
> Not sure whether anything should be done with it, but I noticed so
> thought I'd mention: if you pass ssh-keygen -R a known_hosts file with
> DSA sigs, you get "invalid line" warnings.
Out of interest, did you, perchance, try running an ssh-keygen -l on a
DSA-infested file?
(I added a bit of extra IDS to our monitoring that
2010 Jun 02
1
known_hosts
Is there a good reason why known_hosts stores the address of the server
but not the port? This is annoying when one host is running more than
one instance of openssh with different ports and different keys, or
(less tractably) when a NAT in front of multiple hosts multiplexes
which host is connected to by port number. I see no immediate security
implication in fixing this, but am I missing
2017 May 15
5
Golang CertChecker hostname validation differs to OpenSSH
Hi all,
Last week I noticed that the CertChecker in the Go implementation of
x/crypto/ssh seems to be doing host principal validation incorrectly
and filed the following bug:
https://github.com/golang/go/issues/20273
By default they are looking for a principal named "host:port" inside
of the certificate presented by the server, instead of just looking
for the host as I believe OpenSSH
2024 Feb 17
1
How to remove old entries from known_hosts?
Brian Candler wrote:
> Chris Green wrote:
> > ... redundant ones are because I have a mixed population of
> > Raspberry Pis and such on my LAN and they get rebuilt fairly
> > frequently and thus, each time, get a new entry in known_hosts.
> ...many useful tips...
> To disable host key checking altogether for certain domains and/or networks,
> you can put this in
2020 Sep 16
2
ssh-ed25519 and ecdsa-sha2-nistp256 host keys
Here you go:
OpenSSH_7.9p1, OpenSSL 1.1.1d 10 Sep 2019
debug1: Reading configuration data /home/ryantm/.ssh/config
debug1: /home/ryantm/.ssh/config line 4: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 13: Applying options for *
debug2: resolving "{REDACTED}" port 22
debug2: ssh_connect_direct
debug1: Connecting to
2007 Apr 04
5
sshkey
Hello all,
How are you using the sshkey type? Are you using it to list hosts and keys in a class that nodes include in order to manage /etc/ssh/ssh_known_hosts or something else? How does any of this relate to the sshrsakey and sshdsakey facts on the host? I read some stuff about this on the Virtual Resources page but it''s too vague for my simple mind and I''d be reluctant to use
2016 Sep 07
2
Question regarding Host keys.
Hi,
I'm having a problem when I add "HostKeyAlgorithms +ssh-dss" to the
ssh_config file the host key will always negotiate to a wrong one. In my
case it will negotiate to "ecdsa-sha2-nistp256". The client was already
configured with the servers rsa public key, before the change I added to
the ssh_config file I could see from the debug that server and client will
negotiate
2019 Jun 24
2
Dovecot replication and userdb "noreplicate".
On 24.06.2019 8:21, Aki Tuomi wrote:
> On 22.6.2019 22.00, Reio Remma via dovecot wrote:
>> Hello!
>>
>> I finally took the time and spent two days to set up replication for
>> my server and now I have a question or two.
>>
>> I initially set noreplicate userdb field to 1 for all but a test user,
>> but I could still see in the logs that all mailboxes