similar to: [Bug 95] New: Allow '%' expansion to work in ssh and ssh-add

Here is a patch to allow private key files to be placed system wide (for all users) in a secure (non-NFS) mounted location on systems where home directories are NFS mounted. This is especially important for users who use blank passphrases rather than ssh-agent (a good example of where this is necessary is for tunnelling lpd through ssh on systems that run lpd as user lp). IdentityFile now accepts

By the way, I noticed in the previous IdentityFile patch I forgot to expand tilde. I fixed this by making the change in ssh.c instead of readconf.c, which is probably where it belongs, as far as the existing code is concerned: diff -ur openssh-3.0.2p1/auth.c openssh-3.0.2p1I/auth.c --- openssh-3.0.2p1/auth.c Sun Nov 11 17:06:07 2001 +++ openssh-3.0.2p1I/auth.c Sun Jan 27 12:05:14 2002 @@ -44,7

Here is the user-dependent IdentityFile patch for openssh3.5 (BSD version), which allows private key files to be placed system wide (for all users) in a secure (non-NFS) mounted location. This addresses an important security hole on systems where home directories are NFS mounted, particularly if there are users who use blank passphrases (or when lpd is tunneled through ssh on systems running lpd

http://bugzilla.mindrot.org/show_bug.cgi?id=95 ------- Additional Comments From jprondak at visualmedia.com 2002-02-02 09:25 ------- Created an attachment (id=18) patch to tildexpand.c and auth.c to allow '%' substitution everywhere ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=93 ------- Additional Comments From jprondak at visualmedia.com 2002-02-02 08:45 ------- Created an attachment (id=16) ssh-add.c patch to search ssh_config for IdentityFile(s) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=1159 Summary: %u and %h not handled in IdentityFile Product: Portable OpenSSH Version: 4.3p2 Platform: All URL: http://www.math.ualberta.ca/imaging/snfs/openssh.html OS/Version: Linux Status: NEW Keywords: patch Severity: normal Priority: P2

http://bugzilla.mindrot.org/show_bug.cgi?id=94 ------- Additional Comments From jprondak at visualmedia.com 2002-02-02 09:15 ------- Created an attachment (id=17) Patch to sshd to allow a userdefinable identification string ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

Hi, The name of the identity file defaults to what fill_default_options() in readconf.c does: SSH_PROTO_1: "~/%.100s", _PATH_SSH_CLIENT_IDENTITY SSH_PROTO_2: "~/%.100s", _PATH_SSH_CLIENT_ID_RSA "~/%.100s", _PATH_SSH_CLIENT_ID_DSA Identity files are always expanded by tilde_expand_filename() which gets the name of the home directory from

https://bugzilla.mindrot.org/show_bug.cgi?id=3552 Bug ID: 3552 Summary: ssh_config option RevokedHostKeys doesn't do tilde expansion on the filename Product: Portable OpenSSH Version: 9.0p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5

https://bugzilla.mindrot.org/show_bug.cgi?id=3570 Bug ID: 3570 Summary: Add substitution token for explicitly selected IdentityFile for ControlPath selection Product: Portable OpenSSH Version: 9.3p1 Hardware: All OS: Linux Status: NEW Severity: enhancement Priority: P5

https://bugzilla.mindrot.org/show_bug.cgi?id=3080 Bug ID: 3080 Summary: Document IdentityFile=none and clarify interaction of defaults with IdentitiesOnly Product: Portable OpenSSH Version: 8.0p1 Hardware: Other OS: All Status: NEW Severity: normal Priority: P5

Hi, We'd like to run sshd with a configuration morally equivilent to: # stuff ... AuthorizedKeysFile /var/db/keys-distributed-by-security-team/%u AuthorizedKeysFile %h/.ssh/authorized_keys # be backwards compatable for a bit longer yet AuthorizedKeysFile %h/.ssh/authorized_keys2 # more stuff ... The following patch (against the cvs source) turns the authorizedkeysfile statement in sshd.conf

This allows me to set 'ControlPath ~/.ssh/sockets/%h.%p.%u' for example. Have I missed a good reason why ssh_connect finds the default port number for itself instead of just having it in options.port (like we do for the the default in options.user)? --- openssh-4.1p1/ssh.c~ 2005-06-12 09:47:18.000000000 +0100 +++ openssh-4.1p1/ssh.c 2005-06-12 09:40:53.000000000 +0100 @@ -604,6 +604,17

https://bugzilla.mindrot.org/show_bug.cgi?id=1585 Jakub Jelen <jjelen at redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jjelen at redhat.com --- Comment #20 from Jakub Jelen <jjelen at redhat.com> --- Created attachment 2647

It seems that users may be disclosing unintended public key info when logging into remote hosts. Use of the words keypair/keyid/etc have been bastardized. Signature is likely better. Note also, the author may be without clue. Setup: [g] - refers to an administrative group of hosts [n] - refers to a host within that group ws[g][n] - management workstations [trusted] User ssh-add's keys for

On Mon, 17 Aug 2015, Todd C. Miller wrote: > I like the idea but tilde_expand_filename() calls fatal() if it > cannot resolve ~foo. This is not terrible when using -L and -R on > the normal command line but it seems pretty harsh to exit when -L > or -R are used via the ~C escape or the streamlocal-forward at openssh.com > request. > Message-Id: <aea6cdc1d1b42d07 at

Hi, the following patch to contrib/cygwin/ssh-host-config creates /etc/ssh_config and /etc/sshd_config according to the current default config files. Could somebody please check it in? Corinna Index: contrib/cygwin/ssh-host-config =================================================================== RCS file: /cvs/openssh_cvs/contrib/cygwin/ssh-host-config,v retrieving revision 1.3 diff -u -p

http://bugzilla.mindrot.org/show_bug.cgi?id=95 ------- Additional Comments From djm at mindrot.org 2005-06-06 22:39 ------- There is now (OpenBSD -current 20050606) a misc.c:percent_expand() function that you can use for things like this. Patches welcome. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=95 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |DUPLICATE ------- Comment #4 from djm at mindrot.org 2006-03-12 16:06 -------

http://bugzilla.mindrot.org/show_bug.cgi?id=95 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED ------- Comment #5 from dtucker at zip.com.au 2006-10-07 11:35 ------- Change all RESOLVED bug to CLOSED with the exception of