similar to: Logging of key fingerprint / comment with 3.4p1

This patch is against 3.0.2p1. It produces output like the first line in the example below for both v1 and v2 logins. Logging is turned on by sticking ``LogFingerprint yes'' in sshd_conf. It would be nice if something like this would make it into OpenSSH. Dec 4 14:21:09 lizzy.bugworks.com sshd[7774]: [ID 800047 auth.info] Found matching RSA1 key:

How about adding a --no-detach option (to be used in combination with --daemon) to rsync so it can be run under Dan Bernstein's daemontools' supervise? If there's interest I'll provide a patch. -- Jos Backus _/ _/_/_/ Santa Clara, CA _/ _/ _/ _/ _/_/_/ _/ _/ _/ _/

It appears to be possible to put comments in DSA key files, even though comments are not supported in those files: taiko:/depot/src/openssh-2.5.2p2% ./ssh-keygen -d -f mykey -C "comment" Generating public/private dsa key pair. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in mykey. Your public key has been saved in

And lsof the agent too - see what files it has open... Nico -- > -----Original Message----- > From: Kevin Steves [mailto:kevin at atomicgears.com] > Sent: Friday, August 23, 2002 4:48 PM > To: openssh-unix-dev at mindrot.org > Cc: stevesk at pobox.com > Subject: Re: 3.4p1 ssh-agent auth-retry patch available: was: Re: > Updated ssh-agent authentication retry patch available

What about this one? The diff looks like this: --- src/sys/net/zlib.c 2002/02/17 17:35:18 1.11 +++ src/sys/net/zlib.c 2002/03/20 04:05:26 1.12 @@ -10,7 +10,7 @@ * - added inflateIncomp and deflateOutputPending * - allow strm->next_out to be NULL, meaning discard the output * - * $FreeBSD: /c/ncvs/src/sys/net/zlib.c,v 1.11 2002/02/17 17:35:18 jedgar Exp $ + * $FreeBSD:

[My apologies if this question is deemed inappropriate for this list.] Using OpenSSH, is it possible for a program/script to copy files with known filenames from a remote server (running sshd), without allowing (interactive) ssh access to that server? I.e. ``ssh server ls'' or ``ssh server'' should not be possible (for security reasons), but ``scp server:file .'' should.

I wrote a patch to make the number of times and and the delay between retries that ssh attempts to talk to ssh-agent configurable. This patch is indispensible when running multiple ssh sessions in parallel from a script (e.g. to run commands on a large number of hosts); without the patch, many ssh sessions simply fail because they cannot contact the agent, rendering the mechanism unusable. If

Here's a list of cosmetic changes I'd be willing to make to the code in order to make it more consistent, which stylisticly it currently is not. - separate function definitions by 2 newlines - put spaces after commas in arg lists - put spaces around assignments - remove trailing spaces - change space indents to tabs - fix multiline comments - remove redundant /* dw */ comments (Deborah

Does this version implement the ability to be run under Dan Bernstein's supervise/multilog utilities? I.e. can sshd be told not to daemonize and log all messages to stdout/stderr instead of syslog? Thanks, -- Jos Backus _/ _/_/_/ "Modularity is not a hack." _/ _/ _/ -- D. J. Bernstein _/

People might find this entertaining and/or useful: http://www.gnu.org/manual/autoconf-2.52/html_chapter/autoconf_10.html With the help of Jos Backus I just discovered the answer to http://lists.samba.org/pipermail/rsync-cvs/2002-January/001271.html is that Sun's test(1) is breathtakingly broken when passed a dangling symlink: $ ln -s /nowhere bad $ ls -l bad lrwxrwxrwx 1 josb

We have an application, running under ssh-agent, which fires off a large number of ssh processes, all of which try to talk to the agent through the UNIX domain socket under /tmp. When the agent is slow to respond and the listen queue fills up, connect()s start to fail with ECONNREFUSED, and ssh exits (agent authentication being used exclusively). To some extent this problem can be mitigated by

This causes a compile error on Solaris. Fix: Index: socket.c =================================================================== RCS file: /cvsroot/rsync/socket.c,v retrieving revision 1.73 diff -u -r1.73 socket.c --- socket.c 25 Jan 2002 02:13:05 -0000 1.73 +++ socket.c 11 Feb 2002 20:04:33 -0000 @@ -590,7 +590,7 @@ if ((listener = socket(PF_INET, SOCK_STREAM, 0)) == -1) goto failed;

http://bugzilla.mindrot.org/show_bug.cgi?id=339 Summary: 3.4p1: UsePrivilegeSeparation breaks key fingerprint logging Product: Portable OpenSSH Version: -current Platform: All URL: http://www.catnook.com/misc/sshd-key-fp-logging.txt OS/Version: Solaris Status: NEW Severity: normal

These patches are against 3.0.1p1. I need them because I have a local mod which needs access to the ServerOptions struct named ``options'', hence the rename. --- auth-rsa.c.orig Mon Nov 19 16:54:01 2001 +++ auth-rsa.c Mon Nov 19 16:56:18 2001 @@ -180,8 +180,7 @@ * user really has the corresponding private key. */ while (fgets(line, sizeof(line), f)) { - char *cp; - char

Currently the --write-batch option in addition to creating the batch files also syncs the target tree. I'm not sure whether this is always desired. So far the only way I have been able to come up with to prevent the target tree from being populated is the patch below; however, the top-level target directory is still created, so it is not complete. Does this sound like a worthwile addition to

OpenSSH still has this feature, SSH-1.2.27 no longer has it. Admittedly it can be useful sometimes, even though I'd prefer this to be done using a trivial shell wrapper, which would be the UNIX way of doing things. Not being able to call OpenSSH's ssh by another name (say ``ssh1'') can get in the way when having to maintain two versions of ssh in parallel because the ``ssh ->

OK. I got the rsync CVS code and compiled under Linux. That did the job, but only with --no-whole-file because of the local transfer. I then tried to read-batch... under Windows / Cygwin with the current Cygwin rsync. That didn't work - as expected. After compiling again under cygwin it worked! I can now create a diff from a new CD to the version before and send the diff files by email. On

This patch against OpenSSH 3.2.3p1 implements an ssh-agent authentication retry mechanism which is useful when starting many ssh clients in a short period of time. The number of retries and the maximum delay between retries is runtime-configurable using AuthMaxRetries <integer> AuthRetryDelay <seconds> The patch is available at:

Is there a way to specify on a per-object basis that Puppet should merely report that an object needs to be updated without actually performing the update? This would make it possible to detect changes to critical objects (e.g. config files) that Puppet shouldn''t try to fix automaticaly. -- Jos Backus jos at catnook.com

--On Monday, May 14, 2007 9:16 PM -0700 Jos Backus <jos@catnook.com> wrote: > ObPuppet: we ramping up our deployment this week to around 200 hosts. So > far everything has been going smoothly. We don''t have nearly as many and yet, we see occasional errors ("End of file reached") which seems to indicate the network cutting out. I can''t imagine what would