similar to: [Bug 482] New: token parsed at first space in path

http://bugzilla.mindrot.org/show_bug.cgi?id=596 Summary: "ProxyCommand none" doesn't work Product: Portable OpenSSH Version: -current Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: openssh-bugs at mindrot.org ReportedBy:

The following patch against openssh-SNAP-20000823 allows to override the compile-time "ssh_prng_cmds" file at run time by adding new options to the server and client configurations. (We move binaries around a bit, and this was the only absolute path that couldn't be fixed at run-time). Regards Jan diff -ur openssh-SNAP-20000823.orig/entropy.c openssh-SNAP-20000823.new/entropy.c

FINALLY, it's here. You can now tell SSH which address to bind to for every single port forwarding option! This patch allows you to pass the following as ssh command line options: ssh -L 192.168.1.55:1234:localhost:80 -R ::11:22:aa:bb/80/localhost/80 etc. Or as normal config file options: LocalForward ::11:22:33/1234 localhost/80 RemoteForward 1.2.3.4:80 localhost:80 It will also

Hey Damien, > Would something like this help? > > Match sessiontype shell > User foo > Match remotecommand "none" > User foo2 > Match sessiontype exec remotecommand "/rsync" > User bar > Match sessiontype subsystem remotecommand "sftp" > User baz > > > diff --git a/readconf.c b/readconf.c > <snip> Thanks for looking

Hello, This change is to get the IdentityFile option processed from the included configuration files. Regards, Oleg Oleg Zhurakivskyy (1): Process the IdentityFile option from the included files readconf.c | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) -- 2.9.3

Here is the version of this patch for the last portable version of OpenSSH (3.5p1), as it is not included in the main tree. The patch avoids waiting to long when using ssh() or scp() on a down host, it is usefull when you have to update many hosts via rsync or rdist themselves relying upon ssh(). It enables a new option 'ConnectTimeout' to control exactly the timeout value, so that it can

Hello again! Since there was some resistance against adding TCP_NODELAY uncontionally, I've made another patch. The new patch contains the following: * Added a NoDelay yes/no (default no) config option to ssh and sshd * Added -oNoDelay=yes to the ssh command line for sftp. * Changed the sshd subsystem config option syntax from Subsystem name path to Subsystem name options path

On Mon, 30 Mar 2015, Damien Miller wrote: > On Mon, 30 Mar 2015, Hanno B?ck wrote: > > > On Mon, 30 Mar 2015 09:19:02 +1100 (AEDT) > > Damien Miller <djm at mindrot.org> wrote: > > > > > What version of OpenSSH is this? > > > > 6.8 portable on Linux. > > That's strange - the line numbers in the valgrind stack trace don't >

# This issue is also related to # Subject: Re: [openssh-dev]: disable ProxyCommand from being used? On reading ~/.ssh/config file, host name which is specified by command line and check with 'Host' line, is constant for the whole of reading. If this host name is expanded by 'HostName' option value, it's worth for making config file simple and usefull 'Host' can be

Attached (and inline) is a patch to add the following config options: ControlBindMask ControlAllowUsers ControlAllowGroups ControlDenyUsers ControlDenyGroups It pulls the peer credential check from client_process_control() in ssh.c, and expounds upon it in a new function, client_control_grant(). Supplemental groups are not checked in this patch. I didn't feel comfortable taking a shot

http://bugzilla.mindrot.org/show_bug.cgi?id=482 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|token parsed at first space |readconf doesn't accept |in path |paths with spaces in them ------- Additional Comments From

On Sat, 4 May 2024, openssh at tr.id.au wrote: > Hey there, > > I often want different behavior in my ssh client depending on > whether I'm logging into an interactive session or running > a remote non-interactive command. We can see at, say, > https://unix.stackexchange.com/a/499562/305714 that this isn't a > unique wish, and existing solutions are kind of baroque.

On Mon, 6 May 2024, openssh at tr.id.au wrote: > ... and I guess your next question will be about compilation environment, so: > > ``` > $ gcc --version > gcc (Gentoo 13.2.1_p20240210 p14) 13.2.1 20240210 > Copyright (C) 2023 Free Software Foundation, Inc. > This is free software; see the source for copying conditions. There is NO > warranty; not even for MERCHANTABILITY

Here is a quick patch against openssh-2.5.1p1 to add a new config option (pkalg) for the ssh client allowing the selection of which public keys are obtained/verified. --cut-here- diff -c3 -r orig/openssh-2.5.1p1/key.c openssh-2.5.1p1/key.c *** orig/openssh-2.5.1p1/key.c Mon Feb 5 18:16:28 2001 --- openssh-2.5.1p1/key.c Sun Mar 11 23:10:10 2001 *************** *** 534,539 **** --- 534,567 ----

For some odd reason, one line was removed from the handling of ProxyCommand in readconf.c. As a result, ssh crashes on strlen(string) when it parses this option. --- readconf.c:X Mon Aug 6 23:35:52 2001 +++ readconf.c Wed Aug 15 16:11:44 2001 @@ -475,6 +475,7 @@ case oProxyCommand: charptr = &options->proxy_command; + string = xstrdup(""); while ((arg =

Suppose an SSH server has both RSA and DSA host keys for protocol 2, but I only have the DSA key, and I want to use that. I'm stuck; the OpenSSH client is hard-wired to offer both algorithms in the key exchange, and will select ssh-rsa if it's available (see myproposal.h, KEX_DEFAULT_PK_ALG). Below is a patch adding the client configuration option "PKAlgorithms" for this

Hello all, I recently have a problem with multiple addresses and address families. Problem is simple, i have some hosts with IPv4 access only and some with IPv6 access. This wouldn't be big problem if I had a stable IP addresses. But sometimes I move to another network with complete different addresses. So I created patch which on option BindAddress accept list of addresses. With ip I solved

Is this a misuse of strtok() in OpenSSH-2.1.1p2? readconf.c:process_config_line() calls strtok() to parse config lines. When it finds oProtocol it calls compat.c:proto_spec() which in turns uses strtok(). However on return of proto_spec(), process_config_line() calls strtok() once more to (quoting from the source code) /* Check that there is no garbage at end of line. */ But surely strtok()

Hello I am attempting to build on a LynxOS platform and am using a old version of zlib and OpenSSL-0.9.6a. I get past the configure stage by ignoring the zlib version check. However, at make stage I run into the following undefineds. Any idea what may be causing this. I am using version 3.8p1 of OpenSSH. Thank you in advance for your response Amba (cd openbsd-compat && make)

Here is the user-dependent IdentityFile patch for openssh3.5 (BSD version), which allows private key files to be placed system wide (for all users) in a secure (non-NFS) mounted location. This addresses an important security hole on systems where home directories are NFS mounted, particularly if there are users who use blank passphrases (or when lpd is tunneled through ssh on systems running lpd