similar to: hashing known_hosts

Hi list, I use ssh a lot and I often need to connect to hosts whose host key has changed. If a host key of the remote host changes ssh terminates and the user has to manually delete the offending host key from known_hosts. I had to do this so many times that I no longer like the idea ;-) I would really like ssh to ask me if the new host key is OK and if I want to add it to known_hosts. I talked

Hi, below is a patch to simply mention 'ssh-keygen' when a fingerprint does not match between the known_hosts file and the remote. I find that many people are unaware that ssh-keygen can do this for them. adding a copy-and-pasteable message in the warning will make users more aware. Description: Mention ssh-keygen in ssh fingerprint changed warning Author: Scott Moser <smoser at

When connecting to a host for which there's no known hostkey, check if the relevant key has been accepted for other hostnames. This is useful when connecting to a host with a dymamic IP address or multiple names. --- auth.c | 4 ++-- hostfile.c | 42 ++++++++++++++++++++++++++++-------------- hostfile.h | 8 ++++++-- sshconnect.c | 39 +++++++++++++++++++++++++++++++++------

It would be useful to allow matching HostName entries against Host entries. That's to say, I would find it very convenient to have an ssh_config like: Host zeus HostName zeus.greek.gods User hades Host hera HostName hera.greek.gods # [ ... ] Host *.greek.gods User poseidon UserKnownHostsFile ~/.ssh/known_hosts.d/athens # [ Default settings for *.greek.gods ] where I

This patch introduce extent buffer cache for every i-node. By this way, we can save the search time and reduce the lock contention of the root because we needn''t search the item from the root of b+ tree. Implementation: - add two pointers of extent buffer into btrfs_inode struct, one for nodes/leaves of fs/file tree, the other for nodes/leaves of the log tree. - add a variant to tell

At the present moment, my guest is running inside qemu and host is kvm intel, running Ubuntu 14.04, kernel is 4.3.0 stable. From within the guest, when I run "hdparm -i /dev/sdb" on the guest, I get: HDIO_GET_IDENTITY failed: Invalid argument as the error,but on the host, I will get the full harddisk/SSD info. Can I know how to resolve this so that the output is the same for both

This patch changes some BUG_ON() to the error return. (but, most callers still use BUG_ON()) Signed-off-by: Tsutomu Itoh <t-itoh@jp.fujitsu.com> --- fs/btrfs/ctree.c | 3 ++- fs/btrfs/disk-io.c | 5 ++++- fs/btrfs/extent-tree.c | 25 ++++++++++++++++++------- fs/btrfs/file-item.c | 3 ++- fs/btrfs/inode-map.c | 3 ++- fs/btrfs/ioctl.c | 5 ++++-

This is a better approach to persistent control masters than my previous attempt. Instead of forking before we make the connection, do so only when the original session has closed -- much like the code for '~&' backgrounding already does. My earlier patch for 'ControlPath none' still applies and is required, btw. --- openssh/clientloop.c~ 2005-06-17 03:59:35.000000000 +0100

http://bugzilla.mindrot.org/show_bug.cgi?id=112 Summary: Using host key fingerprint instead of "yes" Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: ssh AssignedTo: openssh-unix-dev at mindrot.org

Attached (and inline) is a patch to add the following config options: ControlBindMask ControlAllowUsers ControlAllowGroups ControlDenyUsers ControlDenyGroups It pulls the peer credential check from client_process_control() in ssh.c, and expounds upon it in a new function, client_control_grant(). Supplemental groups are not checked in this patch. I didn't feel comfortable taking a shot

hi, the corner case of '-HF' hashes the whole hostline and not just the host xor IP address which means that usually it will hash "HOST,IP". This will never be matched if manually included into the known_host file. Patch against 4.7p1 attached. J. -- Jan Pechanec -------------- next part -------------- --- openssh-4.7p1/ssh-keygen.c Mon Feb 19 12:10:25 2007 +++

https://bugzilla.mindrot.org/show_bug.cgi?id=1376 Summary: 'ssh-keygen -HF' hashes host,IP together Classification: Unclassified Product: Portable OpenSSH Version: 4.7p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P3 Component: ssh-keygen AssignedTo: bitbucket

More specifically, the hashing functions in most operating systems will be provided by OpenSSL, rather than libc. OpenSSL does not have SHA1_End but since it is used only for generating fake challenges, the impact of changing it to SHA1_Final should be small. A more general solution would be to have configure.in test for sha1.h, openssl/sha.h, and SHA1_End. configure.in should also add

Damien, I've filed a bug for this on mindrot as requested, https://bugzilla.mindrot.org/show_bug.cgi?id=1348. Patch attached in case that helps reviewing. Comments welcome, Rob -- Rob Holland <rob at inversepath.com> http://www.inversepath.com - Chief R & D Engineer Inverse Path Ltd, 63 Park Road, Peterborough, PE1 2TN, UK Registered in England: 5555973 -------------- next

I added a few features to openssh for my local use that I think would be more broadly useful. I basically added access control lists to control who would be allowed public key authentication. I added four config file entries for the server: PubkeyAllowUsers PubkeyDenyUsers PubkeyAllowGroups PubkeyDenyGroups These follow the same sematics as the already existing entries for

Hi, (I'm not subscribed to the list, so please CC me on reply.) I'd like to request adding a feature to OpenSSH: Task: ~~~~~ It is quite sometime useful to invoke a program prior to connecting to an ssh server. The most common use case will probably be port knocking. That is a small program sends certain packets to a server and the server reacts to this by unlocking the ssh port, which

OpenSSH 3.0 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. This release contains many portability bug-fixes (listed in the ChangeLog) as well as several new features (listed below). We would like to thank the

Hi, I am happy to (re)send a set of patches for compiling OpenSSH 4.7p1 with FIPS 140-2 OpenSSL. These are based on previously reported patches by Steve Marquess <marquess at ieee.org> and Ben Laurie <ben at algroup.co.uk>, for ver. OpenSSH 3.8. Note that these patches are NOT OFFICIAL, and MAY be used freely by anyone. Issues [partially] handled: SSL FIPS Self test. RC4,

Before I went to the trouble of implementing this feature and sending in a patch, I want to see what the general reaction would be... I allow ssh through my firewall under certain circumstances. My firewall is a Linux box running ipchains, but it could just as easily be any firewall that can forward external ports to internal ports. My internal network uses non-published addresses, so I forward

Hi, I found a small issue with DNSSEC validation of SSHFP lookups. (For reference I used OpenSSH 6.8p1 on FreeBSD 10.1). The issues is that when DNSSEC valiation fails, ssh displays a confusing message to the user. When DNSSEC validation of a SSHFP record fails, ssh presents the user with "Matching host key fingerprint found in DNS. "Are you sure you want to continue connecting