similar to: EnableSSHKeysign

Hi, On Fri, Jan 9, 2015, at 10:48 AM, Tim Rice wrote: > My ssh_config has > Host * > HostbasedAuthentication yes > EnableSSHKeysign yes > NoHostAuthenticationForLocalhost yes > > NoHostAuthenticationForLocalhost is not necessary. > The one you are missing is EnableSSHKeysign. > > Additionally, you made no mention of your ssh_known_hosts files. Make > sure

I run OpenSSH on linux @ client which ssh /usr/local/bin/ssh ssh -v OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014 @ server which sshd /usr/local/bin/sshd sshd -v unknown option -- V OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014 usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-c host_cert_file] [-E log_file] [-f config_file] [-g login_grace_time]

The problem I am seeing was introduced between 6.4p1 and 6.5p1 (and still exists in 6.6p1). With HostbasedAuthentication/EnableSSHKeysign turned on, I am seeing one of two sets of messages: no matching hostkey found ssh_keysign: no reply key_sign failed and not a valid request ssh_keysign: no reply key_sign failed Then in either case two password prompts: bowman at HOST.math.utah.edu's

http://bugzilla.mindrot.org/show_bug.cgi?id=786 Summary: ssh is still looking at default config file when it is about EnableSSHKeysign Product: Portable OpenSSH Version: 3.7p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo:

The latter versions of openssh (3.4,3.5 and 3.6.1) all seem to suffer from a broken ssh-keysign binary. This causes HostbasedAuthentication to fail. We have installed 3.6.1p1 on a Solaris 8 machine using openssl-0.9.6i. This fails thusly ssh server <......some \digits removed - a key perhaps?> ssh_keysign: no reply key_sign failed a at server's password For version 3.4p1 we patched

http://bugzilla.mindrot.org/show_bug.cgi?id=599 Summary: EnableSSHKeysign not documented Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: minor Priority: P2 Component: Documentation AssignedTo: openssh-bugs at mindrot.org ReportedBy: fcusack at

Hello, I've troubles getting the hostbased method to work. I've given up on system-to-system for now (different versions), and I'm just trying to debug localhost. As far as I can see, the key is accepted, but then a sudden "Failed hostbased" is returned: [...] debug3: mm_answer_keyallowed: key 0x8099bc0 is disallowed debug3: mm_append_debug: Appending debug messages for

OpenSSH 3.5 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. We would like to thank the OpenSSH community for their continued support and encouragement. Changes since OpenSSH 3.4: ============================ *

OpenSSH 3.5 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. We would like to thank the OpenSSH community for their continued support and encouragement. Changes since OpenSSH 3.4: ============================ *

Hi, I am trying to configure OpenSSH to allow root logins, without success so far. So I could really use some advice. This is my server configuration: AllowUsers = thomas root AuthenticationMethods hostbased,publickey ExposeAuthInfo = no ForceCommand none GSSAPIAuthentication no HostbasedAcceptedAlgorithms ssh-ed25519 HostbasedAuthentication yes HostbasedUsesNameFromPacketOnly yes HostKey

Hi! I recently started using ProxyCommand and noticed that it's not possible to specify a "none" value for it. I've already written a patch for that, but wanted to discuss the issue before posting the patch. The problem is the following: I'd like to use a ProxyCommand by default, but exclude some hosts. But as soon as I have Host * ProxyCommand /some/proxy/command %h %p

https://bugzilla.mindrot.org/show_bug.cgi?id=2378 Bug ID: 2378 Summary: Allow login to a role using Hostbased auth on platforms supporting PAM_AUSER Product: Portable OpenSSH Version: 6.8p1 Hardware: Sparc OS: Solaris Status: NEW Severity: enhancement Priority: P5

On 09/13/2018 07:54 PM, Darren Tucker wrote: > I'd guess that the reason it doesn't work is that the key is encrypted > and neither the agent nor a tty to ask for the decryption passphrase > is available. Try repeating your command line test after unsetting > SSH_AUTH_SOCK > Okay. That reproduced the issue. Is there a recommended way to provide the decryption

This patch avoids spending too much time during connect() when doing an ssh()/scp() on a down host. It uses a new client option called ConnectTimeout and is useful for rsync or rdist commands using ssh(). See http://bugzilla.mindrot.org/show_bug.cgi?id=207 for detailled info. -------------- next part -------------- --- openssh-3.6.1p1/readconf.c.ORIG Tue Apr 15 23:06:30 2003 +++

A few options appear to be missing from the list in ssh's manual. The one I didn't add is EnableSSHKeysign, whose description implies it is only effective when placed in the system-wide config file. Index: ssh.1 =================================================================== RCS file: /cvs/src/usr.bin/ssh/ssh.1,v retrieving revision 1.319 diff -u -p -r1.319 ssh.1 --- ssh.1 7 May 2011

It appears that /etc/ssh/ssh_config enforces policy on local users in addition to its documented role as provider of defaults. $ ssh -V OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f $ cat .ssh/config Host localhost HostbasedAuthentication yes PreferredAuthentications hostbased $ ssh localhost Hostbased authentication not enabled in /etc/ssh/ssh_config ssh_keysign: no reply

Heya, Most of the windows ssh clients (putty, securecrt) have anti-idle features. They offer either a null packet or protocol no-op or user defined string to be sent over every x seconds. Is this possible or planned with the OpenSSH client? Our draconian firewall admins have started timing out ssh sessions. Yes I'm aware I could hack up a port forwarding dumb traffic process, but was

Host based authentication does not seem to be working for us after upgrading to openssh-3.4p1 (we were at openssh-3.1p1) (openssl is at 0.96d). Any time we try to connect from another unix box also running openssh-3.4p1, we get the following error (on the server side) and host based auth fails (it falls back to password prompt). sshd[15038]: error: ssh_rsa_verify: RSA_verify failed:

On Fri, Jan 09, 2015 at 13:00:10 -0800, grantksupport at operamail.com wrote: > Hi > > On Fri, Jan 9, 2015, at 12:34 PM, Mark Hahn wrote: > > >> The one you are missing is EnableSSHKeysign. > > > > I suppose it's worth asking: is your ssh-keysign suid root > > (and are the permissions on your host keys sufficiently tight)? > > Note that

Hi, Recently We've upgraded some KVM hosts from Fedora 29 to Fedora 30 and now experience broken VM configurations on filesystem after virsh blockcommit. Commands "virsh dumpxml ..." and "virsh dumpxml --inactive ..." is showing diffrent configuration than the one on filesystem. In case of restart libvirtd or system reboot, there are broken VM xml configurations on