similar to: ServerLiesWarning

Hello, I need to allow for some people to execute ssh with one shared private key for remote executing command on various machines. However, it is not possible to set group permissions for private keys and it is possible to have just one private key file for one user. Please, is it possible to add patches into openssh development tree like these, so that standard behavior of ssh is not changed,

OpenSSH supports the -b bind_address argument for binding to a local IP address when connecting to a remote host. It's however currently not possible to specify a local port to bind to, something I've found useful at several occasions. Below is an unified diff that introduces the [-B bind_port] option to ssh(1) and a ssh_config(5) style option "BindPort bind_port". This allows

Hi, i have written a patch for openSSH 5.8p2 which allows the user to set the local source port. The patch is as follows: diff -rupN openssh-5.8p2//readconf.c openssh-5.8p2-srcport//readconf.c --- openssh-5.8p2//readconf.c 2010-11-20 04:19:38.000000000 +0000 +++ openssh-5.8p2-srcport//readconf.c 2011-07-17 20:57:52.385044096 +0100 @@ -125,7 +125,7 @@ typedef enum { oGlobalKnownHostsFile2,

Below is a patch against the current OpenBSD OpenSSH CVS to workaround a behavior I have observed when converting from SSH 1.2.27 to OpenSSH while using the same old RSA1 host key for protocol 1. In several cases I saw that old SSH sshd reported a host key size of 1024 bits when OpenSSH saw it as 1023 bits. Without the patch, when OpenSSH's ssh client connects to an old SSH sshd it warns

This is a better approach to persistent control masters than my previous attempt. Instead of forking before we make the connection, do so only when the original session has closed -- much like the code for '~&' backgrounding already does. My earlier patch for 'ControlPath none' still applies and is required, btw. --- openssh/clientloop.c~ 2005-06-17 03:59:35.000000000 +0100

In the current implementation, ssh always uses the hostname supplied by the user directly for the SSHFP DNS record lookup. This causes problems when using the domain search path, e.g. I have "search example.com" in my resolv.conf and then do a "ssh host", I will connect to host.example.com, but ssh will query the DNS for an SSHFP record of "host.", not

It would be useful to allow matching HostName entries against Host entries. That's to say, I would find it very convenient to have an ssh_config like: Host zeus HostName zeus.greek.gods User hades Host hera HostName hera.greek.gods # [ ... ] Host *.greek.gods User poseidon UserKnownHostsFile ~/.ssh/known_hosts.d/athens # [ Default settings for *.greek.gods ] where I

Import "exploiting the new interface in vnc.c" from qemu mainstream. git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6337 c046a42c-6fe2-441c-8c8c-71466251a162 Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> --- diff -r 07a126ac0425 console.c --- a/console.c Mon Feb 16 11:39:06 2009 +0000 +++ b/console.c Mon Feb 16 12:07:19 2009 +0000 @@ -1310,6 +1310,9

Attached (and inline) is a patch to add the following config options: ControlBindMask ControlAllowUsers ControlAllowGroups ControlDenyUsers ControlDenyGroups It pulls the peer credential check from client_process_control() in ssh.c, and expounds upon it in a new function, client_control_grant(). Supplemental groups are not checked in this patch. I didn't feel comfortable taking a shot

Hello, I think there is an issue in the sampling rejection algorithm in R 3.6.0. The do_sample2 function in src/main/unique.c still has 4.5e15 as an upper limit, implying that numbers greater than INT_MAX are still to be supported by sample in base R. Please review the examples below: set.seed(123) max(sample(2^31, 1e5)) [1] 2147430096 set.seed(123) max(sample(2^31 + 1, 1e5)) [1] 1

Moin, attached is a patch, which adds a new configuration option "PreferAskpass" to the ssh config. ssh{,-add,-keygen,-agent} will use ssh-askpass to prompt for passwords, if this option is set to "yes", and if ssh-askpass is available. Default for "PreferAskpass" is "no". Pacth is against current CVS. Sebastian -- signature intentionally left blank.

Hi, we're currently considering making use of RFC4255 SSHFP records, but are hitting a problem with a 4.4p1 client running on Tru64 5.1A: [...] debug3: verify_host_key_dns DNS lookup error: out of memory [...] No matching host key fingerprint found in DNS. A 4.3p2 linux client gives the following : [...] debug3: verify_host_key_dns debug1: found 1 insecure fingerprints in DNS debug1:

I have been running openSSH 7.4p1 for a while now. When I upgraded to 7.5 a year or so ago I ran into the problem listed in this bug report: Bug report: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=218472 The release notes for 7.6 release notes indicate that the fix patch was included: https://www.openssh.com/txt/release-7.6 I tried 7.6 and I still cannot connect without a prompt wondering

https://bugzilla.mindrot.org/show_bug.cgi?id=1296 Karl P <barnaclebob at gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |barnaclebob at gmail.com Version|5.1p1 |5.6p1 Status|CLOSED

The attached patch for 4.6p1 adds a feature (-u) that will check to see if a key exists on a remote host. I use this for auditing my users transition to v2 keys very useful. If there is any interest I'll provide a patch for v2 ssh keys also. http://vapid.dhs.org/dokuwiki/doku.php?id=vapidlabs:openssh_check_key_patch -- Thanks Larry --- orig/openssh-4.6p1/sshconnect1.c 2006-11-07

this is the proposed gssapi diff against OpenSSH-current (non-portable). note: if this goes in, the old krb5 auth (ssh.com compatible) will be removed. please comment. jakob Index: auth.h =================================================================== RCS file: /home/hack/jakob/mycvs/sshgss/auth.h,v retrieving revision 1.1.1.2 retrieving revision 1.3 diff -u -r1.1.1.2 -r1.3 --- auth.h

When connecting to a host that provides an ECDSA host key and the client has "VerifyHostKeyDNS" set to 'yes' or 'ask' SSH outputs a mysterious and undocumented message "Error calculating host key fingerprint." This error actually seems to be generated by verify_host_key_dns(const char *hostname, struct sockaddr *address, Key *hostkey, int *flags) in dns.c, but

Hi list, I use ssh a lot and I often need to connect to hosts whose host key has changed. If a host key of the remote host changes ssh terminates and the user has to manually delete the offending host key from known_hosts. I had to do this so many times that I no longer like the idea ;-) I would really like ssh to ask me if the new host key is OK and if I want to add it to known_hosts. I talked

Hi, I found a small issue with DNSSEC validation of SSHFP lookups. (For reference I used OpenSSH 6.8p1 on FreeBSD 10.1). The issues is that when DNSSEC valiation fails, ssh displays a confusing message to the user. When DNSSEC validation of a SSHFP record fails, ssh presents the user with "Matching host key fingerprint found in DNS. "Are you sure you want to continue connecting

Hello there! I have made a patch against OpenSSH 3.0.2p1 which allows the fingerprint of the accepted key to be printed in the log message. It works with SSH1-RSA and SSH2 pubkey (DSA+RSA) authentication. This feature is controllable by the LogKeyFingerprint config option (turned off by default). Michal Kara -------------- next part -------------- diff -u5