similar to: [PATCH]Extending user@host syntax

https://bugzilla.mindrot.org/show_bug.cgi?id=1039 Iain Morgan <imorgan at nas.nasa.gov> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |imorgan at nas.nasa.gov --- Comment #13 from Iain Morgan <imorgan at nas.nasa.gov> --- My apologies for

Hi, I'm not a subscriber to this list so please CC: me in any replies. I found myself in a situation where I was behind a corporate firewall that allowed only web requests to the outside world (and furthermore those requests had to be via their proxy server). Therefore, I couldn't SSH to the outside world. However, the HTTP proxy 'CONNECT' method, which is normally used to

https://bugzilla.mindrot.org/show_bug.cgi?id=2728 Bug ID: 2728 Summary: HostKeyAlias not respected for certificate authority host key validation Product: Portable OpenSSH Version: 7.5p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: ssh

Hi, the attached patch adds support for the keywords "OpenCommand" and "CloseCommand" to ssh_config. They are commands which are executed before the connection is established (or ProxyCommand started) and after the connection has been closed (or ProxyCommand ended). this is usefull for stuff like portknocking or (that's what I wrote the patch for) talking with trapdoor2

Howdy -- I have a number of servers with host keys validated by certificates. These systems are behind a load-balanced frontend, and the certificates are signed as valid for the DNS name used by that common frontend address. This works well for the primary use case of the systems; however, when wishing to address only a single unit within the pool, the certificate cannot be used to validate that

Hi It seems like a nice idea to expand a %h in the HostName field in ssh_config to the host given as argument to ssh. often one would have a entry in their ssh_config like: camel* User ... It's okay if the system knows that the host camel01 fx points to the right host. But what if the actual host is camel01.daimi.au.dk this is something you wouldn't like to write in your terminal.

Suppose an SSH server has both RSA and DSA host keys for protocol 2, but I only have the DSA key, and I want to use that. I'm stuck; the OpenSSH client is hard-wired to offer both algorithms in the key exchange, and will select ssh-rsa if it's available (see myproposal.h, KEX_DEFAULT_PK_ALG). Below is a patch adding the client configuration option "PKAlgorithms" for this

Here is a quick patch against openssh-2.5.1p1 to add a new config option (pkalg) for the ssh client allowing the selection of which public keys are obtained/verified. --cut-here- diff -c3 -r orig/openssh-2.5.1p1/key.c openssh-2.5.1p1/key.c *** orig/openssh-2.5.1p1/key.c Mon Feb 5 18:16:28 2001 --- openssh-2.5.1p1/key.c Sun Mar 11 23:10:10 2001 *************** *** 534,539 **** --- 534,567 ----

Here are some problems with the latest snapshot on Mac OS X: I am by no means an autoconf expert, but here is what happens after a "autoreconf": autoconf: Undefined macros: configure.in:1291:AC_CHECK_MEMBERS([struct stat.st_blksize]) configure.in:2168:AC_CONFIG_FILES([Makefile openbsd-compat/Makefile scard/Makefile ssh_prng_cmds]) configure.in:26:AC_SYS_LARGEFILE

$ uname -R 6.5 6.5.19m $ cc -v MIPSpro Compilers: Version 7.4 $ sshd -p 8022 [client]$ ssh -p 8022 -v [host] $ par -s -SS -i -p [pid] ... 12mS sshd(3664039): fork() 12mS sshd(3664039): END-fork() = 3639808 12mS sshd(3639808): END-fork() = 0 13mS sshd(3639808): close(5) OK 13mS sshd(3639808): getuid() = 0, euid=0 14mS

Hi, tmux author refuses to add -h, --help option, because OpenSSH does not have it [1]. I don't see why convenience features of tmux should depend on OpenSSH, but because I have no other choice (and got curious) I ask here - why OpenSSH doesn't provide -h or --help option? I use PuTTY as my client, which processes --help option, and for `ssh` binary I usually use Google + StackOverflow.

I found that the documentation for -L and -R was hard to understand. So I made some changes to try to make it clearer. I started with Revision 1.328 from http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ssh.1 Comments welcome. ================ ssh.1.patch ================ --- ssh.1 2012/09/15 16:08:48 1.1 +++ ssh.1 2012/09/15 20:23:35 @@ -51,13 +51,13 @@ .Op Fl F Ar configfile .Op Fl I

Hi, Here is a patch to limit reverse port forwarding(-R) per user/key on the server. For example add: permitremoteopen="8023" ssh-dss AAAAB3NzaC1kc3MAAACBAOUE.. in user's ~/.ssh/authorized_keys server will limit -R to port 8023 only. an example of violation. ssh -v -R 8022:127.0.0.1:22 -i.ssh/id_dsa foo at 10.0.0.1 debug1: Remote: Server denied remote port forward request.

[I sent this email to the list in January but haven't seen it appear. Maybe it didn't get through moderation?] How many times have I typed in one window ssh -L 8022:server:22 user1 at gateway only so that I can type (in another window!) scp -P 8022 file user2 at localhost: This is a pain: * cumbersome * requires two commands windows * confuses ssh's host key

Dear R-users, I computed a simple mixed models which was: mod<-lmer(nb ~ site + (1|patelle),tr) The output was: Linear mixed-effects model fit by REML Formula: nb ~ site + (1 | patelle) Data: tr AIC BIC logLik MLdeviance REMLdeviance 1157.437 1168.686 -574.7184 1164.523 1149.437 Random effects: Groups Name Variance Std.Dev. patelle

OpenSSH supports the -b bind_address argument for binding to a local IP address when connecting to a remote host. It's however currently not possible to specify a local port to bind to, something I've found useful at several occasions. Below is an unified diff that introduces the [-B bind_port] option to ssh(1) and a ssh_config(5) style option "BindPort bind_port". This allows

https://bugzilla.mindrot.org/show_bug.cgi?id=3176 Bug ID: 3176 Summary: can't figure out how to test StrictHostKeyChecking accept-new Product: Portable OpenSSH Version: 8.3p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh

Allow users to specify certificates to be used for authentication on the command line with the '-z' argument when running ssh. For successful authentication, the key pair associated with the certificate must also be presented during the ssh. Certificates may also be specified in ssh_config as a CertificateFile. This option is meant the address the issue mentioned in the following

Here's another patch for people providing ssh access to restricted environments. We allow our users to use port forwarding when logging into our mail servers so that they can use it to fetch mail over an encrypted channel using clients that don't support TLS, for example fetchmail. (In fact, fetchmail has built-in ssh support.) However we don't want them connecting to other places

http://bugzilla.mindrot.org/show_bug.cgi?id=281 Summary: unable to authorize with local shadow password Product: Portable OpenSSH Version: -current Platform: MIPS OS/Version: IRIX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org