similar to: ControlPersist.

It would be useful to allow matching HostName entries against Host entries. That's to say, I would find it very convenient to have an ssh_config like: Host zeus HostName zeus.greek.gods User hades Host hera HostName hera.greek.gods # [ ... ] Host *.greek.gods User poseidon UserKnownHostsFile ~/.ssh/known_hosts.d/athens # [ Default settings for *.greek.gods ] where I

Attached (and inline) is a patch to add the following config options: ControlBindMask ControlAllowUsers ControlAllowGroups ControlDenyUsers ControlDenyGroups It pulls the peer credential check from client_process_control() in ssh.c, and expounds upon it in a new function, client_control_grant(). Supplemental groups are not checked in this patch. I didn't feel comfortable taking a shot

Hi list, I use ssh a lot and I often need to connect to hosts whose host key has changed. If a host key of the remote host changes ssh terminates and the user has to manually delete the offending host key from known_hosts. I had to do this so many times that I no longer like the idea ;-) I would really like ssh to ask me if the new host key is OK and if I want to add it to known_hosts. I talked

Moin, attached is a patch, which adds a new configuration option "PreferAskpass" to the ssh config. ssh{,-add,-keygen,-agent} will use ssh-askpass to prompt for passwords, if this option is set to "yes", and if ssh-askpass is available. Default for "PreferAskpass" is "no". Pacth is against current CVS. Sebastian -- signature intentionally left blank.

There is a race in the setup of the ControlMaster socket in auto mode, as illustrated by the following command line: ssh -oControlMaster=auto -oControlPath=sock localhost 'sleep 1; echo 1' & ssh -oControlMaster=auto -oControlPath=sock localhost 'sleep 2; echo 2' & Both of the commands will try to start up as a control client, find that sock does not exist, and switch into

Scenario: I have access to a semi-public (about 30 users) server where I keep my webpage. Occasionally, especially if I'm on the road. I use this as a bounce point to get to "secured" systems which only allow ssh from certian IP's. (Ignoring the discussion on spoofing, since we have host keys) But host keys are the problem. If anyone gets root on this hypothetical

https://bugzilla.mindrot.org/show_bug.cgi?id=1902 chrysn at fsfe.org changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |chrysn at fsfe.org --- Comment #3 from chrysn at fsfe.org --- looking to report this myself, i first found bug #1988; the change that

Hi, (I'm not subscribed to the list, so please CC me on reply.) I'd like to request adding a feature to OpenSSH: Task: ~~~~~ It is quite sometime useful to invoke a program prior to connecting to an ssh server. The most common use case will probably be port knocking. That is a small program sends certain packets to a server and the server reacts to this by unlocking the ssh port, which

My keys are secured with a passphrase. That's good for security, but having to type the passphrase either at every login or at every invocation of ssh(1) is annoying. I know I could invoke ssh-add(1) just before invoking ssh(1), if I keep track of whether I invoked it already, or write some hacky scripts; but the rest of OpenSSH is wonderfully usable without any hacks. Hence, this patch.

This allows me to set 'ControlPath ~/.ssh/sockets/%h.%p.%u' for example. Have I missed a good reason why ssh_connect finds the default port number for itself instead of just having it in options.port (like we do for the the default in options.user)? --- openssh-4.1p1/ssh.c~ 2005-06-12 09:47:18.000000000 +0100 +++ openssh-4.1p1/ssh.c 2005-06-12 09:40:53.000000000 +0100 @@ -604,6 +604,17

Hi I'm trying to wrap ssh in an application using glib. For now, I'm launching the ssh client in master mode and want it to detach, keeping the control socket around. I figured I could do that using the -f flag and the usual Control* options to force ssh to daemonize (ideally without executing any command), but it turns out that glib doesn't recognize the daemonized process as

http://bugzilla.mindrot.org/show_bug.cgi?id=989 Summary: openssh-3.9p1 on Solaris 8 - multiplex.sh NOK Product: Portable OpenSSH Version: 3.9p1 Platform: UltraSparc OS/Version: Solaris Status: NEW Keywords: patch, help-wanted Severity: normal Priority: P5 Component: Build system

http://bugzilla.mindrot.org/show_bug.cgi?id=1330 Summary: RFE: 'ControlPersist' support -- automatically fork and leave ControlMaster behind as a d?mon Product: Portable OpenSSH Version: 4.6p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component:

http://bugzilla.mindrot.org/show_bug.cgi?id=1349 Summary: race condition with ControlMaster=auto Product: Portable OpenSSH Version: 4.6p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: bitbucket at mindrot.org ReportedBy: dot at dotat.at

On Mon, 15 Jul 2024, mark.yagnatinsky at barclays.com wrote: > Resending, got blocked last time. > > I have a few things I'd like to say about the (seriously nifty) connection sharing feature of OpenSSH and I'm not sure if the convention here is to use one email thread per distinct thing or just stuff everything into one email. > I decided to combine them because splitting is

There's currently no way to express trust for an SSH certificate CA other than by manually adding it to known_hosts. This patch modifies the automatic key write-out behaviour on user verification to associate the hostname with the CA rather than the host key, allowing environments making use of certificates to update (potentially compromised) host keys without needing to modify client

I promised to be more patient and I think I'm doing better this time :) But I think I've waited long enough to be entitled to send a reminder now ;) So: does anyone know if -O proxy is documented anywhere official? Once I knew what to look for, I found the release notes for the version it was added, but I'd have never found that if I didn't already know the option name. In order

Thanks for replying! And noted, re: patience... will do. Passing -O proxy works!! This great! I feared I'd have to write an SSH client or something. You have improved my mood by at least 300%. I can't find this option documented ANYWHERE. Is it documented? Re: socket paths: thanks for the sample, I guess I'll use the .ssh dir too :) Re: thing 5: you're right it DOES do it

https://bugzilla.mindrot.org/show_bug.cgi?id=1517 Summary: ssh ControlMaster process is crashing frequently when multiplexing ssh and scp connections with error 'select: Invalid argument' Product: Portable OpenSSH Version: 5.1p1 Platform: Sparc OS/Version: Solaris Status: NEW

I noticed "make tests" for openssh-5.2p1 fails the multiplex.sh tests. Turns out this is because I happen to have some non-standard configuration options in $HOME/.ssh/config and most of the multiplex.sh tests do not use a "-F $OBJ/ssh_config" option, which means they end up reading the users $HOME/.ssh/config. Is this on purpose or a bug?