similar to: [PATCH] allow user to update changed key in known_hosts

Scenario: I have access to a semi-public (about 30 users) server where I keep my webpage. Occasionally, especially if I'm on the road. I use this as a bounce point to get to "secured" systems which only allow ssh from certian IP's. (Ignoring the discussion on spoofing, since we have host keys) But host keys are the problem. If anyone gets root on this hypothetical

When connecting to a host for which there's no known hostkey, check if the relevant key has been accepted for other hostnames. This is useful when connecting to a host with a dymamic IP address or multiple names. --- auth.c | 4 ++-- hostfile.c | 42 ++++++++++++++++++++++++++++-------------- hostfile.h | 8 ++++++-- sshconnect.c | 39 +++++++++++++++++++++++++++++++++------

The attached patch implements a feature that would make my interaction with ssh somewhat more secure. When connecting to a host whose key is not in the known_hosts file, this patch makes ssh tell the user about any other hosts in the known_hosts file that have the same key. For example, if I have host A in my known_hosts file, and try to connect to host B which is an alias for A, ssh will tell

Hi, below is a patch to simply mention 'ssh-keygen' when a fingerprint does not match between the known_hosts file and the remote. I find that many people are unaware that ssh-keygen can do this for them. adding a copy-and-pasteable message in the warning will make users more aware. Description: Mention ssh-keygen in ssh fingerprint changed warning Author: Scott Moser <smoser at

http://bugzilla.mindrot.org/show_bug.cgi?id=112 Summary: Using host key fingerprint instead of "yes" Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: ssh AssignedTo: openssh-unix-dev at mindrot.org

I've built NUT 2.8.0 from source. When the nut-monitor runs: fopen upsmon.pid fails. I'm running as root, upsmon has root:root permissions as well as the other daemons and .conf files. I've tried configuring with and without --prefixpath --prefixaltpath. Is there something I am missing? Please see attached. Dan -------------- next part -------------- An HTML attachment was

NUT 2.8.01 When I pull the USB cable from the UPS, I get two notifications of the nocomm-timer expired. The first notification is in the proper sequence, the second notification occurs after 'commok' occurs. Seems somehow that upssched-cmd is getting a second nocomm-timer expired delayed. Dan -------------- next part -------------- An HTML attachment was scrubbed... URL:

Hi, I found a small issue with DNSSEC validation of SSHFP lookups. (For reference I used OpenSSH 6.8p1 on FreeBSD 10.1). The issues is that when DNSSEC valiation fails, ssh displays a confusing message to the user. When DNSSEC validation of a SSHFP record fails, ssh presents the user with "Matching host key fingerprint found in DNS. "Are you sure you want to continue connecting

Now that upsstats.cgi works, I've noticed that dummy-ups changes state every 5 minutes between OL and OB (probably when the 300 second timer expires). The UPS state stays online. Also "online" and "onbatt" are broadcast to the console probably via WALL. (The state changes don't seem to be form the ups as upsshed-cmd doesn't run). Upssched-cmd does run when the UPS

Hi, I've reported this problem a month ago on this list, and probably no-one is interested? Binaries were configured with krb4 and afs enabled. However, only the second crash seems to be related to krb4. Any thoughts? I had to add one line to includes.h: #include <sys/types.h> #include <sys/socket.h> #include <sys/ioctl.h> +#include <sys/ioccom.h> #include

https://bugzilla.mindrot.org/show_bug.cgi?id=3529 Bug ID: 3529 Summary: `add_host_to_hostfile` should take into consideration that the known_hosts file isn't terminated with a newline character. Product: Portable OpenSSH Version: 9.1p1 Hardware: ix86 OS: Linux Status: NEW

It would be useful to allow matching HostName entries against Host entries. That's to say, I would find it very convenient to have an ssh_config like: Host zeus HostName zeus.greek.gods User hades Host hera HostName hera.greek.gods # [ ... ] Host *.greek.gods User poseidon UserKnownHostsFile ~/.ssh/known_hosts.d/athens # [ Default settings for *.greek.gods ] where I

Hi, I have been running nut successfully for a long time with my Debian 11 server. I upgraded my server to Debian 12 today, which upgraded nut also from 2.7.4-13 to 2.8.0-7. I noticed that after upgrade there was a upssched process running and taking 100% cpu time. I checked if there were any changes to configuration file formats with nut upgrade and only differences I noticed were a terminology

Hi, I ran the strace command while upssched was 100% CPU hungry. This is what I got: 1686633611.702798 read(7, "", 1) = 0 <0.000004> 1686633611.702816 read(7, "", 1) = 0 <0.000004> 1686633611.702834 pselect6(11, [7 10], NULL, NULL, {tv_sec=1, tv_nsec=0}, NULL) = 1 (in [7], left {tv_sec=0, tv_nsec=999998800}) <0.000006> 1686633611.702862 read(7,

Hi, I ran the strace command while upssched was 100% CPU hungry. This is what I got: 1686633611.702798 read(7, "", 1) = 0 <0.000004> 1686633611.702816 read(7, "", 1) = 0 <0.000004> 1686633611.702834 pselect6(11, [7 10], NULL, NULL, {tv_sec=1, tv_nsec=0}, NULL) = 1 (in [7], left {tv_sec=0, tv_nsec=999998800}) <0.000006> 1686633611.702862 read(7,

This is a better approach to persistent control masters than my previous attempt. Instead of forking before we make the connection, do so only when the original session has closed -- much like the code for '~&' backgrounding already does. My earlier patch for 'ControlPath none' still applies and is required, btw. --- openssh/clientloop.c~ 2005-06-17 03:59:35.000000000 +0100

Attached (and inline) is a patch to add the following config options: ControlBindMask ControlAllowUsers ControlAllowGroups ControlDenyUsers ControlDenyGroups It pulls the peer credential check from client_process_control() in ssh.c, and expounds upon it in a new function, client_control_grant(). Supplemental groups are not checked in this patch. I didn't feel comfortable taking a shot

I'm getting a floating point exception from ssh on an opteron running Linux (in 64 bit). It happens only when I ssh out to a server not supporting SSHv2 and when its public key is not already in the key file. Right after I answer "yes" to the "Are you sure?" prompt I get the exception. Here is the stack trace: Program received signal SIGFPE, Arithmetic exception

Hi everyone, I'd appreciate if someone could help me to understand what is happening. I'm attempting to connect R to the broker platform using tcp on localhost 5333. Just to learn how use make.socket, write.socket, ..functions I wrote simple code: #prepare string command to subscribe ask and bid price on Italian stock #this should be a push stream like: #First stream:

Thanks for the suggestion. However I don't think it is the right way to go. I also don't care for what install.packages() does. Signaling a warning and then an error means someone has to catch both the error and the warning, or suppress the warning, in order to handle the error programmatically. Now that library() signals a structured error there are other options. One possibility, at