similar to: patch for ssh-agent force confirm keys

Add support to load additional certificates for already loaded private keys. Useful if the private key is on a PKCS#11 hardware token. The private keys inside ssh-agent are now using a refcount to share the private parts between "Identities". The reason for this change was that the PKCS#11 code might have redirected ("wrap") the RSA functions to a hardware token. We don't

ssh-agent is a great tool that is often misconfigured with respect to agent forwarding. How many people running ssh-agent and doing a ssh -A have the very same public keys in ~/.ssh/authorized_keys of the machine they are coming from? ssh(1) is very clear in its warning about enabling agent forwarding. The simple act of prompting the user before using the key would enable them to determine

Hi everyone. I have a system where I'd like to give certain users time-limited access to the use of certain SSH private keys without actually exposing the keys. I have the idea of using ssh-agent to do this. The agent would run as a "keyholder" user, and group permissions on the UNIX-domain socket would allow read-write by both that account and the actual ssh user. Right now,

key is freed outside of the if that checks if key is NULL therefore, NULL could be sent to the key_free function which will not handle it correctly. The fix is to move key_free to a place where you know key is not NULL. This patch moves the key_free call. This entire set of patches passed the regression tests on my system. Bug found by Coverity. Signed-off-by: Kylene Hall <kjhall at

Hi all! I do not know openssh patch policy so I am just sending the patch to the mailing list. Sorry for inconvenience. Ssh-agent seems to be too slow if you need to access thousands of servers. This is a simple patch to enable threading in ssh2 authentication. Patch adds "-p numthreads" option and defaults to the number of processors. I've tested it as I could, but

Moin, attached is a patch, which adds a new configuration option "PreferAskpass" to the ssh config. ssh{,-add,-keygen,-agent} will use ssh-askpass to prompt for passwords, if this option is set to "yes", and if ssh-askpass is available. Default for "PreferAskpass" is "no". Pacth is against current CVS. Sebastian -- signature intentionally left blank.

On Nov 14, 2017, at 4:11 PM, Damien Miller <djm at mindrot.org> wrote: > On Mon, 13 Nov 2017, Ron Frederick wrote: >> I noticed a problem recently when running some test code against >> the OpenSSH 7.6p1 ssh-agent. These tests ran fine against OpenSSH >> 7.5p1 and earlier, but with OpenSSH 7.6p1, they were suddenly causing >> ssh-agent to exit. > > Sorry,

http://bugzilla.mindrot.org/show_bug.cgi?id=146 Summary: OpenSSH 3.1p1 will not build on BSD/OS 4.2/4.1/4.01 Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: BSDI Status: NEW Severity: major Priority: P2 Component: Build system AssignedTo: openssh-unix-dev at mindrot.org

http://bugzilla.mindrot.org/show_bug.cgi?id=174 Summary: compile error on BSDi 4.0.1 Product: Portable OpenSSH Version: 3.1p1 Platform: ix86 OS/Version: BSDI Status: NEW Severity: normal Priority: P2 Component: ssh-agent AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: deven at

Hi While I was working on a script that uses rsync file list found this: (which I guess is due adding / for dirs in f_name_cmp) ==2 dirs: # mkdir a a-c # rsync -a . drwxr-xr-x 96 2007/02/04 18:20:35 . drwxr-xr-x 48 2007/02/04 18:20:35 a-c drwxr-xr-x 48 2007/02/04 18:20:35 a ==2 dirs again: #mkdir a a1 # rsync -a . drwxr-xr-x 96 2007/02/04 18:20:11 . drwxr-xr-x

http://bugzilla.mindrot.org/show_bug.cgi?id=155 Summary: OpenSSH 3.1p1 fails to compile on BSDi 4.0 Product: Portable OpenSSH Version: 3.1p1 Platform: ix86 OS/Version: BSDI Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: openssh-unix-dev at mindrot.org

Engine keys are keys whose file format is understood by a specific engine rather than by openssl itself. Since these keys are file based, the pkcs11 interface isn't appropriate for them because they don't actually represent tokens. The current most useful engine for openssh keys are the TPM engines, which allow all private keys to be stored in a form only the TPM hardware can decode,

Hi, I have Mandrake 10.0 (official). I have read the section in lartc about "Routing for multiple uplinks/providers", but still I have some queries below. I have a DSL connection where they give pppoe which is directly terminated into eth1 of my Linux box. Now I have another machine connected to dial-up and it is on same LAN connected to eth0 of Linux box. Now, can I use both these

https://bugzilla.mindrot.org/show_bug.cgi?id=1506 Summary: rationalize agent behavior on smartcard removal/reattachment Product: Portable OpenSSH Version: 5.1p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Smartcard AssignedTo:

Hello! I''m using a Slackware Linux as a router and 50 IP addresses for my LAN Clients. Is there any program i can install that will be able to tell me: how much (ie. kbps) each individual IP is using at moment t?

http://bugzilla.mindrot.org/show_bug.cgi?id=199 Summary: ssh-agent -k doesn't check $SHELL environment variable Product: Portable OpenSSH Version: 3.1p1 Platform: All OS/Version: All Status: NEW Severity: minor Priority: P3 Component: ssh-agent AssignedTo: openssh-unix-dev at mindrot.org

Per POSIX, execvp() is not safe to call in a child process forked from a multi-threaded process. We can now replace the execvp() call in the child process with a call to our fork-safe (async-signal-safe) variant. Prepare our internal execvpe context on the parent's construction path, use the context in the child, and release the context in the parent on the way out, regardless of whether the

Hello, I noticed a problem recently when running some test code against the OpenSSH 7.6p1 ssh-agent. These tests ran fine against OpenSSH 7.5p1 and earlier, but with OpenSSH 7.6p1, they were suddenly causing ssh-agent to exit. The request being made was a ?sign? request, and the point of the test was to have the sign operation fail. To trigger this, I was passing in an invalid key blob

On May 14, 6:26am, maxb@ukf.net (Max Bowsher) wrote: -- Subject: rsync digest, Vol 1 #717 - 12 msgs > > + After thinking about it a bit more I'm somewhat inclined to call it a > + bug in Cygwin and try to get them to fix it. > > Well, you could, but I'd much prefer it if you didn't :-) > I guess its time for you to make an executive descision - Is it reasonable

Hello ! I use Slackware Linux on a box for routing and SNAT for a small network: |eth0: 80.97.108.1| | | |eth1: 192.168.1.1| ..........| my network (192.168.1.0/24)| I search for a tool show-me on real time the trafic made by all/one IPon the interface eth1, somethings simple ; EX: 192.168.1.10 ........... x kbit/s 192.168.1.11 ........... y kbit/s 192.168.1.12