similar to: "Out of memory" error looking up SSHFP records

Hi, as discussed before, we're trying to make use of SSHFP records (RFC 4255) to publish host key fingerprints in the DNS. However, some non-OpenBSD platforms don't support DNSSEC in the native resolver (e.g. glibc), which renders the whole thing quite useless, since openssh correctly requires the RRs to be signed and validated. The following patch adds support for ldns, an external

https://bugzilla.mindrot.org/show_bug.cgi?id=3698 Bug ID: 3698 Summary: SSHFP validation fails when multiple keys of the same type are found in DNS Product: Portable OpenSSH Version: 8.7p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: ssh

I have been running openSSH 7.4p1 for a while now. When I upgraded to 7.5 a year or so ago I ran into the problem listed in this bug report: Bug report: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=218472 The release notes for 7.6 release notes indicate that the fix patch was included: https://www.openssh.com/txt/release-7.6 I tried 7.6 and I still cannot connect without a prompt wondering

Hi, I'd like to know if there is any chance to get bug 1153 fixed soon ? It seems like a trivial issue, a patch is provided, and it's a pain for us to manually patch every new release -- this was reported as a portable-specific bug, but also affects vanilla openssh. The bug is described at http://bugzilla.mindrot.org/show_bug.cgi?id=1153 Simon -- Simon Vallet Ing?nieur

In the current implementation, ssh always uses the hostname supplied by the user directly for the SSHFP DNS record lookup. This causes problems when using the domain search path, e.g. I have "search example.com" in my resolv.conf and then do a "ssh host", I will connect to host.example.com, but ssh will query the DNS for an SSHFP record of "host.", not

hi folks: it looks like ssh-keygen -r can''t export SSHFP records for ECDSA keys: 0 dkg@pip:/tmp/cdtemp.oiRYAS$ ssh-keygen -f foobar -t ecdsa -q -P '''' 0 dkg@pip:/tmp/cdtemp.oiRYAS$ ssh-keygen -r foobar -f foobar.pub export_dns_rr: unsupported algorithm 0 dkg@pip:/tmp/cdtemp.oiRYAS$ the first number in my prompt is the return code of the last command; note that

Hi, we're running tftp-hpa on a machine which will have to accept packets on an aliased IP (for service redundancy and fallback). The server is reachable using the alias, but replies using the primary IP of the interface, which provokes a timeout on the client. The workaround is to run tftp stand-alone and to explicitly specify the alias IP on the command-line -- however this is not very

Have you seen this? https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742513 --mancha

https://bugzilla.mindrot.org/show_bug.cgi?id=2197 Bug ID: 2197 Summary: Add ED25519 support to SSHFP dns record Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at

https://bugzilla.mindrot.org/show_bug.cgi?id=2223 Bug ID: 2223 Summary: Ed25519 support in SSHFP DNS resource records Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at

When connecting to a host that provides an ECDSA host key and the client has "VerifyHostKeyDNS" set to 'yes' or 'ask' SSH outputs a mysterious and undocumented message "Error calculating host key fingerprint." This error actually seems to be generated by verify_host_key_dns(const char *hostname, struct sockaddr *address, Key *hostkey, int *flags) in dns.c, but

https://bugzilla.mindrot.org/show_bug.cgi?id=1285 Simon Vallet <svallet at genoscope.cns.fr> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |svallet at genoscope.cns.fr --- Comment #5 from Simon Vallet <svallet at genoscope.cns.fr> 2009-12-07

Hi, I found a small issue with DNSSEC validation of SSHFP lookups. (For reference I used OpenSSH 6.8p1 on FreeBSD 10.1). The issues is that when DNSSEC valiation fails, ssh displays a confusing message to the user. When DNSSEC validation of a SSHFP record fails, ssh presents the user with "Matching host key fingerprint found in DNS. "Are you sure you want to continue connecting

OpenSSH depends heavily upon OpenSSL. Both cleanly build 64 bit binaries. In the case of sparcv9 binaries, you should probably make sure you have *both* 32bit and 64bit OpenSSL binaries installed, and take extra care to configure your so library paths. On systems that are 100% 64bit, (Linux, FreeBSD in my experience) it just works. On Feb 28, 2006, at 9:23 AM, openssh-unix-dev-request at

Hi, we encounter a problem using PAM with privsep to manage OPIE authentication : in some -- not really reproducible -- cases, the child responsible of PAM authentication stalls and continues to run even if its parent has been closed. The server is the standard RHEL 4 install, which is a 3.9p1 with backported security patches As this children account for the 'MaxStartups' limit, new

https://bugzilla.mindrot.org/show_bug.cgi?id=2119 Bug ID: 2119 Summary: SSHFP with DNSSEC ? no trust anchors given, validation always fails Product: Portable OpenSSH Version: 6.2p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component:

http://bugzilla.mindrot.org/show_bug.cgi?id=1320 Summary: Add support for ldns Product: Portable OpenSSH Version: -current Platform: Other OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: ssh AssignedTo: bitbucket at mindrot.org ReportedBy: svallet at

I'm trying to replace some sshv1 clients and servers in a modular way, and the "Server Lies" warning (when the server says the key has one more bit than it really has) is causing heartache. Per the FAQ, this is relatively benign. Here's a patch that allows an admin or user to disable the warning. - Morty diff -Nur openssh-3.7.1p2/readconf.c

Dear R-users, is there a way to pass a list of patterns to the grep function? I vaguely remember something with %in% operator... Thanks, St?phane. -- "La science a certes quelques magnifiques r?ussites ? son actif mais ? tout prendre, je pr?f?re de loin ?tre heureux plut?t qu'avoir raison." D. Adams -- AGC website <http://www.genoscope.cns.fr/agc> St?phane

Dear R-Users, I would like to know whether it is possible to draw several stacked barplots (i.e. side by side on the same sheet)... my data look like : Cond1 Cond1' Cond2 Cond2' Compartment 1 11,81 2,05 12,49 0,70 Compartment 2 10,51 1,98 13,56 0,85 Compartment 3 1,95 0,63 2,81 0,22 Compartment 4 2,08 0,17