similar to: [patch] ssh.c load_public_identity_files calls getpwuid twice without copy

https://bugzilla.mindrot.org/show_bug.cgi?id=1377 Summary: getpwuid called twice without pwcopy (percent_expand: NULL replacement) Classification: Unclassified Product: Portable OpenSSH Version: 4.4p1 Platform: ix86 OS/Version: Mac OS X Status: NEW Severity: major Priority: P2

Allow users to specify certificates to be used for authentication on the command line with the '-z' argument when running ssh. For successful authentication, the key pair associated with the certificate must also be presented during the ssh. Certificates may also be specified in ssh_config as a CertificateFile. This option is meant the address the issue mentioned in the following

This allows the localhost percent-style escapes in arguments to the Include directive. These are useful for including host-specific ssh configuration. --- readconf.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/readconf.c b/readconf.c index 4e3791cb7cc6..6d99d2efae92 100644 --- a/readconf.c +++ b/readconf.c @@ -1044,7 +1044,8 @@

This allows the localhost percent-style escapes in arguments to the Include directive. These are useful for including host-specific ssh configuration. --- readconf.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/readconf.c b/readconf.c index a2282b562df0..ad47d0e9730a 100644 --- a/readconf.c +++ b/readconf.c @@ -1030,7 +1030,8 @@

On Monday, July 1, 2024 4:50 PM, Ronan Pigott wrote: >This allows the localhost percent-style escapes in arguments to the Include >directive. These are useful for including host-specific ssh configuration. >--- > readconf.c | 16 +++++++++++++--- > 1 file changed, 13 insertions(+), 3 deletions(-) > >diff --git a/readconf.c b/readconf.c >index 4e3791cb7cc6..6d99d2efae92

Numerous how-tos all over the Internet show how one would set up a tunnel using ssh, e.g.: ssh -f -o Tunnel=ethernet <server_ip> true I was wondering if there's a way to subsequently acquire the names of the local and remote tun/tap interfaces (e.g., using the default "-w any:any") for subsequent automatic tunnel configuration, e.g.: ip link set $TapDev up ip link set

Hi, I''m running into something along the lines of bug 5383. I''m hoping I''m doing something obviously wrong and that someone can point me in the right direction. I''ve got a custom paint event handler: def on_paint puts "mainframe on_paint" paint do |dc| dc.clear @cl.draw dc end end Then I''ve got a key press

Hello, Testing on my system by doing the requested './configure && make tests' has this crash: ----------------------8< cut here 8<----------------------- test try ciphers: proto 2 cipher acss at openssh.org mac hmac-md5 test try ciphers: proto 2 cipher acss at openssh.org mac hmac-sha1-96 test try ciphers: proto 2 cipher acss at openssh.org mac hmac-md5-96 ok try

ssh client has the ability to set the destination of debug logs via the `-E` flag. ssh_config lacks an equivalent keyword to set the same option via configs. This patch follows the same semantics of other `*Path` type keywords and creates a new ssh_config keyword `LogPath`. [0] Bugzilla: https://bugzilla.mindrot.org/show_bug.cgi?id=3683 [1] GitHub PR:

This provides a mechanism to attach arbitrary configure options into the ssh_config file and use them from the LocalCommand and ProxyCommand. Examples: # set FOO to foo LocalEnvMod FOO = foo # append bar to FOO with default separator "," LocalEnvMod FOO += bar # unset FOO LocalEnvMod FOO = # append foo to BAR with separator ":", if BAR is empty

July 1, 2024 at 2:47 PM, rsbecker at nexbridge.com wrote: > Would you be able to document that "thisHost" may be ambiguous, depending on > the DNS and host resolver configuration? gethostname() is not entirely > predictable if the localhost has multiple values. Hm? On linux/glibc, gethostname just uses uname(2). It does not use dns or the name service switch.

Using these escapes, the include directive can be crafted to include differing, host-specific configuration. Ronan Pigott (2): Permit %L and %l percent escapes in ssh Include Permit %L and %l percent escapes in sshd Include readconf.c | 16 +++++++++++++--- servconf.c | 17 ++++++++++++++--- 2 files changed, 27 insertions(+), 6 deletions(-) base-commit:

Using these escapes, the include directive can be crafted to include differing, host-specific configuration. Ronan Pigott (2): Permit %L and %l percent escapes in Include Permit %L and %l percent escapes in server Include readconf.c | 16 +++++++++++++--- servconf.c | 21 ++++++++++++++++----- 2 files changed, 29 insertions(+), 8 deletions(-) base-commit:

The attached patch implements a feature that would make my interaction with ssh somewhat more secure. When connecting to a host whose key is not in the known_hosts file, this patch makes ssh tell the user about any other hosts in the known_hosts file that have the same key. For example, if I have host A in my known_hosts file, and try to connect to host B which is an alias for A, ssh will tell

Hi dovecot -n at end of message. Jul 13 09:41:56 findb postfix/smtpd[15996]: connect from unknown[10.56.85.6] Jul 13 09:41:56 findb postfix/smtpd[15996]: 3B7EF56ABA: client=unknown[10.56.85.6] Jul 13 09:41:56 findb postfix/cleanup[15999]: 3B7EF56ABA: message-id=<26CDBD30F4FE1D4FB6FB5F6D16BCA93E0E5B7777AD at RVEB1SRVMSGCCR1.c ymru.nhs.uk> Jul 13 09:41:56 findb postfix/qmgr[15667]:

From: Christian Hesse <mail at eworm.de> Modern Linux systems create a private directory in /run/user/ for each user, named by user id. This adds a new character sequence '%i' for expansion in ControlPath to match thisi directory. Signed-off-by: Christian Hesse <mail at eworm.de> --- ssh.c | 5 ++++- ssh_config.5 | 4 +++- 2 files changed, 7 insertions(+), 2

This allows the localhost percent-style escapes in arguments to the Include directive. These are useful for including host-specific ssh configuration. --- readconf.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/readconf.c b/readconf.c index a2282b562df0..ad47d0e9730a 100644 --- a/readconf.c +++ b/readconf.c @@ -1030,7 +1030,8 @@

This allows the localhost percent-style escapes in arguments to the Include directive. These are useful for including host-specific sshd configuration. --- servconf.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/servconf.c b/servconf.c index 86c2979360c5..daf8f2df15a2 100644 --- a/servconf.c +++ b/servconf.c @@ -1297,7 +1297,8 @@

This allows the localhost percent-style escapes in arguments to the Include directive. These are useful for including host-specific sshd configuration. --- servconf.c | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/servconf.c b/servconf.c index 5b32f0bfc8db..0bc281784b73 100644 --- a/servconf.c +++ b/servconf.c @@ -1254,9 +1254,10 @@

Hello, I've noticed that ssh always opens /etc/passwd on my Linux box before parsing command line options, and so the file is opened even if the user is afterward presented with the usage and the program ends. So, this snippet in OpenSSH-4.2p1, ssh.c: 219 /* Get user data. */ pw = getpwuid(original_real_uid); if (!pw) { logit("You don't exist, go away!"); exit(1);