similar to: Enhance Match Blocks to Test Server Port.

http://bugzilla.mindrot.org/show_bug.cgi?id=537 Summary: Identification should depend on port number Product: Portable OpenSSH Version: 3.5p1 Platform: Other OS/Version: Linux Status: NEW Severity: minor Priority: P2 Component: ssh AssignedTo: openssh-unix-dev at mindrot.org ReportedBy:

https://bugzilla.mindrot.org/show_bug.cgi?id=2099 Bug ID: 2099 Summary: SshClient.connect() failure on port 22 Classification: Unclassified Product: Portable OpenSSH Version: -current Hardware: Sparc OS: SunOS Status: NEW Severity: critical Priority: P5 Component: ssh

Hi OpenSSH devs, I?m wondering if the following has any merit and can be done securely ... If you could match on principals in the sshd_config, then (for example) on a gateway machine, you could have something like /etc/ssh/authorized_keys/sshfwd: cert-authority,principals=?batcha-fwd,batchb-fwd? ... /etc/ssh/sshd_config containing: Match User sshfwd PubkeyAuthentication yes

AFAIK everything you described here could be done using the AuthorizedKeysCommand or AuthorizedPrincipalsCommand directives. These can emit authorized_keys options (inc. permitopen) as well as the allowed keys/principals. On Sun, 12 Nov 2023, Bret Giddings wrote: > Hi OpenSSH devs, > > I?m wondering if the following has any merit and can be done securely ... > > If you could

Hey. Perhaps someone can help me with the following (OpenSSH 6.7): I have a host reachable via miscellaneous interfaces (and network addresses) running SSH. Some specific users should be only reachable from the inside, so e.g. though something like this would do the job in sshd_config: #general config #... Match User foo LocalAddress 10.0.0.1,fe80:abba::0 PasswordAuthentication

https://bugzilla.mindrot.org/show_bug.cgi?id=1975 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org --- Comment #1 from Damien Miller <djm at mindrot.org> --- At present, this is not possible

The .ssh/known_hosts table cannot handle reaching different sshd servers behind a NAT router. The machines are selected by having the SSHDs respond to differnt ports. A second request would be to allow known_hosts checking solely on the dns name, wildcarding the IP address. This would be useful to avoid continuously warning the user every time you connect to a machine with a changing IP address

Hello, We'd like to allow passwords only from the local network, and allow public key auth from on-campus or off-campus. The server runs SuSE Linux, and we might do the same on RHEL/CentOS & Mac OS X if we can get it to work. Unfortunately, Match allows PasswordAuthentication but not ChallengeResponseAuthentication. Is there any reason ChallengeResponseAuthentication cannot be

I know this will be trivial for most, but I am having trouble with getting my scenario to work correctly. I want to ''tag'' and ''throttle'' the bandwidth to and from a particular client on my lan side. Better yet, I just want to throttle smtp traffic, per say, for that ip. ----lan----------eth1-[linux.box]-eth0----------internet I have used the technique

https://bugzilla.mindrot.org/show_bug.cgi?id=2379 Bug ID: 2379 Summary: [RFE] sshd Match based on my IP address Product: Portable OpenSSH Version: 6.9p1 Hardware: All OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at

Hi all, Thank-you to all the developers for rsync. It is very well done. I have rsync running on various platforms connecting to the same server and all is good. Except for 1 Win2000 Prof. server. I backup several directories with various permissions and users successfully. However, there are 2 directories that even though the permissions are the same as other directories that are

Hello, I would like to disable any port forwarding on the server, totally. How can I do this? I have seen only 'no-port-forwarding' option for 'authorized_keys' file, but this does not suit me since I will use only 'PasswordAuthentication'. Thanks, Alex PS Please cc: me your reply.

for the A nat B C connect back to A using -R 2222:localhost:22 pattern, (see diagram at https://github.com/daradib/sidedoor) I want to limit B's user to just what is needed to do the port forward. I am hoping this is documented, but I can't find much more than "you should future out how to secre it." I setup an ansible playbook to instal and configure sidedoor on A. I have

My apologies Nico, I overlooked the fact that your post was not to the list since most I receive are cc'd to me. You have my sincere apology for the public re-posting of your private comments. > > I expect private e-mail to stay private. Particularly if I'm > helping someone who I'm not required to help. It seems that you > think that I'm obligated to you. > I have

https://bugzilla.mindrot.org/show_bug.cgi?id=3658 Bug ID: 3658 Summary: Wrong comment in /etc/ssh/sshd_config Product: Portable OpenSSH Version: 9.6p1 Hardware: Other OS: Illumos Status: NEW Severity: minor Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org

Hi! While reading through PROTOCOL.krl I came across "5. KRL signature sections". If my understanding is correct - and that's basically what I would like to get knocked down for if appropriate ;) - this is a way for SSHDs to ensure they only accept KRLs signed by a trusted CA. However, I cannot seem to find a way to actually _sign_ a KRL with ssh-keygen? The aforementioned

> > Yes, you can "police" these things as a sysadmin. How? Use > /usr/proc/bin/ptree, ps, lsof and what not to find all sshd > processes and their associated ptys - the sshds that have no > children processes but whose master pty's slave pty still has > processes associated with said pty, those are the sshds that must be > killed in order to clean up (or you

Hi all, this is a patch to make Ciphers, MACs and KexAlgorithms available in Match blocks. Now I can reach a -current machine with some Android terminal app without changing the default ciphers for all clients: Match Address 192.168.1.2 Ciphers aes128-cbc MACs hmac-sha1 KexAlgorithms diffie-hellman-group-exchange-sha1 Index: servconf.c

Hello, I'm running OpenBSD 2.9 (-rOPENBSD_2_9) on i386. Remote port forwarding doesn't work. Attached are 2 logs of ssh -v -R2828:localhost:22 localhost and sshd -p 2222 -d Note that server tries to forward to Connection to port 2828 forwarding to 0.0.0.0 port 0 requested. instead of localhost port 22 as it should. what ssh, what sshd and /etc/sshd_config are also attached. Thanks

Reimplementation of my earlier patch - more proper aliasing - at the suggestion of Mike -Paul -------------- next part -------------- diff -ur icecast/CVS/Entries IceCast/CVS/Entries --- icecast/CVS/Entries 2003-04-18 11:00:19.000000000 -0400 +++ IceCast/CVS/Entries 2003-04-17 22:14:16.000000000 -0400 @@ -1,4 +1,3 @@ -/.cvsignore/1.3/Wed Jan 15 05:36:15 2003// /AUTHORS/1.2/Fri Aug 9 15:55:01