similar to: Multiplexing bug on client exit

Greetings, I've been doing a little testing with the stdio forwarding support added in recent snapshots and have encountered one possible issue. First, I should say that this feature generally seems to work. However, I haven't been able to get it to work when connecting to a server running SSH.COM's product. The config file I am using is fairly simple: Host sfe1 LogLevel debug3

Hi all, I noticed a bit of an odd issue with maintaining `known_hosts` when the target machine is behind a bastion using `ProxyJump` or `ProxyCommand` with host key clashes. Client for me right now is OpenSSH_9.3p1 on Gentoo Linux/AMD64. I'm a member of a team, and most of us use Ubuntu (yes, I'm a rebel). Another team who actually maintain this fleet often access the same machines

Ok, so my situation : Connecting to internal machines via a bastion server in AWS. Because I'm raising and tearing down the infrastructure a lot at this stage with Terraform, the IP addresses change. For the management subnet, I have a private DNS zone defined, and a public zone with a record for the bastion server. What I wanted ; to just be able to define a config entry thus : ---

https://bugzilla.mindrot.org/show_bug.cgi?id=1039 Iain Morgan <imorgan at nas.nasa.gov> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |imorgan at nas.nasa.gov --- Comment #13 from Iain Morgan <imorgan at nas.nasa.gov> --- My apologies for

https://bugzilla.mindrot.org/show_bug.cgi?id=3095 Bug ID: 3095 Summary: SSH CA-signed key fails when port forwarding Product: Portable OpenSSH Version: 7.4p1 Hardware: amd64 OS: Linux Status: NEW Severity: normal Priority: P5 Component: sshd Assignee: unassigned-bugs at

http://bugzilla.mindrot.org/show_bug.cgi?id=1090 Summary: Increase MAX_SESSIONS? Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org ReportedBy: cjwatson at debian.org

Hi, At the n2k10 OpenBSD network hackathon, I finally got some time to clean up and rewrite the ssh(1) client multiplexing code. The attached diffs (one for portable OpenSSH, one for OpenBSD) are the result, and they need some testing. The revised multiplexing code uses a better protocol between the master and slave processes and I even bothered to write it up :) It tracks the control sockets

OpenSSH 6.7 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches,

On 18/8/23 18:37, Jochen Bern wrote: > On 18.08.23 07:39, Darren Tucker wrote: >> On Fri, 18 Aug 2023 at 15:25, Stuart Longland VK4MSL <me at vk4msl.com> >> wrote: >> [...] >>> The crux of this is that we cannot assume the local IPv4 address is >>> unique, since it's not (and in many cases, not even static). >> >> If the IP address is

TL;DR: I expect ProxyCommand to have effect in preference to ControlPath. I've just tripped over this one. I have an ssh Host (let us call it "MAIN") with a ControlPath and with ControlMaster=no, from the .ssh/config file. I also have a shell script whose purpose is to hop to a remote host through a port forward, which uses the ProxyCommand option like this: ProxyCommand ssh

Hello. Since some days I cannot use scp anymore but ssh login work. Reinstall did not help. I do not exactly what has changed but I now it used to work. sshd runs on a firewall-bastion host (Linux SuSE 9.2). Firewall is open on port 22 for local network. Even tried all open (in and outgoing). Between the clent and the firewall-bastion is another nat-router. Works with ssh, though. The

Thanks, very informative! I was able to generate this digraph and I'm pleased with it since it appears that all my servers behind bastion are directly connected, but nodes outside are not and are routed via bastion http://imgur.com/zEojkMw Here is the digraph itself, if the above link is not accessible: digraph { bastion [label = "bastion", color = "green"];

On 03Nov2017 13:07, Damien Miller <djm at mindrot.org> wrote: >On Fri, 3 Nov 2017, Cameron Simpson wrote: >> TL;DR: I expect ProxyCommand to have effect in preference to >> ControlPath. [...] >> On reflection, of course these are distinct options and that side of >> things isn't, of itself, a bug. However, is there a sane use case for >> using

https://bugzilla.mindrot.org/show_bug.cgi?id=3610 Bug ID: 3610 Summary: Using ControlPath and the -J option Product: Portable OpenSSH Version: 8.9p1 Hardware: All OS: Linux Status: NEW Severity: normal Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org

On Wed, Jun 21, 2017 at 04:57:23PM -0700, Nirmal Thacker wrote: > What is the significance of port 655 with regards to tinc? This port is officially reserved for tinc. It is also below number 1024, which means that on most operating systems, only a priviliged user can listen on that port, and prevents regular users from starting tinc on port 655. However, you don't have to use port 655,

All-- I'm attempting to implement something I've wanted for a while...a stdio link to a TCP port forward, at least for SSH2, but preferably for either protocol. There's certainly no technical reason this can't be done, but the vagaries of terminal / file descriptor handling are posing something of a challenge. Does anyone have any suggestions for "correct"

Hi I'm new to tinc vpn and I am currently exploring a use-case we have, of creating a secure mesh over which our own services may run. This may be a basic question, I wasn't able to find a satisfying answer. What is the significance of port 655 with regards to tinc? Lets consider a 4 node setup: We have nodes: [protected] : protected behind a private network in the cloud [bastion]:

https://bugzilla.mindrot.org/show_bug.cgi?id=1704 Summary: sftp complains about -p command-line option Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sftp AssignedTo: unassigned-bugs at mindrot.org ReportedBy:

I'm logging in from an irix machine to a linux machine (both running openssh-2.5.1p2) and am unable to run any X applications. I ran a verbose session and this happens: debug: fd 6 IS O_NONBLOCK debug: channel 0: new [X11 connection from host port 4572] debug: X11 connection uses different authentication protocol. debug: X11 rejected 0 i1/o16 debug: channel 0: read failed debug: channel 0:

Dear Mailing List We are using a ControlMaster with a short ControlPersist to access the bastion host which then gives access to customer hosts. Our Information Security Manager would like to disallow the ControlMaster. His attack scenario is an admin workstation with a compromised root account. An attacker can then use the ControlMaster to trivially get shell access on the bastion host