similar to: [PATCH] mention ssh-keyscan in remote host fingerprint warning

Scenario: I have access to a semi-public (about 30 users) server where I keep my webpage. Occasionally, especially if I'm on the road. I use this as a bounce point to get to "secured" systems which only allow ssh from certian IP's. (Ignoring the discussion on spoofing, since we have host keys) But host keys are the problem. If anyone gets root on this hypothetical

Hi list, I use ssh a lot and I often need to connect to hosts whose host key has changed. If a host key of the remote host changes ssh terminates and the user has to manually delete the offending host key from known_hosts. I had to do this so many times that I no longer like the idea ;-) I would really like ssh to ask me if the new host key is OK and if I want to add it to known_hosts. I talked

http://bugzilla.mindrot.org/show_bug.cgi?id=112 Summary: Using host key fingerprint instead of "yes" Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: ssh AssignedTo: openssh-unix-dev at mindrot.org

There's currently no way to express trust for an SSH certificate CA other than by manually adding it to known_hosts. This patch modifies the automatic key write-out behaviour on user verification to associate the hostname with the CA rather than the host key, allowing environments making use of certificates to update (potentially compromised) host keys without needing to modify client

Hi, I am happy to (re)send a set of patches for compiling OpenSSH 4.7p1 with FIPS 140-2 OpenSSL. These are based on previously reported patches by Steve Marquess <marquess at ieee.org> and Ben Laurie <ben at algroup.co.uk>, for ver. OpenSSH 3.8. Note that these patches are NOT OFFICIAL, and MAY be used freely by anyone. Issues [partially] handled: SSL FIPS Self test. RC4,

https://bugzilla.mindrot.org/show_bug.cgi?id=1843 Summary: ssh should mention ssh-keyscan in remote host fingerprint warning Product: Portable OpenSSH Version: 5.6p1 Platform: All OS/Version: All Status: NEW Severity: minor Priority: P2 Component: ssh AssignedTo: unassigned-bugs

Hi All, I have want to add a option in ssh_config to co-work with ldap.But when I am compiling , i was encountered a ld error, which says "cc -o ssh-keygen ssh-keygen.o -Wl,+nodefaultrpath -L. -Lopenbsd-compat/ -lssh -lopenbsd-compat -lz -lnsl -lxnet -lsec -lgssapi_krb5 -lkrb5 -lpthread ld: Unsatisfied symbol "options" in file ./libssh.a[hostfile.o] 1 errors." The following is

Howdy -- I have a number of servers with host keys validated by certificates. These systems are behind a load-balanced frontend, and the certificates are signed as valid for the DNS name used by that common frontend address. This works well for the primary use case of the systems; however, when wishing to address only a single unit within the pool, the certificate cannot be used to validate that

The attached patch implements a feature that would make my interaction with ssh somewhat more secure. When connecting to a host whose key is not in the known_hosts file, this patch makes ssh tell the user about any other hosts in the known_hosts file that have the same key. For example, if I have host A in my known_hosts file, and try to connect to host B which is an alias for A, ssh will tell

Hi all, After my last make world (updated to 4.7-RELEASE-p10) I checked which files are older than the start of the build: 338 Mar 6 2002 /boot/loader.rc 12168 Mar 6 2002 /usr/include/machine/if_wavelan_ieee.h 1564 May 1 2002 /usr/include/netinet/ip_auth.h 34148 May 1 2002 /usr/include/netinet/ip_compat.h 21840 May 1 2002 /usr/include/netinet/ip_fil.h 1905 May 1 2002

Author: Darren Moffat <darrenm at opensolaris.org> Repository: /hg/zfs-crypto/gate Latest revision: 9bb308a0778101fcef9ff65336bcec8e68a7bd06 Total changesets: 40 Log message: resynv onnv-gate Files: .hgtags deleted_files/usr/src/cmd/fps/Makefile.inc deleted_files/usr/src/cmd/fps/Makefile.subdirs deleted_files/usr/src/common/crypto/aes/aes_cbc_crypt.c

Just rebuilt and installed/world kernel: FreeBSD 4.8-STABLE #0: Fri Apr 11 14:34:37 EDT 2003 Using the latest Makefile for squid25: # fgrep \$FreeBSD /usr/ports/www/squid/Makefile # $FreeBSD: ports/www/squid/Makefile,v 1.100 2003/04/09 08:31:30 adrian Exp $ Modified with: # fgrep CONFIGURE_ARGS Makefile |fgrep -v \# CONFIGURE_ARGS= --bindir=${PREFIX}/sbin --sysconfdir=${PREFIX}/etc/squid \

Hi, the last commit to upssched.c (Merge Coverity branch, r3555) broke upssched with commands that have a second argument. If a command with a second argument is used, "enc" in line 697 is not an empty buffer and snprintfcat() just appends some stuff, i.e. the following command CANCEL onbatt online becomes onlineCANCEL "onbatt" "online" and is then sent to the

I tried netperf / netserver with Dom0 / DomU, but I could''nt get a correct NW traffic with xentop. Is there anybody could help me? At Host1''s Dom0, run netperf -H VMIP At Host2''s DomU (with VMIP named TTVM), run netserver At Host1, run xentop this way ->"xentop -n -b -d 1" At Host2, run xentop this way->"xentop -n -b -d 1" In Host2''s

Hey, I've opened a bug against ubuntu at [1]. I realize this is probably not a high priority, but I was just curious if it is possible to have libvirt configure a network and *not* run a DNS server on it (dnsmasq). Perhaps I could convince libvirt to run dnsmasq with '--port 0'? For my explicit use case i was hoping/expecting to run my own dns and dhcp servers, possibly a