similar to: ssh-keyscan continuity patch --

In the past 2 months another change occurred in the CVS code that broke my ssh-keyscan patch. Here's an updated version that tweaks the changed name (in the Kex struct) and also causes an attempt to grab an ssh2 key from an older server (without ssh2 support) to fail earlier and without an error message (Stuart Pearlman emailed me some code for this). This patch is based on the BSD CVS

https://bugzilla.mindrot.org/show_bug.cgi?id=2734 Bug ID: 2734 Summary: close() is called twice in confree() Product: Portable OpenSSH Version: 7.5p1 Hardware: Other OS: Other Status: NEW Severity: minor Priority: P5 Component: ssh-keyscan Assignee: unassigned-bugs at

Hi, 1. I think you should apply the attached patch to openssh-2.9p1, otherwise ssh-keyscan on linux boxes with glibc-2.1 will experience enormous timeout delays. 2. Is there a program like ssh-keyscan for the Version2 (dsa and rsa) keys?? regards Peter Breitenlohner <peb at mppmu.mpg.de> -------------- next part -------------- diff -ur openssh-2.9p1.orig/ssh-keyscan.c

===== Ladies/Gents, "ssh-keyscan.c" can't be linked statically against "libssh.a". You end up with `fatal()' being doubly defined. The patch below deletes the new "ssh-keyscan.c:fatal()" function and and restores the "ssh-keyscan.c:fatal_callback()" function with modifi- cations. The problem that both attempt to alleviate is the setting of the

ssh-keyscan may, under very specific circumstances, be vulnerable to something akin to a buffer overflow. It's probably impossible to exploit, though, if only because ssh-keyscan is not usually run on very large untrusted input files. ssh-keyscan uses an fgets() wrapper that uses an unsigned int to keep track of the length of a buffer holding the current line. On machines with sufficient

hi all, I got "xmalloc: out of memory" when i used ssh-keyscan to a remote host that is using SSH protocol 2 and only protocol 2 (no fallback to SSH protocol 1). Looks to me more like ssh-keyscan doesn't talk SSH protocol 2 to the server. Please help. Here is the exact error: # /usr/local/bin/ssh-keyscan -v miad_1 # miad_1 SSH-2.0-OpenSSH_3.0.2p1 xmalloc: out of memory

Howdy, I am attempting to isolate the location of a memory leak in a 4GL program, and have hit a bit of a snag. When I LD_PRELOAD libumem and run the application server, "::findleaks -fdv" reports numerous leaks: CACHE LEAKED BUFCTL CALLER 0000000100b49068 15 0000000100ef2d50 fdcon+0x6c4 0000000100b50028 1 0000000100b72ac0 fdcon+0x6c4 0000000100b49068

ssh client has the ability to set the destination of debug logs via the `-E` flag. ssh_config lacks an equivalent keyword to set the same option via configs. This patch follows the same semantics of other `*Path` type keywords and creates a new ssh_config keyword `LogPath`. [0] Bugzilla: https://bugzilla.mindrot.org/show_bug.cgi?id=3683 [1] GitHub PR:

Dear OpenSSH Portable sshd developers, I'm having a problem where sshd login sessions are occasionally (as often as once a day) getting stuck indefinitely. I enabled debug messages and got a backtrace of a stuck sshd, and I think I've found the bug. I wanted to run it by the list once before filing. sshd version: OpenSSH_4.2p1 FreeBSD-20050903, OpenSSL 0.9.7e-p1 25 Oct 2004

Hi, I needed to convert a public RSA key to autorized_keys format and found ssh-keygen lacking this feature. I made the option -Q publicfile to allow an conversion like ssh-keygen -Q pubrsa.pem -y The patch is produced using unified diff and made on latest release. If you like it and can make a patch for the man-page also! Regards, /Lars -------------- next part -------------- diff -u

Hey everyone, I wanted to add support for denying PTY allocation through OpenSSH. I'm not certain if this is quite thorough enough for all cases, but for me it might work for the moment. I know that you can currently do this through authorized_keys, but as far as I know that only works for an actual key. In my use case, I wanted a user with no password which is forced to run a specific

https://bugzilla.mindrot.org/show_bug.cgi?id=2116 Bug ID: 2116 Summary: SSH to Nortel/Avaya switch fails Product: Portable OpenSSH Version: 6.2p1 Hardware: All OS: All Status: NEW Severity: major Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org

fmt_scaled() computes the absolute value of its argument, and returns an error if the result is still negative (i.e., when the value is LLONG_MIN). However, taking the negative of LLONG_MIN is undefined behavior in C, and some compilers (e.g., gcc-4.7.2) will optimize away the 'abval < 0' check as being always false (since it can only be true with undefined behavior). The patch

Hi. I have: [fva at localhost ~]$ rpm -qi openssh-clients Name : openssh-clients Version : 6.1p1 Release : 5.fc18 Architecture: x86_64 Install Date: ??. 13 ????. 2013 16:15:25 Group : Applications/Internet Size : 1331287 License : BSD Signature : RSA/SHA256, ??. 09 ????. 2013 01:34:32, Key ID ff01125cde7f38bd Source RPM : openssh-6.1p1-5.fc18.src.rpm Build Date

https://bugzilla.mindrot.org/show_bug.cgi?id=1213 --- Comment #43 from Daniel Richard G. <skunk at iSKUNK.ORG> --- And a year later, this issue still afflicts OpenSSH 6.1p1 (as packaged by Ubuntu). Aab's patch still applies, if fuzzily, and still hardens up ssh-keyscan so that it can deal with my company's network. -- You are receiving this mail because: You are watching the

I''ve upgraded a 3-interface system from 2.0.8 to 3.2.6 on Debian, and I''m not able to make DNAT work anymore. If someone could offer a suggestion of where to look to fix this, it would be very much appreciated. Problem Summary: If I set DETECT_DNAT_IPADDRS=Yes, then I can''t access anything on my DMZ via DNAT. If I set DETECT_DNAT_IPADDRS=No, then **EVERYTHING**

I''ve upgraded a 3-interface system from 2.0.8 to 3.2.6 on Debian, and I''m not able to make DNAT work anymore. If someone could offer a suggestion of where to look to fix this, it would be very much appreciated. Problem Summary: If I set DETECT_DNAT_IPADDRS=Yes, then I can''t access anything on my DMZ via DNAT. If I set DETECT_DNAT_IPADDRS=No, then **EVERYTHING**

On Thu, 7 Nov 2013, Ernst Kratschmer wrote: > Dear openssh developer, > > I want to use a Win7 client with putty to access a Linux host running an > openssh 6.2p2 through a VPN connection. These connection worked relatively > flawless with all versions of openssh up until openssh 6.1p1. Since the > openssh 6.2p2 upgrade the ssh connection fail consistently with a message:

https://bugzilla.mindrot.org/show_bug.cgi?id=2074 Bug ID: 2074 Summary: Host key verification incorrectly handles IPv6 addresses Classification: Unclassified Product: Portable OpenSSH Version: 6.1p1 Hardware: All OS: Linux Status: NEW Keywords: needs-release-note

https://bugzilla.mindrot.org/show_bug.cgi?id=2039 Priority: P5 Bug ID: 2039 Assignee: unassigned-bugs at mindrot.org Summary: Give proper credits for ECDSA patch Severity: normal Classification: Unclassified OS: All Reporter: ondrej at sury.org Hardware: All Status: NEW Version: