similar to: "no such identity"

Allow users to specify certificates to be used for authentication on the command line with the '-z' argument when running ssh. For successful authentication, the key pair associated with the certificate must also be presented during the ssh. Certificates may also be specified in ssh_config as a CertificateFile. This option is meant the address the issue mentioned in the following

My keys are secured with a passphrase. That's good for security, but having to type the passphrase either at every login or at every invocation of ssh(1) is annoying. I know I could invoke ssh-add(1) just before invoking ssh(1), if I keep track of whether I invoked it already, or write some hacky scripts; but the rest of OpenSSH is wonderfully usable without any hacks. Hence, this patch.

https://bugzilla.mindrot.org/show_bug.cgi?id=2642 Bug ID: 2642 Summary: [sshconnect2] publickey authentication only properly works if used first: pubkey_prepare doesn't work after pubkey_cleanup Product: Portable OpenSSH Version: 7.3p1 Hardware: amd64 OS: Linux Status:

https://bugzilla.mindrot.org/show_bug.cgi?id=1981 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #2136| |ok+ Flags| | --- Comment #4 from Damien Miller <djm at mindrot.org>

on FreeBSD, gcc complains that %d is used for sig_atomic_t Casting to (int) as a solution ? Index: serverloop.c =================================================================== RCS file: /cvs/openssh/serverloop.c,v retrieving revision 1.172 diff -u -p -r1.172 serverloop.c --- serverloop.c 2 Dec 2012 22:50:55 -0000 1.172 +++ serverloop.c 4 Dec 2012 11:46:33 -0000 @@ -708,7 +708,7 @@

A Feature Request for OpenSSH 3.x: In version 2.x, when prompting for the passphrase ssh would print a prompt including the comment string from an RSA key, like: Enter passphrase for RSA key 'Your Dog's Name': The comment string was a useful way to remind the user what the passphrase was (i didn't use hints quite this easy :-). In Openssh 3.0, ssh prompts using the filename:

Hi all, I recently made a patch to openssh 4.1p1 to allow it to use the in-kernel key management provided by 2.6.12 or later Linux kernels. I've attached the patch (which is still only a proof-of-concept, for instance its very verbose right now) to this mail. Now, my question is, is this a completely insane idea and would (a later version of) the patch have a chance of making it into the

Hi! I was trying to start ssh from a scheduled task in Windows 2000. I got the message "Enter passphrase for key '.ssh/identity':" Well the passphrase I set was empty, so that should not have happen. I traced this problem to the method key_load_public_type(int type, const char *filename, char **commentp) in authfile.c If the file cannot be opened (in my case the

https://bugzilla.mindrot.org/show_bug.cgi?id=2095 Bug ID: 2095 Summary: ssh client not respecting IdentitiesOnly=yes option Classification: Unclassified Product: Portable OpenSSH Version: 6.2p1 Hardware: All OS: All Status: NEW Severity: trivial Priority: P5 Component: ssh

https://bugzilla.mindrot.org/show_bug.cgi?id=1693 Summary: ssh prompts for passphrase even when identity file is unreadable Product: Portable OpenSSH Version: 5.3p1 Platform: All OS/Version: All Status: NEW Severity: minor Priority: P2 Component: ssh AssignedTo: unassigned-bugs

I have renamed all of the patch files to .txt, which should be acceptable for the mailer daemon at mindrot, per Angel's suggestion. I am attaching the patch files to the email, with the extra space removed and a minor correction made. Bill Parker (wp02855 at gmail dot com) -------------- next part -------------- --- port-linux.c.orig 2012-12-19 17:40:53.231529475 -0800 +++ port-linux.c

https://bugzilla.mindrot.org/show_bug.cgi?id=2100 Bug ID: 2100 Summary: Missing dereference when bzeroing unused identities Classification: Unclassified Product: Portable OpenSSH Version: 6.2p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh

Apparently my ssh agent is feeling energetic today: debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Offering RSA public key: [...] debug1: Authentications that can continue: publickey,password debug1: Offering RSA public key: [...] debug1: Authentications that can continue: publickey,password debug1: Offering RSA public key:

I have been looking into this over the weekend, and what I have found might be of interest to OpenSSH developers. First, the bug that triggers the problem is in the embedded system. Second, such as things were changed in 6.4p1, the OpenSSH client seems to be open to a potential DoS attack. The infinite loop described in my previous post is embodied in the last four messages of the 6.4p1 traces.

Hello All, In reviewing source code for OpenSSH-6.1p1, I found instances of deprecated library calls still within various source code files. Examples of deprecated calls are: bzero() (replaced with memset() which is ANSI compliant), index() (replaced with strchr() which is also ANSI compliant). In file 'auth2-jpake.c', I've replaced all the bzero() calls with the equivalent

https://bugzilla.mindrot.org/show_bug.cgi?id=1967 --- Comment #17 from Damien Miller <djm at mindrot.org> --- Comment on attachment 2124 --> https://bugzilla.mindrot.org/attachment.cgi?id=2124 fix memory leaks I think there is nothing left to do here: >--- mux.c 18 Dec 2011 23:52:21 -0000 1.35 >+++ mux.c 30 Dec 2011 09:19:51 -0000 All committed >Index: readconf.c

http://bugzilla.mindrot.org/show_bug.cgi?id=1270 Summary: Public key (DSA) authentication works on 3.8p1 but not on 4.5p1 Product: Portable OpenSSH Version: v4.5p1 Platform: HPPA OS/Version: HP-UX Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: bitbucket at

https://bugzilla.mindrot.org/show_bug.cgi?id=2207 Bug ID: 2207 Summary: Potential NULL deference, found using coverity Product: Portable OpenSSH Version: -current Hardware: Other OS: FreeBSD Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee:

On Fri, Apr 22, 2016 at 3:41 AM, Damien Miller <djm at mindrot.org> wrote: > On Tue, 19 Apr 2016, Elouan Keryell-Even wrote: > >> Hello, >> >> I have a client machine and a server machine. I generated a pair of >> private-public rsa keys using ssh-keygen. >> >> On the client-machine, I uploaded my private key onto ~/.ssh/id_rsa >> >> On

Hi, I have a router running BGP and OSPF (bird) on FreeBSD. Are there any best practises one can take in order to protect the network from DDoS attacks. I know this isn't easy. But I would like to secure my network as much as possible. Even if I'am not able to prevent or block a ddos I would like to get some info (snmp trap parhaps) regarding the attack. Then I can contact my ISP or