similar to: SSHFP support for ssh-keyscan?

Displaying 20 results from an estimated 70000 matches similar to: "SSHFP support for ssh-keyscan?"

2003 Nov 13
0
sshfp (ssh+dns) code updated
hi, I recently committed an update of the code that handles lookup of SSHFP resource records in DNS. this code is now included by default, the old DNS and DNSSEC defines has been removed. for more information, read about VerifyHostKeyDNS in ssh_config(5) and check out README.dns. feedback would be appreciated, jakob
2023 Mar 01
1
Why does ssh-keyscan not use .ssh/config?
On Mon, 27 Feb 2023, Keine Eile wrote: > Hi ML members, > > is there a reason, why ssh-keyscan does not use Host definitions from > .ssh/config but does only relys on DNS host names? I have a quite long list of > host names and a not that well maintained name server. Mostly to keep ssh-keyscan simple. ssh_config contains a lot more options than Host/Hostname that we'd need to
2011 Feb 19
2
[Bug 1866] New: ssh-keyscan should read .ssh/config
https://bugzilla.mindrot.org/show_bug.cgi?id=1866 Summary: ssh-keyscan should read .ssh/config Product: Portable OpenSSH Version: 5.8p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: ssh AssignedTo: unassigned-bugs at mindrot.org ReportedBy:
2019 Feb 23
2
Possible bug: SSH doesn't prefer host keys listed in SSHFP records while connecting.
The reason why this is a bug is, for example, that if the server was updated and it re-generated the ECDSA key you deleted, you would have to do some non-obvious steps for your client to ignore it. On Sat, Feb 23, 2019 at 11:49 AM Damien Miller <djm at mindrot.org> wrote: > > On Fri, 22 Feb 2019, Yegor Ievlev wrote: > > > Steps to reproduce: > > 1. Run a SSH server with
2019 Feb 22
4
Possible bug: SSH doesn't prefer host keys listed in SSHFP records while connecting.
Steps to reproduce: 1. Run a SSH server with default configuration and point a domain to it. 2. Add SSHFP record to the domain, but only for Ed25519 key. 3. Attempt to connect with VerifyHostKeyDNS set to yes, but the rest of settings set to defaults. 4. OpenSSH defaults to ECDSA instead of Ed25519 and refuses connection because there is no ECDSA fingerprint in SSHFP records. A stopgap solution
2012 Jul 17
1
[Bug 1972] ssh-keygen fails to generate SSHFP for ECDSA but exits with 0 code
https://bugzilla.mindrot.org/show_bug.cgi?id=1972 Daniel Black <daniel.black at ovee.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |daniel.black at ovee.com.au Keywords| |openbsd, patch --- Comment #2
2019 Feb 23
2
Possible bug: SSH doesn't prefer host keys listed in SSHFP records while connecting.
Well, SSHFP is supposed to only be used on DNSSEC-enabled domains. On Sat, Feb 23, 2019 at 9:59 PM Peter Stuge <peter at stuge.se> wrote: > > Yegor Ievlev wrote: > > It would make more sense to treat SSHFP records in the same way as > > known_hosts > > I disagree with that - known_hosts is nominally a client-local configuration. > > I think it's a very bad
2019 Feb 23
3
Possible bug: SSH doesn't prefer host keys listed in SSHFP records while connecting.
Well, known_hosts isn't exactly trusted input, since it's usually composed of the keys you first encounter, without any additional checking, as opposed to (hopefully) correctly signed SSHFP records. On Sat, Feb 23, 2019 at 10:22 PM Peter Stuge <peter at stuge.se> wrote: > > Yegor Ievlev wrote: > > > I think it's a very bad idea to have the client start treating
2012 Jun 26
2
[Bug 2022] New: ssh segfaults when using ldns, SSHFP, a DNSSEC-enabled resolver and a CNAME
https://bugzilla.mindrot.org/show_bug.cgi?id=2022 Bug #: 2022 Summary: ssh segfaults when using ldns, SSHFP, a DNSSEC-enabled resolver and a CNAME Classification: Unclassified Product: Portable OpenSSH Version: 6.0p1 Platform: All OS/Version: All Status: NEW Severity: normal
2008 Aug 07
0
choose the right sshfp
Greetings. I've set up several sshfp records some time ago. Everything works great except the way openssh chooses the sshfp record. Now it looks liek the client asks for the name supplied on the command line. It might be a bit trouble some since there are at least three ways to set up some aliases and at leas one of them is secure. I propose an alternative way which even seems more robust
2002 Feb 27
2
[Bug 126] New: ssh-keyscan hangs or crashes accessing Sun ssh host
http://bugzilla.mindrot.org/show_bug.cgi?id=126 Summary: ssh-keyscan hangs or crashes accessing Sun ssh host Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Miscellaneous AssignedTo: openssh-unix-dev at mindrot.org
2011 Nov 21
3
ssh-keygen -r should support SSHFP records for ECDSA (or at least return non-zero error code on failure)
hi folks: it looks like ssh-keygen -r can''t export SSHFP records for ECDSA keys: 0 dkg@pip:/tmp/cdtemp.oiRYAS$ ssh-keygen -f foobar -t ecdsa -q -P '''' 0 dkg@pip:/tmp/cdtemp.oiRYAS$ ssh-keygen -r foobar -f foobar.pub export_dns_rr: unsupported algorithm 0 dkg@pip:/tmp/cdtemp.oiRYAS$ the first number in my prompt is the return code of the last command; note that
2002 Mar 21
2
bug in ssh-keyscan.c --
===== Ladies/Gents, "ssh-keyscan.c" can't be linked statically against "libssh.a". You end up with `fatal()' being doubly defined. The patch below deletes the new "ssh-keyscan.c:fatal()" function and and restores the "ssh-keyscan.c:fatal_callback()" function with modifi- cations. The problem that both attempt to alleviate is the setting of the
2015 Jan 30
0
[Bug 1213] ssh-keyscan exits in mid-way
https://bugzilla.mindrot.org/show_bug.cgi?id=1213 --- Comment #57 from Daniel Richard G. <skunk at iSKUNK.ORG> --- Okay, rolling with git master 86936ec2. Now, ssh-keyscan isn't erroring out; instead, it's... hanging. I'm seeing this behavior crop up pretty consistently after running for several minutes. And it's wedged pretty tight, too---nothing happens even after letting
2015 Jan 27
0
[Bug 1213] ssh-keyscan exits in mid-way
https://bugzilla.mindrot.org/show_bug.cgi?id=1213 --- Comment #50 from Daniel Richard G. <skunk at iSKUNK.ORG> --- Okay, tried again with your patch. Here's what I see: [...] # A.B.C.46 SSH-1.99-OpenSSH_4.2 # A.B.C.47 SSH-1.99-OpenSSH_4.2 # A.B.C.47 SSH-1.99-OpenSSH_4.2 # A.B.C.47 SSH-1.99-OpenSSH_4.2 # A.B.C.48 SSH-1.99-OpenSSH_4.2 # A.B.C.48
2004 May 12
1
ssh-keyscan not using ProxyCommand?
I have a network without a network connection to other networks. But a socks server is dual homed between it and other networks. I can use socks to ssh to other networks. I use ProxyCommand with the socks aware connect.c program to connect out. All works great. I discovered while trying to use the ssh-keyscan program that it does not use the ProxyCommand configuration. At least in my testing
2000 Dec 10
2
snapshot: ssh-keyscan problems
Hello all, Tested the latest snapshot. ssh-keyscan seems to have gone in. :) Two issues about it (patched): 1) the man pages aren't installed, only uninstalled 2) RH spec file (and the others no doubt..) won't include it. General observations: for RSA keys only?, kinda obsoletes contrib/make-ssh-known-hosts*. -- Pekka Savola "Tell me of difficulties surmounted,
2014 Apr 07
4
[Bug 2223] New: Ed25519 support in SSHFP DNS resource records
https://bugzilla.mindrot.org/show_bug.cgi?id=2223 Bug ID: 2223 Summary: Ed25519 support in SSHFP DNS resource records Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at
2020 May 11
0
[Bug 3163] New: teach ssh-keyscan to use ssh_config (plus options like ProxyJump)
https://bugzilla.mindrot.org/show_bug.cgi?id=3163 Bug ID: 3163 Summary: teach ssh-keyscan to use ssh_config (plus options like ProxyJump) Product: Portable OpenSSH Version: 7.4p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component:
2023 Jun 20
8
[Bug 3581] New: ssh-keyscan fails with `fdlim_get: bad value` with large file descriptor limit due to type confusion
https://bugzilla.mindrot.org/show_bug.cgi?id=3581 Bug ID: 3581 Summary: ssh-keyscan fails with `fdlim_get: bad value` with large file descriptor limit due to type confusion Product: Portable OpenSSH Version: 9.3p1 Hardware: ARM64 OS: Mac OS X Status: NEW Severity: enhancement