similar to: PTY allocation?

Oops. That's -T. From the man page, it doesn't really look like there's an ssh_config option for -N. -----Original Message----- From: openssh-unix-dev [mailto:openssh-unix-dev-bounces+scott_n=xypro.com at mindrot.org] On Behalf Of Scott Neugroschl Sent: Tuesday, August 09, 2016 1:04 PM To: Volker Diels-Grabsch; openssh-unix-dev at mindrot.org Subject: RE: Equivalent ssh_config

I'm working from modified 5.0p1 codebase. What I'm looking for is a mechanism to limit the number of simultaneous connections on a per-user/IP basis. That is, disallow multiple simultaneous logins/authentication of the same user from different IP addresses. e.g.: fred from 10.1.1.1 - accept fred from 10.1.1.2 -- reject while fred is still connected from 10.1.1.1 fred from 10.1.1.1 - OK

I'm using 5.0p1 (Yeah, yeah. I know.). For various reasons, I am unable to upgrade to the latest and greatest, which probably would solve my problem. Here's my question. When doing an scp from remote to local (e.g.: scp user at host:remote localfile), is there any way to specify the path to the remote scp? Or do I have to patch the code to allow it? ---- Scott

Hi everyone, I know scp is kind of the red-headed stepchild of the suite, but I'd like to propose an extension to the syntax for remote-remote passthrough using the "-3" option. Currently the syntax is essentially scp -3 [ -P port ] [user@]host1:file [user@]host2:file This is great, as long as both remotes are on the same port. It causes difficulties if host1 and host2 are not

A couple of notes about mget/mput in SFTP (5.1p1). 1. They aren't documented in the SFTP man page 2 They misbehave -- "mput a.txt b.txt" copies a.txt to b.txt on the server "mput *.txt b.txt" copies the first wildcard match to b.txt on the server "mput a.txt b.txt c.txt" copies a.txt to b.txt on the server "mput a.txt

Dear OpenSSH developers, Is there an equivalent ssh_config setting for the command line option ssh -N ... ? I want to connect to a server that doesn't provide an interactive shell but allows for port forwarding only. I'd love to configure this into my ~/.ssh/config as follows: Host foo Hostname ... Port ... User ... LocalForward ...

I'm seeing something similar to bug 1179 (https://bugzilla.mindrot.org/show_bug.cgi?id=1179), even with the reordered IP options check. For some reason, getsockopt is returning an IP options of length 2, value 00 00. Would Mark Weindling's original patch (https://bugzilla.mindrot.org/attachment.cgi?id=1105) break anything if I incorporated it? Platform: HP NonStop S7000 series

I read an article today about keyboard interactive auth allowing bruteforcing. I'm afraid I have minimal understanding of what keyboard-interactive really does. What does it do, and should I have my clients set it to off in sshd_config? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |

Quoth Iain: >I'm not sure if the work being done to allow OpenSSH to be built without OpenSSL includes SHA-1 support. Hi Iain. I haven't heard of this effort before. Can you give a few more details? Thanks, ScottN --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |

On Thu, Apr 20, 2017 at 11:00 AM, Scott Neugroschl <scott_n at xypro.com> wrote: > > On Wed, Apr 19, 2017 at 1:02 PM, navern <livingdeadzerg at yandex.ru> wrote: > >> Is there any available tool with this for pre-evaluating the resulting sshd_config for fatal errors? I'm not demanding: I'm thinking "that could be really, really useful". > >

I haven't been keeping up with the internals, I'm afraid. Does OpenSSH have support for Port Knocking? I might be interested in looking into that, as a way of reacquainting myself with the current code base. --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |

You need to disable ?ChallengeResponse? (aka keyboard-interactive) authentication, not password authentication, to protect against this attack. On Jul 22, 2015, at 1:56 PM, Bostjan Skufca <bostjan at a2o.si> wrote: > > And to answer your question about what to do, you have three options: > - disable access to ssh with a firewall > - disable password authentication > -

On 13/04/18 07:59, Josh Soref wrote: > Randall S. Becker <rsbecker at nexbridge.com> wrote: > >> -REGRESSTMP = "$(PWD)/regress" >> +REGRESSTMP = `pwd` >> >> ? tests interop-tests t-exec unit: regress-prep regress-binaries >> $(TARGETS) >> > It looks like the problem is that pwd is in uppercase, not so much the > distinction between

Hi, Thanks a lot for this great software :) I'm trying to do something to secure my server. I need to disable removing file or removing directory using SFTP. In other words, the user can only write, move but not delete the file. This will be used to store logs so, I need to make sure once the logs written to my server the user cannot remove it. I tried doing this by changing the code of

>> However - as I got into that - I realized that I have no way to "find" >> just the keys for a single user. Since the only argument to that ssh >> keys command, is the username. It's not HTTP so I couldn't point at a >> subdomain and use that to look up the information. >You may be interested in the bug report "extend the parameters to the

I'm seeing something unusual in 5.0p1. Let me start by saying that I'm on kind of an oddball system (HP NonStop). What I'm seeing is that at the end of an scp session, the server gets stuck in a loop. First I see a shutdown failure, followed by looping on an "ibuf_empty delayed efd 9/(0)" condition. This may have to do with some minor semantic differences in the way the

We recently upgraded to openss 5.8p2 from a somewhat older version. This broke openssh login to ScreenOS devices. These devices don't support PTY allocation. Apparently, ssh now reacts to PTY allocation failure by failing the login. This is a change from the previous behavior. The simple workaround is ssh -T $device. I see in the ChangeLog that some device would hang with PTY allocation

I am assuming this is a user error (and the bug, if any is in configure not telling me how to activate it). I regularly see a message: Could not load host key: /etc/ssh/ssh_host_ecdsa_key And, obviously, I have never made the key before. I tried the following: ./ssh-keygen -t ecdsa -fssh_host_esdsa_key -N "" unknown key type ecdsa However, the syntax says it is a known type root at

`git describe' says V_7_3_P1-207-gc924b2ef (shouldn't it say V_7_4_P1-<yadayada>?). This is what I see: gcc -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I.

Why is there an inconsistency with the option for the destionation port. ssh -p <port> ... scp -P <port> ... sftp -P <port> ... For scp it is neccessary to be "-P" ( Quote: " Note that this option is written with a capital 'P', because $B!](Bp is already reserved for preserving the times and modes of the file in rcp(1)." ). Also sftp uses already