similar to: Feature request: FQDN Host match

Hello, My usage of ProxyCommand just calls the nc utility with various parameters. That in turn after the initial setup just copies copies the data from the network socket to stdin/stdout. This useless coping can be avoided if ssh has an option to receive the socket from the proxy command. I suppose it can improve network error reporting as ssh would talk directly to the network socket rather

In the current implementation, ssh always uses the hostname supplied by the user directly for the SSHFP DNS record lookup. This causes problems when using the domain search path, e.g. I have "search example.com" in my resolv.conf and then do a "ssh host", I will connect to host.example.com, but ssh will query the DNS for an SSHFP record of "host.", not

This allows me to set 'ControlPath ~/.ssh/sockets/%h.%p.%u' for example. Have I missed a good reason why ssh_connect finds the default port number for itself instead of just having it in options.port (like we do for the the default in options.user)? --- openssh-4.1p1/ssh.c~ 2005-06-12 09:47:18.000000000 +0100 +++ openssh-4.1p1/ssh.c 2005-06-12 09:40:53.000000000 +0100 @@ -604,6 +604,17

Could people please test -current? We will be making a release fairly soon. -d -- | By convention there is color, \\ Damien Miller <djm at mindrot.org> | By convention sweetness, By convention bitterness, \\ www.mindrot.org | But in reality there are atoms and space - Democritus (c. 400 BCE)

Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the

On Sat, Jan 7, 2017 at 2:30 PM, Peter Moody <mindrot at hda3.com> wrote: > so I spent a bit of time looking at this and it seems like the only > way to go, at least if I want to keep it in ssh_connect_direct(), is > to use pthreads. further, it seems like getting that accepted is > something of a long shot: Sorry, pthreads is a non-starter. I would have thought that using

For some odd reason, one line was removed from the handling of ProxyCommand in readconf.c. As a result, ssh crashes on strlen(string) when it parses this option. --- readconf.c:X Mon Aug 6 23:35:52 2001 +++ readconf.c Wed Aug 15 16:11:44 2001 @@ -475,6 +475,7 @@ case oProxyCommand: charptr = &options->proxy_command; + string = xstrdup(""); while ((arg =

The attached patch adds a new 'ConnectTimeout' option (man page updated in patch) to avoid wasting time when the target host is down. I needed that because I was using rsync/rdist over ssh for massive files update and the default connect() took too long for my purpose. The patch was tested on Linux only, but I used a similar one for ssh 1.2.XX on Linux, Solaris and HP-UX without

https://bugzilla.mindrot.org/show_bug.cgi?id=2664 Bug ID: 2664 Summary: Boolean option parsing is excessively case-sensitive Product: Portable OpenSSH Version: 7.4p1 Hardware: Other URL: https://bugs.launchpad.net/bugs/1656557 OS: Linux Status: NEW Severity: enhancement Priority:

Ok, I'm doing a heads up here. I just applied: - markus at cvs.openbsd.org 2002/06/11 04:14:26 [ssh.c sshconnect.c sshconnect.h] no longer use uidswap.[ch] from the ssh client run less code with euid==0 if ssh is installed setuid root just switch the euid, don't switch the complete set of groups (this is only needed by sshd). ok provos@ A few comments about

I was wondering what everyone's thoughts were on a simpler way to exclude addresses from having listeners on them. I know a lot of people have multiple subnets, especially larger corporations. Some networks are non-route-able, and therefor unsuitable for use with SSH, aside from communication between other servers on the same subnet. Given that we may want to exclude those non-route-able

Being rather aggrevated when testing at the enforced 1 second delay between each connection attempt and the useless 1 second delay done after all connection attempts have failed I wrote a patch to make the number of seconds delayed between each connection attempt configurable. Stephen -------------- next part -------------- diff -u --recursive openssh-2.3.0p1/ChangeLog

Hello, While testing recent snapshots (20131023 and 20131024) I encountered a problem with ProxyCommand. The regression tests all passed, but the use of ProxyCommand's in my ~/.ssh/config resulted in name resolution errors; even if CanonicalizeHostname was explicitly set to "no." The patch included inline below fixed the issue: Index: ssh.c

Hi, (I'm not subscribed to the list, so please CC me on reply.) I'd like to request adding a feature to OpenSSH: Task: ~~~~~ It is quite sometime useful to invoke a program prior to connecting to an ssh server. The most common use case will probably be port knocking. That is a small program sends certain packets to a server and the server reacts to this by unlocking the ssh port, which

diff -u -r -N openssh-2.9p1/channels.c openssh-2.9p1-ajf.1/channels.c --- openssh-2.9p1/channels.c Tue Apr 17 14:14:35 2001 +++ openssh-2.9p1-ajf.1/channels.c Wed Jun 6 23:25:36 2001 @@ -1815,13 +1815,25 @@ /* * getaddrinfo returns a loopback address if the hostname is * set to NULL and hints.ai_flags is not AI_PASSIVE + * + * Oh yeah? Setting hostname to NULL and hints.ai_flags to +

I'm reading this fine article on O'Reilly: http://linux.oreillynet.com/lpt/a//linux/2001/11/08/ssh_keystroke.html <quote> The paper concludes that the keystroke timing data observable from today's SSH implementations reveals a dangerously significant amount of information about user terminal sessions--enough to locate typed passwords in the session data stream and reduce the

[Please CC me, I'm not on the list] My box is on a mostly Windows-populated network. Naturally, I set up Samba and added WINS as a name resolution option. I found out that some programs now can use NetBIOS names, other can't. openssh falls into latter category :-( I found that openssh use this snippet to convert hostname to ip: if((gaierr = getaddrinfo(host, strport, &hints,

Hi, I'm not a subscriber to this list so please CC: me in any replies. I found myself in a situation where I was behind a corporate firewall that allowed only web requests to the outside world (and furthermore those requests had to be via their proxy server). Therefore, I couldn't SSH to the outside world. However, the HTTP proxy 'CONNECT' method, which is normally used to

If bind() fails we _always_ should close socket. I sent this patch while ago to djm but I still don't see this fix in openssh_cvs. diff -urN openssh-2.3.0p1.org/sshd.c openssh-2.3.0p1/sshd.c --- openssh-2.3.0p1.org/sshd.c Sat Jan 6 19:54:11 2001 +++ openssh-2.3.0p1/sshd.c Sat Jan 6 19:55:48 2001 @@ -782,10 +782,10 @@ debug("Bind to port %s on %s.", strport, ntop); /*

http://bugzilla.mindrot.org/show_bug.cgi?id=1162 Summary: Inappropriate sequence of syslog messages Product: Portable OpenSSH Version: 4.2p1 Platform: Other OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org ReportedBy: