similar to: [PATCH] verify against known fingerprints

https://bugzilla.mindrot.org/show_bug.cgi?id=2234 Bug ID: 2234 Summary: ssh-add -l output aborts on unrecognized key, skips flush when stdout not tty Product: Portable OpenSSH Version: 6.6p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component:

On Wed, 5 Feb 2020, Phil Pennock wrote: > On 2020-02-06 at 10:29 +1100, Damien Miller wrote: > > * sshd(8): allow the UpdateHostKeys feature to function when > > multiple known_hosts files are in use. When updating host keys, > > ssh will now search subsequent known_hosts files, but will add > > updated host keys to the first specified file only. bz2738 >

On Thu, Oct 15, 2015 at 07:02:58PM -0400, Nico Kadel-Garcia wrote: > On Thu, Oct 15, 2015 at 10:34 AM, hubert depesz lubaczewski > <depesz at depesz.com> wrote: > > Hi, > > > > I'm in a situation where I'm using multiple SSH keys, each to connect to > > different set of servers. > > > > I can't load/unload keys on demand, as I usually am

On Sat, May 30, 2015 at 10:38 AM, Phil Pennock <phil.pennock at globnix.org> wrote: > On 2015-05-30 at 15:00 +0200, Kasper Dupont wrote: >> On my laptop I have key1 and key2. I can use key1 to log in >> on server1, and I can use key2 to log in on server2. I want >> neither key to leave the laptop, and only key2 is allowed >> to be forwarded to other hosts. >

On 30/05/15 08.34, Nico Kadel-Garcia wrote: > On Sat, May 30, 2015 at 8:00 AM, Kasper Dupont > <kasperd at kdxdx.23.may.2015.kasperd.net> wrote: > > As far as I can tell when the ssh command uses an agent to > > authenticate to a server and then forwards an agent to that > > server, it will always use the same agent for both purposes. > > > > Has there

Hello, I'm tasked with establishing a persistent SSH connection across a very unreliable link, for a remote port forward (always port 2217). I figured I'd use ServerAliveInterval to make sure that the ssh(1) process dies when the connection appears down, and I use systemd to restart it in this case. This works fine. What does not work fine, however, is the server-side. If the connection

also sprach Phil Pennock <phil.pennock at globnix.org> [2017-11-15 19:41 +0100]: > So, instead of running no command server side, would a suitable > workaround be to run 'while sleep 1; do echo .; done' as the server > command and discard stdout from ssh on the client side? That way, the > server side should detect the dropped link sooner, leading to sshd exit > and

Hi, I have a few hundreds files with numerical information of different length but with the same column structure. I use the following code to get summary statistics fplist <- list.files(pattern=".*analysis") for (fp in fplist){ x2 <- read.delim(fp) summary(x2) } Summary gives something like: summary (x2) V1 V2

https://bugzilla.mindrot.org/show_bug.cgi?id=2446 Bug ID: 2446 Summary: Provide an option to show SHA256 fingerprints in a more pronouncable format Product: Portable OpenSSH Version: 7.0p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5

Hello, Questions, observations, and curiosities. Maybe this is something stupid or maybe I'm doing something wrong... But... In light of the Kurt Seifried paper on SSH and SSL, I was looking for the finger prints on my various servers and known hosts files to have a little crib sheet and maybe plug the list into a database on my palm pilot. I found that ssh-keygen lists out the

Hello all, i just discovered that the known hosts file seems to only store the server finger prints for distinct *hostnames/IPs*, not hostnames/IPs and ports, meaning i can't ssh to a multiple boxes on the same host even if they have different ports. Every client other than the one shipped with openSSH seems to work fine, presumably because they store fingerprints by host:port combinations

Hi, OpenSSH 8.2p1 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a feature release. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available via git using the instructions at

Hi, OpenSSH 7.6p1 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a bugfix release. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available via git using the instructions at

Folks, MacOSX 10.6.x (Snow Leopard) runs { ssh-agent -l }; that's not an s/ssh-add/ssh-agent/ typo. It appears to be an undocumented addition (the man-pages were not updated). I *suspect* that it just tells the agent to honour whatever pre-existing value of $SSH_AUTH_SOCK it inherits and to try to listen to that. I don't know for sure. Does anyone have details on what exactly it does,

http://bugzilla.mindrot.org/show_bug.cgi?id=279 Summary: ssh-keyscan can't check for fingerprints Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: Miscellaneous AssignedTo: openssh-unix-dev at mindrot.org

https://bugzilla.mindrot.org/show_bug.cgi?id=1872 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org Summary|proposal how to change |Support better hash

https://bugzilla.mindrot.org/show_bug.cgi?id=1872 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #2007|0 |1 is obsolete| | Attachment #2429|0 |1 is

When the user chooses to not verify the signatures on the indexes (using --no-check-signature), there is no point in requiring as many --fingerprint as --source (or even just one), as they will not be used anyway. In this case just ignore all the values of the specified --fingerprint arguments. --- builder/cmdline.ml | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-)

When I asked, | > If you're going to run flac -t later to test | > the .flac file, isn't it redundant to have verification on during | > encoding? Fearless Leader Ace Coalson responded, | yep. OK. | > If you know ... that -V was used | > during encoding and that flac reported "Verify OK," is there any | > reason to test the file? | nope, unless you suspect

On 7/24/2017 8:39 PM, Nico Kadel-Garcia wrote: > > Why are the targets of the hardlinks evaporating on rebooting? Is that > a FreeBSD'ism? Its when syslogd stops/starts. The hardlinks need to be recreated for some reason. ---Mike -- ------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike at sentex.net Providing Internet services since 1994