similar to: Announce: Portable OpenSSH 7.1p2 released

My keys are secured with a passphrase. That's good for security, but having to type the passphrase either at every login or at every invocation of ssh(1) is annoying. I know I could invoke ssh-add(1) just before invoking ssh(1), if I keep track of whether I invoked it already, or write some hacky scripts; but the rest of OpenSSH is wonderfully usable without any hacks. Hence, this patch.

The attached patch for 4.6p1 adds a feature (-u) that will check to see if a key exists on a remote host. I use this for auditing my users transition to v2 keys very useful. If there is any interest I'll provide a patch for v2 ssh keys also. http://vapid.dhs.org/dokuwiki/doku.php?id=vapidlabs:openssh_check_key_patch -- Thanks Larry --- orig/openssh-4.6p1/sshconnect1.c 2006-11-07

This provides a mechanism to attach arbitrary configure options into the ssh_config file and use them from the LocalCommand and ProxyCommand. Examples: # set FOO to foo LocalEnvMod FOO = foo # append bar to FOO with default separator "," LocalEnvMod FOO += bar # unset FOO LocalEnvMod FOO = # append foo to BAR with separator ":", if BAR is empty

Hi, I am happy to (re)send a set of patches for compiling OpenSSH 4.7p1 with FIPS 140-2 OpenSSL. These are based on previously reported patches by Steve Marquess <marquess at ieee.org> and Ben Laurie <ben at algroup.co.uk>, for ver. OpenSSH 3.8. Note that these patches are NOT OFFICIAL, and MAY be used freely by anyone. Issues [partially] handled: SSL FIPS Self test. RC4,

https://bugzilla.mindrot.org/show_bug.cgi?id=1856 Summary: Wrong QoS naming and obsolete defaults Product: Portable OpenSSH Version: 5.8p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Miscellaneous AssignedTo: unassigned-bugs at mindrot.org ReportedBy:

It would be useful to allow matching HostName entries against Host entries. That's to say, I would find it very convenient to have an ssh_config like: Host zeus HostName zeus.greek.gods User hades Host hera HostName hera.greek.gods # [ ... ] Host *.greek.gods User poseidon UserKnownHostsFile ~/.ssh/known_hosts.d/athens # [ Default settings for *.greek.gods ] where I

Hey everyone, I wanted to add support for denying PTY allocation through OpenSSH. I'm not certain if this is quite thorough enough for all cases, but for me it might work for the moment. I know that you can currently do this through authorized_keys, but as far as I know that only works for an actual key. In my use case, I wanted a user with no password which is forced to run a specific

https://bugzilla.mindrot.org/show_bug.cgi?id=2541 Bug ID: 2541 Summary: Add explicit_bzero() before free() in OpenSSH-7.1p2 for auth1.c/auth2.c/auth2-hostbased.c Product: Portable OpenSSH Version: 7.1p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5

Hi, Not sure if this anyone else is interested in this but to me it seems to make sense to use different control session multiplexer sockets for bulk and interactive workloads. Index: auth.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/auth.c,v retrieving revision 1.94 diff -u -p -r1.94 auth.c --- auth.c 23 May 2011 03:33:38 -0000 1.94 +++

There's currently no way to express trust for an SSH certificate CA other than by manually adding it to known_hosts. This patch modifies the automatic key write-out behaviour on user verification to associate the hostname with the CA rather than the host key, allowing environments making use of certificates to update (potentially compromised) host keys without needing to modify client

https://bugzilla.mindrot.org/show_bug.cgi?id=2319 Bug ID: 2319 Summary: [PATCH REVIEW] U2F authentication Product: Portable OpenSSH Version: 6.7p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: Miscellaneous Assignee: unassigned-bugs at

Hello, I manage OpenSSH on a dozen or so servers that act as gateways for a large amount of developers and system administrators. On these servers it is common for there to be more than 1000 active X11 forwards active at peak usage. Beyond ~1000 active X11 forwards, sshd will fail to bind additional ports due to a hard coded range check in channels.c that limits the port range that sshd will

I've been testing tunneling on Linux with openssh-SNAP-20060116.tar.gz and found a problem. When I use LocalCommand for doing ifconfig stuff, the command line was executed before a tunneling interface is opened. This causes errors on Linux and the interface is not automatically set up. This is not a problem on *BSD because you can do ifconfig for unopened tun/tap interfaces. But in Linux,

This patch allows the OpenSSH client to make connections over SCTP, and allows the OpenSSH server to listen for connections over SCTP. SCTP is a robust transport-layer protocol which supports, amongst other things, the changing of endpoint IPs without breaking the connection. To connect via SCTP, pass -H or set "ConnectViaSCTP yes". To listen via SCTP as well as TCP, set

https://bugzilla.mindrot.org/show_bug.cgi?id=1963 --- Comment #5 from martin f. krafft <bugzilla.mindrot.org at pobox.madduck.net> --- With reference to http://bugs.debian.org/650512, which I just reopened, I am sorry to say that the bug persists in OpenSSH 6.0. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the

https://bugzilla.mindrot.org/show_bug.cgi?id=2546 Bug ID: 2546 Summary: --without-openssl is broken Product: Portable OpenSSH Version: 7.1p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: Build system Assignee: unassigned-bugs at

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 01/14/2016 05:34 PM, m.roth at 5-cent.us wrote: > Michael H wrote: >> Probably worth a read... >> >> http://www.openssh.com/txt/release-7.1p2 >> >>> Important SSH patch coming soon. For now, everyone on all >>> operating systems, please do the following: >>> >>> Add undocumented

On 01/15/2016 06:39 AM, Johnny Hughes wrote: > On 01/14/2016 10:20 AM, Michael H wrote: >> Probably worth a read... >> >> http://www.openssh.com/txt/release-7.1p2 >> >>> Important SSH patch coming soon. For now, everyone on all operating >>> systems, please do the following: >>> >>> Add undocumented "UseRoaming no" to

https://bugzilla.mindrot.org/show_bug.cgi?id=2539 Bug ID: 2539 Summary: Add missing sanity check for read_passphrase() in auth-pam.c Product: Portable OpenSSH Version: 7.1p1 Hardware: All OS: All Status: NEW Severity: major Priority: P5 Component: PAM support

Probably worth a read... http://www.openssh.com/txt/release-7.1p2 > Important SSH patch coming soon. For now, everyone on all operating > systems, please do the following: > > Add undocumented "UseRoaming no" to ssh_config or use "-oUseRoaming=no" > to prevent upcoming #openssh client bug CVE-2016-0777. More later. echo "UseRoaming no" >>