similar to: Proposal: Allow HostKeyAlias to be used in hostname check against certificate principal.

https://bugzilla.mindrot.org/show_bug.cgi?id=2728 Bug ID: 2728 Summary: HostKeyAlias not respected for certificate authority host key validation Product: Portable OpenSSH Version: 7.5p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: ssh

On Mon, May 15, 2017 at 11:39 AM, Peter Moody <mindrot at hda3.com> wrote: > my reading of the sshd manpage is that ssh is more permissive than it should be > > SSH_KNOWN_HOSTS FILE FORMAT : > ... > > A hostname or address may optionally be enclosed within `[' and `]' > brackets then followed by `:' and a non-standard port number. Hi Peter, I'm not

https://bugzilla.mindrot.org/show_bug.cgi?id=2359 Bug ID: 2359 Summary: [PATCH] Allow HostKeyAlias to be used in hostname check against certificate principal Product: Portable OpenSSH Version: 6.7p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5

When connecting to a host for which there's no known hostkey, check if the relevant key has been accepted for other hostnames. This is useful when connecting to a host with a dymamic IP address or multiple names. --- auth.c | 4 ++-- hostfile.c | 42 ++++++++++++++++++++++++++++-------------- hostfile.h | 8 ++++++-- sshconnect.c | 39 +++++++++++++++++++++++++++++++++------

Hi all, Last week I noticed that the CertChecker in the Go implementation of x/crypto/ssh seems to be doing host principal validation incorrectly and filed the following bug: https://github.com/golang/go/issues/20273 By default they are looking for a principal named "host:port" inside of the certificate presented by the server, instead of just looking for the host as I believe OpenSSH

Here are some problems with the latest snapshot on Mac OS X: I am by no means an autoconf expert, but here is what happens after a "autoreconf": autoconf: Undefined macros: configure.in:1291:AC_CHECK_MEMBERS([struct stat.st_blksize]) configure.in:2168:AC_CONFIG_FILES([Makefile openbsd-compat/Makefile scard/Makefile ssh_prng_cmds]) configure.in:26:AC_SYS_LARGEFILE

https://bugzilla.mindrot.org/show_bug.cgi?id=1039 Darren Tucker <dtucker at zip.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #12 from Darren Tucker <dtucker at zip.com.au> 2010-03-26 10:51:05 EST --- With the

http://bugzilla.mindrot.org/show_bug.cgi?id=1039 ------- Additional Comments From djm at mindrot.org 2005-06-17 13:54 ------- I don't understand: you know the alias hostname, because it is there on the commandline, so the prompt is providing you more, real information. Can you give me a real-life scenario where showing the alias hostname would be important? ------- You are receiving

http://bugzilla.mindrot.org/show_bug.cgi?id=1039 ------- Comment #8 from dtucker at zip.com.au 2005-11-24 19:47 ------- (In reply to comment #7) > I don't understand: you know the alias hostname, because it is there on the > commandline, so the prompt is providing you more, real information. > > Can you give me a real-life scenario where showing the alias hostname would be

https://bugzilla.mindrot.org/show_bug.cgi?id=1039 Iain Morgan <imorgan at nas.nasa.gov> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |imorgan at nas.nasa.gov --- Comment #13 from Iain Morgan <imorgan at nas.nasa.gov> --- My apologies for

http://bugzilla.mindrot.org/show_bug.cgi?id=1039 Summary: Incomplete application of HostKeyAlias in ssh Product: Portable OpenSSH Version: 4.0p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: bitbucket at mindrot.org ReportedBy: cdmclain

Hello! I'm hoping that Gmail won't HTML format this mail so that I'll get flamed :) Anyway, my question relates to ssh_config. The problem I find is that the Host pattern is only applied to the argument given on the command line, as outlined in the man page: "The host is the hostname argument given on the command line (i.e. the name is not converted to a canonicalized host name

The file descriptor f is not closed in this error path. This patch adds the fclose as is customary in the rest of the function. This entire set of patches passed the regression tests on my system. Resource leak bug found by Coverity. Signed-off-by: Kylene Hall <kjhall at us.ibm.com> --- hostfile.c | 4 +++- 1 files changed, 3 insertions(+), 1 deletion(-) diff -uprN

Hi, (I'm not subscribed to the list, so please CC me on reply.) I'd like to request adding a feature to OpenSSH: Task: ~~~~~ It is quite sometime useful to invoke a program prior to connecting to an ssh server. The most common use case will probably be port knocking. That is a small program sends certain packets to a server and the server reacts to this by unlocking the ssh port, which

The attached patch implements a feature that would make my interaction with ssh somewhat more secure. When connecting to a host whose key is not in the known_hosts file, this patch makes ssh tell the user about any other hosts in the known_hosts file that have the same key. For example, if I have host A in my known_hosts file, and try to connect to host B which is an alias for A, ssh will tell

Hi list, I use ssh a lot and I often need to connect to hosts whose host key has changed. If a host key of the remote host changes ssh terminates and the user has to manually delete the offending host key from known_hosts. I had to do this so many times that I no longer like the idea ;-) I would really like ssh to ask me if the new host key is OK and if I want to add it to known_hosts. I talked

Hi, OpenSSH 5.6 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a moderately large release, with a number of new features and bug fixes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH

Allow users to specify certificates to be used for authentication on the command line with the '-z' argument when running ssh. For successful authentication, the key pair associated with the certificate must also be presented during the ssh. Certificates may also be specified in ssh_config as a CertificateFile. This option is meant the address the issue mentioned in the following

Looking at epel-testing, while libguestfs-* 1.0.57-2 is available, virt-inspector does not appear to be. http://cvs.fedoraproject.org/viewvc/rpms/libguestfs/EL-5/libguestfs.spec?view=markup shows the virt-inspector bits commented out, and http://cvs.fedoraproject.org/viewvc/rpms/libguestfs/EL-5/libguestfs.spec?view=log doesn't appear to have an explanation. Wuzzup? :)

See attachment for full logs. Appears at first glance to be related to the lack of support for virtio-net in the guest kernel. /usr/bin/qemu-kvm /usr/bin/qemu-kvm -drive file=test1.img,cache=off,if=ide -drive file=test2.img,cache=off,if=ide -drive file=test3.img,cache=off,if=ide -drive file=../images/test.sqsh,snapshot=on,if=ide -m 500 -no-reboot -kernel /tmp/libguestfscfrLMf/kernel -initrd