similar to: Name based SSH proxy

In sshconnect.c there are two global variables for server_version_string client_version_string. These are used just in a few functions and can easily be passed as parameters. Also, there is a strange construct, where their memory is allocated to the global pointers, then copies of these pointers are assigned to the kex structure. The kex_free finally frees them via cleanup of the kex

Hello, I am testing ssh with occasional network disconnection between server and client during these days. I found ssh sometimes hangs if the disconnection happens after the connection is established but before ssh_exchange_identification completes. The ssh configuration files show that both client and server alive options are set. In /etc/ssh/ssh_config: # Send keepalive messages to the server.

On 26/05/15 18.29, Daniel Kahn Gillmor wrote: > On Tue 2015-05-26 17:42:40 -0400, Kasper Dupont wrote: > > But it does not address all my requirements. I have a > > requirement that the hostname being used must be visible > > to the administrator of the SSH server. And it must be > > visible with minimal effort without requiring any software > > changes on the

Hi folks, I'm currently trying to connect to version 1.2.16 of the commercial server. The server says it supports protocol version 1.4 and that that is incompatible with protocol version 1.5. Is that actually true? The complete output from "ssh -v xxxxxxx" is: $ ./ssh -v xxxxxxx SSH Version OpenSSH_2.3.0p1, protocol versions 1.5/2.0. Compiled with SSL (0x0090581f). debug:

On 26/05/15 15.50, Daniel Kahn Gillmor wrote: > The argument that the DNS lookup leaks this metadata is a bad argument: > if we followed this line of reasoning, then every problem that has > multiple contributors could never be solved (A says "but my fixing > things is useless if B does nothing", while B says "but my fixing things > is useless if A does nothing"

Hey all, I installed OpenSSH on a redhat 6.0 box using the 1.2.2 i386 rpms, and I can't connect to it from other machines. I edited the sshd_config file and changed the ListenAddress from 0.0.0.0 to the machine's IP number. The error I have been getting at first confused me, so I checked out the code, and found the function in the sshconnect.c file. The strange thing is that sometimes

Hello Steve, Hello OpenSSH-portable developers, I am building OpenSSH for our (EBCDIC-based) BS2000 mainframe operating system, and I noticed you do the same for OS/390. Because my initial ssh port was based on IBM's OSS port (ssh-1.2.2 or some such), I thought it was fair enough to help with a little co-operation; we might come up with a unified EBCDIC patch which could be contributed to

Hi List, I have a szenario where I need to reach a host on the internet from a "firewalled" network but there is a HTTPS-proxy runnnig. As some people know you can tunnel all TCP-connections through this proxy because it can't decide if someone is really doing SSL or just Telnet to port 443 (or use SSH in our case). So I've written a patch for ssh to make it send the CONNECT

Here's a quick patch that adds a timeout (value set from the connection timeout config parameter) for identification exchange. The situation that this fixes is the one where the sshd has a connection open (so you can make a TCP connection) but does not put up a banner (e.g. when the disk has crashed or when file descriptors are exhausted on a machine). Sounds unusual, but this happens with

As far as I can tell when the ssh command uses an agent to authenticate to a server and then forwards an agent to that server, it will always use the same agent for both purposes. Has there been any attempt to make it possible for the ssh command to use two different agents, such that I can use one agent to authenticate and then forward a different agent to the server? -- Kasper Dupont --

Hi, 1. I think you should apply the attached patch to openssh-2.9p1, otherwise ssh-keyscan on linux boxes with glibc-2.1 will experience enormous timeout delays. 2. Is there a program like ssh-keyscan for the Version2 (dsa and rsa) keys?? regards Peter Breitenlohner <peb at mppmu.mpg.de> -------------- next part -------------- diff -ur openssh-2.9p1.orig/ssh-keyscan.c

On 27/05/15 11.07, Dirk-Willem van Gulik wrote: > As a practical suggestion - we ran for a while with a hack where we abuse the version human readable string with a > base64 string of a _salted_ hash of the server we where trying to get to. > > Sharing both salt and hash. > > This let the server figure out the right key to present without too much ado; but without leaking all

On 25/05/15 09.51, Damien Miller wrote: > I'm not sure it should be part of the banner exchange, though there is > no other trivial way to do it and maintain backwards compatibility. Even if backwards compatibility wasn't a requirement, I don't see any better way it could be done. > I don't much like it because it reveals host identity information > in the clear. So

Hi. I don't do much with routers any more but recently I was configuring a Cisco via SSH when my session disconnected while pasting large amounts of text. I'm told this is common. I've had this patch for a while but I've not been able to test it. If anyone is regularly experiencing this kind of issue could you please tell me if the attached patch helps? (The buffer size limit

On 27/05/15 01.42, ?ngel Gonz?lez wrote: > Why do you want the hostname being used to "be visible to the administrator > of the SSH server"? In case the AAAA record used by the proxy to find the server for some reason points to the wrong IP address, I want to ensure that the administrator of the server has the opportunity to see the DNS record causing connections to end up on

Hi, I'm a newbie to openssh and was trying to read the source code recently. Could anyone tell me why in sshd the connection_in and connection_out are the same(seems to be integer 3 in my machine). connection_in is used in process_input(readset), and connection_out is used in process_output(writeset); But how does it work if it tries to read and write from the same file descriptor? /Bob

Here is my third attempt at the idletimeout patch. I tried to address the points which Marcus Friedl brought up. It is actually bigger than the previous patches, but not as intrusive. It is big because it moves some stuff from serverloop.c to packet.c. - I moved all the logic to packet.c. This means that I also had to move the actual select() call, which used to be in serverloop.c to packet.c.

We've got set of servers that use AFD (http://www.dwd.de/AFD) to scp files to a set of receiving servers. There are about 25 sending machines, and 12 receiving machines. All the servers are RHEL 4 and 5, with the senders running openssh 4.3p2, and the receivers running 3.9p1. Most files are sent without a problem, but on a pretty regular basis, we get "ssh_exchange_identification:

Renaud Guerin <renaudg at hexanet.fr> writes: >I'm running OpenSSH 1.2.2. with OpenSSL 0.9.4 on Linux 2.2.14 >(Mandrake 7.0) They were recompiled from source RPMS with gcc 2.95.2 >When I try to connect to localhost, I get >SSH Version OpenSSH-1.2.2, protocol version 1.5. >Compiled with SSL. >debug: Reading configuration data /etc/ssh/ssh_config >debug: Applying

comments? alternatives: sigsetjmp(ugly) and pselect(not portable, available) drawback: additional filedescriptors. Index: serverloop.c =================================================================== RCS file: /home/markus/cvs/ssh/serverloop.c,v retrieving revision 1.82 diff -u -r1.82 serverloop.c --- serverloop.c 10 Oct 2001 22:18:47 -0000 1.82 +++ serverloop.c 11 Oct 2001 18:06:33 -0000 @@