similar to: Permanently added hostkeys (due to IP address pool), without confirmation

On Tue, 29 Sep 2020 at 23:16, Nico Kadel-Garcia <nkadel at gmail.com> wrote: [...] > I gave up on $HOME/.ssh/known_hosts a *long* time ago, because if > servers are DHCP distributed without static IP addresses they can wind > up overlapping IP addresses with mismatched hostkeys You can set CheckHostIP=no in your config. As long as the names don't change it'll do what you

Aki Tuomi wrote in <1907575568.4364.1597984769802 at appsuite-dev-gw1.open-xchange.com>: |> On 21/08/2020 02:17 Steffen Nurpmeso <steffen at sdaoden.eu> wrote: ... |> Wietse Venema wrote in |> <4BXSTk189nzJrP3 at spike.porcupine.org>: |> ... |>|Steffen Nurpmeso: |> ... |>|> until SASL says it is done?!. How could EXTERNAL ever work

https://bugzilla.mindrot.org/show_bug.cgi?id=2631 Bug ID: 2631 Summary: Hostkey update and rotation - No IP entries added to known_hosts Product: Portable OpenSSH Version: 7.3p1 Hardware: amd64 OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh

On Sun, 4 Oct 2020, Christoph Anton Mitterer wrote: > On Sun, 2020-10-04 at 14:02 +1100, Damien Miller wrote: > > This is strictly no worse than continuing to use the old key, so I > > don't consider it a problem. > > Well but in reality it will lead to people never again replace their > key by proper means. Well, first I disagree that this method is improper. The

I am running Arch Linux. Very updated version. When I try to connect to remote servers using OpenSSH I get a hang as show here: $ ssh -v compsci at 10.1.1.12 OpenSSH_7.1p1, OpenSSL 1.0.2d 9 Jul 2015 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to 10.1.1.12 [10.1.1.12] port 22. debug1: Connection established. debug1: identity file /home/carloabelli/.ssh/id_rsa type 1

Hello and good evening. Sorry for responding so late, it is midsummer and i spend as much time as possible on the outside (bicycle, mostly). (Just one more day, then 10 degrees colder!!) I Cc: Wietse Venema, because i quote a message of him. (this is "set quote-add-cc" here.) Aki Tuomi wrote in <84881193.5398.1597934431687 at appsuite-dev-gw2.open-xchange.com>: The dovecot

Checking up on this change: On Wed, 29 Mar 2023 at 19:38, Ed Maste <emaste at freefall.freebsd.org> wrote: > > From: Ed Maste <emaste at FreeBSD.org> > > By convention settings in ssh_config are shown with a commented out > default. > > Fixes: 6cb52d5bf771 ("upstream: make CheckHostIP default to 'no'...") > --- > ssh_config | 2 +- > 1

On Tue, 29 Sep 2020, Nico Kadel-Garcia wrote: > As I understand this option, it does not help at all with the nearly > inevitable re-use of the same IP address for a different host with a > different hostkey in, for example, a modest DHCP based environment. > Such environments are common both in smaller, private networks and in > large public networks, and it's perhaps

https://bugzilla.mindrot.org/show_bug.cgi?id=2562 Bug ID: 2562 Summary: CanonicalizeHostname causes duplicate LocalForward attempts Product: Portable OpenSSH Version: 7.1p1 Hardware: ix86 OS: Mac OS X Status: NEW Severity: normal Priority: P5 Component: ssh

Hi, it becomes more and more common to have machines with dynamically assigned IP addresses online (e.g. DSL), which can be found through dynamic DNS entries. Unfortunately, the "Known Hosts" mechanism doesn't work for these machines: Since the entry is made for the IP address, there's a new entry every time the address changes. Therefore, an option should be invented

Y'all, Currently (OpenSSH_7.1p1) no distinction is made between when an SSHFP RR is missing from the result set (rather then being empty), which can lead to confusing error messages, (the "normal" warn_changed_key() blurb is emitted) e.g. when the presented host key and known hosts both match but there is no matching RR. Further, if VerifyHostKeyDNS and StrictHostKeyChecking are

Hello. Yes, i think that was the cause why agent forwarding wasn't performed at all, i had to rm(1) the control socket and the next ssh(1) connection forwarded the agent normally again. (It was a huge timeshift by several hours.) I.e., just in case this is something you didn't have on your radar yet. Ciao. --steffen

Jim Knoble wrote in <06004671-E946-4462-9076-5C11D5D46E40 at pobox.com>: |> On Jan 10, 2025, at 11:33, Steffen Nurpmeso <steffen at sdaoden.eu> wrote: |> Fyi there is the >35 years old BSD sysexits.h that unfortunately |> did not become standardized, but is widely available nonetheless. | |If you mean [this sysexits][*], that doesn't seem great for several \

On Sun, 4 Oct 2020, Matthieu Herrb wrote: > Hi, > > on OpenBSD-current I now get this when connecting to an existing > machine for which I have both ecdsa an ed25519 keys in my existing > known_hosts (but apparently ed25519 keys where added only for the name > previsously by ssh): > > Warning: the ED25519 host key for 'freedom' differs from the key for > the

Hello, i have a question regarding SCTP support of OpenSSH. (I have searched the list, and it seems to show up periodically every two years, and since it's that time again i dare to ask...) It can't be described better than what i've placed in a bug report yesterday, so please let me (mostly) copy & paste that: Hello. I don't know how you do it, i never managed a(n

Steffen Nurpmeso wrote in <20250111031926.AGltefav at steffen%sdaoden.eu>: |Jim Knoble wrote in | <06004671-E946-4462-9076-5C11D5D46E40 at pobox.com>: ||> On Jan 10, 2025, at 11:33, Steffen Nurpmeso <steffen at sdaoden.eu> wrote: ||> Fyi there is the >35 years old BSD sysexits.h that unfortunately ||> did not become standardized, but is widely available

On Sun, Oct 04, 2020 at 09:24:12PM +1100, Damien Miller wrote: > On Sun, 4 Oct 2020, Damien Miller wrote: > > > No - I think you've stumbled on a corner case I hadn't anticipated. > > Does your configuration override CheckHostIP at all? No. > > > > What are the known_hosts entries for the hostname and IP? > > Also, do you use HashKnownHosts? or do

Hello. I am not subscribed and new here, so first of all i want to thank you for dovecot. I personally do not use it in "production" (yet), but it is my sole point of interaction for testing the little MUA i maintain for quite some years. I also have used its code for affirmation purposes. (Interesting that OAUTHBEARER treats hostname and port as optional. I currently do

Hi list members, just tried to get some old records out of my known_hosts, which is 'HashKnownHosts yes'. Is there a way to unhash host names and/or IPs? Google tells about, how to add hosts, but not the opposite, may be I miss some thing. Is this does not work at all, is there a best practice for cleaning old hosts and keys out? Thanks, Martin! -- Martin GnuPG Key Fingerprint, KeyID

Steffen Nurpmeso wrote in <20240714024434.vvSRh10_ at steffen%sdaoden.eu>: ... |[.]do not |know about the AI_V4MAPPED flag[.] I have read https://datatracker.ietf.org/doc/html/draft-cmetz-v6ops-v4mapped-api-harmful-01 but as an application developer i find it ugly not to be able to "simply do it", and get back a mapped address. --steffen | |Der Kragenbaer,