similar to: How to add configuration (~/.ssh/config) per ip?

On Tue, Oct 20, 2015 at 01:31:46AM +0200, ?ngel Gonz?lez wrote: > On 16/10/15 12:46, hubert depesz lubaczewski wrote: > >On Thu, Oct 15, 2015 at 04:15:03PM -0400, Daniel Kahn Gillmor wrote: > >>> if the intermediary machine (the "jumphost") is jumphost.example, and > >>> you are trying to reach bar.example.com (which is behind the firewall), >

On Thu, Oct 15, 2015 at 07:02:58PM -0400, Nico Kadel-Garcia wrote: > On Thu, Oct 15, 2015 at 10:34 AM, hubert depesz lubaczewski > <depesz at depesz.com> wrote: > > Hi, > > > > I'm in a situation where I'm using multiple SSH keys, each to connect to > > different set of servers. > > > > I can't load/unload keys on demand, as I usually am

On Wed, Jan 22, 2014 at 07:41:51PM -0400, Jorge Fábregas wrote: > On 01/22/2014 09:44 AM, hubert depesz lubaczewski wrote: > > Is the solution to it addition of 5 separate "networks" in libvirt, and > > then connecting each guest to its own "network"? > > Yes, that's it. Right now I suggest you create 5 separate "isolated" > networks if

Hi, I've read some docs, and have some ideas, but before I'll go any further, I'd like to get confirmation if I'm understanding it right. Let's assume that on my host I want to have 5 different guests, but they shouldn't be able to communicate with each other. Is the solution to it addition of 5 separate "networks" in libvirt, and then connecting each guest to

Hi, I'm in a situation where I'm using multiple SSH keys, each to connect to different set of servers. I can't load/unload keys on demand, as I usually am connected to at least 2 of such sets. But - some rogue "root", could get access to my agent-forwarding socket, and in turn, get access to keys loaded to agent (not in terms of obtaining the key, but being able to use it

Hi, First of all, I hope it's not a big problem - I'm running on Debian, not Redhat. To my problem: I'm starting to learn virtualization, libvirt, and decided to create some test machine. I did it with: virt-install --name debian-test \ --os-type=linux \ --os-variant=debianwheezy \ --cdrom /media/media/software/iso/debian-testing-amd64-netinst-2014-01-16.iso \

On Thu, Oct 15, 2015 at 04:15:03PM -0400, Daniel Kahn Gillmor wrote: > if the intermediary machine (the "jumphost") is jumphost.example, and > you are trying to reach bar.example.com (which is behind the firewall), > you would do: > ssh -oProxyCommand='ssh jumphost.example -W %h:%p' bar.example.com We use jump host, but there are literally hundreds of hosts behind

On 01/16/2014 05:10 PM, Ján Tomko wrote: > On 01/16/2014 04:51 PM, hubert depesz lubaczewski wrote: > > What is the address reported by 'netstat -tnp'? Oops, 'nestat -tlnp'. > > Jan >

Hello, I have an Asterisk box with a digium TDE205p card. The problem is that I have several "Goto(s-${DIALSTATUS}" sentences and while the call is trying to find a free channel to establish the call, I get a little noise in each "Zap/... is proceeding passing it to Zap/..." line. My configuration is: Digium card: TE205P Asterisk Version: 1.4.21.2

On 01/23/2014 02:45 PM, hubert depesz lubaczewski wrote: > On Wed, Jan 22, 2014 at 07:41:51PM -0400, Jorge Fábregas wrote: >> On 01/22/2014 09:44 AM, hubert depesz lubaczewski wrote: >>> Is the solution to it addition of 5 separate "networks" in libvirt, and >>> then connecting each guest to its own "network"? >> Yes, that's it. Right now I

Hello. I've got a question about encoding in sshd's log files. When I try to log in with a "?" username, which is a cyrillic "h" (U+0445), I get this message in a logfile: input_userauth_request: invalid user \\321\\205 [preauth]. I am struggling to understand: is that hex, is that octal? It doesn't map to any encoding that I know of.

On 01/16/2014 04:51 PM, hubert depesz lubaczewski wrote: > Hi, > First of all, I hope it's not a big problem - I'm running on Debian, not > Redhat. > > To my problem: I'm starting to learn virtualization, libvirt, and > decided to create some test machine. I did it with: > virt-install --name debian-test \ > --os-type=linux \ >

On 01/22/2014 09:44 AM, hubert depesz lubaczewski wrote: > Is the solution to it addition of 5 separate "networks" in libvirt, and > then connecting each guest to its own "network"? Yes, that's it. Right now I suggest you create 5 separate "isolated" networks if you want true isolation. If you create 5 standard (NAT) networks, with different addresses of

Hi, The attached patch extends the mux listener to accept SOCKS requests in addition to the native mux commands. The rationale behind is that creating tunnels attached to TCP ports is a security hazard in multi-user machines where there is no way to control who connects through the tunnels. On the other hand, The mux UNIX domain socket binds to the file system and regular permissions can be

When a forwarding specification ending in a slash ('\\') is used, the function "parse_fwd_field" jumps over the '\0' char marking the end of the string and keeps processing. This patch checks for that condition. -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Fix-buffer-overrun.patch Type: application/text Size: 850 bytes Desc:

TL;DR: I expect ProxyCommand to have effect in preference to ControlPath. I've just tripped over this one. I have an ssh Host (let us call it "MAIN") with a ControlPath and with ControlMaster=no, from the .ssh/config file. I also have a shell script whose purpose is to hop to a remote host through a port forward, which uses the ProxyCommand option like this: ProxyCommand ssh

Hi there, I'm working on a project to write a ProxyCommand that reaches out to an SSH CA to receive an SSH certificate prior to the connection. The ProxyCommand also creates a tunnel to the upstream SSH server. When using ProxyCommand alone, the issue is that the identity files are loaded as soon as SSH has fork/exec'd the process. It does not wait for a valid server negotiation. I

Hi! I recently started using ProxyCommand and noticed that it's not possible to specify a "none" value for it. I've already written a patch for that, but wanted to discuss the issue before posting the patch. The problem is the following: I'd like to use a ProxyCommand by default, but exclude some hosts. But as soon as I have Host * ProxyCommand /some/proxy/command %h %p

http://bugzilla.mindrot.org/show_bug.cgi?id=223 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- OS/Version|FreeBSD |All Platform|ix86 |All Version|3.0.1p1 |-current ------- Additional

Hi all, I tried to use the ProxyCommand option in the ~/.ssh/config file like ProxyCommand /usr/local/bin/corkscrew <firewall> 80 %h %p but it seems th me that the ssh clinet won't use the option .. How can I tell the client to accept the proxy an send all requests to this host, bcause the internet names ("%P") cannot be resolved inside our lan - this must do the proxy.