similar to: sshd: SSH_CLIENT_CERT and SSH_CLIENT_PUBKEY env variables

On 29 September 2017 at 11:05, Iain Morgan <imorgan+openssh at nas.nasa.gov> wrote: [...] > This is due to my shell being csh, which is pickier about undefined > variables than the Bourne-style shells. The attached patch fixes the > issue. Thanks for figuring this out. > - 'test -z "$SSH_USER_AUTH"' || fail "SSH_USER_AUTH present" > +

On Fri, 29 Sep 2017, Iain Morgan wrote: > Actually, according to OpenBSD's printenv(1) man page, it first appeared > in 2BSD. The man page on OS X claims it was BSD 3.0. However, it doesn't > appear to be part of any standard. > > Your suggestion ran into the same issue as the original test, but > escaping the evaluation by the user's shell appears to work: >

Hi, We're developing an open source project that uses SSH certificates. We issue short lived certificates (few minutes) to execute commands on behalf of users. We have a use case where we need to issue certificates with 10 days validity and store them, so we put a command inside them: ssh-keygen -s ca-key -I certN -n user -O force-command="wget something" -V +10d user-key.pub and

Hi, OpenSSH 7.6p1 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a bugfix release. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available via git using the instructions at

https://bugzilla.mindrot.org/show_bug.cgi?id=2408 Bug ID: 2408 Summary: Expose authentication information to PAM Product: Portable OpenSSH Version: -current Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: PAM support Assignee:

Dear OpenSSH Developers, I would like to propose a patch to OpenSSH for Linux. In the recent few months, I have encountered a scenario where a PAM module used for authentication in SSH should be informed about the previous successful authentication methods. I described the complete scenario here:

Hi, OpenSSH 7.7p1 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a bugfix release. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available via git using the instructions at

Numerous how-tos all over the Internet show how one would set up a tunnel using ssh, e.g.: ssh -f -o Tunnel=ethernet <server_ip> true I was wondering if there's a way to subsequently acquire the names of the local and remote tun/tap interfaces (e.g., using the default "-w any:any") for subsequent automatic tunnel configuration, e.g.: ip link set $TapDev up ip link set

I do not often use X11 - but when I do I prefer to enable X11forwarding, and when finished - turn it off. This is preferable, imho, to having "clear" X11 processing when local - and otherwise impossible when working remote. Working with openssh-7.5p2 I cannot figure out what (extra) I need to do with sshd_config to get it working. I know that there is a security-fix starting with

OpenSSH 7.6 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested

OpenSSH 7.6 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested