similar to: [PATCH 0/1] Process the IdentityFile option from the included files

Allow users to specify certificates to be used for authentication on the command line with the '-z' argument when running ssh. For successful authentication, the key pair associated with the certificate must also be presented during the ssh. Certificates may also be specified in ssh_config as a CertificateFile. This option is meant the address the issue mentioned in the following

This patch allows DSA identities to be specified on the command line. Previously, only RSA identities were allowed. ------------------------------------------------------------------------ diff -U2 openssh-2.2.0p1/ssh.0 openssh-2.2.0p1.nigelw/ssh.0 --- openssh-2.2.0p1/ssh.0 Sat Sep 2 10:08:46 2000 +++ openssh-2.2.0p1.nigelw/ssh.0 Thu Dec 21 10:53:07 2000 @@ -224,5 +224,5 @@ -g Allows

http://bugzilla.mindrot.org/show_bug.cgi?id=1159 Summary: %u and %h not handled in IdentityFile Product: Portable OpenSSH Version: 4.3p2 Platform: All URL: http://www.math.ualberta.ca/imaging/snfs/openssh.html OS/Version: Linux Status: NEW Keywords: patch Severity: normal Priority: P2

https://bugzilla.mindrot.org/show_bug.cgi?id=2436 Bug ID: 2436 Summary: Add ssh option to present certificates on command line Product: Portable OpenSSH Version: 6.9p1 Hardware: All OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee:

... and I guess your next question will be about compilation environment, so: ``` $ gcc --version gcc (Gentoo 13.2.1_p20240210 p14) 13.2.1 20240210 Copyright (C) 2023 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. ``` I'm running on gentoo. I tested that the

Hi all, I recently made a patch to openssh 4.1p1 to allow it to use the in-kernel key management provided by 2.6.12 or later Linux kernels. I've attached the patch (which is still only a proof-of-concept, for instance its very verbose right now) to this mail. Now, my question is, is this a completely insane idea and would (a later version of) the patch have a chance of making it into the

Here is the user-dependent IdentityFile patch for openssh3.5 (BSD version), which allows private key files to be placed system wide (for all users) in a secure (non-NFS) mounted location. This addresses an important security hole on systems where home directories are NFS mounted, particularly if there are users who use blank passphrases (or when lpd is tunneled through ssh on systems running lpd

Hey there, I often want different behavior in my ssh client depending on whether I'm logging into an interactive session or running a remote non-interactive command. We can see at, say, https://unix.stackexchange.com/a/499562/305714 that this isn't a unique wish, and existing solutions are kind of baroque. Typical reasons to do this are to immediately go into a screen or tmux session; for

On 23 April 2018 at 19:49, Michael Felt <michael at felt.demon.nl> wrote: [...] > run test agent.sh ... [...] > Question: I have not dug into the tests yet. Will copy to a "local" > directory, and not build out of tree and see if that fixes it (as it does > for many other packages). However, just in case it does not - how can I > fast-forward the tests to the

By the way, I noticed in the previous IdentityFile patch I forgot to expand tilde. I fixed this by making the change in ssh.c instead of readconf.c, which is probably where it belongs, as far as the existing code is concerned: diff -ur openssh-3.0.2p1/auth.c openssh-3.0.2p1I/auth.c --- openssh-3.0.2p1/auth.c Sun Nov 11 17:06:07 2001 +++ openssh-3.0.2p1I/auth.c Sun Jan 27 12:05:14 2002 @@ -44,7

Hi all, One question, the ssh man page says the -q option suppress all warnings and diagnostics. however, the following condition still has the warning message appeared on the console: #man ssh .............. -q Quiet mode. Causes all warning and diagnostic messages to be suppressed. .............. # ssh -q -i ~/.ssh/id_dsa_3 sshpa3 "uname -a"Warning: Identity

I just found that trying to specify a DSA identity file with '-i' doesn't work. Although the man page doesn't indicate that this is supported for DSA keys, it also doesn't indicate very clearly that its _not_. Indeed, in ssh.c:main(), the "-i" only increments and sets: options.options.num_identity_files options.identity_files where it would need to modify:

This allows the localhost percent-style escapes in arguments to the Include directive. These are useful for including host-specific ssh configuration. --- readconf.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/readconf.c b/readconf.c index 4e3791cb7cc6..6d99d2efae92 100644 --- a/readconf.c +++ b/readconf.c @@ -1044,7 +1044,8 @@

Here is a patch to allow private key files to be placed system wide (for all users) in a secure (non-NFS) mounted location on systems where home directories are NFS mounted. This is especially important for users who use blank passphrases rather than ssh-agent (a good example of where this is necessary is for tunnelling lpd through ssh on systems that run lpd as user lp). IdentityFile now accepts

Using these escapes, the include directive can be crafted to include differing, host-specific configuration. Ronan Pigott (2): Permit %L and %l percent escapes in ssh Include Permit %L and %l percent escapes in sshd Include readconf.c | 16 +++++++++++++--- servconf.c | 17 ++++++++++++++--- 2 files changed, 27 insertions(+), 6 deletions(-) base-commit:

Using these escapes, the include directive can be crafted to include differing, host-specific configuration. Ronan Pigott (2): Permit %L and %l percent escapes in Include Permit %L and %l percent escapes in server Include readconf.c | 16 +++++++++++++--- servconf.c | 21 ++++++++++++++++----- 2 files changed, 29 insertions(+), 8 deletions(-) base-commit:

I'm trying to replace some sshv1 clients and servers in a modular way, and the "Server Lies" warning (when the server says the key has one more bit than it really has) is causing heartache. Per the FAQ, this is relatively benign. Here's a patch that allows an admin or user to disable the warning. - Morty diff -Nur openssh-3.7.1p2/readconf.c

https://bugzilla.mindrot.org/show_bug.cgi?id=2481 Bug ID: 2481 Summary: Tilde expansion in -i option inconsistent Product: Portable OpenSSH Version: 6.6p1 Hardware: All OS: Linux Status: NEW Severity: trivial Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org

Hello, I need to allow for some people to execute ssh with one shared private key for remote executing command on various machines. However, it is not possible to set group permissions for private keys and it is possible to have just one private key file for one user. Please, is it possible to add patches into openssh development tree like these, so that standard behavior of ssh is not changed,

http://bugzilla.mindrot.org/show_bug.cgi?id=410 Summary: when -i or IdentityFile is specified, agent keys are still tried first Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: minor Priority: P2 Component: ssh-agent AssignedTo: