similar to: tunnel device name acquisition?

Hi, (I'm not subscribed to the list, so please CC me on reply.) I'd like to request adding a feature to OpenSSH: Task: ~~~~~ It is quite sometime useful to invoke a program prior to connecting to an ssh server. The most common use case will probably be port knocking. That is a small program sends certain packets to a server and the server reacts to this by unlocking the ssh port, which

If an ssh server receives a tun/tap tunnel request and sets up the tunnel concerned, as far as I can see there is currently no way for the server to configure the tunnel in a manner dependent upon (e.g) the key used to set up the ssh session. Whilst an id based on the key can be passed to the ssh child process, where the tunnel is dynamically allocated, its tunnel name is lost. This patch

I've been testing tunneling on Linux with openssh-SNAP-20060116.tar.gz and found a problem. When I use LocalCommand for doing ifconfig stuff, the command line was executed before a tunneling interface is opened. This causes errors on Linux and the interface is not automatically set up. This is not a problem on *BSD because you can do ifconfig for unopened tun/tap interfaces. But in Linux,

The attached patch is against openssh-4.3_p2 to allow non-root users to vpn in over ssh. root access is still needed on client side (or an sudo solution). Currently, I have it working with an sudo command to configure a tap interface on the server side. eg to ssh into my gentoo server: # ssh -fw any:any user at ssh_server.box "sudo /etc/init.d/net.tap0 restart" Then, configure the

If an ssh server receives a successful inbound ssh connection with 'ssh -w' without a tunnel number specified (i.e. in 'any' mode), it allocates the next tunnel device available on the server. The next thing the server needs to do is to set up the tunnel device. How does the server know which tunnel device was set up by the current connection? I'd really like something

Hello, I just install the newest version of Centos 7 and I am a bit disappointed with new /etc/rc/local file I found that it's not usable anymore. *[root at lab3 ~]# cat /etc/rc.local* " THIS FILE IS ADDED FOR COMPATIBILITY PURPOSES" It is highly advisable to create own systemd services or udev rules to run scripts during boot instead of using this file. Usually I was added my

On Wed, 15 Jul 2020, Peter Stuge wrote: > is GPL-licensed, so a derivative of that can't be integrated into OpenSSH. A derivative of it, that exposes a general API to do tap-device-like things using stdio and command line options, could be called over its general API from OpenSSH though. Even be developed separately (this would, in fact, even help). bye, //mirabilos -- ?MyISAM tables

Hi, OpenSSH 7.7p1 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a bugfix release. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available via git using the instructions at

Hi, I am currently using the L2 tunnel feature of ssh between two Linux machines, and it works beautifully! As a result, I have come to prefer a workflow that uses an L2 tunnel, but I can't seem to find a long-term solution for this workflow on macOS. At the moment, tap devices on macOS can be generated using a kernel extension like tuntaposx <http://tuntaposx.sourceforge.net/>;

I?m setting up a Linux machine (CentOS7) and am trying to allow tap/tun tunneling. Our organization?s security policy prohibits root logins. Using OpenSSH server 7.4 (as provided by the CentOS repositories) non-root users are able to open tunnels as long as the sshd_config has The setting UsePrivilegeSeparation=no. All is well, but I wonder what security risks I am taking by disabling the

Hello! I'm hoping that Gmail won't HTML format this mail so that I'll get flamed :) Anyway, my question relates to ssh_config. The problem I find is that the Host pattern is only applied to the argument given on the command line, as outlined in the man page: "The host is the hostname argument given on the command line (i.e. the name is not converted to a canonicalized host name

Hi, I fell on this using openssh on cygwin. Though it may be a cygwin related issue, I think it's may be a bug on the main openssh tree. Thus my posting here. I'm CC'ing to the public list for information. The part of code I'm refering to is : /* XXX might close listen socket */ (void)dup2(fd, STDIN_FILENO); (void)dup2(fd, STDOUT_FILENO);

Hello, My usage of ProxyCommand just calls the nc utility with various parameters. That in turn after the initial setup just copies copies the data from the network socket to stdin/stdout. This useless coping can be avoided if ssh has an option to receive the socket from the proxy command. I suppose it can improve network error reporting as ssh would talk directly to the network socket rather

ssh client has the ability to set the destination of debug logs via the `-E` flag. ssh_config lacks an equivalent keyword to set the same option via configs. This patch follows the same semantics of other `*Path` type keywords and creates a new ssh_config keyword `LogPath`. [0] Bugzilla: https://bugzilla.mindrot.org/show_bug.cgi?id=3683 [1] GitHub PR:

It would be useful to allow matching HostName entries against Host entries. That's to say, I would find it very convenient to have an ssh_config like: Host zeus HostName zeus.greek.gods User hades Host hera HostName hera.greek.gods # [ ... ] Host *.greek.gods User poseidon UserKnownHostsFile ~/.ssh/known_hosts.d/athens # [ Default settings for *.greek.gods ] where I

After the commit titled "expand %h to the hostname in ssh_config Hostname options" (2010-07-16), %n always got the same value as %h in the LocalCommand config option. Fix this and add a regression test. --- regress/Makefile | 6 ++++-- regress/host-expand.sh | 18 ++++++++++++++++++ ssh.c | 6 ++++-- 3 files changed, 26 insertions(+), 4 deletions(-) diff

https://bugzilla.mindrot.org/show_bug.cgi?id=3710 Bug ID: 3710 Summary: Use of ProxyCommand causes ssh session to never continue prompting for input Product: Portable OpenSSH Version: 9.5p1 Hardware: Other OS: Windows 11 Status: NEW Severity: enhancement Priority: P5

Hi, this set of patches contains the initial implementation of the IEEE 802.1Qbg standard: code for the exchange of EVB TLVs in LLDP frames to negotiate VSI capabalities as well as VDP VSI TLVs between a host with virtual machines and an adjacent switch. It supports setting the parameters of the TLV exchange from the command line using lldptool. VDP profiles consisting of

Hi, this set of patches contains the initial implementation of the IEEE 802.1Qbg standard: code for the exchange of EVB TLVs in LLDP frames to negotiate VSI capabalities as well as VDP VSI TLVs between a host with virtual machines and an adjacent switch. It supports setting the parameters of the TLV exchange from the command line using lldptool. VDP profiles consisting of

Hi, this set of patches contains the initial implementation of the IEEE 802.1Qbg standard: code for the exchange of EVB TLVs in LLDP frames to negotiate VSI capabalities as well as VDP VSI TLVs between a host with virtual machines and an adjacent switch. It supports setting the parameters of the TLV exchange from the command line using lldptool. VDP profiles consisting of