similar to: prompt to update a host key

On Fri, Mar 15, 2019 at 09:10:26AM +0000, Jochen Bern wrote: > Imagine sysadminning a boatload of VMs getting IPs from a dynamic pool, a la > > $ for ADDR in $CUSTOMER_1_RANGE $CUSTOMER_2_RANGE... ; do > > ping -c 1 -w 2 $ADDR >/dev/null 2>&1 && ssh root@$ADDR do_urgent_fix > > done > > , and it mightn't be that much of a niche anymore ... And

On 13 April 2018 at 08:29, Josh Soref <jsoref at gmail.com> wrote: > Randall S. Becker <rsbecker at nexbridge.com> wrote: >> >> >> -REGRESSTMP = "$(PWD)/regress" >> +REGRESSTMP = `pwd` >> >> tests interop-tests t-exec unit: regress-prep regress-binaries $(TARGETS) > > > It looks like the problem is that pwd is in uppercase, not

On Thu, Apr 12, 2018 at 6:29 PM, Josh Soref <jsoref at gmail.com> wrote: > Randall S. Becker <rsbecker at nexbridge.com> wrote: > >> >> -REGRESSTMP = "$(PWD)/regress" >> +REGRESSTMP = `pwd` >> >> tests interop-tests t-exec unit: regress-prep regress-binaries $(TARGETS) >> > > It looks like the problem is that pwd is in

After getting OpenSSH 7.7 to build :), the initial test fails as follows: test_kex: ............................................................................ ............................................................................ ............................................................................ ............................................................................

On 18.08.23 07:39, Darren Tucker wrote: > On Fri, 18 Aug 2023 at 15:25, Stuart Longland VK4MSL <me at vk4msl.com> wrote: > [...] >> The crux of this is that we cannot assume the local IPv4 address is >> unique, since it's not (and in many cases, not even static). > > If the IP address is not significant, you can tell ssh to not record > them ("CheckHostIP

On 03/15/2019 12:49 AM, Jeremy Lin wrote: > [...] connecting to hosts where the host key > changes frequently. I realize this is a fairly niche use case [...] Doesn't StrictHostKeyChecking=no do what is wanted?

Dear developers, I don't care for reasons, arguments, or flamefests. I need to plan my workload. By now I have half a dozen servers overdue for reimaging. I can put this off for another week or two, but not really much longer. There's obviously no point in installing centos 5 on any new machine. So I need to know: is there any point in my waiting another week, or should I just say

On Sun, 4 Oct 2020, Christoph Anton Mitterer wrote: > On Sun, 2020-10-04 at 14:02 +1100, Damien Miller wrote: > > This is strictly no worse than continuing to use the old key, so I > > don't consider it a problem. > > Well but in reality it will lead to people never again replace their > key by proper means. Well, first I disagree that this method is improper. The

I searched a bit to see if there is a way to upgrade from CentOS 7 directly to CentOS 8.? I found RHEL instructions but not CentOS. ? Although they probably should be/would be similar, the instructions I found enable a rhel repository to get the leap command, which I can't seem to do in CentOS. Does anyone know if you can do an upgrade yet.? I know they had been working on it in the past.

> ssh -v test OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5 debug1: Reading configuration data C:\\Users\\jsore/.ssh/config debug1: C:\\Users\\jsore/.ssh/config line 11: Applying options for test debug1: Setting implicit ProxyCommand from ProxyJump: ssh -v -W '[%h]:%p' apple debug1: Executing proxy command: exec ssh -v -W '[test]:22' apple CreateProcessW failed error:2 posix_spawn:

I am trying to come up with a workable solution in managing numerous Mac workstations allowing a high degree of flexibility with regards to certs. My puppet environment is setup to application installation on machines that have been ''imaged'' with a base OS and the puppet and facter apps. So, when a Mac is ''imaged'' and subsequently re-booted, puppet is run at

The softlockup watchdog is currently a nuisance in a virtual machine, since the whole system could have the CPU stolen from it for a long period of time. While it would be unlikely for a guest domain to be denied timer interrupts for over 10s, it could happen and any softlockup message would be completely spurious. Earlier I proposed that sched_clock() return time in unstolen nanoseconds, which

The softlockup watchdog is currently a nuisance in a virtual machine, since the whole system could have the CPU stolen from it for a long period of time. While it would be unlikely for a guest domain to be denied timer interrupts for over 10s, it could happen and any softlockup message would be completely spurious. Earlier I proposed that sched_clock() return time in unstolen nanoseconds, which

Here is what I'm trying to do: most of the time, I broadcast from a playlist, just loooping through prerecorded content. Sometimes, say at a special concert or sports game, a live stream (from a laptop's line-in) is broadcast instead. Ideally, the laptop could simply "take over" the stream from IceS, and hand it back when we're finished with the live stuff. Is there a way

>> This is how it looks. Source are mounted OK, when I try to connect with >> client it always connect to the same mountpoint (this time is /low) >Remind me - what client are you using? It mightn't handle mounts properly ... though I can't think of one that doesn't anymore. Winamp 2.81 Mitja --- >8 ---- List archives: http://www.xiph.org/archives/ icecast project

Hi, On Mon, Jan 13, 2020 at 03:16:00PM +0000, Jochen Bern wrote: > Out of interest: > 1. If an extended mechanism were to be implemented, which server pubkey > do you expect to be seen/stored/verified by the client? The proxy's > / v4 middlebox's, or the v6 backend's? Or would you require that all > server-side machines use the *same* host keypairs? I'd do

On 30.06.23 17:56, MCMANUS, MICHAEL P wrote: > The actual command is similar to the following (parameters inserted to protect the source): > (print ${FQDN} ; print ${Environment} ; cat ${OutFileXML}) | \ > ssh -Ti ${EmbeddedPrivateKey} \ > -o HostKeyAlias="${Alias}" \ > -o

Hi folks, Since Docker can bind-mount every .ssh directory I am looking for some way to forbid unprotected private keys. AFAICS it is currently not possible on the sshd to verify that the peer's private key was protected by a passphrase. Can you confirm? Regards Harri

Hi Jochen, On Wed, 12 Feb 2020 at 00:16, Jochen Bern <Jochen.Bern at binect.de> wrote: > > On 02/11/2020 07:07 PM, Cl?ment P?ron wrote: > > - I have X devices (around 30) and one SSH server > > - Each of them have a unique public key and create one dynamic reverse > > port forwarding on the server > > - All of them connect with the same UNIX user (I don't

On 06.07.23 23:37, MCMANUS, MICHAEL P wrote:> So changing the forced command as stated will break the application. I > would need to create a test bed to simulate the listener rather than > use the server as is, where is. That may produce false or misleading > results. Since the forced command is tied to the specific keypair in the authorized_keys, you could -- test with a different