similar to: prompt to update a host key

On Fri, Mar 15, 2019 at 09:10:26AM +0000, Jochen Bern wrote: > Imagine sysadminning a boatload of VMs getting IPs from a dynamic pool, a la > > $ for ADDR in $CUSTOMER_1_RANGE $CUSTOMER_2_RANGE... ; do > > ping -c 1 -w 2 $ADDR >/dev/null 2>&1 && ssh root@$ADDR do_urgent_fix > > done > > , and it mightn't be that much of a niche anymore ... And

On 13 April 2018 at 08:29, Josh Soref <jsoref at gmail.com> wrote: > Randall S. Becker <rsbecker at nexbridge.com> wrote: >> >> >> -REGRESSTMP = "$(PWD)/regress" >> +REGRESSTMP = `pwd` >> >> tests interop-tests t-exec unit: regress-prep regress-binaries $(TARGETS) > > > It looks like the problem is that pwd is in uppercase, not

On Thu, Apr 12, 2018 at 6:29 PM, Josh Soref <jsoref at gmail.com> wrote: > Randall S. Becker <rsbecker at nexbridge.com> wrote: > >> >> -REGRESSTMP = "$(PWD)/regress" >> +REGRESSTMP = `pwd` >> >> tests interop-tests t-exec unit: regress-prep regress-binaries $(TARGETS) >> > > It looks like the problem is that pwd is in

After getting OpenSSH 7.7 to build :), the initial test fails as follows: test_kex: ............................................................................ ............................................................................ ............................................................................ ............................................................................

On 18.08.23 07:39, Darren Tucker wrote: > On Fri, 18 Aug 2023 at 15:25, Stuart Longland VK4MSL <me at vk4msl.com> wrote: > [...] >> The crux of this is that we cannot assume the local IPv4 address is >> unique, since it's not (and in many cases, not even static). > > If the IP address is not significant, you can tell ssh to not record > them ("CheckHostIP

On 03/15/2019 12:49 AM, Jeremy Lin wrote: > [...] connecting to hosts where the host key > changes frequently. I realize this is a fairly niche use case [...] Doesn't StrictHostKeyChecking=no do what is wanted?

Dear developers, I don't care for reasons, arguments, or flamefests. I need to plan my workload. By now I have half a dozen servers overdue for reimaging. I can put this off for another week or two, but not really much longer. There's obviously no point in installing centos 5 on any new machine. So I need to know: is there any point in my waiting another week, or should I just say

On Sun, 4 Oct 2020, Christoph Anton Mitterer wrote: > On Sun, 2020-10-04 at 14:02 +1100, Damien Miller wrote: > > This is strictly no worse than continuing to use the old key, so I > > don't consider it a problem. > > Well but in reality it will lead to people never again replace their > key by proper means. Well, first I disagree that this method is improper. The

I searched a bit to see if there is a way to upgrade from CentOS 7 directly to CentOS 8.? I found RHEL instructions but not CentOS. ? Although they probably should be/would be similar, the instructions I found enable a rhel repository to get the leap command, which I can't seem to do in CentOS. Does anyone know if you can do an upgrade yet.? I know they had been working on it in the past.

> ssh -v test OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5 debug1: Reading configuration data C:\\Users\\jsore/.ssh/config debug1: C:\\Users\\jsore/.ssh/config line 11: Applying options for test debug1: Setting implicit ProxyCommand from ProxyJump: ssh -v -W '[%h]:%p' apple debug1: Executing proxy command: exec ssh -v -W '[test]:22' apple CreateProcessW failed error:2 posix_spawn:

I am trying to come up with a workable solution in managing numerous Mac workstations allowing a high degree of flexibility with regards to certs. My puppet environment is setup to application installation on machines that have been ''imaged'' with a base OS and the puppet and facter apps. So, when a Mac is ''imaged'' and subsequently re-booted, puppet is run at

The softlockup watchdog is currently a nuisance in a virtual machine, since the whole system could have the CPU stolen from it for a long period of time. While it would be unlikely for a guest domain to be denied timer interrupts for over 10s, it could happen and any softlockup message would be completely spurious. Earlier I proposed that sched_clock() return time in unstolen nanoseconds, which

The softlockup watchdog is currently a nuisance in a virtual machine, since the whole system could have the CPU stolen from it for a long period of time. While it would be unlikely for a guest domain to be denied timer interrupts for over 10s, it could happen and any softlockup message would be completely spurious. Earlier I proposed that sched_clock() return time in unstolen nanoseconds, which

Here is what I'm trying to do: most of the time, I broadcast from a playlist, just loooping through prerecorded content. Sometimes, say at a special concert or sports game, a live stream (from a laptop's line-in) is broadcast instead. Ideally, the laptop could simply "take over" the stream from IceS, and hand it back when we're finished with the live stuff. Is there a way

>> This is how it looks. Source are mounted OK, when I try to connect with >> client it always connect to the same mountpoint (this time is /low) >Remind me - what client are you using? It mightn't handle mounts properly ... though I can't think of one that doesn't anymore. Winamp 2.81 Mitja --- >8 ---- List archives: http://www.xiph.org/archives/ icecast project

On 30.06.23 17:56, MCMANUS, MICHAEL P wrote: > The actual command is similar to the following (parameters inserted to protect the source): > (print ${FQDN} ; print ${Environment} ; cat ${OutFileXML}) | \ > ssh -Ti ${EmbeddedPrivateKey} \ > -o HostKeyAlias="${Alias}" \ > -o

Hi, On Mon, Jan 13, 2020 at 03:16:00PM +0000, Jochen Bern wrote: > Out of interest: > 1. If an extended mechanism were to be implemented, which server pubkey > do you expect to be seen/stored/verified by the client? The proxy's > / v4 middlebox's, or the v6 backend's? Or would you require that all > server-side machines use the *same* host keypairs? I'd do

Hi folks, Since Docker can bind-mount every .ssh directory I am looking for some way to forbid unprotected private keys. AFAICS it is currently not possible on the sshd to verify that the peer's private key was protected by a passphrase. Can you confirm? Regards Harri

Jochen Bern <Jochen.Bern at binect.de> writes: > (And since you mention "port knocking", I'd like to repeat how fond I > am of upgrading that original concept to a single-packet > crypto-armored implementation like fwknop.) I am reluctantly considering to use some kind of port knocking mechanism on some machines, however I really don't want to carry around shared

Hi, The attached core patch makes the 'isFocussable' getter in CompWindow wrappable. This way, plugins such as winrules can make core's getter function return a different value to the one stored internally without actually having to modify the value. Kind Regards, Sam -- Sam Spilsbury -------------- next part -------------- A non-text attachment was scrubbed... Name: