similar to: [Bug 2353] New: options allowed for Match blocks missing form documentation

Displaying 20 results from an estimated 1000 matches similar to: "[Bug 2353] New: options allowed for Match blocks missing form documentation"

2014 Jun 06
1
Patch: Ciphers, MACs and KexAlgorithms on Match
Hi all, this is a patch to make Ciphers, MACs and KexAlgorithms available in Match blocks. Now I can reach a -current machine with some Android terminal app without changing the default ciphers for all clients: Match Address 192.168.1.2 Ciphers aes128-cbc MACs hmac-sha1 KexAlgorithms diffie-hellman-group-exchange-sha1 Index: servconf.c
2016 May 03
3
StreamLocal forwarding
On Tue, 3 May 2016, Rogan Dawes wrote: > Hi Damien, > Thanks for the response! > > I tried moving the StreamLocalBindUnlink directive outside of the Match > rule, and it worked. But that doesn't explain why the Match was not > correctly setting the directive: > > This is running on an alternate port with -ddd: > > debug3: checking match for 'User
2016 May 03
2
StreamLocal forwarding
Hi, The code definitely attempts to unlink any old listener beforehand (see misc.c:unix_listener()) so I don't understand why that isn't being called. You might try simulating your configuration using sshd's -T and -C to make sure the flag is correctly being set. Could chroot be interfering? Some platforms implement additional restrictions on devices and sockets inside chroot. -d
2017 Jun 16
2
[PATCH] allow relative path in streamlocal forwarding
When forwarding a Unix-domain socket, the remote socket path must be absolute (otherwise the forwarding fails later). However, guessing absolute path on the remote end is sometimes not straightforward, because the file system location may vary for many reasons, including the system installation, the choices of NFS mount points, or the remote user ID. To allow ssh clients to request remote socket
2016 Apr 23
2
StreamLocal forwarding
Hi folks, (3rd time I am sending this message, none of the other appear to have made it through!) Using "OpenSSH_6.9p1 Ubuntu-2ubuntu0.1, OpenSSL 1.0.2d 9 Jul 2015" on the server, "OpenSSH_7.2p2, OpenSSL 1.0.2g 1 Mar 2016" on the client. I am trying to use sshtunnel with StreamLocal forwarding to enable me to connect back to the client's ssh port, without having to
2016 Jun 02
2
MaxDisplays configuration option
Hello, I manage OpenSSH on a dozen or so servers that act as gateways for a large amount of developers and system administrators. On these servers it is common for there to be more than 1000 active X11 forwards active at peak usage. Beyond ~1000 active X11 forwards, sshd will fail to bind additional ports due to a hard coded range check in channels.c that limits the port range that sshd will
2015 Jul 01
0
Announce: OpenSSH 6.9 released
OpenSSH 6.9 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches,
2006 Apr 22
1
[Patch] Unix Domain Socket Forwarding
http://25thandclement.com/~william/openssh-4.3p2-streamlocal-20060421.patch The above URL is a complete patch to OpenSSH 4.3p2 to implement unix domain socket forwarding (this supercedes a canceled message I sent last night w/ an inline attachment). Basically, for forward and reverse forwardings anywhere you previously put a port number you can now put a path. The socket path should go between
2015 Jul 01
5
Announce: OpenSSH 6.9 released
OpenSSH 6.9 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches,
2016 Jul 21
7
[Bug 2601] New: StreamLocalBindUnlink not working
https://bugzilla.mindrot.org/show_bug.cgi?id=2601 Bug ID: 2601 Summary: StreamLocalBindUnlink not working Product: Portable OpenSSH Version: 7.2p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org
2013 Sep 25
0
CA Signed Public Key User Authentication does not honor ~/.ssh/authorized_keys
Greetings, I am using OpenSSH Signed Public Key authentication for servers ssh login. All of the servers are setup with below sshd_config options: TrustedUserCAKeys /etc/ssh/ca.pub # CA Public Keys RevokedKeys /etc/ssh/revoke.pub # User Public Keys When i started working on it, for ssh authentication i had to have CA Public Key in User ~/.ssh/authorized_keys, like: cert-authority ssh-rsa
2015 Nov 01
2
[Bug 2487] New: AuthorizedPrincipalsCommand should probably document whether it only applies to TrustedUserCAKeys CAs
https://bugzilla.mindrot.org/show_bug.cgi?id=2487 Bug ID: 2487 Summary: AuthorizedPrincipalsCommand should probably document whether it only applies to TrustedUserCAKeys CAs Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: enhancement
2020 Jun 01
2
would it be possible to extend TrustedUserCAKeys so that certain keys could not be used to authenticate a particular user?
Wondering if it would make sense to have more granular control of trustedUserCAkeys? I have 1 key used to sign root certs, the key is shortlived, and is rotated daily. And I have a 2nd key to sign non- privileged user certs. The non-privileged certs have a longer validity period, and the signing keys are not rotated as frequently. It would be nice to ensure this second signing key's
2023 Nov 18
0
[Bug 3634] New: IPQoS default should be changed to "none"
https://bugzilla.mindrot.org/show_bug.cgi?id=3634 Bug ID: 3634 Summary: IPQoS default should be changed to "none" Product: Portable OpenSSH Version: 9.5p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: Miscellaneous Assignee:
2010 Mar 08
0
Announce: OpenSSH 5.4 released
OpenSSH 5.4 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches,
2011 Dec 18
1
[Bug 1965] New: IPQoS option ignored for AF_INET since 5.9p1-1
https://bugzilla.mindrot.org/show_bug.cgi?id=1965 Bug #: 1965 Summary: IPQoS option ignored for AF_INET since 5.9p1-1 Classification: Unclassified Product: Portable OpenSSH Version: 5.9p1 Platform: All URL: http://bugs.debian.org/643312 OS/Version: Linux Status: NEW Severity: normal
2010 Mar 04
1
Minor tweak to sshd_config(5)
Hi, There are a few minor tweaks I would like to suggest regrading the recently added TrustedUserCAKeys section in sshd_config(5). TrustedUserCAKeys Specifies a file containing public keys of certificate authorities that are trusted sign user certificates for authentication. Keys are listed one per line, empty lines and comments starting with
2011 Dec 18
8
[Bug 1963] New: IPQoS not honoured
https://bugzilla.mindrot.org/show_bug.cgi?id=1963 Bug #: 1963 Summary: IPQoS not honoured Classification: Unclassified Product: Portable OpenSSH Version: 5.8p1 Platform: amd64 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: unassigned-bugs at
2013 Jan 31
2
OpenSSH NoPty patch
Hey everyone, I wanted to add support for denying PTY allocation through OpenSSH. I'm not certain if this is quite thorough enough for all cases, but for me it might work for the moment. I know that you can currently do this through authorized_keys, but as far as I know that only works for an actual key. In my use case, I wanted a user with no password which is forced to run a specific
2010 Mar 08
1
Announce: OpenSSH 5.4 released
OpenSSH 5.4 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches,