Displaying 20 results from an estimated 1000 matches similar to: "[Bug 2353] New: options allowed for Match blocks missing form documentation"
2014 Jun 06
1
Patch: Ciphers, MACs and KexAlgorithms on Match
Hi all,
this is a patch to make Ciphers, MACs and KexAlgorithms available in
Match blocks. Now I can reach a -current machine with some Android
terminal app without changing the default ciphers for all clients:
Match Address 192.168.1.2
Ciphers aes128-cbc
MACs hmac-sha1
KexAlgorithms diffie-hellman-group-exchange-sha1
Index: servconf.c
2016 May 03
3
StreamLocal forwarding
On Tue, 3 May 2016, Rogan Dawes wrote:
> Hi Damien,
> Thanks for the response!
>
> I tried moving the StreamLocalBindUnlink directive outside of the Match
> rule, and it worked. But that doesn't explain why the Match was not
> correctly setting the directive:
>
> This is running on an alternate port with -ddd:
>
> debug3: checking match for 'User
2016 May 03
2
StreamLocal forwarding
Hi,
The code definitely attempts to unlink any old listener
beforehand (see misc.c:unix_listener()) so I don't understand why
that isn't being called. You might try simulating your configuration
using sshd's -T and -C to make sure the flag is correctly being set.
Could chroot be interfering? Some platforms implement additional
restrictions on devices and sockets inside chroot.
-d
2017 Jun 16
2
[PATCH] allow relative path in streamlocal forwarding
When forwarding a Unix-domain socket, the remote socket path must be
absolute (otherwise the forwarding fails later). However, guessing
absolute path on the remote end is sometimes not straightforward,
because the file system location may vary for many reasons, including
the system installation, the choices of NFS mount points, or the
remote user ID.
To allow ssh clients to request remote socket
2016 Apr 23
2
StreamLocal forwarding
Hi folks,
(3rd time I am sending this message, none of the other appear to have
made it through!)
Using "OpenSSH_6.9p1 Ubuntu-2ubuntu0.1, OpenSSL 1.0.2d 9 Jul 2015" on
the server, "OpenSSH_7.2p2, OpenSSL 1.0.2g 1 Mar 2016" on the client.
I am trying to use sshtunnel with StreamLocal forwarding to enable me
to connect back to the client's ssh port, without having to
2016 Jun 02
2
MaxDisplays configuration option
Hello,
I manage OpenSSH on a dozen or so servers that act as gateways for a large
amount of developers and system administrators. On these servers it is
common for there to be more than 1000 active X11 forwards active at peak
usage. Beyond ~1000 active X11 forwards, sshd will fail to bind additional
ports due to a hard coded range check in channels.c that limits the port
range that sshd will
2015 Jul 01
0
Announce: OpenSSH 6.9 released
OpenSSH 6.9 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.
Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches,
2006 Apr 22
1
[Patch] Unix Domain Socket Forwarding
http://25thandclement.com/~william/openssh-4.3p2-streamlocal-20060421.patch
The above URL is a complete patch to OpenSSH 4.3p2 to implement unix domain
socket forwarding (this supercedes a canceled message I sent last night w/
an inline attachment). Basically, for forward and reverse forwardings
anywhere you previously put a port number you can now put a path. The socket
path should go between
2015 Jul 01
5
Announce: OpenSSH 6.9 released
OpenSSH 6.9 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.
Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches,
2016 Jul 21
7
[Bug 2601] New: StreamLocalBindUnlink not working
https://bugzilla.mindrot.org/show_bug.cgi?id=2601
Bug ID: 2601
Summary: StreamLocalBindUnlink not working
Product: Portable OpenSSH
Version: 7.2p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
2013 Sep 25
0
CA Signed Public Key User Authentication does not honor ~/.ssh/authorized_keys
Greetings,
I am using OpenSSH Signed Public Key authentication for servers ssh login.
All of the servers are setup with below sshd_config options:
TrustedUserCAKeys /etc/ssh/ca.pub # CA Public Keys
RevokedKeys /etc/ssh/revoke.pub # User Public Keys
When i started working on it, for ssh authentication i had to have CA
Public Key in User ~/.ssh/authorized_keys, like:
cert-authority ssh-rsa
2015 Nov 01
2
[Bug 2487] New: AuthorizedPrincipalsCommand should probably document whether it only applies to TrustedUserCAKeys CAs
https://bugzilla.mindrot.org/show_bug.cgi?id=2487
Bug ID: 2487
Summary: AuthorizedPrincipalsCommand should probably document
whether it only applies to TrustedUserCAKeys CAs
Product: Portable OpenSSH
Version: -current
Hardware: All
OS: All
Status: NEW
Severity: enhancement
2020 Jun 01
2
would it be possible to extend TrustedUserCAKeys so that certain keys could not be used to authenticate a particular user?
Wondering if it would make sense to have more granular control of
trustedUserCAkeys? I have 1 key used to sign root certs, the key is
shortlived, and is rotated daily. And I have a 2nd key to sign non-
privileged user certs. The non-privileged certs have a longer validity
period, and the signing keys are not rotated as frequently. It would
be nice to ensure this second signing key's
2023 Nov 18
0
[Bug 3634] New: IPQoS default should be changed to "none"
https://bugzilla.mindrot.org/show_bug.cgi?id=3634
Bug ID: 3634
Summary: IPQoS default should be changed to "none"
Product: Portable OpenSSH
Version: 9.5p1
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5
Component: Miscellaneous
Assignee:
2010 Mar 08
0
Announce: OpenSSH 5.4 released
OpenSSH 5.4 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.
Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed code
or patches,
2011 Dec 18
1
[Bug 1965] New: IPQoS option ignored for AF_INET since 5.9p1-1
https://bugzilla.mindrot.org/show_bug.cgi?id=1965
Bug #: 1965
Summary: IPQoS option ignored for AF_INET since 5.9p1-1
Classification: Unclassified
Product: Portable OpenSSH
Version: 5.9p1
Platform: All
URL: http://bugs.debian.org/643312
OS/Version: Linux
Status: NEW
Severity: normal
2010 Mar 04
1
Minor tweak to sshd_config(5)
Hi,
There are a few minor tweaks I would like to suggest regrading the recently added
TrustedUserCAKeys section in sshd_config(5).
TrustedUserCAKeys
Specifies a file containing public keys of certificate authorities that are
trusted sign user certificates for authentication. Keys are listed one per
line, empty lines and comments starting with
2011 Dec 18
8
[Bug 1963] New: IPQoS not honoured
https://bugzilla.mindrot.org/show_bug.cgi?id=1963
Bug #: 1963
Summary: IPQoS not honoured
Classification: Unclassified
Product: Portable OpenSSH
Version: 5.8p1
Platform: amd64
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: ssh
AssignedTo: unassigned-bugs at
2013 Jan 31
2
OpenSSH NoPty patch
Hey everyone,
I wanted to add support for denying PTY allocation through OpenSSH. I'm
not certain if this is quite thorough enough for all cases, but for me
it might work for the moment.
I know that you can currently do this through authorized_keys, but as
far as I know that only works for an actual key. In my use case, I
wanted a user with no password which is forced to run a specific
2010 Mar 08
1
Announce: OpenSSH 5.4 released
OpenSSH 5.4 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.
Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed code
or patches,