similar to: [Bug 2455] New: Regression tests tweaks: keyscan and hostkey_rotation

https://bugzilla.mindrot.org/show_bug.cgi?id=2605 Bug ID: 2605 Summary: ssh-keyscan generates errors in /var/log/secure Product: Portable OpenSSH Version: 6.4p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh-keyscan Assignee:

https://bugzilla.mindrot.org/show_bug.cgi?id=2680 Bug ID: 2680 Summary: Regression in server-sig-algs offer in 7.4p1 (Deprecation of SHA1 is not being enforced) Product: Portable OpenSSH Version: 7.4p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5

https://bugzilla.mindrot.org/show_bug.cgi?id=3226 Bug ID: 3226 Summary: Feature request: Prempt fingerprint prompt when connecting to new server Product: Portable OpenSSH Version: 8.4p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component:

https://bugzilla.mindrot.org/show_bug.cgi?id=3746 Bug ID: 3746 Summary: ssh-keyscan output format is not compatible with ssh-keygen -s Product: Portable OpenSSH Version: 9.2p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: ssh-keyscan

Hi, 1. I think you should apply the attached patch to openssh-2.9p1, otherwise ssh-keyscan on linux boxes with glibc-2.1 will experience enormous timeout delays. 2. Is there a program like ssh-keyscan for the Version2 (dsa and rsa) keys?? regards Peter Breitenlohner <peb at mppmu.mpg.de> -------------- next part -------------- diff -ur openssh-2.9p1.orig/ssh-keyscan.c

https://bugzilla.mindrot.org/show_bug.cgi?id=2479 Bug ID: 2479 Summary: ssh-keyscan non-standard port broken Product: Portable OpenSSH Version: 6.9p1 Hardware: amd64 OS: Linux Status: NEW Severity: normal Priority: P5 Component: ssh-keyscan Assignee: unassigned-bugs at

https://bugzilla.mindrot.org/show_bug.cgi?id=3581 Bug ID: 3581 Summary: ssh-keyscan fails with `fdlim_get: bad value` with large file descriptor limit due to type confusion Product: Portable OpenSSH Version: 9.3p1 Hardware: ARM64 OS: Mac OS X Status: NEW Severity: enhancement

Hi, OpenSSH 6.9 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This release contains some substantial new features and a number of bugfixes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is

https://bugzilla.mindrot.org/show_bug.cgi?id=2451 Bug ID: 2451 Summary: Bugs intended to be fixed in 7.2 Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: trivial Priority: P5 Component: Miscellaneous Assignee: unassigned-bugs at

Hi, Following the fix [1] being released on 7.5, now SHA2 RSA signature methods work properly. On the other hand it is still not possible to disable SHA1 RSA alone (as an example, as SHA2-256 or SHA2-512 could also potentially be not desirable), where it is considered insecure or undesirable. I am proposing to add a mechanism, and happy to submit a patch, to enable selection of the Hashes

http://bugzilla.mindrot.org/show_bug.cgi?id=1213 Summary: ssh-keyscan exits in mid-way Product: Portable OpenSSH Version: 4.3p2 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Miscellaneous AssignedTo: bitbucket at mindrot.org ReportedBy: tryponraj at

https://bugzilla.mindrot.org/show_bug.cgi?id=3202 Bug ID: 3202 Summary: Ed25519 key on HSM is not getting listed in ssh-add -l command Product: Portable OpenSSH Version: 8.2p1 Hardware: ARM64 OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh-add

Hi, One of our users who is running an OS (I think it's the latest beta macOS 10.14.1) with ssh version "OpenSSH_7.8p1, LibreSSL 2.7.3" is unable to use our user SSH RSA certificates to authenticate to our servers (which are running "OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017"). We see this error on the client side: debug1: kex_input_ext_info:

In the past 2 months another change occurred in the CVS code that broke my ssh-keyscan patch. Here's an updated version that tweaks the changed name (in the Kex struct) and also causes an attempt to grab an ssh2 key from an older server (without ssh2 support) to fail earlier and without an error message (Stuart Pearlman emailed me some code for this). This patch is based on the BSD CVS

https://bugzilla.mindrot.org/show_bug.cgi?id=2531 Bug ID: 2531 Summary: MaxSessions config parameter name is highly ambigious Product: Portable OpenSSH Version: 7.1p1 Hardware: All OS: Linux Status: NEW Severity: normal Priority: P5 Component: sshd Assignee: unassigned-bugs at

===== Ladies/Gents, "ssh-keyscan.c" can't be linked statically against "libssh.a". You end up with `fatal()' being doubly defined. The patch below deletes the new "ssh-keyscan.c:fatal()" function and and restores the "ssh-keyscan.c:fatal_callback()" function with modifi- cations. The problem that both attempt to alleviate is the setting of the

https://bugzilla.mindrot.org/show_bug.cgi?id=1213 --- Comment #57 from Daniel Richard G. <skunk at iSKUNK.ORG> --- Okay, rolling with git master 86936ec2. Now, ssh-keyscan isn't erroring out; instead, it's... hanging. I'm seeing this behavior crop up pretty consistently after running for several minutes. And it's wedged pretty tight, too---nothing happens even after letting

https://bugzilla.mindrot.org/show_bug.cgi?id=2924 Bug ID: 2924 Summary: Order a limited host keys list in client based on the known hosts Product: Portable OpenSSH Version: 7.7p1 Hardware: Other OS: Linux Status: NEW Keywords: patch Severity: enhancement Priority:

https://bugzilla.mindrot.org/show_bug.cgi?id=1213 --- Comment #50 from Daniel Richard G. <skunk at iSKUNK.ORG> --- Okay, tried again with your patch. Here's what I see: [...] # A.B.C.46 SSH-1.99-OpenSSH_4.2 # A.B.C.47 SSH-1.99-OpenSSH_4.2 # A.B.C.47 SSH-1.99-OpenSSH_4.2 # A.B.C.47 SSH-1.99-OpenSSH_4.2 # A.B.C.48 SSH-1.99-OpenSSH_4.2 # A.B.C.48

I have a network without a network connection to other networks. But a socks server is dual homed between it and other networks. I can use socks to ssh to other networks. I use ProxyCommand with the socks aware connect.c program to connect out. All works great. I discovered while trying to use the ssh-keyscan program that it does not use the ProxyCommand configuration. At least in my testing