similar to: [Bug 3095] New: SSH CA-signed key fails when port forwarding

Thanks, very informative! I was able to generate this digraph and I'm pleased with it since it appears that all my servers behind bastion are directly connected, but nodes outside are not and are routed via bastion http://imgur.com/zEojkMw Here is the digraph itself, if the above link is not accessible: digraph { bastion [label = "bastion", color = "green"];

https://bugzilla.mindrot.org/show_bug.cgi?id=3582 Bug ID: 3582 Summary: Confusing error message when using ProxyJump Product: Portable OpenSSH Version: 9.3p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at

https://bugzilla.mindrot.org/show_bug.cgi?id=2817 Bug ID: 2817 Summary: Add support for PKCS#11 URIs (RFC 7512) Product: Portable OpenSSH Version: 7.6p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: Smartcard Assignee: unassigned-bugs at

https://bugzilla.mindrot.org/show_bug.cgi?id=3610 Bug ID: 3610 Summary: Using ControlPath and the -J option Product: Portable OpenSSH Version: 8.9p1 Hardware: All OS: Linux Status: NEW Severity: normal Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org

On Wed, Jun 21, 2017 at 04:57:23PM -0700, Nirmal Thacker wrote: > What is the significance of port 655 with regards to tinc? This port is officially reserved for tinc. It is also below number 1024, which means that on most operating systems, only a priviliged user can listen on that port, and prevents regular users from starting tinc on port 655. However, you don't have to use port 655,

Hi I'm new to tinc vpn and I am currently exploring a use-case we have, of creating a secure mesh over which our own services may run. This may be a basic question, I wasn't able to find a satisfying answer. What is the significance of port 655 with regards to tinc? Lets consider a 4 node setup: We have nodes: [protected] : protected behind a private network in the cloud [bastion]:

Hi all, I noticed a bit of an odd issue with maintaining `known_hosts` when the target machine is behind a bastion using `ProxyJump` or `ProxyCommand` with host key clashes. Client for me right now is OpenSSH_9.3p1 on Gentoo Linux/AMD64. I'm a member of a team, and most of us use Ubuntu (yes, I'm a rebel). Another team who actually maintain this fleet often access the same machines

This pre-recorded message is being sent in response to your recent email to Firewalls-Book-Info. Building Internet Firewalls, Second Edition =========================================== by Elizabeth D. Zwicky, Simon Cooper, and D. Brent Chapman Published by O'Reilly & Associates 2nd Edition June 2000 894 Pages ISBN 1-56592-871-7 List price $49.95 Available through the Internet at a

https://bugzilla.mindrot.org/show_bug.cgi?id=3080 Bug ID: 3080 Summary: Document IdentityFile=none and clarify interaction of defaults with IdentitiesOnly Product: Portable OpenSSH Version: 8.0p1 Hardware: Other OS: All Status: NEW Severity: normal Priority: P5

Hi, Thank for all your reply, here the details of the product : https://www.wallix.com/en/access-manager/ ? Customizable admin portal: Fully customize the design of your administrative portal. Determine how it classifies files, and how files are transferred between workstations and targeted Windows sources. Plus, quickly communicate with different target Bastions via the encrypted https

https://bugzilla.mindrot.org/show_bug.cgi?id=3570 Bug ID: 3570 Summary: Add substitution token for explicitly selected IdentityFile for ControlPath selection Product: Portable OpenSSH Version: 9.3p1 Hardware: All OS: Linux Status: NEW Severity: enhancement Priority: P5

It seems that users may be disclosing unintended public key info when logging into remote hosts. Use of the words keypair/keyid/etc have been bastardized. Signature is likely better. Note also, the author may be without clue. Setup: [g] - refers to an administrative group of hosts [n] - refers to a host within that group ws[g][n] - management workstations [trusted] User ssh-add's keys for

https://bugzilla.mindrot.org/show_bug.cgi?id=3729 Bug ID: 3729 Summary: the new sshd does not work under the supervision of inetd Product: Portable OpenSSH Version: 9.8p1 Hardware: ARM OS: Linux Status: NEW Severity: major Priority: P5 Component: sshd

Hi, the following patch to contrib/cygwin/ssh-host-config creates /etc/ssh_config and /etc/sshd_config according to the current default config files. Could somebody please check it in? Corinna Index: contrib/cygwin/ssh-host-config =================================================================== RCS file: /cvs/openssh_cvs/contrib/cygwin/ssh-host-config,v retrieving revision 1.3 diff -u -p

Hi, With the 20100127 snapshot, there appears to be a bug in the multiplexing support that causes the master to die under some circumstances when a slave session exits. The error messages that I am getting are: cfe1.imorgan> exit Connection to cfe1 closed. $ channel_by_id: 2: bad id: channel free client_input_channel_req: channel 2: unknown channel channel_by_id: 2: bad id: channel free

https://bugzilla.mindrot.org/show_bug.cgi?id=3555 Bug ID: 3555 Summary: ForwardAgent doesn't work under Match canonical Product: Portable OpenSSH Version: 8.4p1 Hardware: amd64 OS: Linux Status: NEW Severity: normal Priority: P5 Component: ssh Assignee: unassigned-bugs at

Here is the user-dependent IdentityFile patch for openssh3.5 (BSD version), which allows private key files to be placed system wide (for all users) in a secure (non-NFS) mounted location. This addresses an important security hole on systems where home directories are NFS mounted, particularly if there are users who use blank passphrases (or when lpd is tunneled through ssh on systems running lpd

https://bugzilla.mindrot.org/show_bug.cgi?id=1898 Summary: possible unreasonable behaviour when using ProxyCommand with multiple IdentityFile(s) Product: Portable OpenSSH Version: 5.8p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Miscellaneous

http://bugzilla.mindrot.org/show_bug.cgi?id=1159 Summary: %u and %h not handled in IdentityFile Product: Portable OpenSSH Version: 4.3p2 Platform: All URL: http://www.math.ualberta.ca/imaging/snfs/openssh.html OS/Version: Linux Status: NEW Keywords: patch Severity: normal Priority: P2

editors note: just now found something about IdentitiesOnly that might do the trick. there's some other stuff in here too. about preventing info leakage [keys for other sites] from appearing in the client<-->server key negotiation with ssh-agent and IdentityFile. ssh/config:IdentityFile - seems to indicate that only the specified key will be tried, and if that key fails, no other keys