similar to: [Bug 3123] New: PermitOpen does not allow wildcards for hosts despite what docs say

After reading some more from the archives, a private email, and some general research, I see that KerbV support has been dropped in favor of GSSAPI. Which is fine, and wonderful, I support GSSAPI. But, erm, the announcement says, "This release contains some GSSAPI user authentication support to replace legacy KerberosV authentication support. At present this code is still considered

Is something special required for KerbV auth to work? I've enabled: KerberosAuthentication yes on some test boxes and it doesn't work. I do a kinit, and then ssh and it asks for a password. If you don't provide one, you don't get in.

https://bugzilla.mindrot.org/show_bug.cgi?id=2711 Bug ID: 2711 Summary: Patch to add permitgwport and restrict permitopen to be a default deny Product: Portable OpenSSH Version: 7.2p2 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component:

Hey folks, I've asked this on the security focus mailing list, but no one seems to know... I'm in the process of moving my company from old crufty ssh.com ssh1 to openssh. On most of our hosts, we've created rsa and dsa keys but managed to KEEP the old rsa1 key... However, on a few hosts, openssh has been unable to read the old rsa1 key and has claimed: debug1: Unsupported

Hey folks, As part of a local change, we like to authlog the commands executed via command line, i.e.: ssh user at host "somecommand" And I was able to modify session.c like so: -------------------------------------- case SSH_CMSG_EXEC_CMD: if (type == SSH_CMSG_EXEC_CMD) { command = packet_get_string(&dlen);

https://bugzilla.mindrot.org/show_bug.cgi?id=2582 Bug ID: 2582 Summary: Allow PermitOpen to use a wildcard hostname with a fixed port Product: Portable OpenSSH Version: 7.2p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: sshd

http://bugzilla.mindrot.org/show_bug.cgi?id=1267 Summary: PermitOpen - Multiple forwards don't works Product: Portable OpenSSH Version: v4.5p1 Platform: ix86 OS/Version: Cygwin on NT/2k Status: NEW Severity: security Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org

https://bugzilla.mindrot.org/show_bug.cgi?id=2001 Bug #: 2001 Summary: Document PermitOpen none in man page Classification: Unclassified Product: Portable OpenSSH Version: -current Platform: All OS/Version: OpenBSD Status: NEW Severity: trivial Priority: P2 Component: Documentation

https://bugzilla.mindrot.org/show_bug.cgi?id=2347 Bug ID: 2347 Summary: permitopen doesn't work with unix domain sockets Product: Portable OpenSSH Version: 6.7p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs

I have an application where a lot of end user CPE devices ssh in automatically to a central server, and are authenticated by public key, to do remote (-R) port forwarding, so we can open a connection back to a particular port on the remote device whether it's behind some NAT or firewall or whatever. I want to be certain, however, that if I open port 12345, it is connected to the correct end

https://bugzilla.mindrot.org/show_bug.cgi?id=1949 Bug #: 1949 Summary: PermitOpen none option Classification: Unclassified Product: Portable OpenSSH Version: 5.9p1 Platform: All OS/Version: OpenBSD Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo:

https://bugzilla.mindrot.org/show_bug.cgi?id=1513 Summary: CIDR address/masklen matching support for permitopen= Product: Portable OpenSSH Version: 5.1p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org

Dear openssh-unix-dev list, in OpenSSH 5.1 you introduced CIDR address/masklen matching for "Match address" blocks in sshd_config as well as supporting CIDR matching in ~/.ssh/authorized_keys from="..." restrictions in sshd. I wonder whether CIDR address/masklen matching will be implemented for permitopen="host:port" restrictions in sshd as well, that would be quite

I've just discovered the permitopen flag. We need such a feature for our poor man's VPN services, but this flag seems to be usable only if you generate your authorized_keys file from a database or something like that: keeping a long list of host/port combinations up to date for several users and keys is no fun. As announced before, we have developed a far more powerful mechanism for

It looks like there is good support for limiting connections on the server side when the client uses the -L flag. What about support for server side connections (listens) when the client uses the -R flag? I am looking for an equivalent to permitopen that says what ports are valid for the remote host when using the -R flag. As it sits now, an unscrupulous ssh user can bind to any port above 1024

Hi one question about the IPv6 format in permitopen=. Is this ":::/port" used anywhere else? The only documented format for literal IPv6 addresses I found was RFC 2732 as it's used in web-browsers. They specify the address as "[:::]:port" In OpenSSH this would be matched by changing "%255[^/]/%5[0-9]" to "%*[[]%255[^]]%*[]]:%5[0-9]" in the

On Wed, 27 Aug 2008, Damien Miller wrote: > On Tue, 26 Aug 2008, Peter Stuge wrote: > > On Fri, Aug 22, 2008 at 11:22:34AM +0200, Bert Courtin wrote: > > > I wonder whether CIDR address/masklen matching will be implemented > > > for permitopen="host:port" restrictions in sshd as well, that would > > > be quite beneficially (at least for me, maybe

https://bugzilla.mindrot.org/show_bug.cgi?id=2846 Bug ID: 2846 Summary: PermitOpen rule in sshd_config is not case insensitive Product: Portable OpenSSH Version: 7.6p1 Hardware: Other OS: Linux Status: NEW Severity: major Priority: P5 Component: sshd Assignee: unassigned-bugs

I figure this probably isn't the most appropriate place for this question, buuuuut, I can't seem to find the information I need on the [http|ftp] site. I'm responsible for a new Mirror site here at USC, and one of the many things we would like to mirror is the OpenSSH software. However, I can't seem to find the following information: - What is the prefered place to mirror

This isn't really a dev question, but its also not a 'user' question either... At USC, we've setup a large mirror. One of the many things we are mirroring is openssh. I tried to contact miod at openbsd.org which I believe I got from the website, but I got no response. Anyway, the mirror is available through HTTP, FTP, and RSYNC: http://mirrors.usc.edu/pub/openssh/