similar to: [Bug 3186] New: ProxyJump should include IdentityFile when specified

https://bugzilla.mindrot.org/show_bug.cgi?id=3570 Bug ID: 3570 Summary: Add substitution token for explicitly selected IdentityFile for ControlPath selection Product: Portable OpenSSH Version: 9.3p1 Hardware: All OS: Linux Status: NEW Severity: enhancement Priority: P5

https://bugzilla.mindrot.org/show_bug.cgi?id=2744 Bug ID: 2744 Summary: ProxyJump causes "Killed by signal 1" to be printed in terminal. Product: Portable OpenSSH Version: 7.5p1 Hardware: Other OS: Linux Status: NEW Severity: trivial Priority: P5 Component:

https://bugzilla.mindrot.org/show_bug.cgi?id=3163 Bug ID: 3163 Summary: teach ssh-keyscan to use ssh_config (plus options like ProxyJump) Product: Portable OpenSSH Version: 7.4p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component:

https://bugzilla.mindrot.org/show_bug.cgi?id=3080 Bug ID: 3080 Summary: Document IdentityFile=none and clarify interaction of defaults with IdentitiesOnly Product: Portable OpenSSH Version: 8.0p1 Hardware: Other OS: All Status: NEW Severity: normal Priority: P5

https://bugzilla.mindrot.org/show_bug.cgi?id=3582 Bug ID: 3582 Summary: Confusing error message when using ProxyJump Product: Portable OpenSSH Version: 9.3p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at

On Sat, 13 Jan 2024, Rob Leslie wrote: > Hello, > > On macOS, Terminal?s ?New Remote Connection?? command runs ssh in a new window like this: > > login -pfq $USER /usr/bin/ssh $HOST > > Here, login executes /usr/bin/ssh with argv[0] set to ?-ssh?. > > If $HOST has a ProxyJump configuration, the resulting ProxyCommand is: > > -ssh -W '[%h]:%p'

https://bugzilla.mindrot.org/show_bug.cgi?id=3057 Bug ID: 3057 Summary: Fork-bomb when misconfiguring a host to ProxyJump onto itself Product: Portable OpenSSH Version: 7.9p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh

http://bugzilla.mindrot.org/show_bug.cgi?id=410 Summary: when -i or IdentityFile is specified, agent keys are still tried first Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: minor Priority: P2 Component: ssh-agent AssignedTo:

http://bugzilla.mindrot.org/show_bug.cgi?id=410 ------- Additional Comments From markus at openbsd.org 2002-10-04 17:34 ------- it's not documented that -i or IdentityFile overwrite the agent and it's to late to even consider this change. if you don't want to use the agent, unset SSH_AUTH_SOCK ------- You are receiving this mail because: ------- You are the assignee for the

Hi, I'm very grateful for the new ProxyJump option. It helps tremendously! One small question I'd like to ask, though: Is there a way to skip one (mostly the first) jump host if the machine is in some specific network? For example, from home, I (resp. a shell script) need to jump to the office's server, a customers' login host, and then to the destination node; from the

On Wed, 2024-03-13 at 11:41 +0000, Job Snijders wrote: > On Wed, Mar 13, 2024 at 12:19:24PM +0100, Adam Kalisz wrote: > > it seems I cannot use: > > > > $ ssh -J root at 2a01:4f8:1c1e:528d::1 root at west-coast > > Invalid -J argument > > Try this: > > ??? $ ssh -J root@[2a01:4f8:1c1e:528d::1] root at west-coast Thank you all for helping with the syntax.

Hello, This change is to get the IdentityFile option processed from the included configuration files. Regards, Oleg Oleg Zhurakivskyy (1): Process the IdentityFile option from the included files readconf.c | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) -- 2.9.3

Hi OpenSSH devs, I?m wondering if the following has any merit and can be done securely ... If you could match on principals in the sshd_config, then (for example) on a gateway machine, you could have something like /etc/ssh/authorized_keys/sshfwd: cert-authority,principals=?batcha-fwd,batchb-fwd? ... /etc/ssh/sshd_config containing: Match User sshfwd PubkeyAuthentication yes

Hi all, I noticed a bit of an odd issue with maintaining `known_hosts` when the target machine is behind a bastion using `ProxyJump` or `ProxyCommand` with host key clashes. Client for me right now is OpenSSH_9.3p1 on Gentoo Linux/AMD64. I'm a member of a team, and most of us use Ubuntu (yes, I'm a rebel). Another team who actually maintain this fleet often access the same machines

On 18/8/23 18:37, Jochen Bern wrote: > On 18.08.23 07:39, Darren Tucker wrote: >> On Fri, 18 Aug 2023 at 15:25, Stuart Longland VK4MSL <me at vk4msl.com> >> wrote: >> [...] >>> The crux of this is that we cannot assume the local IPv4 address is >>> unique, since it's not (and in many cases, not even static). >> >> If the IP address is

AFAIK everything you described here could be done using the AuthorizedKeysCommand or AuthorizedPrincipalsCommand directives. These can emit authorized_keys options (inc. permitopen) as well as the allowed keys/principals. On Sun, 12 Nov 2023, Bret Giddings wrote: > Hi OpenSSH devs, > > I?m wondering if the following has any merit and can be done securely ... > > If you could

https://bugzilla.mindrot.org/show_bug.cgi?id=1898 Summary: possible unreasonable behaviour when using ProxyCommand with multiple IdentityFile(s) Product: Portable OpenSSH Version: 5.8p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Miscellaneous

Hello, On macOS, Terminal?s ?New Remote Connection?? command runs ssh in a new window like this: login -pfq $USER /usr/bin/ssh $HOST Here, login executes /usr/bin/ssh with argv[0] set to ?-ssh?. If $HOST has a ProxyJump configuration, the resulting ProxyCommand is: -ssh -W '[%h]:%p' $JUMP_HOST Because of the leading hyphen, this fails to execute. If the user?s shell is zsh, the

Hello, it seems I cannot use: $ ssh -J root at 2a01:4f8:1c1e:528d::1 root at west-coast Invalid -J argument (The west-coast is stored on the jump host in between in /etc/hosts.) $ ssh -J root at 167.235.141.44 root at west-coast Works as expected. Also $ ssh root at 2a01:4f8:1c1e:528d::1 does work as expected. I do have native IPv6. This is on Debian 12 Bookworm: $ ssh -V OpenSSH_9.2p1

Hi, I'm using ProxyJump via a local sshd (in a separate network namespace) to connect to a remote host. It works fine the first time, but if I connect several times in a row in a short period of time, I suddenly get a "Connection reset by peer" error. This happens to be reproducible. If I wait a few seconds (let's say 15 seconds), the connection is restored. I have tried to