similar to: [Bug 3221] New: hostkey preference ordering is broken in some situations

Hello, I've got a problem with newer versions of ssh-agent not accepting all keys being forwarded to them. Example: LOCAL-WORKSTATION ssh-add -l 4096 SHA256:HFSzrozPapudofYJi8QvXQdA1/vNpFc2iPWH8CGVsEg (none) (RSA) 2048 SHA256:lbjpmHAYtUO+zaLaKvWVxGNYkXRkOumcoOpLdRSVX/U /home/matt/.ssh/id_rsa_embedded (RSA) ssh -V OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017 BROKEN-REMOTE ssh

OpenSSH 8.4 has just been released. It will be available from the mirrors listed at https://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested

On 18/8/23 18:37, Jochen Bern wrote: > On 18.08.23 07:39, Darren Tucker wrote: >> On Fri, 18 Aug 2023 at 15:25, Stuart Longland VK4MSL <me at vk4msl.com> >> wrote: >> [...] >>> The crux of this is that we cannot assume the local IPv4 address is >>> unique, since it's not (and in many cases, not even static). >> >> If the IP address is

Hi Damien/all, Since github etc use a potentially large number of IP addresses (albeit with a small number of keys), I'd like more granular oversight over their entries in my known_hosts. Eg, here is a simplified stanza from my current ssh config: Host github gitlab User git Hostname %h.com UserKnownHostsFile ~/.ssh/known_hosts.d/git There doesn't seem to be a good way to filter only

I ask because the removal of diffie-hellman-group-exchange-sha1 happened accidently in 7.8 due to a mistake in a change to readconf.c. I noticed this and filed a bug about it along with a patch to fix readconf.c to use KEX_CLIENT_* like it used to: https://github.com/openssh/openssh-portable/commit/1b9dd4aa https://bugzilla.mindrot.org/show_bug.cgi?id=2967 Its clear the removal was unintentional

Hello, maybe someone could please help and shed some light on a problem that i don't understand, and that even in multiple ways. The problem occurred three or four times over the past months (maybe half a year?) and manifests as ++ Pushing to "gitlab" (at least "master" differs)! Warning: Permanently added the RSA host key for IP address '104.46.105.89' to the

Dear OpenSSH developers, Do you find it a good idea if variable substitution is implemented in UserKnownHostsFile the same way it is done for IdentityFile? In ssh_config I would like to write something like UserKnownHostsFile ~/keys/%r/known_hosts Thanks! -- With best regards, Dmitry

Perfect, thanks. This winds up working for me (as far as I've tested so far.) Match exec "ping -q -c 1 -t 1 %n | grep '192\.168\.'" StrictHostKeyChecking no UserKnownHostsFile none On Wed, Aug 26, 2015 at 11:47 PM, Bostjan Skufca <bostjan at a2o.si> wrote: > (+cc list) > > You could use something in the following manner: > > Match originalhost *

https://bugzilla.mindrot.org/show_bug.cgi?id=1654 Darren Tucker <dtucker at dtucker.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dtucker at dtucker.net --- Comment #5 from Darren Tucker <dtucker at dtucker.net> --- Created attachment

https://bugzilla.mindrot.org/show_bug.cgi?id=1654 Darren Tucker <dtucker at dtucker.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #7 from Darren Tucker <dtucker at

On Fri, Aug 28, 2015 at 11:51 PM, Walter Carlson <wlcrls47 at gmail.com> wrote: > On Thu, Aug 27, 2015 at 12:26 AM, Walter Carlson <wlcrls47 at gmail.com> wrote: > >> Perfect, thanks. This winds up working for me (as far as I've tested so >> far.) >> >> Match exec "ping -q -c 1 -t 1 %n | grep '192\.168\.'" >>

Hello everybody, I have a problem specifying identities with the -i option. For easier ssh invocations, I have setup my ssh_config files with entries like the following: Host *.domain.name Port 23457 StrictHostKeyChecking yes UserKnownHostsFile /dev/null GlobalKnownHostsFile /etc/ssh/known-hosts/domain.name IdentityFile ~/.ssh/%h-dsa IdentityFile ~/.ssh/%h-rsa IdentityFile

On 18.08.23 07:39, Darren Tucker wrote: > On Fri, 18 Aug 2023 at 15:25, Stuart Longland VK4MSL <me at vk4msl.com> wrote: > [...] >> The crux of this is that we cannot assume the local IPv4 address is >> unique, since it's not (and in many cases, not even static). > > If the IP address is not significant, you can tell ssh to not record > them ("CheckHostIP

Hi! Is it somehow possible to disable the known_hosts checking for some hosts? The StrictHostKeyChecking affects only the asking about new computers, but doesn't affect the changed ones. I need it for the test computers, which are reinstalled twice/hour and I really don't like editing .ssh/known_hosts each time :-( Thanks Michal

On 2024-10-14 14:48, Damien Miller wrote: > On Sun, 13 Oct 2024, Jan Eden via openssh-unix-dev wrote: > > When I connect to serverA (`ssh -v -o UpdateHostKeys=yes serverA`) > > afterwards, known_hosts on the client is not updated. The output of the > > ssh command contains this: > > > > debug1: Host '[serverA.domain.internal]:22' is known and matches the

On Sun, 13 Oct 2024, Jan Eden via openssh-unix-dev wrote: > Hi, > > I created new host keys on serverA, updated sshd_config accordingly > (adding the line below) and restarted ssh: > > cd /etc/ssh > sudo ssh-keygen -f 2024_ssh_host_ed25519_key -t ed25519 -N '' > > sudo vi /etc/ssh/sshd_config > # added line: HostKey /etc/ssh/2024_ssh_host_ed25519_key >

Hello there, I'm a little afraid of writing here, hope I don't make any mistake doing so. I'm trying for days and searching the web too, but no obvious solution, no reply from the specialized forum I wrote in. Here is the situation: I would like to have a lighter security inside our domain, without changing when going outside. By "lighter security" I mean at least, no

Trying to get SSH agent forwarding working for a popular open source configuration management system called Ansible. I?ve had some unexpected behaviour, the only cause of which I can find is how I express the command line arguments. http://stackoverflow.com/questions/20952689/vagrant-ssh-agent-forwarding-how-is-it-working?noredirect=1#comment31511341_20952689 In summarise: In the first

https://bugzilla.mindrot.org/show_bug.cgi?id=2525 Bug ID: 2525 Summary: Please add an alias such as -o Insecure for -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no Product: Portable OpenSSH Version: 6.7p1 Hardware: amd64 OS: Linux Status: NEW Severity:

Hi, I created new host keys on serverA, updated sshd_config accordingly (adding the line below) and restarted ssh: cd /etc/ssh sudo ssh-keygen -f 2024_ssh_host_ed25519_key -t ed25519 -N '' sudo vi /etc/ssh/sshd_config # added line: HostKey /etc/ssh/2024_ssh_host_ed25519_key sudo service ssh restart When I connect to serverA (`ssh -v -o UpdateHostKeys=yes serverA`) afterwards,