similar to: [Bug 3331] New: Issues with man pages

https://bugzilla.mindrot.org/show_bug.cgi?id=3223 Bug ID: 3223 Summary: Issues in openssh manpages Product: Portable OpenSSH Version: 8.4p1 Hardware: All OS: All Status: NEW Severity: trivial Priority: P5 Component: Documentation Assignee: unassigned-bugs at mindrot.org

Hi, Not sure if this anyone else is interested in this but to me it seems to make sense to use different control session multiplexer sockets for bulk and interactive workloads. Index: auth.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/auth.c,v retrieving revision 1.94 diff -u -p -r1.94 auth.c --- auth.c 23 May 2011 03:33:38 -0000 1.94 +++

Allow users to specify certificates to be used for authentication on the command line with the '-z' argument when running ssh. For successful authentication, the key pair associated with the certificate must also be presented during the ssh. Certificates may also be specified in ssh_config as a CertificateFile. This option is meant the address the issue mentioned in the following

I found that the documentation for -L and -R was hard to understand. So I made some changes to try to make it clearer. I started with Revision 1.328 from http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ssh.1 Comments welcome. ================ ssh.1.patch ================ --- ssh.1 2012/09/15 16:08:48 1.1 +++ ssh.1 2012/09/15 20:23:35 @@ -51,13 +51,13 @@ .Op Fl F Ar configfile .Op Fl I

This is automatically generated email about markup problems in a man page for which you appear to be responsible. If you are not the right person or list, please tell me so I can correct my database. See http://catb.org/~esr/doclifter/bugs.html for details on how and why these patches were generated. Feel free to email me with any questions. Note: These patches do not change the modification

My keys are secured with a passphrase. That's good for security, but having to type the passphrase either at every login or at every invocation of ssh(1) is annoying. I know I could invoke ssh-add(1) just before invoking ssh(1), if I keep track of whether I invoked it already, or write some hacky scripts; but the rest of OpenSSH is wonderfully usable without any hacks. Hence, this patch.

Hey All, Found a very minor problem with client implementation of KerberosTgtPassing command line flag in ssh.c (first diff). We also made some readability patches to the config files and manpages to make the option clearer (the remainder of the diffs). diffs are against -current Index: ssh.c =================================================================== RCS file:

On Sat, 4 May 2024, openssh at tr.id.au wrote: > Hey there, > > I often want different behavior in my ssh client depending on > whether I'm logging into an interactive session or running > a remote non-interactive command. We can see at, say, > https://unix.stackexchange.com/a/499562/305714 that this isn't a > unique wish, and existing solutions are kind of baroque.

On Mon, 6 May 2024, openssh at tr.id.au wrote: > ... and I guess your next question will be about compilation environment, so: > > ``` > $ gcc --version > gcc (Gentoo 13.2.1_p20240210 p14) 13.2.1 20240210 > Copyright (C) 2023 Free Software Foundation, Inc. > This is free software; see the source for copying conditions. There is NO > warranty; not even for MERCHANTABILITY

Because ForwardX11 and ForwardAgent are so useful but introduce risk when used to a not well-secured server, I added a "warn" value to the ForwardX11 and ForwardAgent options which causes the ssh client to print a big warning whenever the forwarding is actually used. I plan to make "ForwardX11=warn" the default in my ssh_config distribution. I'm not proposing that this

Hi, the attached patch adds support for the keywords "OpenCommand" and "CloseCommand" to ssh_config. They are commands which are executed before the connection is established (or ProxyCommand started) and after the connection has been closed (or ProxyCommand ended). this is usefull for stuff like portknocking or (that's what I wrote the patch for) talking with trapdoor2

From: Christian Hesse <mail at eworm.de> Signed-off-by: Christian Hesse <mail at eworm.de> --- ssh_config.5 | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/ssh_config.5 b/ssh_config.5 index 5b0975f..28f7714 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -649,9 +649,13 @@ The default is .It Cm FingerprintHash Specifies the hash algorithm used when

Hi, please find a patch against openssh-4.7p1 This patch: 1) Allows for an optional configuration file 2) Allows a user to be restricted to a directory and it's children. Enjoy -- Alain Williams Linux Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 http://www.phcomp.co.uk/ Parliament Hill Computers Ltd. Registration Information:

Hi! I'm experimenting with migrating the custom sshd_config settings for our (Debian bullseye, openssh-server 8.4) server environment into fragments under sshd_config.d/, and am wondering about sshd's behaviour when encountering multiple AllowGroup lines. The manual states "For each keyword, the first obtained value will be used.", so that gives me the impression that any

Hi, i have written a patch for openSSH 5.8p2 which allows the user to set the local source port. The patch is as follows: diff -rupN openssh-5.8p2//readconf.c openssh-5.8p2-srcport//readconf.c --- openssh-5.8p2//readconf.c 2010-11-20 04:19:38.000000000 +0000 +++ openssh-5.8p2-srcport//readconf.c 2011-07-17 20:57:52.385044096 +0100 @@ -125,7 +125,7 @@ typedef enum { oGlobalKnownHostsFile2,

In the past 2 months another change occurred in the CVS code that broke my ssh-keyscan patch. Here's an updated version that tweaks the changed name (in the Kex struct) and also causes an attempt to grab an ssh2 key from an older server (without ssh2 support) to fail earlier and without an error message (Stuart Pearlman emailed me some code for this). This patch is based on the BSD CVS

Signed-off-by: Daniel Lublin <daniel at lublin.se> --- ssh_config.5 | 6 +++++- sshd_config.5 | 7 ++++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/ssh_config.5 b/ssh_config.5 index 2931d807e..a2d03328d 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -1191,7 +1191,11 @@ Files without absolute paths are assumed to be in .Pa ~/.ssh if included in a user configuration

Right - I know you've had a discussion about the argv[0] stuff already, but I've written this simple script to simulate the (now missing) support for Debian, and was asked to send it to you... --- ssh-argv0 --- #! /bin/sh -e if [ "${0##*/}" == "ssh-argv0" ] then echo 'ssh-argv0: This script should not be run like this, see ssh-argv0(1) for details'

The following patch against openssh-SNAP-20000823 allows to override the compile-time "ssh_prng_cmds" file at run time by adding new options to the server and client configurations. (We move binaries around a bit, and this was the only absolute path that couldn't be fixed at run-time). Regards Jan diff -ur openssh-SNAP-20000823.orig/entropy.c openssh-SNAP-20000823.new/entropy.c

... and I guess your next question will be about compilation environment, so: ``` $ gcc --version gcc (Gentoo 13.2.1_p20240210 p14) 13.2.1 20240210 Copyright (C) 2023 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. ``` I'm running on gentoo. I tested that the