Displaying 20 results from an estimated 1000 matches similar to: "[Bug 3555] New: ForwardAgent doesn't work under Match canonical"
2014 Jan 19
1
For the default of CanonicalizeFallbackLocal
Hi,
The default value for the option CanonicalizeFallbackLocal.
In the manual, The default value "no".
CanonicalizeFallbackLocal
Specifies whether to fail with an error when hostname canonical-
ization fails. The default, ?no?, will attempt to look up the
unqualified hostname using the system resolver?s search rules. A
value
2020 May 20
7
CanonicalHostname and ssh connections through a jumphost
raf wrote:
> Warlich, Christof wrote:
> > ...
> > I want to be able to ssh to all internal hosts that live in the internal.sub.domain.net,
> > i.e. that are only accessible through the internal.sub.domain.net jumphost without
> > having to list each of these hosts somewhere, as they may frequently be added or
> > removed from the internal domain and without being
2009 Jan 22
0
Unintended key info disclosure via ForwardAgent?
It seems that users may be disclosing unintended public key info
when logging into remote hosts.
Use of the words keypair/keyid/etc have been bastardized. Signature
is likely better. Note also, the author may be without clue.
Setup:
[g] - refers to an administrative group of hosts
[n] - refers to a host within that group
ws[g][n] - management workstations [trusted]
User ssh-add's keys for
2015 Aug 04
0
[Bug 2438] New: Warn about using ForwardAgent with all hosts
https://bugzilla.mindrot.org/show_bug.cgi?id=2438
Bug ID: 2438
Summary: Warn about using ForwardAgent with all hosts
Product: Portable OpenSSH
Version: 6.9p1
Hardware: Other
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs at
2020 Oct 04
6
ability to select which identity to forward when using "ForwardAgent" ?
Hi,
I usually have around 10 identities loaded in my local ssh-agent and when I
use the "ForwardAgent" option all them are forwarded to the remote server,
which is not ideal. I usually only need to forward one (or two) of the
identities and I would like to be able to choose which one(s) to forward.
Looking for solutions it seems that the only option is to create a new
ssh-agent, add
2001 Oct 26
2
Patch to add "warn" value to ForwardX11 and ForwardAgent
Because ForwardX11 and ForwardAgent are so useful but introduce risk when
used to a not well-secured server, I added a "warn" value to the ForwardX11
and ForwardAgent options which causes the ssh client to print a big warning
whenever the forwarding is actually used. I plan to make "ForwardX11=warn"
the default in my ssh_config distribution.
I'm not proposing that this
2008 Aug 05
5
[Bug 1499] New: Add "ForwardAgent ask" to ssh_config
https://bugzilla.mindrot.org/show_bug.cgi?id=1499
Summary: Add "ForwardAgent ask" to ssh_config
Classification: Unclassified
Product: Portable OpenSSH
Version: 4.7p1
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P2
Component: ssh
AssignedTo: unassigned-bugs
2014 Oct 06
3
[Bug 2286] New: Port ignored when re-reading config after canonicalization
https://bugzilla.mindrot.org/show_bug.cgi?id=2286
Bug ID: 2286
Summary: Port ignored when re-reading config after
canonicalization
Product: Portable OpenSSH
Version: 6.6p1
Hardware: Other
OS: Linux
Status: NEW
Severity: minor
Priority: P5
Component: ssh
2017 Mar 01
2
Slow connects due to out-of-context DNS lookup
Ok, so my situation :
Connecting to internal machines via a bastion server in AWS.
Because I'm raising and tearing down the infrastructure a lot at this
stage with Terraform, the IP addresses change.
For the management subnet, I have a private DNS zone defined, and a
public zone with a record for the bastion server.
What I wanted ; to just be able to define a config entry thus :
---
2023 Aug 18
1
Host key verification (known_hosts) with ProxyJump/ProxyCommand
Hi all,
I noticed a bit of an odd issue with maintaining `known_hosts` when the
target machine is behind a bastion using `ProxyJump` or `ProxyCommand`
with host key clashes.
Client for me right now is OpenSSH_9.3p1 on Gentoo Linux/AMD64. I'm a
member of a team, and most of us use Ubuntu (yes, I'm a rebel). Another
team who actually maintain this fleet often access the same machines
2023 Aug 18
1
Host key verification (known_hosts) with ProxyJump/ProxyCommand
On 18/8/23 18:37, Jochen Bern wrote:
> On 18.08.23 07:39, Darren Tucker wrote:
>> On Fri, 18 Aug 2023 at 15:25, Stuart Longland VK4MSL <me at vk4msl.com>
>> wrote:
>> [...]
>>> The crux of this is that we cannot assume the local IPv4 address is
>>> unique, since it's not (and in many cases, not even static).
>>
>> If the IP address is
2014 Feb 10
0
[PATCH] Basic SCTP support for OpenSSH client and server
This patch allows the OpenSSH client to make connections over SCTP,
and allows the OpenSSH server to listen for connections over SCTP.
SCTP is a robust transport-layer protocol which supports, amongst other things,
the changing of endpoint IPs without breaking the connection.
To connect via SCTP, pass -H or set "ConnectViaSCTP yes".
To listen via SCTP as well as TCP, set
2016 Apr 03
6
[Bug 2562] New: CanonicalizeHostname causes duplicate LocalForward attempts
https://bugzilla.mindrot.org/show_bug.cgi?id=2562
Bug ID: 2562
Summary: CanonicalizeHostname causes duplicate LocalForward
attempts
Product: Portable OpenSSH
Version: 7.1p1
Hardware: ix86
OS: Mac OS X
Status: NEW
Severity: normal
Priority: P5
Component: ssh
2024 Dec 06
0
[Bug 1499] Add "ForwardAgent ask" to ssh_config
https://bugzilla.mindrot.org/show_bug.cgi?id=1499
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |WONTFIX
--- Comment #6 from Damien Miller <djm at
2016 May 15
0
[Bug 1499] Add "ForwardAgent ask" to ssh_config
https://bugzilla.mindrot.org/show_bug.cgi?id=1499
Simon Arlott <bugzilla.mindrot-org.simon at arlott.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |bugzilla.mindrot-org.simon@
| |arlott.org
---
2023 Mar 01
1
Why does ssh-keyscan not use .ssh/config?
On Mon, 27 Feb 2023, Keine Eile wrote:
> Hi ML members,
>
> is there a reason, why ssh-keyscan does not use Host definitions from
> .ssh/config but does only relys on DNS host names? I have a quite long list of
> host names and a not that well maintained name server.
Mostly to keep ssh-keyscan simple. ssh_config contains a lot more
options than Host/Hostname that we'd need to
2017 Jul 12
3
[Bug 2744] New: ProxyJump causes "Killed by signal 1" to be printed in terminal.
https://bugzilla.mindrot.org/show_bug.cgi?id=2744
Bug ID: 2744
Summary: ProxyJump causes "Killed by signal 1" to be printed in
terminal.
Product: Portable OpenSSH
Version: 7.5p1
Hardware: Other
OS: Linux
Status: NEW
Severity: trivial
Priority: P5
Component:
2015 Feb 23
4
Using confirmation of key usage per-host?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear all,
bear with me, I know the SUBJECT sounds pretty unclear. I'll clarify
in a minute. And please excuse that due to the keywords being unclear
no usable help was found on google & Co...
Assume there is a workstation, which connects to multiple machines,
one of which is considered potentially unsafe. So, it would be nice to
have agent
2018 Oct 19
0
Announce: OpenSSH 7.9 released
OpenSSH 7.9 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support.
Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested
2004 Dec 27
1
Potential DoS against forwarded ssh-agent
It appears there is an opportunity for a denial-of-service attack
against ssh-agent when using ForwardAgent.
This note describes the circumstances, and provides a patch.
Background (not the vulnerability):
If ssh-agent is forwarded to a compromised account, a remote
attacker could use the connection to authenticate as the owner of
the agent. "ssh-add -c" currently defends