similar to: [Bug 3570] New: Add substitution token for explicitly selected IdentityFile for ControlPath selection

editors note: just now found something about IdentitiesOnly that might do the trick. there's some other stuff in here too. about preventing info leakage [keys for other sites] from appearing in the client<-->server key negotiation with ssh-agent and IdentityFile. ssh/config:IdentityFile - seems to indicate that only the specified key will be tried, and if that key fails, no other keys

Hi. Last night on an irc openssh channel, a user brought up a use case involving cluster trees and very descriptive (i.e. long) hierarchical hostnames. To make a long story short, his ControlPath (~/.ssh/control-master /%r@%h:%p) was bumping up against UNIX_PATH_MAX. Attached patch adds a new percent-token (%H) that expands to the sha1 digest of the concatenation of host (%h) + port (%p) +

http://bugzilla.mindrot.org/show_bug.cgi?id=1159 Summary: %u and %h not handled in IdentityFile Product: Portable OpenSSH Version: 4.3p2 Platform: All URL: http://www.math.ualberta.ca/imaging/snfs/openssh.html OS/Version: Linux Status: NEW Keywords: patch Severity: normal Priority: P2

https://bugzilla.mindrot.org/show_bug.cgi?id=3652 Bug ID: 3652 Summary: KnownHostsCommand should expand tokens and environment variables on first argument Product: Portable OpenSSH Version: 9.6p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5

https://bugzilla.mindrot.org/show_bug.cgi?id=3080 Bug ID: 3080 Summary: Document IdentityFile=none and clarify interaction of defaults with IdentitiesOnly Product: Portable OpenSSH Version: 8.0p1 Hardware: Other OS: All Status: NEW Severity: normal Priority: P5

https://bugzilla.mindrot.org/show_bug.cgi?id=1997 Bug #: 1997 Summary: Add QoS to ControlPath escapes Classification: Unclassified Product: Portable OpenSSH Version: 5.9p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: ssh AssignedTo:

https://bugzilla.mindrot.org/show_bug.cgi?id=2437 Bug ID: 2437 Summary: ssh with ControlMaster and ControlPath hangs on 2nd session in same terminal Product: Portable OpenSSH Version: 6.7p1 Hardware: amd64 OS: Linux Status: NEW Severity: normal Priority: P5

https://bugzilla.mindrot.org/show_bug.cgi?id=3610 Bug ID: 3610 Summary: Using ControlPath and the -J option Product: Portable OpenSSH Version: 8.9p1 Hardware: All OS: Linux Status: NEW Severity: normal Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org

TL;DR: I expect ProxyCommand to have effect in preference to ControlPath. I've just tripped over this one. I have an ssh Host (let us call it "MAIN") with a ControlPath and with ControlMaster=no, from the .ssh/config file. I also have a shell script whose purpose is to hop to a remote host through a port forward, which uses the ProxyCommand option like this: ProxyCommand ssh

Hi. Just a suggestion : in the ControlPath syntax, you could add a %H that would expand to the name of the "Host" specification matched, + %h. In my opinion, when you add a "Host" paragraph with a different name for the same target host, generally you dont want to reuse the same control socket. Of course you can write different ControlPath directives in each specification

https://bugzilla.mindrot.org/show_bug.cgi?id=2488 Bug ID: 2488 Summary: "ssh-copy-id -o ControlPath=/tmp/foo" hangs Product: Portable OpenSSH Version: 7.1p1 Hardware: All OS: All Status: NEW Severity: minor Priority: P5 Component: ssh-copy-id Assignee:

On 03Nov2017 13:07, Damien Miller <djm at mindrot.org> wrote: >On Fri, 3 Nov 2017, Cameron Simpson wrote: >> TL;DR: I expect ProxyCommand to have effect in preference to >> ControlPath. [...] >> On reflection, of course these are distinct options and that side of >> things isn't, of itself, a bug. However, is there a sane use case for >> using

https://bugzilla.mindrot.org/show_bug.cgi?id=2449 Bug ID: 2449 Summary: uid for expansion in ControlPath Product: Portable OpenSSH Version: 7.0p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org

https://bugzilla.mindrot.org/show_bug.cgi?id=2220 Bug ID: 2220 Summary: Add uuid-style identifier for use with ControlPath Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs

While it's real handy to have "ControlMaster auto" to have multiple sessions get muxed into one, sometimes it's really helpful to _not_ use the same session (e.g. if you want to ssh -2fNR). It'd be quite nice if there were a flag to tell openssh to not mux the new connection at all - i.e. what "ssh -o ControlPath=none" does. (The 'obvious' invocation `ssh

Here is the user-dependent IdentityFile patch for openssh3.5 (BSD version), which allows private key files to be placed system wide (for all users) in a secure (non-NFS) mounted location. This addresses an important security hole on systems where home directories are NFS mounted, particularly if there are users who use blank passphrases (or when lpd is tunneled through ssh on systems running lpd

https://bugzilla.mindrot.org/show_bug.cgi?id=1997 --- Comment #4 from Peter Lebbing <peter at digitalbrains.com> --- (In reply to chrysn from comment #3) Sorry for not replying sooner, it slipped my mind! > Would a patch to add a "%I" for "1 for interactive sessions, 0 > otherwise" to the expansion be generally acceptable? Peter, would it > still serve your

I've noticed that the ssh-agent applies any keys it already has passwords for (via ssh-add) first, overriding the ssh config files for preferred identity file from .ssh/config and -i. This seems a documented behavior. However, this causes problems with some tool chains that use the authorized_keys command directive to change behavior based on which key is used. In my case, I use gitolite for

Hello, This change is to get the IdentityFile option processed from the included configuration files. Regards, Oleg Oleg Zhurakivskyy (1): Process the IdentityFile option from the included files readconf.c | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) -- 2.9.3

Hello All-- First, thanks for ControlPath/ControlMaster. It's very handy, and ControlMaster=autoask is just what i wanted! I'm having difficulty with a common use case, however. I want to LocalForward on secondary connections using an already-established ControlPath. From what i can tell, the second ssh connection doesn't report any errors, but silently ignores the supplied