similar to: [PATCH RESEND 0/2] Permit %L and %l percent escapes in Include

This allows the localhost percent-style escapes in arguments to the Include directive. These are useful for including host-specific ssh configuration. --- readconf.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/readconf.c b/readconf.c index a2282b562df0..ad47d0e9730a 100644 --- a/readconf.c +++ b/readconf.c @@ -1030,7 +1030,8 @@

This allows the localhost percent-style escapes in arguments to the Include directive. These are useful for including host-specific sshd configuration. --- servconf.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/servconf.c b/servconf.c index 86c2979360c5..daf8f2df15a2 100644 --- a/servconf.c +++ b/servconf.c @@ -1297,7 +1297,8 @@

This allows the localhost percent-style escapes in arguments to the Include directive. These are useful for including host-specific ssh configuration. --- readconf.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/readconf.c b/readconf.c index a2282b562df0..ad47d0e9730a 100644 --- a/readconf.c +++ b/readconf.c @@ -1030,7 +1030,8 @@

Numerous how-tos all over the Internet show how one would set up a tunnel using ssh, e.g.: ssh -f -o Tunnel=ethernet <server_ip> true I was wondering if there's a way to subsequently acquire the names of the local and remote tun/tap interfaces (e.g., using the default "-w any:any") for subsequent automatic tunnel configuration, e.g.: ip link set $TapDev up ip link set

https://bugzilla.mindrot.org/show_bug.cgi?id=2449 Bug ID: 2449 Summary: uid for expansion in ControlPath Product: Portable OpenSSH Version: 7.0p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org

... and I guess your next question will be about compilation environment, so: ``` $ gcc --version gcc (Gentoo 13.2.1_p20240210 p14) 13.2.1 20240210 Copyright (C) 2023 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. ``` I'm running on gentoo. I tested that the

ssh client has the ability to set the destination of debug logs via the `-E` flag. ssh_config lacks an equivalent keyword to set the same option via configs. This patch follows the same semantics of other `*Path` type keywords and creates a new ssh_config keyword `LogPath`. [0] Bugzilla: https://bugzilla.mindrot.org/show_bug.cgi?id=3683 [1] GitHub PR:

Hey there, I often want different behavior in my ssh client depending on whether I'm logging into an interactive session or running a remote non-interactive command. We can see at, say, https://unix.stackexchange.com/a/499562/305714 that this isn't a unique wish, and existing solutions are kind of baroque. Typical reasons to do this are to immediately go into a screen or tmux session; for

Hi, I noticed the recent commit adding Match support to ssh(1). I look forward to giving it a try, but I have some initial feedback based on ssh_config.5 and an examiniation of match_cfg_line(). First, the "command" keyword could be a little deceptive. Although the man page makes the use of this keyword quite clear, my initial assumption was that the intent was to match against the

Hi, (I'm not subscribed to the list, so please CC me on reply.) I'd like to request adding a feature to OpenSSH: Task: ~~~~~ It is quite sometime useful to invoke a program prior to connecting to an ssh server. The most common use case will probably be port knocking. That is a small program sends certain packets to a server and the server reacts to this by unlocking the ssh port, which

Hello! I'm hoping that Gmail won't HTML format this mail so that I'll get flamed :) Anyway, my question relates to ssh_config. The problem I find is that the Host pattern is only applied to the argument given on the command line, as outlined in the man page: "The host is the hostname argument given on the command line (i.e. the name is not converted to a canonicalized host name

Hi, Not sure if this anyone else is interested in this but to me it seems to make sense to use different control session multiplexer sockets for bulk and interactive workloads. Index: auth.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/auth.c,v retrieving revision 1.94 diff -u -p -r1.94 auth.c --- auth.c 23 May 2011 03:33:38 -0000 1.94 +++

Allow users to specify certificates to be used for authentication on the command line with the '-z' argument when running ssh. For successful authentication, the key pair associated with the certificate must also be presented during the ssh. Certificates may also be specified in ssh_config as a CertificateFile. This option is meant the address the issue mentioned in the following

From: Christian Hesse <mail at eworm.de> Modern Linux systems create a private directory in /run/user/ for each user, named by user id. This adds a new character sequence '%i' for expansion in ControlPath to match thisi directory. Signed-off-by: Christian Hesse <mail at eworm.de> --- ssh.c | 5 ++++- ssh_config.5 | 4 +++- 2 files changed, 7 insertions(+), 2

hi guys, I am having an unusual behaviour in puppet with AIX (client node) while copying ssh key from puppet-server to client. here is what i am trying to do; $username = "xyz" $group = "system" $home = "/home" $sshDir = ".ssh" $pub_key = "id_rsa.pub.xyz" 1. creating all users virtually in one go 2. realize them all and copy each of

Hi I built openssh on solaris 2.6 after running configure --prefix=/my/install/dir --with-ssl-dir=/where/ssl/is Everything compiled Ok but there was a problem when doing make install, as ssh-rand-helper was looking in the wrong place for prng_command_file, so here is a patch for ssh-rand-helper.c. You need to delete a space before the string. 63c63 < # define SSH_PRNG_COMMAND_FILE

Hello, I'm running the following script for backup: SHORTHOST=`hostname | awk 'BEGIN { FS="." } { print $1 }'` cd $HOME || exit 1 rsync --ignore-errors --max-size=50m -v --delete --delete-excluded --log-file=/tmp/backup.log --exclude-from=$HOME/.rsync/exclude \ --timeout=3 -az \ $HOME atticserve:/mnt/store/backup/$SHORTHOST At some point it tries to sync the following

https://bugzilla.mindrot.org/show_bug.cgi?id=1614 Summary: ssh-copy-id doesn't seem to set correct selinux permissions Product: Portable OpenSSH Version: 5.2p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Miscellaneous AssignedTo:

Hi, sifting through my system's logs, I noticed many break-in attempts by rogue ssh clients trying long lists of common passwords. For some time now I pondered different approaches to counter these, but could not come up with a solution that really satisfied me. I finally reached the conclusion that any countermeasures required support in sshd itself, and created the attached patch. If

Hi, getpwuid is called as seen in the patch, and is then called again indirectly by tilde_expand_filename without first copying off the results from the first call. This is fatal on MacOSX (and it would seem it should be fatal elsewhere, too). Please CC me in replies; I'm not a subscriber. --- openssh-4.4p1/ssh.c 2006-09-01 22:32:40.000000000 -0700 +++ openssh-4.4p1-fix/ssh.c