similar to: [Bug 3652] New: KnownHostsCommand should expand tokens and environment variables on first argument

https://bugzilla.mindrot.org/show_bug.cgi?id=3643 Bug ID: 3643 Summary: order_hostkeyalgs can't find host-key in KnownHostsCommand if it contains port Product: Portable OpenSSH Version: 9.5p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5

https://bugzilla.mindrot.org/show_bug.cgi?id=1777 --- Comment #4 from Daniel Kahn Gillmor <dkg at fifthhorseman.net> --- (In reply to Damien Miller from comment #3) > This is possible to do, but without some significant changes is > likely to be fairly inefficient. > > ssh reads known_hosts a couple of times during connection. At least > once to figure out what host key

https://bugzilla.mindrot.org/show_bug.cgi?id=1777 Summary: KnownHostsCommand Product: Portable OpenSSH Version: 5.5p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: unassigned-bugs at mindrot.org ReportedBy: dkg at fifthhorseman.net A

https://bugzilla.mindrot.org/show_bug.cgi?id=1777 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org --- Comment #3 from Damien Miller <djm at mindrot.org> --- This is possible to do, but

https://bugzilla.mindrot.org/show_bug.cgi?id=1777 Guilhem <guilhem at fripost.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |guilhem at fripost.org -- You are receiving this mail because: You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3570 Bug ID: 3570 Summary: Add substitution token for explicitly selected IdentityFile for ControlPath selection Product: Portable OpenSSH Version: 9.3p1 Hardware: All OS: Linux Status: NEW Severity: enhancement Priority: P5

Some systems like to have a CA supply short-lived certificates to ssh clients. The basic idea is that servers enable certificate authentication, clients authenticate to the CA out of band, and the CA issues client certificates that are valid for a short enough time that users don't want to manually drop them into ~/.ssh or otherwise think about them. There are a handful of commercial

OpenSSH 8.4 has just been released. It will be available from the mirrors listed at https://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested

Hi. Last night on an irc openssh channel, a user brought up a use case involving cluster trees and very descriptive (i.e. long) hierarchical hostnames. To make a long story short, his ControlPath (~/.ssh/control-master /%r@%h:%p) was bumping up against UNIX_PATH_MAX. Attached patch adds a new percent-token (%H) that expands to the sha1 digest of the concatenation of host (%h) + port (%p) +

Hi! >From man 5 ssh_config > ControlPath > Specify the path to the control socket used for connection sharing as described in the > ControlMaster section above or the string ``none'' to disable connection sharing. In > the path, `%l' will be substituted by the local host name, `%h' will be substituted by >

https://bugzilla.mindrot.org/show_bug.cgi?id=1997 Bug #: 1997 Summary: Add QoS to ControlPath escapes Classification: Unclassified Product: Portable OpenSSH Version: 5.9p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: ssh AssignedTo:

TL;DR: I expect ProxyCommand to have effect in preference to ControlPath. I've just tripped over this one. I have an ssh Host (let us call it "MAIN") with a ControlPath and with ControlMaster=no, from the .ssh/config file. I also have a shell script whose purpose is to hop to a remote host through a port forward, which uses the ProxyCommand option like this: ProxyCommand ssh

https://bugzilla.mindrot.org/show_bug.cgi?id=2437 Bug ID: 2437 Summary: ssh with ControlMaster and ControlPath hangs on 2nd session in same terminal Product: Portable OpenSSH Version: 6.7p1 Hardware: amd64 OS: Linux Status: NEW Severity: normal Priority: P5

https://bugzilla.mindrot.org/show_bug.cgi?id=3610 Bug ID: 3610 Summary: Using ControlPath and the -J option Product: Portable OpenSSH Version: 8.9p1 Hardware: All OS: Linux Status: NEW Severity: normal Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org

Hi everyone, For ssh(1) to override global options with the options in "Host" block, the attached diff (w.r.t. the openssh code in FreeBSD 8.1-R) contains the code to do so while parsing ssh configuration file. This is useful for case like following where {d,proj,p,n}cvs.FreeBSD.org is an alias to ncvs.FreeBSD.org hostname, thus connecting to {d,proj,p,n}cvs.FreeBSD.org should utilize

Hi. Just a suggestion : in the ControlPath syntax, you could add a %H that would expand to the name of the "Host" specification matched, + %h. In my opinion, when you add a "Host" paragraph with a different name for the same target host, generally you dont want to reuse the same control socket. Of course you can write different ControlPath directives in each specification

https://bugzilla.mindrot.org/show_bug.cgi?id=2488 Bug ID: 2488 Summary: "ssh-copy-id -o ControlPath=/tmp/foo" hangs Product: Portable OpenSSH Version: 7.1p1 Hardware: All OS: All Status: NEW Severity: minor Priority: P5 Component: ssh-copy-id Assignee:

Attached (and inline) is a patch to add the following config options: ControlBindMask ControlAllowUsers ControlAllowGroups ControlDenyUsers ControlDenyGroups It pulls the peer credential check from client_process_control() in ssh.c, and expounds upon it in a new function, client_control_grant(). Supplemental groups are not checked in this patch. I didn't feel comfortable taking a shot

On 03Nov2017 13:07, Damien Miller <djm at mindrot.org> wrote: >On Fri, 3 Nov 2017, Cameron Simpson wrote: >> TL;DR: I expect ProxyCommand to have effect in preference to >> ControlPath. [...] >> On reflection, of course these are distinct options and that side of >> things isn't, of itself, a bug. However, is there a sane use case for >> using

https://bugzilla.mindrot.org/show_bug.cgi?id=2449 Bug ID: 2449 Summary: uid for expansion in ControlPath Product: Portable OpenSSH Version: 7.0p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org