similar to: [Bug 3763] New: Clarify Match criteria in sshd_config(5)

Greetings, I want to create a set of rules that will be in affect when I connection originates from outside of my local lan (internet) and on a specific port, this is what I've wrote: Match LocalPort 11111, Address *,!10.0.0.0/24 but when I start ssh, I get this error: Invalid LocalPort '11111,' on Match line /etc/ssh/sshd_config line 176: Bad Match condition why is that? how can I

Hello everybody, I'm a C/C++ consultant working for Ericsson. I changed the OpenSSH-Portable code to add a new criteria into the Match sshd_config option read by the sshd server. The new criteria is "Subsystem"; so a conditional block based on subsystem client request can now be added to the sshd_config configuration server file to override settings in its global section.

OpenSSH 6.1 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches,

OpenSSH 6.1 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches,

I have been killing myself on this issue over the last 2 weeks. I have setup pam AD authentication using winbind on our companies email servers. That part is currently working. I have been trying to add an existing "Trusted" child domain and allow authentication from that domain as well. I am part of the way there, but not quite to the functional point as of yet. Our primary domain

Hi, On systems that have mandoc installed but are missing an nroff binary, the configure script will fall back to pre-formatted manual pages despite the fact that mandoc could be used. The proposed patch adds mandoc as a valid formatter to configure.ac. As mandoc supports the -mdoc flag, it can simply be added to the list of nroff-like binaries. Wolfgang -------------- next part --------------

I found that the documentation for -L and -R was hard to understand. So I made some changes to try to make it clearer. I started with Revision 1.328 from http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ssh.1 Comments welcome. ================ ssh.1.patch ================ --- ssh.1 2012/09/15 16:08:48 1.1 +++ ssh.1 2012/09/15 20:23:35 @@ -51,13 +51,13 @@ .Op Fl F Ar configfile .Op Fl I

https://bugzilla.mindrot.org/show_bug.cgi?id=3126 Bug ID: 3126 Summary: Mark the RDomain configuration option unsupported on non-openbsd builds Product: Portable OpenSSH Version: 8.2p1 Hardware: Other OS: Linux Status: NEW Keywords: patch Severity: enhancement

Hey. Perhaps someone can help me with the following (OpenSSH 6.7): I have a host reachable via miscellaneous interfaces (and network addresses) running SSH. Some specific users should be only reachable from the inside, so e.g. though something like this would do the job in sshd_config: #general config #... Match User foo LocalAddress 10.0.0.1,fe80:abba::0 PasswordAuthentication

I have a customer who is complaining about slow SFTP transfers over a long haul connection. The current transfer rate is limited by the TCP window size and the RTT. I looked at HPN-SSH, but that won't work because we don't control what software the peer is using. I was thinking about coding a much more modest enhancement that just does SO_RCVBUF for specific subsystems. In the interest

Without an assigned source port, Transmit function assign a random new source port to the packet being sent. It thus have to be set before calling Transmit if the source port have already been decided. Conversly, we have to save the assigned port to reuse it later if needed. Resolve bug #35. Signed-off-by: Celelibi <celelibi at gmail.com> --- efi/udp.c | 18 ++++++++++++++++++ 1 file

OpenSSH 7.7 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested

http://bugzilla.mindrot.org/show_bug.cgi?id=413 Summary: Port forwarding: [localhost:]localport:remotehost:remoteport Product: Portable OpenSSH Version: older versions Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: ssh AssignedTo:

Hi, OpenSSH 6.1 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This release contains a couple of new features and bug fixes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available

OpenSSH 7.7 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested

Here is a completely untested patch if someone wants to try and take it for a spin? -hpa -------------- next part -------------- diff --git a/efi/udp.c b/efi/udp.c index 59bb426..60a8fe9 100644 --- a/efi/udp.c +++ b/efi/udp.c @@ -41,8 +41,7 @@ int core_udp_open(struct pxe_pvt_inode *socket) udp = (EFI_UDP4 *)udp_reader->this; memset(&udata, 0, sizeof(udata)); -

Signed-off-by: Julien Viard de Galbert <jviarddegalbert at online.net> --- efi/udp.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/efi/udp.c b/efi/udp.c index b0f13ad..8f4d7dc 100644 --- a/efi/udp.c +++ b/efi/udp.c @@ -52,7 +52,7 @@ EFI_STATUS core_udp_configure(EFI_UDP4 *udp, EFI_UDP4_CONFIG_DATA *udata, } } else { if (status !=

I'm currently trying to set up a kind of vhost, using a second LocalPort; I notice that this isn't reported in auth.log yet, thus this feature request. Thanks!

Hi all, What options exists under CentOS hosts to work with isolated networks?. For example, on BSD systems it is really trivial. In FreeBSD you can use setfib tools and on OpenBSD it is possible to use rdomain options. In 30 secs it is possible to work with isolated networks and assign process, ip address and routes (hidden from the main route table and ip addresses), etc. But I can't

Team, We upgraded sshd in our product from OpenSSH 8.6 to OpenSSH 9,.6. After the upgrade, clients are seeing significant increase in time to do ssh to the listener. Normally, a single ssh does not matter much but some of our workflows involve about 3000 to 4000 ssh connect and close and this is hitting us hard, I enabled logging on the server side. I see the most of the increase is here in