similar to: Match/Include by environment variable unexpected behavior

https://bugzilla.mindrot.org/show_bug.cgi?id=3739 Bug ID: 3739 Summary: Match parsing requires space before '=' Product: Portable OpenSSH Version: 9.9p1 Hardware: amd64 OS: Linux Status: NEW Severity: normal Priority: P5 Component: ssh Assignee: unassigned-bugs at

https://bugzilla.mindrot.org/show_bug.cgi?id=3186 Bug ID: 3186 Summary: ProxyJump should include IdentityFile when specified Product: Portable OpenSSH Version: 8.3p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee:

Hi OpenSSH devs, I?m wondering if the following has any merit and can be done securely ... If you could match on principals in the sshd_config, then (for example) on a gateway machine, you could have something like /etc/ssh/authorized_keys/sshfwd: cert-authority,principals=?batcha-fwd,batchb-fwd? ... /etc/ssh/sshd_config containing: Match User sshfwd PubkeyAuthentication yes

Hello, I'm really happy that the 7.3 release of OpenSSH introduced the Include directive. However, since there is absolutely no restriction or advice neither on the name nor on the location of the included files, it makes it harder for external tools to recognize them; I'm mainly thinking about text editors that would like to enable syntax coloration for it (

AFAIK everything you described here could be done using the AuthorizedKeysCommand or AuthorizedPrincipalsCommand directives. These can emit authorized_keys options (inc. permitopen) as well as the allowed keys/principals. On Sun, 12 Nov 2023, Bret Giddings wrote: > Hi OpenSSH devs, > > I?m wondering if the following has any merit and can be done securely ... > > If you could

https://bugzilla.mindrot.org/show_bug.cgi?id=3555 Bug ID: 3555 Summary: ForwardAgent doesn't work under Match canonical Product: Portable OpenSSH Version: 8.4p1 Hardware: amd64 OS: Linux Status: NEW Severity: normal Priority: P5 Component: ssh Assignee: unassigned-bugs at

http://bugzilla.mindrot.org/show_bug.cgi?id=436 Summary: SSH client API Product: Portable OpenSSH Version: 3.5p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: ssh AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: jensus at linux.nu I would

Hello, I use saz/ssh module to config ssh server. Here is part of my manifese file: ssh::server::configline{ ''AllowGroups'': ensure => ''present'', value => $allowgroups } ssh::server::configline{ ''AllowUsers'': ensure => ''absent'', } But it report error after perform this change. Here is the error message: Info:

Hi all, I noticed a bit of an odd issue with maintaining `known_hosts` when the target machine is behind a bastion using `ProxyJump` or `ProxyCommand` with host key clashes. Client for me right now is OpenSSH_9.3p1 on Gentoo Linux/AMD64. I'm a member of a team, and most of us use Ubuntu (yes, I'm a rebel). Another team who actually maintain this fleet often access the same machines

https://bugzilla.mindrot.org/show_bug.cgi?id=2744 Bug ID: 2744 Summary: ProxyJump causes "Killed by signal 1" to be printed in terminal. Product: Portable OpenSSH Version: 7.5p1 Hardware: Other OS: Linux Status: NEW Severity: trivial Priority: P5 Component:

On 18/8/23 18:37, Jochen Bern wrote: > On 18.08.23 07:39, Darren Tucker wrote: >> On Fri, 18 Aug 2023 at 15:25, Stuart Longland VK4MSL <me at vk4msl.com> >> wrote: >> [...] >>> The crux of this is that we cannot assume the local IPv4 address is >>> unique, since it's not (and in many cases, not even static). >> >> If the IP address is

https://bugzilla.mindrot.org/show_bug.cgi?id=3163 Bug ID: 3163 Summary: teach ssh-keyscan to use ssh_config (plus options like ProxyJump) Product: Portable OpenSSH Version: 7.4p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component:

https://bugzilla.mindrot.org/show_bug.cgi?id=3057 Bug ID: 3057 Summary: Fork-bomb when misconfiguring a host to ProxyJump onto itself Product: Portable OpenSSH Version: 7.9p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh

Hello, On macOS, Terminal?s ?New Remote Connection?? command runs ssh in a new window like this: login -pfq $USER /usr/bin/ssh $HOST Here, login executes /usr/bin/ssh with argv[0] set to ?-ssh?. If $HOST has a ProxyJump configuration, the resulting ProxyCommand is: -ssh -W '[%h]:%p' $JUMP_HOST Because of the leading hyphen, this fails to execute. If the user?s shell is zsh, the

Hi, I'm very grateful for the new ProxyJump option. It helps tremendously! One small question I'd like to ask, though: Is there a way to skip one (mostly the first) jump host if the machine is in some specific network? For example, from home, I (resp. a shell script) need to jump to the office's server, a customers' login host, and then to the destination node; from the

https://bugzilla.mindrot.org/show_bug.cgi?id=2607 Bug ID: 2607 Summary: accept location off ssh binary via environment variable or deduce it from /proc/ Product: Portable OpenSSH Version: 7.3p1 Hardware: All OS: Linux Status: NEW Severity: enhancement Priority: P5

https://bugzilla.mindrot.org/show_bug.cgi?id=3582 Bug ID: 3582 Summary: Confusing error message when using ProxyJump Product: Portable OpenSSH Version: 9.3p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at

Hello all. I wrote this small patch that allows having multiple tags on a configuration block in the openssh client configuration. For instance, with this configuration: > Host test-host > Tag change-hostname change-port-and-user > Tag jump-to-mybox > > Match tagged change-hostname > Hostname new-hostname > > Match tagged change-port-and-user > Port 12345 >

On Wed, 2024-03-13 at 11:41 +0000, Job Snijders wrote: > On Wed, Mar 13, 2024 at 12:19:24PM +0100, Adam Kalisz wrote: > > it seems I cannot use: > > > > $ ssh -J root at 2a01:4f8:1c1e:528d::1 root at west-coast > > Invalid -J argument > > Try this: > > ??? $ ssh -J root@[2a01:4f8:1c1e:528d::1] root at west-coast Thank you all for helping with the syntax.

On Sat, 13 Jan 2024, Rob Leslie wrote: > Hello, > > On macOS, Terminal?s ?New Remote Connection?? command runs ssh in a new window like this: > > login -pfq $USER /usr/bin/ssh $HOST > > Here, login executes /usr/bin/ssh with argv[0] set to ?-ssh?. > > If $HOST has a ProxyJump configuration, the resulting ProxyCommand is: > > -ssh -W '[%h]:%p'