similar to: Possibility of scp --interactive option

On 01.02.25 22:30, Christoph Groth wrote: > An --interactive option that behaves just like the one in cp would solve > the issue for me. I would happily alias scp to scp --interactive. Is > there any technical or other reason why scp does not have such an option > or something similar? Seeing that (the PUT command in) sftp doesn't have such an option, either, I suspect that it

Morgan, Iain (ARC-TN)[InuTeq, LLC] wrote: > On Sun, 2 Feb 2025, Jochen Bern wrote: > > > On 01.02.25 22:30, Christoph Groth wrote: > > > An --interactive option that behaves just like the one in cp would > > > solve the issue for me. I would happily alias scp to > > > scp --interactive. Is there any technical or other reason why scp > > > does not

On Sun, 2 Feb 2025, Jochen Bern wrote: > On 01.02.25 22:30, Christoph Groth wrote: > > An --interactive option that behaves just like the one in cp would solve > > the issue for me. I would happily alias scp to scp --interactive. Is > > there any technical or other reason why scp does not have such an option > > or something similar? > > Seeing that (the PUT

> On Feb 4, 2025, at 12:26, Christoph Groth <christoph at grothesque.org> wrote: > > ?Morgan, Iain (ARC-TN)[InuTeq, LLC] wrote: > >> -d >> >> Except that -i is already being used by scp to specify the identity. > > I had noticed that, and it?s unfortunate. So it would have to be > a different letter [but probably not -a or -n]. Possibilities which

Hi, We have a CLI that certain users get dropped into when they log in. One of the things they can go is generate certificates (actually .p12 key/certificate bundles) that they will then scp out of the box from another host. Problem is that if their default shell isn't sh, ash, dash, bash, zsh, etc. then things break. Is there a workaround to allow scp/sftp to continue to work even for

I wanted to bring up a security concern, and sent mail to openssh at openssh.com but the mail was not delivered.? I hope that one of the developers is on this list and can make sure this mail delivery problem is seen by the right people. (If needed, please contact me directly.)? My apologies for sending this to the whole list... (FYI, it is not about an urgent security issue, but something I

On Mon, 4 Nov 2019 at 14:07, David Newall <openssh at davidnewall.com> wrote: > [about scp] That's just awful, and I should have > thought it was not at all necessary. Am I missing something? > If you're saying that the scp protocol is an unfixable mess then the openssh team has been agreeing[0] with you for at least a decade and a half. We fix what we can, but some

I am supporting a site that allows members to upload release files. I have inherited this site which was previously existing. The goal is to allow members to file transfer to and from their project area for release distribution but not to allow general shell access and not to allow access to other parts of the system. Currently rsync and old scp has been restricted using a restricted shell

Hello everyone, I work in a setting where remote logins are usually authenticated with SSH user keypairs, but many target accounts need to have a password set nonetheless (to use with sudo, log in via remote KVM, etc.) and cannot be put under a central user administration like LDAP. Enter a corporate password policy that requires passwords to be complex, different everywhere, and of limited

On Fri, 10 Jan 2025, Corey Hickey wrote: > On 2025-01-10 01:35, Jochen Bern wrote: > > On 10.01.25 00:33, Corey Hickey wrote: > > > I took the approach of preserving current behavior by default, but > > > another approach would be to: > > > * print "The agent has no identities." to stderr instead of stdout > > > * exit with a status of 0

Hi Jochen, On Wed, 12 Feb 2020 at 00:16, Jochen Bern <Jochen.Bern at binect.de> wrote: > > On 02/11/2020 07:07 PM, Cl?ment P?ron wrote: > > - I have X devices (around 30) and one SSH server > > - Each of them have a unique public key and create one dynamic reverse > > port forwarding on the server > > - All of them connect with the same UNIX user (I don't

On Fri, 2019-02-15 at 15:57 +1100, Darren Tucker wrote: > That was the original intent (and it's mentioned in RFC4419) however > each moduli file we ship (70-80 instances of 6 sizes) takes about 1 > cpu-month to generate on a lowish-power x86-64 machine. Most of it > is > parallelizable, but even then it'd likely take a few hours to > generate > one of each size. I

Jim Knoble wrote: > Possibilities which try not to overload confusing options from `cp` or `ssh` > (and in some cases `rsync`): > > -B ("bother me") > -E ("excuse me, did you meant to overwrite?") > -G ("get confirmation") > -j ("just ask") > -m ("make me think/confirm") > -y or -Y ("yes, ask me before

On 2025-01-09 15:27, Corey Hickey wrote: > From: Corey Hickey <chickey at tagged.com> > > When ssh-add is used in a script like: > > if ! KEY_LISTING=$(ssh-add -l 2>&1) ; then > echo "SSH agent error" >&2 > exit 2 > fi > > ...the operation fails when there is an agent but there are no keys in > the agent.

Hi, On Mon, Jan 13, 2020 at 03:16:00PM +0000, Jochen Bern wrote: > Out of interest: > 1. If an extended mechanism were to be implemented, which server pubkey > do you expect to be seen/stored/verified by the client? The proxy's > / v4 middlebox's, or the v6 backend's? Or would you require that all > server-side machines use the *same* host keypairs? I'd do

Hello, I have asked on the postfix mailing list for a solution, how to encrypt incoming emails with public gpg key My original idea was to use a smtpd-milter, which would encrypt all incoming plaintext messages of given user, using the users public gpg key. This way, it would look as if the original sender has sent the message encrypted. Somebody suggested this might be better done in Dovecot,

Hi folks, Since Docker can bind-mount every .ssh directory I am looking for some way to forbid unprotected private keys. AFAICS it is currently not possible on the sshd to verify that the peer's private key was protected by a passphrase. Can you confirm? Regards Harri

An issue that I come across from time to time is when I try to ssh into a box with an RSA key, and it fails because the target host is old and only does sha1 signatures.? However, the reason is not reported unless I turn on debugging. For example, all I see is: % ssh foo at bar foo at bar: Permission denied (publickey,keyboard-interactive). I find this confusing, since my first inclination is

This isn't a problem with openssh per se, but impacts some users on Linux, and I wonder if I can get an amen on a netstat/net-utils change proposal. Splitting out sshd-session had an unfortunate side-effect: on Linux if you are used to using netstat -antp to see what user process is associated with which socket, the longer process name squeezes out the username. Prior to the change: #

Hello, I hope it's the correct ML to get support for "advanced" ssh use (sorry if it's not the case) And I would be very grateful if someone could help me on this issue. Here is my challenge : - I have X devices (around 30) and one SSH server - Each of them have a unique public key and create one dynamic reverse port forwarding on the server - All of them connect with the