similar to: Agent Forwarding and (Crypto-Tunnel-Interrupting) Proxies / Jump Hosts

Hi, I am trying to understand the ChannelTimeout option and whether it should work as I expect. I intended to use it to terminate inactive sessions, e.g. where no keystrokes / output is sent or SFTP sessions with no commands or data transfer. For testing I am using OpenSSH_9.6p1 Debian-5, OpenSSL 3.1.5 30 Jan 2024 both as the server and client. I set the following options in sshd_config:

https://bugzilla.mindrot.org/show_bug.cgi?id=3653 Bug ID: 3653 Summary: ConnectTimeout causes issue when connecting to an host via tsocks Product: Portable OpenSSH Version: 9.6p1 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5 Component: ssh

https://bugzilla.mindrot.org/show_bug.cgi?id=3827 Bug ID: 3827 Summary: UnusedConnectionTimeout hit early after ChannelTimeout Product: Portable OpenSSH Version: 9.6p1 Hardware: All OS: Linux Status: NEW Severity: normal Priority: P5 Component: sshd Assignee: unassigned-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=2438 Bug ID: 2438 Summary: Warn about using ForwardAgent with all hosts Product: Portable OpenSSH Version: 6.9p1 Hardware: Other OS: All Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at

It seems that users may be disclosing unintended public key info when logging into remote hosts. Use of the words keypair/keyid/etc have been bastardized. Signature is likely better. Note also, the author may be without clue. Setup: [g] - refers to an administrative group of hosts [n] - refers to a host within that group ws[g][n] - management workstations [trusted] User ssh-add's keys for

https://bugzilla.mindrot.org/show_bug.cgi?id=3555 Bug ID: 3555 Summary: ForwardAgent doesn't work under Match canonical Product: Portable OpenSSH Version: 8.4p1 Hardware: amd64 OS: Linux Status: NEW Severity: normal Priority: P5 Component: ssh Assignee: unassigned-bugs at

On 24.10.24 02:06, Mabry Tyson wrote: > I [...] sent mail to openssh at openssh.com but the mail was not delivered. > 24 hours after I sent email to that address, I got a DSN indicating > >> Remote server returned '550 5.4.300 Message expired -> 451 Temporary >> failure, please try again later.' ... yeaaahhh whatever it takes to convince the MX that it's *not*

It appears there is an opportunity for a denial-of-service attack against ssh-agent when using ForwardAgent. This note describes the circumstances, and provides a patch. Background (not the vulnerability): If ssh-agent is forwarded to a compromised account, a remote attacker could use the connection to authenticate as the owner of the agent. "ssh-add -c" currently defends

Because ForwardX11 and ForwardAgent are so useful but introduce risk when used to a not well-secured server, I added a "warn" value to the ForwardX11 and ForwardAgent options which causes the ssh client to print a big warning whenever the forwarding is actually used. I plan to make "ForwardX11=warn" the default in my ssh_config distribution. I'm not proposing that this

https://bugzilla.mindrot.org/show_bug.cgi?id=1499 Summary: Add "ForwardAgent ask" to ssh_config Classification: Unclassified Product: Portable OpenSSH Version: 4.7p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: ssh AssignedTo: unassigned-bugs

If one wants to go this way, then I just discovered Tags it should work like this (I haven?t tested it and never used tags) Match tagged FA ForwardAgent yes ControlPath ~/.ssh/controlmaster-%r@%h-%p-forwardagent ControlMaster off ? and then to have a session with forwarding: ssh -P FA user at host But I still think we should be able to setup ssh to just do the right thing if the

https://bugzilla.mindrot.org/show_bug.cgi?id=831 kl_other+mindrot at icloud.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |kl_other+mindrot at icloud.com --- Comment #3 from kl_other+mindrot at icloud.com --- Patch needs to be updated, as it will

Hi, OpenSSH 9.7p1 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a bugfix release. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available via git using the instructions at

Hi, the following patch to contrib/cygwin/ssh-host-config creates /etc/ssh_config and /etc/sshd_config according to the current default config files. Could somebody please check it in? Corinna Index: contrib/cygwin/ssh-host-config =================================================================== RCS file: /cvs/openssh_cvs/contrib/cygwin/ssh-host-config,v retrieving revision 1.3 diff -u -p

Hello, Is there a way to use a different ControlPath depending on command line options, or should there be one? To be specific, I don?t enable ForwardAgent by default for security reasons but only explicitely (-A) when I need to to e.g. copy files between servers. This and other options don?t play well with multiplexing because I usually already have few terminals open to the host. The most

Trying to get SSH agent forwarding working for a popular open source configuration management system called Ansible. I?ve had some unexpected behaviour, the only cause of which I can find is how I express the command line arguments. http://stackoverflow.com/questions/20952689/vagrant-ssh-agent-forwarding-how-is-it-working?noredirect=1#comment31511341_20952689 In summarise: In the first

On 10/25/2017 12:58 PM, Heiko Schlittermann wrote: > We could create new "role" users, share the password and create an > additional account within the mail client (thunderbird) they use. From > users perspective it is exactly what they want. But I dislike the idea > of sharing the password. For what reason exactly? It not being personalized, too easy to leak, potentially

Hi, I usually have around 10 identities loaded in my local ssh-agent and when I use the "ForwardAgent" option all them are forwarded to the remote server, which is not ideal. I usually only need to forward one (or two) of the identities and I would like to be able to choose which one(s) to forward. Looking for solutions it seems that the only option is to create a new ssh-agent, add

On 01.02.25 22:30, Christoph Groth wrote: > An --interactive option that behaves just like the one in cp would solve > the issue for me. I would happily alias scp to scp --interactive. Is > there any technical or other reason why scp does not have such an option > or something similar? Seeing that (the PUT command in) sftp doesn't have such an option, either, I suspect that it

On 11/17/2016 08:48 AM, Steve Litt wrote: > When I use an email client, its purpose is as a window into my Dovecot > IMAP, and as a mechanism to reply to and send emails. I don't do > filtering or calendaring on my email client (filtering via procmail > direct to Dovecot). > > What email clients are all of you using to look at your IMAP email? Plaintext or HTML mails?