similar to: Env var for options/config

How difficult would it be to enhance the client ssh_config file to allow command-based declarations similar to that provided by the "Host" keyword? The main reason I need something like this is when ssh is used via CVS and Subversion. I want all CVS/Subversion traffic to use a different SSH port and different authentication options. So... you might have an ssh_config file that

Will Simon Wilkinson's GSSAPI Key Exchange patch ever be incorporated into the OpenSSH source? http://www.sxw.org.uk/computing/patches/openssh.html I'm sure I'm not the only one that uses it and would like to see it become part of the OpenSSH source. Is there something missing or is there some technical/philosophical reason for not including it?

https://bugzilla.mindrot.org/show_bug.cgi?id=1719 Summary: Debug server prints debug messages on client Product: Portable OpenSSH Version: 5.4p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy:

I noticed "make tests" for openssh-5.2p1 fails the multiplex.sh tests. Turns out this is because I happen to have some non-standard configuration options in $HOME/.ssh/config and most of the multiplex.sh tests do not use a "-F $OBJ/ssh_config" option, which means they end up reading the users $HOME/.ssh/config. Is this on purpose or a bug?

Is it possible to move a server's public and private keys from one host to another? Or perhaps a better way to ask what I really want... is it possible to configure a server on a new host to return the same public key it did on the old host? I'm in the process of migrating our CVS server from a Solaris host to a Linux host (this weekend) and I just realized the hostkey is going to

Hi there, I've written some enhancements to scp.c and pathnames.h to enable the scp to arbitrarily set the remote scp path. (eg $ scp -e /usr/bin/scp foo user at bar:foo) I did read the "scp: command not found" FAQ entry but I'm not quite sure why we can't do this, unless it's because enhancements to scp are no longer a priority. Any other reason why it "is the

I'm randomly getting the following error on a server from various remote hosts: ssh_exchange_identification: Connection closed by remote host The server is running OpenSSH 4.5p1 w/GSSAPI Key Exchange patch. The hosts connecting to it should all be using OpenSSH 5.0p1 w/GSSAPI Key Exchange patch and using gssapi-keyex authentication. Normally, when I've seen this error, it means

the configure option --program-prefix does not work although it is listed in teh configure --help output. The attached patch fixes these issues: 1) program prefix is not substituted in configure 2) program prefix is not present in Makefile 3) scp requires use of a known "scp" program -- bryan diff -cr openssh-2.9.9p2.orig/Makefile.in openssh-2.9.9p2/Makefile.in ***

On 17/11/18 12:32 am, Raphael Medaer wrote: > Actually if you use "-o" it's also overridden. Looking at sshd > logging, it seems that the env var is overridden because of session > mechanism (aka "not ordering of parameter source"). > Thus is it a non-issue due to priority of configuration source ? Does > it mean that the priority is "env var" >

ssh client has the ability to set the destination of debug logs via the `-E` flag. ssh_config lacks an equivalent keyword to set the same option via configs. This patch follows the same semantics of other `*Path` type keywords and creates a new ssh_config keyword `LogPath`. [0] Bugzilla: https://bugzilla.mindrot.org/show_bug.cgi?id=3683 [1] GitHub PR:

I am trying, without success, to create an upstart config file to automatically start and restart an ssh proxy. The command sting that I use in the script has been checked and verified from the shell but it fails in the upstart file. The file contents are: . . . # proxy is used to authenticate smtp submissions # so start it before the postfix service starts start on starting postfix # Take

I'm trying to replace some sshv1 clients and servers in a modular way, and the "Server Lies" warning (when the server says the key has one more bit than it really has) is causing heartache. Per the FAQ, this is relatively benign. Here's a patch that allows an admin or user to disable the warning. - Morty diff -Nur openssh-3.7.1p2/readconf.c

Last June I asked the following question, but didn't receive any responses: http://marc.info/?l=openssh-unix-dev&m=124406679122871&w=2 I just did the same test using openssh-5.3p1 and the results are the same. Is this a bug? Or intentional? If it's a bug, I'll report it. If it's intentional, any chance it could be changed? Or a server-side way to override it?

Has anyone successfully built openssh with MIT's KfW (Kerberos for Windows) under Cygwin? Is it even possible? Searching around I found one reference to Nicolas Williams attempting to do this several years ago, but no indication of success and nothing more recent. http://www.cygwin.com/ml/cygwin/2002-01/msg00100.html What about compiling openssh using a native windows compiler? Is

>From a security standpoint, if the default keytab (/etc/krb5.keytab) contains only ONE principal, does it matter if GSSAPIStrictAcceptorCheck is set to "yes" or "no"? My company uses an internally built OpenSSH package that includes the GSSAPI Key Exchange patch. Because we have 1000s of hosts, we need to use a "standard" sshd_config file that works for the

I'm using Cygwin OpenSSH 5.1 on a Windows XP SP3 system. Is sshd supposed to create a new "login session" for each user that logs in? Or, is there a way to force it to create a new "login session" for each user that logs in? Once logged in, I'm trying to use the Kerberos for Windows command line utilities (klist/kinit), but I'm told by one of the KfW

Starting with openssh 5.1 the following code fails (when executed on a remote host)... prior to 5.0 this worked, ie S_ISSOCK says STDIN is a socket. struct stat s; fstat(STDIN_FILENO, &s); if (S_ISSOCK(s.st_mode)) // STDIN is a socket else // STDIN is not a socket Soo... if I have a command on a remote host that includes the above code and I ssh to the remote host

https://bugzilla.mindrot.org/show_bug.cgi?id=1752 Summary: Test port not available during make tests Product: Portable OpenSSH Version: 5.4p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: unassigned-bugs at mindrot.org

I'm a bit confused how scp works... could someone please explain the local/remote external calls that happen when scp is started... in particular how it relates to ssh on the remote site? To be more specific... I use Kerberos for authentication and I've been working on an ssh wrapper script that checks my Kerberos credentials before running the ssh command. If the credentials are

Hi, the attached patch adds support for the keywords "OpenCommand" and "CloseCommand" to ssh_config. They are commands which are executed before the connection is established (or ProxyCommand started) and after the connection has been closed (or ProxyCommand ended). this is usefull for stuff like portknocking or (that's what I wrote the patch for) talking with trapdoor2