About OpenSSH and ...

Caution:
Original is Japanese text.
Please forgive, even if a mistake occurs and the reply to an inquiry is slow.

Can't forward agent with OpenSSH <--> SSH2

OpenSSH Between SSH2(thing after SSH Secure Shell Version 2) can't forward agent. (in Protocol 1, are possible)
Doesn't it become somehow?
By the reason for saying, it does by force. Agent forwarding is made to perform. patch was made.

draft-ietf-secsh-agent-02.txt(Internet Draft) correspondence version
Since it is only the portion currently written to Internet Draft, LICENSE is perhaps safely.
- openssh-5.4p1-fwd_agent-base-0.81.patch.bz2
  The patch only made socket for agent forwarding.
  Forwarding becomes effective, if ssh(OpenSSH) and ssh-agent(OpenSSH) -- or -- ssh2 and ssh-agent2 is used.
  Even if it seems that forwarding is not effective in the path, it is for agent forwarding, If socket is made, it will not those with a problem. (SSH_AUTH_SOCK and SSH2_AUTH_SOCK should just be set up.)
- openssh-5.4p1-fwd_agent-agent-0.81.patch.bz2
  To SSH2 It can be made to perform agent forwarding. (only required function).
  Please apply after patching openssh-5.4p1-fwd_agent-base-0.81.patch.bz2.
  This time Since ssh-add2 is not Internet Draft conformity, it cannot perform a key addition.
  (However, in ssh-add, it is possible.)
  It is the present condition here, Since it corresponds to SSH2, there is the minimum addition.
  (The portion of operation of Private Key corresponding to "hash-and-sign[pkcs1, sha1]" in ssh-agent.c.
  However it is in Internet Draft, The same operation as "hash-and-sign".)
- openssh-5.4p1-fwd_agent-client-0.81.patch.bz2
  From ssh-agent2 to OpenSSH, It is made effective agent forwarding.
  Please apply after patching openssh-5.4p1-fwd_agent-base-0.81.patch.bz2.
  Also this Since ssh-agent2 is not Internet Draft conformity, a key addition can't be performed in ssh-add (possible in ssh-add2).
  openssh-5.4p1-fwd_agent-agent-0.81.patch.bz2 is simultaneously applicable.
- openssh-5.4p1-fwd_agent-testing-20100322.patch.bz2
  README.fwd_agent.patch.ja(Japanese only)
  The test version
  With moreover, ssh-keygen in OpenSSH, It sets to conversion of SSH2 Private Key, and is SSH2 Private Key. passphrase It can treat, even if it attaches.
  To draft-ietf-secsh-agent-02.txt(Internet Draft) Correspondence. Addition of the key of draft-ietf-secsh-agent-02.txt specification test Unknown in whether it uses or not, since it has not done.
  Since draft-ietf-secsh-agent-02.txt came out, the problem for having analyzed SSH2 may be lost. (draft-ietf-secsh-agent-02.txt deleted in Internet Draft?)
  However, ssh.com ssh-3.2.9.1 The specifications of addition of draft-ietf-secsh-agent-02.txt and a key differ. For compatibility, an analysis result may still be necessity.
  Support New private key format for ssh-keygen2 of new version. Use when displayed
  bad magic 0x3082**** != 0x3f6ff9eb
  decode blob failed.
  Be careful for law compatibility before openssh-4.4p1-fwd_agent-testing-20061026
A key is deleted from agent by fingerprint

The option which deletes a key from agent by fingerprint is attached. openssh-5.4p1-ssh-add.patch.bz2
If original ssh-add doesn't have a public key file, A key cannot be deleted from agent. Even if there is no public key file I think with convenient that a key can be deleted from agent. (I think that there is no opportunity to be helpful so much.)
Example: login remote host by ssh, a key is added at the point carried out. Although carried out logout When you want to delete the key, etc...

Usage is 'ssh-add -r fingerprint'.
With OpenSSH --> SSH2, A possibility that it can't use scp

The remote side If only SSH2 Only is installed,

% scp foo bar:
scp: warning: Executing scp1 compatibility.
scp: FATAL: Executing ssh1 in compatibility mode failed (Check that scp1 is in your PATH).
lost connection

It suits and can't use scp.
In this case, if it is from the SSH2 side, scp It can do.
Install scp1 at remote side, or use sftp or use scp at remote side.

Another way, openssh-5.4p1-scp2-20100322.patch.bz2
This patch is 'scp with sftp protocol'.
With Option -L [!]host[,...], use sftp protocol without '!' or use scp protocol with '!'
This Option can set by an environment variable. It can also be set as SCP_USE_SFTP_HOSTS.
Moreover, those who will use sftp protocol if '-s' is attached, it is made default.
However, when sftp protocol is used, zone restrictions of -l option lose their effect.
Since fault may remain, in case you use it, be careful.
OpenSSH --> SSH2 Private Key converter

Patch for Private Key converter from OpenSSH Private Key to SSH2 Private Key with ssh-keygen
openssh-5.4p1-keyconv_private-20100322.patch.bz2
It is a by-product at the time of making patch for the test version agent forwarding.
usage -- ssh-keygen -z [-f keyfile]
After conversion SSH2 Private Key without passphrase is written out to standard output.

OpenBSD version (Thanks to Ralph Gessner)
openssh-3.9-keyconv_private-20040821.patch.bz2
and new version
openssh-5.4-keyconv_private-20090305.patch.bz2

if you treat Private Key with passphrase or new format of Private Key, please try use ssh-keygen including testing version of forward agent. Appendix
ssh2 Private Key that can't be convert by original ssh-keygen, is made.
id_rsa_1024_a
sftp completion patch

Patch for completion command line in sftp(OLD)
openssh-5.2p1-sftp_completion-20090308.patch.bz2
Please execute configure with option '--with-libedit' and '--with-libedit-sftp-completion'.
This patch defined completion function (and default key assignment) for '.editrc'
complete(tab), possible-completions(M-?), delete-char-or-list-or-eof(^d), delete-char-or-list, complete-local-filename(M-/), possible-local-filename-completions(^x /), complete-remote-filename(M-\) and possible-remote-filename-completions(^x \).
('M-[3~' assigned em-delete-or-list for internal use, so that redefine carefully.)
Simple lock tool for ssh-agent

Simple lock tool for ssh-agent with xlock.
ssh-agent-locker.tar.bz2
subversion Repository
Root: http://svn.phys98.homeip.net/openssh/

Contact
ide@phys98.homeip.net

Return

Last Modified Monday, 22-Mar-2010 23:40:00 JST