search for: 2fopenssh

On 10/30/20 4:51 PM, Pawel Winogrodzki wrote: > Hello, > > We are currently trying to apply a patch to our 8.0p1 version of OpenSSH for CVE-2020-14145<https://nvd.nist.gov/vuln/detail/CVE-2020-14145>. The "patch" tag from NIST's web page links to the 8.3p1 vs 8.4p1 comparison<https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1> on GitHub. Is

...________________________________ openssh-unix-dev mailing list openssh-unix-dev at mindrot.org https://protect2.fireeye.com/v1/url?k=c4371812-988227ab-c4373207-0cc47adc5fce-56c2948a65834232&q=1&e=0f45e6c0-4544-44ae-af8d-3d64af881ea7&u=https%3A%2F%2Flists.mindrot.org%2Fmailman%2Flistinfo%2Fopenssh-unix-dev

...form of signalling. AFAIK most of them do the AuthorizedPrincipalsCommand route. -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev at mindrot.org https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.mindrot.org%2Fmailman%2Flistinfo%2Fopenssh-unix-dev&amp;data=02%7C01%7C%7Ceb49505bf9cf425187bc08d6dd8cd342%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636939994250975577&amp;sdata=x5JShEaQd6X%2BBrQWqc4p9guyJuVkNWSEVPW4dd%2FlBOc%3D&amp;reserved=0

Hi, So I finally have time to test the u2f support but so far I haven't been very successful, Specifically, current HEAD has SSH_SK_VERSION_MAJOR 0x00040000 and I can't seem to find a matching libfido2 version, current HEAD of Yubico/libfido2 is 0x00020000 Is there a more up to date libfido2 or a particular commit of openssh-portable I should be using? thanks Sean

Hello: I am working to implement certificate-based authentication for some internal applications. It would be very helpful to be able to pass information server-side by specifying some custom options via the Extensions of the signed certificate, allowing the authenticity of the options to be verified readily. However, I have not been able to find too much for specifying behaviors, etc.

In the u2f protocol, my understanding is in the normal case, the web browser seeds the keypair process with the hostname of the remote server. In the case of ssh, the hostname is probably not what I would want to do. But the u2f protocol seems to have a way to handle this. It just needs to be exposed to the user. The content of the private keyfile in ssh is generated somehow. Where is that done?

...________________________________ openssh-unix-dev mailing list openssh-unix-dev at mindrot.org https://protect2.fireeye.com/v1/url?k=102d876a-4c98b8d3-102dad7f-0cc47adc5fce-f963eec20cc653fd&q=1&e=445ca71b-c946-44b4-a663-d2d3fc1f288f&u=https%3A%2F%2Flists.mindrot.org%2Fmailman%2Flistinfo%2Fopenssh-unix-dev

Hi folks, Since Docker can bind-mount every .ssh directory I am looking for some way to forbid unprotected private keys. AFAICS it is currently not possible on the sshd to verify that the peer's private key was protected by a passphrase. Can you confirm? Regards Harri

Hey everyone, Basically, I'm trying to figure out if I can configure sshd to require that the user has a key that has been signed by a trusted user CA *and* is listed separately as an authorised key (or the user has a signed key and a different authorised key)? The closest I've come is having an `authorized_keys` file have two entries consisting of the CA key and a normal key with