search for: authorized_key

...: o Change the default ID_FILE from identity.pub to id_dsa.pub or perhaps {id_dsa,id_rsa,identity}.pub to cover all the bases, although the patch below deals only with id_dsa.pub - it would need some more tweaking to deal with more than one (possibly non-existent) file. o If the destination authorized_keys file already contains the keys, they should not be duplicated. I use ssh-copy-id in a regression harness and I end up adding the same key tens or hundreds of times. I have not seen any problem but it is somewhat distasteful. The method proposed is frankly a hack, but it is simple and I th...

Hello everybody, I have a problem. You may have the answer :-) I'd like to use openssh for an authentication service. But that gives me a user, whose ~/.ssh/authorized_keys file has about 15000 entries. With about 300 characters per line I'd get 4,5 MB of data. I believe that this length of file could lead to performance issues; so I'm looking for solutions. I already saw the possibility of using "%u" or "%h" in sshd_conf/AuthorizedKe...

https://bugzilla.mindrot.org/show_bug.cgi?id=2042 Priority: P5 Bug ID: 2042 Assignee: unassigned-bugs at mindrot.org Summary: Troubleshooting information should be logged when sshd doesn't have permission to read user's authorized_keys file Severity: enhancement Classification: Unclassified OS: Linux Reporter: asari.takashi at gmail.com Hardware: All Status: NEW Version: 5.6p1 Component: sshd Product: Portable OpenSSH...

Hi folks, If I try to login on a Cygwin host via ssh, then my .ssh on a network drive is unaccessible until I login. I have to enter my password, even if my authorized_keys would allow me to login without. This is fatal, since it forces me to use an interactive session for working on a Windows host. Unusable for automatic builds and tests managed from a central machine, for example. There is no such restriction if I create local accounts on every Cygwin PC, using lo...

Hi. On http://openssh.org/manual.html I think there should be authorized_keys(5) known_hosts(5) Can an authorized_keys entry say something like from=192.168.1.32,192.168.1.33 command=/bin/foo ... or do I need to make a separate entry for each IP address? Thanks Dave

Both ssh-copy-id and ssh create .ssh as 0700. ssh-copy-id creates .ssh/authorized_keys as 0600. Thanks: Ryan Sawhill for finding the bug. --- customize/ssh_key.ml | 4 ++-- src/guestfs.pod | 17 +++++++++++++++++ 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/customize/ssh_key.ml b/customize/ssh_key.ml index 09664bf..dd6056f 100644 --- a/customize/ssh_key.ml...

Hello, I must relogin on the same machine in my shell with ssh and without password. For this I tried the procedure ssh-keygen -t dsa and ssh-keygen -t rsa. I copied the entries in /.ssh/id_dsa.pub and /.ssh/id_rsa.pub in /.ssh/authorized_keys When I open a shell I type exec ssh-agent $SHELL and then ssh-add and give my passphrases. When I now type ssh machinename my PC wants my password. I am running Redhat 7.3.3 and, sorry, I am a beginner using Linux. Thank you in advance, Martin

How reasonable, acceptable and difficult would it be to "enhance" openssh so authorizations using kerberos (specifically kerberos tickets) consulted the authorized_keys file? And to be a bit more precise... consulted authorized_keys so it could utilize any "options" (eg. from=, command=, environment=, etc) that may be present? I'm willing to make custom changes, but would prefer if this was standard behavior, so I thought I'd check to see h...

On Mac OS, in order to allow ssh using dsa keys, I would copy ~/.ssh/id_dsa.pub from my machine into ~/.ssh/authorized_keys of the target machine. I've created .ssh directories in my account home as well as in /root and copied the respective keys to authorized_keys files in each. Strangely, I can now ssh as root with no password but my own user account still prompts for a password. What might be wrong? Inter...

http://bugzilla.mindrot.org/show_bug.cgi?id=220 Summary: sshd fails to read other users authorized_keys over nfs as root Product: Portable OpenSSH Version: 3.0.2p1 Platform: All URL: http://www.hut.fi/cc/ OS/Version: All Status: NEW Severity: major Priority: P1 Component: sshd...

...through public key authentication. I created on server user B, but ssh doesn't allow user B to connect through PKI. Both users use the same key to connect, for user A works, for user B doesn't. Here is the fail message: "trying public key file /home/A/glassfish/domains/domain1/config/authorized_keys debug1: fd 4 clearing O_NONBLOCK Authentication refused: bad ownership or modes for file /home/A/glassfish/domains/domain1/config/authorized_keys debug1: restore_uid: 0/0 debug1: temporarily_use_uid: 1008/1000 (e=0/0) debug1: trying public key file /home/A/glassfish/domains/domain1/config/authoriz...

Here's a simple patch which retrieves authorized_keys via exec'ing a program, rather than reading a flat file. I added a simple option, AuthorizedKeysExec, to sshd_config which simply executes the respective file, passing the username as argv[1]. Keys are returned via stdout. Notes: If AuthorizedKeysExec is set and an authorized_keys file ex...

Hi, I would like to make it impossible for users to change the contents of the authorized_keys-file. I just found out about the sshd_config setting: AuthorizedKeysFile /etc/ssh/authorized_keys/%u But even in that case that file has to be owned by the user, unless I set ``StrictModes no'' which would allow other nastyness. I would like to request that that file could also be own...

Michael Stone <mstone at mathom.us> writes: > On Sun, Mar 20, 2016 at 08:30:33PM +0000, Colin Watson wrote: >>How about something like: >> >> if [ "$(sed -n '${s/.*//;p}' ~/.ssh/authorized_keys | wc -l)" = 0 ]; then >> echo >> ~/.ssh/authorized_keys >> fi >> >>I feel like there must be a neater but still portable way to do this, > > Maybe > > if [ ! -z `tail -c 1 ~/.ssh/authorized_keys` ] ; then Ah, thanks for that, I'd forgotten ab...

https://bugzilla.mindrot.org/show_bug.cgi?id=2128 Bug ID: 2128 Summary: ssh-copy-id doesn't check if a public key already exists in a remote servers ~/.ssh/authorized_keys file Product: Portable OpenSSH Version: -current Hardware: Other OS: Other Status: NEW Severity: enhancement Priority: P5 Component: ssh-copy-id Assignee: unassigned-bugs at mindrot.org Rep...

...because someone didn't know > > how to use their editor ... > > You can be pretty sure it'd end up causing a bug report as well > ("ssh-copy-id introduces blank lines into good files"). How about something like: if [ "$(sed -n '${s/.*//;p}' ~/.ssh/authorized_keys | wc -l)" = 0 ]; then echo >> ~/.ssh/authorized_keys fi I feel like there must be a neater but still portable way to do this, and the above would require some careful quoting to work in the context of ssh-copy-id. -- Colin Watson [cjwatson...

http://bugzilla.mindrot.org/show_bug.cgi?id=1326 Summary: Allow non-public-key credentials in authorized_keys file (Kerberos, etc.) Product: Portable OpenSSH Version: 4.4p1 Platform: All OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: Kerberos support AssignedTo: bitbuck...

Is there a risk associated with having authorized_keys files set to readable but "StrictMode no"? I am thinking particularly in the case of having public keys all centralized in a directory in /etc or something. Is it really a potential hack vector if someone can read a public key, or is the only real danger if they were writable? --- Do...

HI! I'm looking at sshd(8), section AUTHORIZED_KEYS FILE FORMAT and description for CLI arg -O in ssh-keygen(1). It seems to me that there could be a 1:1 mapping between SSH cert extensions and authz key options by just adding prefix "permit-" to the key option. But the man pages differ regarding case of "permit-x11-forwarding&quot...

https://bugzilla.mindrot.org/show_bug.cgi?id=1947 Bug #: 1947 Summary: Log authorized_keys format issues and refuse to accept keys Classification: Unclassified Product: Portable OpenSSH Version: 5.8p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component:...