search for: authorized_keys2

...'ve got a situation where a manifest fails when writing one particular key for a user. What I have is a manifest that looks like this: class my::accounts () { Ssh_authorized_key { ensure => present, type => ssh-dss, } Then, after making sure the user, group, and authorized_keys2 file exist: ssh_authorized_key { "key-name-1": key => "omitted", user => "user", target => "/home/user/.ssh/authorized_keys2", require => File["/home/user/.ssh/authorized_keys2"], } There'...

Damien wrote: > Could you redo your traces with "-v -v -v" set? Best send the report to > openssh-unix-dev at mindrot.org so it isn't just myself looking at it. Attached are a number of log files from a problem I'm seeing with DSA/authorized_keys2 when operating ssh strictly with Protocol 2. Damien has not been able to reproduce it with his RSA setup. When my server has more than X entries in authorized_keys2, the ssh connection is rejected, whereas when that pubkey is in the first X, the connection works fine. All that I am doing in betw...

http://bugzilla.mindrot.org/show_bug.cgi?id=72 Summary: sshd 3.0.2p1 assumes authorized_keys2 unless configured otherwise. Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-unix-dev...

Hi devs, recently I had to replace authorized_keys on several systems to enforce an access policy change. I was badly surprised that authorized_keys2(!) was still processed, which allowed some old keys to enter the systems again, because I wasn't aware of the file's existance on the server and use by sshd, since this "backward compatibility" isn't documented, not even a historical reference about "obsolete" or &qu...

...54 . drwxrwxr-x 162 john cibolo 12288 2009-03-08 11:47 .. -rw-r--r-- 1 john john 4096 2005-11-26 09:26 .known_hosts.swo -rw------- 1 john john 963 2006-10-15 13:26 IDENTITY -rw-r--r-- 1 john john 963 2006-10-15 13:26 IDENTITY.cibolo -rw------- 1 john john 397 2009-03-07 15:04 authorized_keys2 Now I try the below command: ssh -2 -vvv -i "/home/routem/.ssh/id_rsync_rsa" john at 192.168.15.3 It comes to problems right away: OpenSSH_5.1p1 Debian-5, OpenSSL 0.9.8g 19 Oct 2007 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug3: key...

...n: -current Platform: ix86 OS/Version: Linux Status: RESOLVED Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: openssh_bugs at pongonova.net sshd does not appear to read authorized_keys2 during connection attempt from ssh client. This was verified on both a Solaris system running SSH-2.0-OpenSSH_2.9p2 and a Linux system running current version of sshd. Resolution of the problem was accomplished by creating a link from authorized_keys2 to authorized_keys. Current manpage does not...

...ey debug1: test whether pkalg/pkblob are acceptable debug1: trying public key file //.ssh/authorized_keys debug3: secure_filename: checking '/.ssh' debug3: secure_filename: checking '' Authentication refused: bad ownership or modes for directory debug1: trying public key file //.ssh/authorized_keys2 debug3: secure_filename: checking '/.ssh' debug3: secure_filename: checking '' Authentication refused: bad ownership or modes for directory It seems that the final check is searching for a non-existant directory, with OpenSSH 3.5p1 this problem does not exist. Please advise. Vika...

https://bugzilla.mindrot.org/show_bug.cgi?id=1553 Summary: key based (authorized_keys2) authentication is not working in Windows 2003 Product: Portable OpenSSH Version: 4.2p1 Platform: Other OS/Version: Other Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo...

...his release fixes weakness in the source IP based access control for SSH protocol v2 public key authentication: Versions of OpenSSH between 2.5 and 2.9.9 are affected if they use the 'from=' key file option in combination with both RSA and DSA keys in ~/.ssh/authorized_keys2. Depending on the order of the user keys in ~/.ssh/authorized_keys2 sshd might fail to apply the source IP based access control restriction (e.g. from="10.0.0.1") to the correct key: If a source IP restricted key (e.g. DSA key) is immediat...

hi all I have generated the key in the source server(10.78.0.107) ssh-keygen -t dsa -C "root@10.78.0.107" I have added this key to authorized_keys2 of the destination server(10.78.0.117) cat id_dsa.pub >> /root/.ssh/authorized_keys2 but when I execute rsync -avz -e ssh root@10.78.0.107:/var/mail/ /var/mail in the destination server I asck me for the password How to avoid this in order to automate this script. Thanks.

Hi, could somebody with checkin rights please apply the following patch to contrib/cygwin/ssh-user-config? It just appends the RSA2 and DSA keys to .ssh/authorized_keys instead of .ssh/authorized_keys2. TIA, Corinna Index: contrib/cygwin/ssh-user-config =================================================================== RCS file: /cvs/openssh_cvs/contrib/cygwin/ssh-user-config,v retrieving revision 1.1 diff -p -u -r1.1 ssh-user-config --- contrib/cygwin/ssh-user-config 19 Jan 2001 05:37:32 -000...

Hello, as I have read manual, if I use in file authorized_keys option command="" with some command, no other commands will be permitted. I have tried it, created authorized_keys2 for root and added there command="rdiff-backup --server" and after that tried to login. Thit command was executed, but I was normally able to supply other comand as root. Can you tell me why? Thank you Martin

Hi, In a mail about two weeks ago, I brought up an idea: --- How SSH makes this easier is that you only have to sync the authorized_keys2 database to root account's .ssh/ every time new admin comes in/leaves the house. This can even be automatized rather easily. A more modular hack would be using authorized_keys2 _directory_, and the keys in there would all be counted as authorized. Thus only one file copy/removal would do the...

As you know, revoking RSA/DSA keys in an SSH environment requires editing all authorized_keys and authorized_keys2 files that reference those public keys. This is, well, difficult at best but certainly very obnoxious, particularly in a large environment. SSH key management is difficult. This patch simplifies key management wherever GSS-API/Kerberos is used and is general enough to be used with any authenticati...

This appears to be rather poorly supported compared to the rsa key equivalent... The man page implies that ~/.ssh/authorized_keys & ~/.ssh/authorized_keys2 are similar format. In fact the code will only read DSA keys from the ~/.ssh/authorized_keys2 file - the options entries are not supported, and putting options in causes key recognition to fail. I guess ideally the key reader needs to strip off the pre-key material, and then pass it to a comm...

...so debug onerr=fail For slogin, this works great. But scp and sftp don't apply the chroot, because they don't invoke do_pam_session(). Even worse, I can't disable sftp access for chroot()'ed accounts without disabling it for everyone. (Using the "command" option in the authorized_keys2 file will break scp, but sftp will still work.) I looked at Ricardo Cerqueira's contrib/chroot.diff patch. However, it only seems to apply to pam sessions. Even if that weren't the case, the "/./" hack won't permit me to locate the user's ~/.ssh directory (the one that...

https://bugzilla.mindrot.org/show_bug.cgi?id=1687 Summary: scp/sftp is not working when using key based (authorized_keys2) authentication Product: Portable OpenSSH Version: 5.1p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sftp AssignedTo: unassigned-bugs at mindrot.org ReportedBy:...

I use: ssh-keygen -t rsa to generate a key file (id_rsa.pub) which I copy into authorized_keys2 on other machines in order to permit ssh to these machines without being asked for a password. The thing is that I have dual boot on this machine: one for fedora and one for ubuntu. The two key files which were generated on these machine are different. Is there a way so that I will have the same...

...he "command=XXX" and "environment=X=y" options. Unfortunately I *also* need to support the existing ssh2 client for a transition period, since it's impractical to change all user's environments to openssh in one go. I have converted the ssh2 public keys OK (see appended authorized_keys2), and WITHOUT OPTIONS I can log in as normal, with the key in authorized_keys2. But as soon as I put options in before "ssh-dss" in authorized_keys2, the connection fails. I append logs of successful and failed connections - the only difference is the whether the environment option is se...

...entOS 4 system (server) and a CentOS 5 DomU VM (client) via ssh to enable my to back up development files on the server to the client with a cron process. I generate they key pair without a pass phrase on the client and copy the public key to the same user's .ssh directory on the server as authorized_keys2. When I try to ssh to the Server from the Client, I am still asked for the user's password on the client. If I do the same with CentOS 5 for both Client and Server, I can login without providing a password. The versions of ssh on the two systems are: Client (CentOS 5): OpenSSH_4.3p2, Op...