search for: authorized_princip

Hello, SSH supports ~/.ssh/authorzied_keys for SSH keys and ~/.ssh/authorized_principals for X509 certs. I could not find an equivalent of authorzied_keys using Kerberos authentication. IMHO it should be possible using the Kerberos principal very much like the principal contained inside a X509 certificate. My main use case is assigning a specific command to a user logging in usin...

...sha1 @2900 unexpected error mac hmac-sha1 at 2900: Bytes per second: sent 40854.2, received 34836.9. principals-command (a sample. Every 3 to 5 executions fail. Nothing apparent the logs as to why. Could this be a timing issue on recycling ports?). authorized principals command: privsep yes empty authorized_principals authorized principals command: privsep yes wrong authorized_principals authorized principals command: privsep yes correct authorized_principals ssh cert connect failed The build did not use any pthreads, and used c89. Unfortunately, the logs were not particularly helpful identifying why ther...

...izedKeysFile????? /etc/sshtest/authorized_keys PasswordAuthentication no X11Forwarding yes X11DisplayOffset 10 X11UseLocalhost yes UseDNS no Subsystem?????? sftp??? /home1/test/usr/local/libexec/sftp-server TrustedUserCAKeys?????? /etc/sshtest/ssh_cakeys AuthorizedPrincipalsFile??????? /etc/sshtest/authorized_principals The /etc/sshtest/authorized_principals file contains one line: test at 172.31.43.3 I attempt to connect to the target server from the test client: $ ssh -vvv -Y -p 2022 -l test 172.31.44.115 There is verbose output, which mostly seems right until (on the client): debug1: ssh_rsa_verify:...

Attached is a patch which adds a log= directive to authorized_keys. The text in the log="text" directive is appended to the log line, so you can easily tell which key is matched. For instance the line: log="hello world!",no-agent-forwarding,command="/bin/true",no-pty, no-user-rc,no-X11-forwarding,permitopen="127.0.0.1:7" ssh-rsa AAAAB3Nza....xcgaK9xXoU=

Hello, [if I'm not in the right mailing list, please advise it to me] I'm using ssh certificates for my servers and my users. I have questions about it: I can use the same CA in order to certify all my hosts. Every clients can use it, and it's a great setup. But, if I use the same CA for all my clients, it means that any clients can log in to any server because hosts trusts my

Hello, Currently OpenSSH has a fixed order on how the key authenticates the user: at first it tries to authenticate against TrustedUserCAKeys, afterwards it does it against the output keys from the AuthorizedKeysCommand and finally against the files as set in AuthorizedKeysFile. I have an use-case where this order is not ideal. This is because in my case the command fetches keys from the cloud

Hi OpenSSH developers; Thank you for your amazing work. I?m emailing to see if any knowledgeable OpenSSH developer is willing to help us review / revamp some patches we have for OpenSSH, and provide advice on some of the more advanced uses of OpenSSH. This would be a for pay contract engagement. We are trying to be super respectful of the process, and are happy to be very creative ? we are

Hi, I'm experimenting with certificates for users, giving access via the TrustedUserCAKeys mechanism. Unfortunately, there seems to be a limit of one certificate per SSH key on the user's side, which prevents using the same key for hosts using different TrustedUserCAKeys. Is there a clean way around this? To make the above clearer, consider the following situation: A collection of hosts

On Thu, May 04, 2017 at 09:37:59AM +1000, Adam Eijdenberg wrote: > Hi Devin, have you looked at using openssh certificates to help manage [...] > While the feature has been around for a while now (and is really > useful), there doesn't seem to be huge amount of documentation around > it. I found the following useful when getting a client of my running Yeah, when I wrote about it