Displaying 9 results from an estimated 9 matches for "authorized_princip".
2019 Oct 04
2
authorized_principals for Kerberos authentication
Hello,
SSH supports ~/.ssh/authorzied_keys for SSH keys and
~/.ssh/authorized_principals for X509 certs.
I could not find an equivalent of authorzied_keys
using Kerberos authentication.
IMHO it should be possible using the Kerberos principal
very much like the principal contained inside a X509
certificate.
My main use case is assigning a specific command to
a user logging in usin...
2016 Feb 09
2
Test Status OpenSSH 7.1 P2 on HPE NSE
...sha1 @2900
unexpected error mac hmac-sha1 at 2900: Bytes per second: sent
40854.2, received 34836.9.
principals-command (a sample. Every 3 to 5 executions fail. Nothing apparent
the logs as to why. Could this be a timing issue on recycling ports?).
authorized principals command: privsep yes empty
authorized_principals
authorized principals command: privsep yes wrong
authorized_principals
authorized principals command: privsep yes correct
authorized_principals
ssh cert connect failed
The build did not use any pthreads, and used c89. Unfortunately, the logs
were not particularly helpful identifying why ther...
2011 Nov 03
1
Help with CA Certificates for user authentication?
...izedKeysFile????? /etc/sshtest/authorized_keys
PasswordAuthentication no
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes
UseDNS no
Subsystem?????? sftp??? /home1/test/usr/local/libexec/sftp-server
TrustedUserCAKeys?????? /etc/sshtest/ssh_cakeys
AuthorizedPrincipalsFile??????? /etc/sshtest/authorized_principals
The /etc/sshtest/authorized_principals file contains one line:
test at 172.31.43.3
I attempt to connect to the target server from the test client:
$ ssh -vvv -Y -p 2022 -l test 172.31.44.115
There is verbose output, which mostly seems right until (on the client):
debug1: ssh_rsa_verify:...
2011 Oct 08
3
[PATCH] add log= directive to authorized_hosts
Attached is a patch which adds a log= directive to authorized_keys. The text
in the log="text" directive is appended to the log line, so you can easily
tell which key is matched.
For instance the line:
log="hello world!",no-agent-forwarding,command="/bin/true",no-pty,
no-user-rc,no-X11-forwarding,permitopen="127.0.0.1:7"
ssh-rsa AAAAB3Nza....xcgaK9xXoU=
2011 Jul 07
4
Use of ssh certificates in a multi server of different kind environment.
Hello,
[if I'm not in the right mailing list, please advise it to me]
I'm using ssh certificates for my servers and my users.
I have questions about it:
I can use the same CA in order to certify all my hosts. Every clients can use it,
and it's a great setup. But, if I use the same CA for all my clients, it means that
any clients can log in to any server because hosts trusts my
2019 May 20
4
Authenticate against key files before AuthorizedKeysCommand
Hello,
Currently OpenSSH has a fixed order on how the key authenticates the
user: at first it tries to authenticate against TrustedUserCAKeys,
afterwards it does it against the output keys from the
AuthorizedKeysCommand and finally against the files as set in
AuthorizedKeysFile. I have an use-case where this order is not ideal.
This is because in my case the command fetches keys from the cloud
2017 May 03
2
OpenSSH contract development / patch
Hi OpenSSH developers;
Thank you for your amazing work.
I?m emailing to see if any knowledgeable OpenSSH developer is willing to help us review / revamp some patches we have for OpenSSH, and provide advice on some of the more advanced uses of OpenSSH. This would be a for pay contract engagement. We are trying to be super respectful of the process, and are happy to be very creative ? we are
2013 Sep 05
1
Using multiple certificates for a given private key
Hi,
I'm experimenting with certificates for users, giving access via the
TrustedUserCAKeys mechanism. Unfortunately, there seems to be a limit of
one certificate per SSH key on the user's side, which prevents using the
same key for hosts using different TrustedUserCAKeys. Is there a clean
way around this?
To make the above clearer, consider the following situation:
A collection of hosts
2017 May 04
5
OpenSSH contract development / patch
On Thu, May 04, 2017 at 09:37:59AM +1000, Adam Eijdenberg wrote:
> Hi Devin, have you looked at using openssh certificates to help manage
[...]
> While the feature has been around for a while now (and is really
> useful), there doesn't seem to be huge amount of documentation around
> it. I found the following useful when getting a client of my running
Yeah, when I wrote about it