search for: authorized_principals

Displaying 9 results from an estimated 9 matches for "authorized_principals".

2019 Oct 04
authorized_principals for Kerberos authentication
Hello, SSH supports ~/.ssh/authorzied_keys for SSH keys and ~/.ssh/authorized_principals for X509 certs. I could not find an equivalent of authorzied_keys using Kerberos authentication. IMHO it should be possible using the Kerberos principal very much like the principal contained inside a X509 certificate. My main use case is assigning a specific command to a user logging in using K...
2016 Feb 09
Test Status OpenSSH 7.1 P2 on HPE NSE
...sha1 @2900 unexpected error mac hmac-sha1 at 2900: Bytes per second: sent 40854.2, received 34836.9. principals-command (a sample. Every 3 to 5 executions fail. Nothing apparent the logs as to why. Could this be a timing issue on recycling ports?). authorized principals command: privsep yes empty authorized_principals authorized principals command: privsep yes wrong authorized_principals authorized principals command: privsep yes correct authorized_principals ssh cert connect failed The build did not use any pthreads, and used c89. Unfortunately, the logs were not particularly helpful identifying why there w...
2011 Nov 03
Help with CA Certificates for user authentication?
...izedKeysFile????? /etc/sshtest/authorized_keys PasswordAuthentication no X11Forwarding yes X11DisplayOffset 10 X11UseLocalhost yes UseDNS no Subsystem?????? sftp??? /home1/test/usr/local/libexec/sftp-server TrustedUserCAKeys?????? /etc/sshtest/ssh_cakeys AuthorizedPrincipalsFile??????? /etc/sshtest/authorized_principals The /etc/sshtest/authorized_principals file contains one line: test at I attempt to connect to the target server from the test client: $ ssh -vvv -Y -p 2022 -l test There is verbose output, which mostly seems right until (on the client): debug1: ssh_rsa_verify: sig...
2011 Oct 08
[PATCH] add log= directive to authorized_hosts
Attached is a patch which adds a log= directive to authorized_keys. The text in the log="text" directive is appended to the log line, so you can easily tell which key is matched. For instance the line: log="hello world!",no-agent-forwarding,command="/bin/true",no-pty, no-user-rc,no-X11-forwarding,permitopen="" ssh-rsa AAAAB3Nza....xcgaK9xXoU=
2011 Jul 07
Use of ssh certificates in a multi server of different kind environment.
Hello, [if I'm not in the right mailing list, please advise it to me] I'm using ssh certificates for my servers and my users. I have questions about it: I can use the same CA in order to certify all my hosts. Every clients can use it, and it's a great setup. But, if I use the same CA for all my clients, it means that any clients can log in to any server because hosts trusts my
2019 May 20
Authenticate against key files before AuthorizedKeysCommand
Hello, Currently OpenSSH has a fixed order on how the key authenticates the user: at first it tries to authenticate against TrustedUserCAKeys, afterwards it does it against the output keys from the AuthorizedKeysCommand and finally against the files as set in AuthorizedKeysFile. I have an use-case where this order is not ideal. This is because in my case the command fetches keys from the cloud
2017 May 03
OpenSSH contract development / patch
Hi OpenSSH developers; Thank you for your amazing work. I?m emailing to see if any knowledgeable OpenSSH developer is willing to help us review / revamp some patches we have for OpenSSH, and provide advice on some of the more advanced uses of OpenSSH. This would be a for pay contract engagement. We are trying to be super respectful of the process, and are happy to be very creative ? we are
2013 Sep 05
Using multiple certificates for a given private key
Hi, I'm experimenting with certificates for users, giving access via the TrustedUserCAKeys mechanism. Unfortunately, there seems to be a limit of one certificate per SSH key on the user's side, which prevents using the same key for hosts using different TrustedUserCAKeys. Is there a clean way around this? To make the above clearer, consider the following situation: A collection of hosts
2017 May 04
OpenSSH contract development / patch
On Thu, May 04, 2017 at 09:37:59AM +1000, Adam Eijdenberg wrote: > Hi Devin, have you looked at using openssh certificates to help manage [...] > While the feature has been around for a while now (and is really > useful), there doesn't seem to be huge amount of documentation around > it. I found the following useful when getting a client of my running Yeah, when I wrote about it