Displaying 20 results from an estimated 189 matches for "authorizedkeysfile".
2002 Apr 18
2
AuthorizedKeysFile
OpenSSH 3.1
Not really a bug, but an "undocumented feature".
The default sshd_config file show the default setting for AuthorizedKeysFile
as being:
AuthorizedKeysFile .ssh/authorized_keys
If you uncomment that default, it changes the "undocumented" setting for
"AuthorizedKeysFile2", which is by default:
AuthorizedKeysFile2 .ssh/authorized_keys2
Suggestions for change:
1 - Add AuthorizedKeysFile2 to...
2010 Mar 30
3
[Bug 1747] New: AuthorizedKeysFile not working as advertised
https://bugzilla.mindrot.org/show_bug.cgi?id=1747
Summary: AuthorizedKeysFile not working as advertised
Product: Portable OpenSSH
Version: 5.4p1
Platform: Other
OS/Version: Linux
Status: NEW
Severity: major
Priority: P2
Component: sshd
AssignedTo: unassigned-bugs at mindrot.org
R...
2015 Nov 03
2
[Bug 2490] New: allow to set AuthorizedKeysFile none
https://bugzilla.mindrot.org/show_bug.cgi?id=2490
Bug ID: 2490
Summary: allow to set AuthorizedKeysFile none
Product: Portable OpenSSH
Version: -current
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: cales...
2010 Sep 29
2
AuthorizedKeysFile in Match block causes seg. fault
OpenSSH 5.6p1 will attempt to free static storage and seg. fault if
AuthorizedKeysFile is used within a Match block without any global
specification of that option. A simple fix is to xstrdup the defined
pathnames as in the attached patch.
--
Rein Tollevik
Basefarm AS
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openssh.patch
Type: text/x-patc...
2010 Apr 02
2
AuthorizedKeysFile with default value prevents Public/Private key authentication
Hi All,
I noticed that if I put:
AuthorizedKeysFile .ssh/authorized_keys in my sshd_config file,
pub/priv key authentication no longer worked.
I am using OpenSSH_5.4p1, OpenSSL 0.9.8n 24 Mar 2010
on Archlinux.
Sam
****************** Here is my WORKING config ******************
Port 22
ListenAddress 0.0.0.0
Protocol 2
PermitRootLogin no
Pubk...
2010 Apr 28
9
[Bug 1764] New: Allow AuthorizedKeysFile in Match
https://bugzilla.mindrot.org/show_bug.cgi?id=1764
Summary: Allow AuthorizedKeysFile in Match
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P2
Component: sshd
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: d...
2002 Oct 10
0
[Bug 412] New: AuthorizedKeysFile assumes home directory access upon authentication
http://bugzilla.mindrot.org/show_bug.cgi?id=412
Summary: AuthorizedKeysFile assumes home directory access upon
authentication
Product: Portable OpenSSH
Version: 3.1p1
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedT...
2010 Apr 11
0
[PATCH] AuthorizedKeysFile: tokens for type and fingerprint
...problems. In our case, the keys are stored in a MySQL database and queried by a
fuse application when the authorized file is requested by OpenSSH. Of course we
wanted to minimized the size of the query response.
That's why we wrote the attached patch. It allows to use two new tokens in the
AuthorizedKeysFile sshd_config option:
* %t, user pubkey type
* %f, user pubkey fingerprint
So, "AuthorizedKeysFile ~/%t-%f.pubkey" will look for the key at
~/RSA-e9:6e:a0:72:c6:a3:29:f6:bd:79:f2:f8:e0:08:b4:14.pubkey.
Maybe you have your own scenario where this may be useful. It would be nic...
2011 May 09
2
backdoor by authorized_keys2 leftovers
Hi devs,
recently I had to replace authorized_keys on several systems to
enforce an access policy change.
I was badly surprised that authorized_keys2(!) was still processed,
which allowed some old keys to enter the systems again, because I
wasn't aware of the file's existance on the server and use by sshd,
since this "backward compatibility" isn't documented, not even a
2013 Oct 10
0
[Bug 1684] Support multiple AuthorizedKeysFile entries
...|djm at mindrot.org
Status|NEW |RESOLVED
Resolution|--- |DUPLICATE
--- Comment #3 from Damien Miller <djm at mindrot.org> ---
This has been supported since openssh-5.9:
> * sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths,
> separated by space. The undocumented AuthorizedKeysFile2 option is
> deprecated (though the default for AuthorizedKeysFile includes
> .ssh/authorized_keys2)
*** This bug has been marked as a duplicate of bug 172 ***
--
You are receiving this mail beca...
2016 Oct 08
6
[Bug 2623] New: AuthorizedKeysFile split pub key and signature with tab `\t` not work.
https://bugzilla.mindrot.org/show_bug.cgi?id=2623
Bug ID: 2623
Summary: AuthorizedKeysFile split pub key and signature with
tab `\t` not work.
Product: Portable OpenSSH
Version: 7.3p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd...
2017 Aug 07
15
[Bug 2755] New: [PATCH] sshd_config: allow directories in AuthorizedKeysFile=
https://bugzilla.mindrot.org/show_bug.cgi?id=2755
Bug ID: 2755
Summary: [PATCH] sshd_config: allow directories in
AuthorizedKeysFile=
Product: Portable OpenSSH
Version: 7.5p1
Hardware: All
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: lucab at de...
2002 Oct 11
3
[Bug 412] AuthorizedKeysFile assumes home directory access upon authentication
...|Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |WORKSFORME
------- Additional Comments From markus at openbsd.org 2002-10-12 00:59 -------
AuthorizedKeysFile /etc/ssh/keys/%u
does not access $HOME for me.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
2010 Mar 16
9
openssh-5.5p1
Hi,
We will probably do an openssh-5.5p1 release soon, mainly for the
sshd_config:AuthorizedKeysFile bug, but containing a few other small
patches too. If you have any portability fixes that need to go in then
please send them through at once.
-d
2016 Aug 02
0
[Bug 1684] Support multiple AuthorizedKeysFile entries
https://bugzilla.mindrot.org/show_bug.cgi?id=1684
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #4 from Damien Miller <djm at mindrot.org> ---
Close all resolved bugs after 7.3p1 release
2002 Mar 18
0
[Bug 172] New: Add multiple AuthorizedKeyFiles options
.../Version: All
Status: NEW
Severity: enhancement
Priority: P2
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
ReportedBy: alex.kiernan at thus.net
We'd like to run sshd with a configuration morally equivilent to:
# stuff ...
AuthorizedKeysFile /var/db/keys-distributed-by-security-team/%u
AuthorizedKeysFile %h/.ssh/authorized_keys
# be backwards compatable for a bit longer yet
AuthorizedKeysFile %h/.ssh/authorized_keys2
# more stuff ...
The following patch (against the cvs source) turns the authorizedkeysfile
statement in sshd.conf into...
2002 Jan 23
0
[PATCH] Add multiple AuthorizedKeyFiles options
Hi,
We'd like to run sshd with a configuration morally equivilent to:
# stuff ...
AuthorizedKeysFile /var/db/keys-distributed-by-security-team/%u
AuthorizedKeysFile %h/.ssh/authorized_keys
# be backwards compatable for a bit longer yet
AuthorizedKeysFile %h/.ssh/authorized_keys2
# more stuff ...
The following patch (against the cvs source) turns the authorizedkeysfile
statement in sshd.conf into...
2020 Jan 30
3
SSH certificates - restricting to host groups
...e AuthorizedPrincipalsFile (or
AuthorizedPrincipalsCommand if your authz information needs to change
on a quicker cadence than your config pushes) on the machines.
you'd have something like
$ cat /etc/ssh/sshd_config
<snip>
TrustedUserCAKeys /etc/ssh/TrustedUserCAKeys
Match User www
AuthorizedKeysFile /etc/ssh/empty
AuthorizedPrincipalsFile /etc/ssh/www_authorizedPrincipals
<snip>
$ cat /etc/ssh/www_authorized_principals
alice
bob
and alice and bob just have regular user certificates with 'alice' or
'bob' in the princpals
2002 Mar 16
4
[Bug 165] Problem with SSH1 Keys on RedHat7.2
http://bugzilla.mindrot.org/show_bug.cgi?id=165
------- Additional Comments From markus at openbsd.org 2002-03-17 04:31 -------
never seen this. what does sshd -ddd say?
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
2016 Jul 09
2
SSH multi factor authentication
On Thu, Jul 7, 2016 at 10:00 AM, Bruce F Bading <badingb at us.ibm.com> wrote:
>
> Hi Gentlemen,
>
> Thank you both for your valued opinion. I do however agree that public key
> authentication cannot be fully considered MFA as have 2 PCI QSAs I have
> spoken with. This is because it is not enforceable server side. Many
> things can affect client side security.
>