search for: authorizedkeysfile

OpenSSH 3.1 Not really a bug, but an "undocumented feature". The default sshd_config file show the default setting for AuthorizedKeysFile as being: AuthorizedKeysFile .ssh/authorized_keys If you uncomment that default, it changes the "undocumented" setting for "AuthorizedKeysFile2", which is by default: AuthorizedKeysFile2 .ssh/authorized_keys2 Suggestions for change: 1 - Add AuthorizedKeysFile2 to...

https://bugzilla.mindrot.org/show_bug.cgi?id=1747 Summary: AuthorizedKeysFile not working as advertised Product: Portable OpenSSH Version: 5.4p1 Platform: Other OS/Version: Linux Status: NEW Severity: major Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org R...

https://bugzilla.mindrot.org/show_bug.cgi?id=2490 Bug ID: 2490 Summary: allow to set AuthorizedKeysFile none Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org Reporter: cales...

OpenSSH 5.6p1 will attempt to free static storage and seg. fault if AuthorizedKeysFile is used within a Match block without any global specification of that option. A simple fix is to xstrdup the defined pathnames as in the attached patch. -- Rein Tollevik Basefarm AS -------------- next part -------------- A non-text attachment was scrubbed... Name: openssh.patch Type: text/x-patc...

Hi All, I noticed that if I put: AuthorizedKeysFile .ssh/authorized_keys in my sshd_config file, pub/priv key authentication no longer worked. I am using OpenSSH_5.4p1, OpenSSL 0.9.8n 24 Mar 2010 on Archlinux. Sam ****************** Here is my WORKING config ****************** Port 22 ListenAddress 0.0.0.0 Protocol 2 PermitRootLogin no Pubk...

https://bugzilla.mindrot.org/show_bug.cgi?id=1764 Summary: Allow AuthorizedKeysFile in Match Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy: d...

http://bugzilla.mindrot.org/show_bug.cgi?id=412 Summary: AuthorizedKeysFile assumes home directory access upon authentication Product: Portable OpenSSH Version: 3.1p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedT...

...problems. In our case, the keys are stored in a MySQL database and queried by a fuse application when the authorized file is requested by OpenSSH. Of course we wanted to minimized the size of the query response. That's why we wrote the attached patch. It allows to use two new tokens in the AuthorizedKeysFile sshd_config option: * %t, user pubkey type * %f, user pubkey fingerprint So, "AuthorizedKeysFile ~/%t-%f.pubkey" will look for the key at ~/RSA-e9:6e:a0:72:c6:a3:29:f6:bd:79:f2:f8:e0:08:b4:14.pubkey. Maybe you have your own scenario where this may be useful. It would be nic...

Hi devs, recently I had to replace authorized_keys on several systems to enforce an access policy change. I was badly surprised that authorized_keys2(!) was still processed, which allowed some old keys to enter the systems again, because I wasn't aware of the file's existance on the server and use by sshd, since this "backward compatibility" isn't documented, not even a

...|djm at mindrot.org Status|NEW |RESOLVED Resolution|--- |DUPLICATE --- Comment #3 from Damien Miller <djm at mindrot.org> --- This has been supported since openssh-5.9: > * sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths, > separated by space. The undocumented AuthorizedKeysFile2 option is > deprecated (though the default for AuthorizedKeysFile includes > .ssh/authorized_keys2) *** This bug has been marked as a duplicate of bug 172 *** -- You are receiving this mail beca...

https://bugzilla.mindrot.org/show_bug.cgi?id=2623 Bug ID: 2623 Summary: AuthorizedKeysFile split pub key and signature with tab `\t` not work. Product: Portable OpenSSH Version: 7.3p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd...

https://bugzilla.mindrot.org/show_bug.cgi?id=2755 Bug ID: 2755 Summary: [PATCH] sshd_config: allow directories in AuthorizedKeysFile= Product: Portable OpenSSH Version: 7.5p1 Hardware: All OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org Reporter: lucab at de...

...|Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WORKSFORME ------- Additional Comments From markus at openbsd.org 2002-10-12 00:59 ------- AuthorizedKeysFile /etc/ssh/keys/%u does not access $HOME for me. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

Hi, We will probably do an openssh-5.5p1 release soon, mainly for the sshd_config:AuthorizedKeysFile bug, but containing a few other small patches too. If you have any portability fixes that need to go in then please send them through at once. -d

https://bugzilla.mindrot.org/show_bug.cgi?id=1684 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #4 from Damien Miller <djm at mindrot.org> --- Close all resolved bugs after 7.3p1 release

.../Version: All Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: alex.kiernan at thus.net We'd like to run sshd with a configuration morally equivilent to: # stuff ... AuthorizedKeysFile /var/db/keys-distributed-by-security-team/%u AuthorizedKeysFile %h/.ssh/authorized_keys # be backwards compatable for a bit longer yet AuthorizedKeysFile %h/.ssh/authorized_keys2 # more stuff ... The following patch (against the cvs source) turns the authorizedkeysfile statement in sshd.conf into...

Hi, We'd like to run sshd with a configuration morally equivilent to: # stuff ... AuthorizedKeysFile /var/db/keys-distributed-by-security-team/%u AuthorizedKeysFile %h/.ssh/authorized_keys # be backwards compatable for a bit longer yet AuthorizedKeysFile %h/.ssh/authorized_keys2 # more stuff ... The following patch (against the cvs source) turns the authorizedkeysfile statement in sshd.conf into...

...e AuthorizedPrincipalsFile (or AuthorizedPrincipalsCommand if your authz information needs to change on a quicker cadence than your config pushes) on the machines. you'd have something like $ cat /etc/ssh/sshd_config <snip> TrustedUserCAKeys /etc/ssh/TrustedUserCAKeys Match User www AuthorizedKeysFile /etc/ssh/empty AuthorizedPrincipalsFile /etc/ssh/www_authorizedPrincipals <snip> $ cat /etc/ssh/www_authorized_principals alice bob and alice and bob just have regular user certificates with 'alice' or 'bob' in the princpals

http://bugzilla.mindrot.org/show_bug.cgi?id=165 ------- Additional Comments From markus at openbsd.org 2002-03-17 04:31 ------- never seen this. what does sshd -ddd say? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

On Thu, Jul 7, 2016 at 10:00 AM, Bruce F Bading <badingb at us.ibm.com> wrote: > > Hi Gentlemen, > > Thank you both for your valued opinion. I do however agree that public key > authentication cannot be fully considered MFA as have 2 PCI QSAs I have > spoken with. This is because it is not enforceable server side. Many > things can affect client side security. >