search for: authpf

...y abuse > AuthorizedKeysCommand in sshd_config. As in key files. Could be partially interesting to know how a passthrough script would look for it, but, if an all-encompassing way could be worked out it would be better i.e. that supports password logins too. > This sounds a bit like what authpf[1] does. I imagine you could write > firewall rules to block outgoing tcp connections from sshd until after > authpf runs, if that is an option for you. (That sounds like a very indirect approach, in particular as it would cover only some connections?) > > [1] http://www.openbsd.or...

...#39;t answer this. Register the login to the group's login database. >> How would you do it using bsdauth? >> >> (PAM seems very redundant to install on OBSD.) > > You are using OpenBSD or something else? OpenBSD. > [...] >>> This sounds a bit like what authpf[1] does. I imagine you could >>> write >>> firewall rules to block outgoing tcp connections from sshd until >>> after >>> authpf runs, if that is an option for you. >> >> (That sounds like a very indirect approach, in particular as it would >&...

I want to ssh from a client to a machine on a closed network via a jumphost; let's call them {client,internal,jumphost}.example.com. I have authpf set up on the jumphost so that when logged in, I am allowed to open TCP connections from the jumphost to port 22 on internal nodes. This works well with port forwarding: des at client ~% ssh -L2222:internal.example.com:22 jumphost.example.com but I'd rather use ProxyCommand, so I add someth...

On 2015-11-26 13:03, Darren Tucker wrote: > On Thu, Nov 26, 2015 at 3:41 PM, Tinker <tinkr at openmailbox.org> wrote: >> What I am looking for is an SSHD configuration where every >> successfully >> authenticated connection also guaranteedly will lead to a >> ForcedCommand >> invocation. > [...] >> Is this possible? > > I don't think

Hi, How to configure sshd to required both ssh public key and user password also? yes, stupid, but required on my setup.. -- Eero

I've seen that is possible to use switch port blocking with freeradius and cisco switches via 802.1X and EAP protocol. Here is more info: http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO What if I don't have switch that supports 802.1X or I want that blocking is done by FreeBSD, not the switch. Because FreeBSD is the firewall or gateway to some networks. Is there

...chment.cgi?id=2207&action=edit Add a ForceShell option to override the user's shell This patch adds a ForceShell option to sshd to override the user's shell. This can be used in a Match block to conditionally replace the user's shell with a restricted shell such as rksh, scponly or authpf. For example, Match Address !192.168.10.0/24 ForceShell /usr/sbin/authpf This provides more flexibility than merely changing the user's shell in the passwd file. It also makes it possible to override the shell when LDAP or NIS is used for user information. -- You are receivi...

Hi List, I am looking for an option for sshd to start user's shell (when logging in interactively to a remote host) in a control group via cgexec - so for example: /bin/cgexec -g <username> /bin/bash This would be extremely handy on linux Terminal servers to control users access to the system resources (protect system from a malicious user hogging the machine by running cpu/memory

Hello, For some time now have been trying to connect a Samba-3.0.14a-0.4 server running on SuSE Ent 9 linux server to our Exchange 2003 (running on Server 2003 Std w/ SP1) server which is also the AD server for our domain. I can connect to the shares using the AD as the authentication source, so the basic functionality is there but some command output does not show in the way i expect

Hello! A machine I manage remotely for a friend comes under a distributed ssh break-in attack every once in a while. Annoyed (and alarmed) by the messages like: Aug 12 10:21:17 symbion sshd[4333]: Invalid user mythtv from 85.234.158.180 Aug 12 10:21:18 symbion sshd[4335]: Invalid user mythtv from 85.234.158.180 Aug 12 10:21:20 symbion sshd[4337]: Invalid user mythtv from 85.234.158.180 Aug 12

Hello! A machine I manage remotely for a friend comes under a distributed ssh break-in attack every once in a while. Annoyed (and alarmed) by the messages like: Aug 12 10:21:17 symbion sshd[4333]: Invalid user mythtv from 85.234.158.180 Aug 12 10:21:18 symbion sshd[4335]: Invalid user mythtv from 85.234.158.180 Aug 12 10:21:20 symbion sshd[4337]: Invalid user mythtv from 85.234.158.180 Aug 12