search for: authprog

I hear you - but it seems that the choice is between (a) limiting "scp" functionality to address the security vulnerability, and (b) killing "scp" altogether. I'd much prefer (a), even if it means I lose "scp remotehost:foo\* .". Especially, since (almost always) I have equal privileges on both local and remote hosts, so in that case I just originate that

...specific actual commands (with semi-automatic learning of commands based on observed behaviour during training mode): sshdo - controls which commands may be executed via incoming ssh http://raf.org/sshdo https://github.com/raforg/sshdo And another (less easy to use) generic alternative: authprogs - SSH Command Authenticator https://github.com/daethnir/authprogs I don't know if any of the above commands would give you what you want but they might. Suggestion: If the above won't do what you need, I'd suggest different syntax. I don't like a directive that starts with &quo...

This adds support for whitelisting the acceptable options in the "refuse options" setting in rsyncd.conf. It introduces "!" as a special option string that refuses most options and interprets any following strings as patterns of options to allow. For example, to allow only verbose and archive: refuse options = ! verbose archive The "!" does't refuse no-iconv,

Hello all, in order to connect to my SSH servers from untrusted devices like company computers or my smartphone, I set up 2FA with google-authenticator hooked into PAM. However, this is not really 2FA at least for the smartphone, since I use the same device for generating the TANs and it is also at least inconvenient to always require a new TAN for each connection. I do not want to solely rely