search for: beermann

On 09/11/23, Marian Beermann (public at enkore.de) wrote: > ... while OpenSSH does support using a CA in conjunction with hostbased > authentication, it still requires a list of all authorized host names in the > rhosts / shosts file. I'm not familiar with the use of .rhosts/.shosts, but I don't think those a...

On Sat, 11 Nov 2023, Marian Beermann wrote: > Though the commit doesn't say why it needs the \r. When the terminal is in raw mode, \n is not the line separator but \x0D\x0A is: \x0D moves the cursor to the beginning of the line and \x0A moves it to one line below but does not change the horizontal position. So it?s a require...

Hi, we're looking to reduce the number of host lists that need to be kept in sync in our system. (There are quite a few of them all over the place) OpenSSH CAs are an obvious solution for not having to keep all host keys in sync in /etc/ssh/known_hosts, however, while OpenSSH does support using a CA in conjunction with hostbased authentication, it still requires a list of all authorized

On Fri, 10 Nov 2023, Rory Campbell-Lange wrote: > On 09/11/23, Marian Beermann (public at enkore.de) wrote: > > ... while OpenSSH does support using a CA in conjunction with hostbased > > authentication, it still requires a list of all authorized host names in the > > rhosts / shosts file. > > I'm not familiar with the use of .rhosts/.shosts, but...

Hi Josh, it's been around for a while: https://github.com/openbsd/src/commit/8747197a4a479407167d01f46017ddb99cc3cae2 Though the commit doesn't say why it needs the \r. Cheers, Marian On 11/11/23 00:38, Joshua Rogers wrote: > Hi all, > > I have recently only discovered that openssh prints lines to stderr > separated by CLRF pairs, and am trying to understand where this

On 11/10/23 04:17, Damien Miller wrote: > AIUI what he is asking for is a file that combines the host identity > of the system-wide ssh_known_hosts file with the host/user authorisation > of shosts in a single file. > > This might be a little cleaner, but IMO not so much so as to be highly > motivating (personally). > > -d Yup, but since this is auth code I imagine it

On Sat, 11 Nov 2023, Marian Beermann wrote: > On 11/10/23 04:17, Damien Miller wrote: > > AIUI what he is asking for is a file that combines the host identity > > of the system-wide ssh_known_hosts file with the host/user authorisation > > of shosts in a single file. > > > > This might be a little cl...

On 11/15/23, 10:51 AM, "openssh-unix-dev on behalf of Marian Beermann" <openssh-unix-dev-bounces+iain.morgan=nasa.gov at mindrot.org <mailto:nasa.gov at mindrot.org> on behalf of public at enkore.de <mailto:public at enkore.de>> wrote: On 11/15/23 18:09, Chris Rapier wrote: > On 11/11/23 9:31 PM, Damien Miller wrote: > >> It's...

This comes up from time to time. The main hurdle is that the ssh client doesn't know what the login shell of the user on the server is, but you need to know that to correctly escape for the shell at hand. (And not all servers are even Unix-like). The real/proper fix is and always would've been a separate request type that's essentially just doing an execvp and simply wouldn't be