search for: bligh

...ccessfully > authenticate. > > You will need to either arrange for your system's NSS to know about > your users somehow or modify sshd. From memory, last time I got this working, we used NSS LDAP and PAM LDAP, and got public keys over LDAP too. It required some fiddling. -- Alex Bligh

...here with great C skills who can recreate this functionality "out of the box", I think there would be a few happy campers (at least two, anyways). -------- Forwarded Message -------- Subject: Re: Encrypt /decrypta file with ssh keys. Date: Fri, 5 Aug 2016 17:24:35 +0100 From: Alex Bligh <alex at alex.org.uk> To: Colin Leavett-Brown <crlb at uvic.ca> CC: Alex Bligh <alex at alex.org.uk> Colin, > On 5 Aug 2016, at 17:03, Colin Leavett-Brown <crlb at uvic.ca> wrote: > > Hi Alex, I think this should be part of Openssh. Do you want to try the wrap...

....e. capable of running the xen3.3.x hypervisor). Any ideas where I can get this - preferably in git form? I think Stefano Stabellini had something that worked up to 2.6.36 (from memory). And yes, we would all prefer all our customers moved to xen4 but this is difficult for some of them. -- Alex Bligh

Does xen-4.1.1 really require python 2.7 (as per Ubuntu packaging) or will it actually work on python 2.6? I am trying to backport it to an Ubuntu LTS version and would rather not have to bring in Python 2.7 if possible. -- Alex Bligh

...have not provided support for log= being incorporated into the certificate. I can do (though I am not sure how to test it, I would just copy forcecommand) but was unclear if that would create a certificate back compatibility issue. If this patch is useful, I am happy to work on that bit. -- Alex Bligh

...set by the resulting blank lines being added by > ssh-copy-id when the file was not missing a terminating newline? Well it would be at least mildly annoying my previously nice looking file now has a pile of blank lines in just because someone didn't know how to use their editor ... -- Alex Bligh -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 842 bytes Desc: Message signed with OpenPGP using GPGMail URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20160320/cfe075f2/attachment...

On Fri, Jan 15, 2016 at 1:07 PM, Alex Bligh <alex at alex.org.uk> wrote: > On 15 Jan 2016, at 11:44, Thomas ? Habets <habets at google.com> wrote: >> On 15 January 2016 at 08:48, Alex Bligh <alex at alex.org.uk> wrote: [snip] > 3. Server compares supplied address/port pair with what it sees > (to detect DN...

...s that gpg requires out of band exchange of gpg keys separately from ssh keys. If you already have ssh keys distributed (which might be in an automated environment for instance), it would be very useful. Of course if you already have gpg keys set up and exchanged, gpg would be just fine. -- Alex Bligh

...to index global 'syslinux' (a nil value) This would suggest that somehow the syslinux global is not defined, so run_kernel_image is not working. Is there some special magic I need to import this? This was working in 4.05 (albeit I have necessarily had to change some other stuff). -- Alex Bligh boot file: prompt 1 default xen4 timeout 100 serial 0 115200 display boot.msg label xen4 kernel lua.c32 append default.lua ipappend 3 default.lua: io.write("Lua ",_VERSION," chaining Xen4 through mboot.c32\n") bootstr = "images/xvp/xen-4.3-mini_4.3.0-20130729173244.g...

...d. On *BSD, this will look more like '/dev/tun1'. I have tested this patch on Linux. It should work equally well on OpenBSD and FreeBSD (it's really very simple) but someone should test this. Patch is against 5.1p1. [this is my first patch against openssh so please go easy] -- Alex Bligh

On Mon, Sep 26, 2016 at 11:43:42AM +0100, Alex Bligh wrote: > > > On 26 Sep 2016, at 10:21, Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006@gmx.net> wrote: > > > > Wow, that was quick! Thank you. > > > > I stumbled upon another problem: Apparently nbd-tester-client and nbdkit > > disagree on what cons...

...e host is running more than one instance of openssh with different ports and different keys, or (less tractably) when a NAT in front of multiple hosts multiplexes which host is connected to by port number. I see no immediate security implication in fixing this, but am I missing something? -- Alex Bligh

...ce was set up by the current connection? I'd really like something race-condition free here. Similarly (but less pressingly), if a client executes a ssh -w and uses the next available local tunnel device, is there some way of reading the tunnel device the child ssh process allocated? -- Alex Bligh

...rectory and ForceCommand? Assuming that I only allow the shared user to write to a specific directory in each chroot setup (through access permissions), am I reasonably safe security wise? Or am better off hacking rsync to do the chroot stuff itself (as if rsync were running as a daemon). -- Alex Bligh

Also, if password-based auth is not allowed, WTF would you want to log passwords? This whole idea is ugly, and smacks of a teenage-level prank attempt. I would strongly object against any such modification of the main source (though I'm sure the maintainers are sane enough to never let such a crap in). Of course the original poster is free to hack his own copy in whatever way he wants.?

This is problem 1 of 3 problems we are having with live migration and/or ACPI on Xen-4.3 and Xen-4.2. Any help would be appreciated. Detailed description of problem: We are using Xen-4.3-rc1 with dom0 running Ubuntu Precise and 3.5.0-23-generic kernel, and domU running Ubuntu Precise (12.04) cloud images running 3.2.0-39-virtual. We are using the xl.conf below on qemu-upstream-dm and HVM and

On 15 January 2016 at 08:48, Alex Bligh <alex at alex.org.uk> wrote: > > The socket option is enabled *after* connection establishment, thus > > doesn't protect against SYN floods. This is because server doesn't > > know (in userspace) what the address of the peer is until they > > connect. Again bec...

...ion opened for user dummyuser by (uid=0) I can't help but think that log line would be more useful if it said which public key was accepted (am willing to provide a patch, but would prefer to avoid a code change). Any ideas on how to get from a public key to list of sshd processes? -- Alex Bligh

...passed as -name to the QEMU command line should probably be the original name, not the name with "--incoming" on on a migration, and 'xl rename' is just going to fail to change it. Code inspection suggests this is no different in xen-unstable but I haven't tried it. -- Alex Bligh root@ubuntu:~# xl create /root/xlcreate-qcow.conf Parsing config from /root/xlcreate-qcow.conf xc: info: VIRTUAL MEMORY ARRANGEMENT:  Loader:        0000000000100000->000000000019db88  TOTAL:         0000000000000000->00000000bf800000  ENTRY ADDRESS: 0000000000100000 xc: info: PHYSICAL MEMO...

...onfig for the emulated NICs and disks does not appear to prevent them getting unplugged; what may be happening is that domU tries to unplug them (but fails) but still doesn''t use them. Is there a way to signal from dom0 that the kernel really shouldn''t unplug this stuff. -- Alex Bligh _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel