search for: fido

OK, I know I''m doing something bone-headed, but I can''t for the life of me figure it out. I''ve read the test fixtures Rdoc about eight dozen times, and it says (to me) that if I have a YAML fixture file, dogs.yml that looks like this: fido: id: 1 breed: Terrier fifi: id: 2 breed: Poodle Then I can include fixtures :dogs in my functional test, and I''ll have access to a Hash of the model objects in the instance variable @dogs. And further, that the fixture records are "found" and loaded into instance var...

Hi guys, I''m having a little trouble understanding the differences and knowing when to use "def foo" and "def self.foo" in my models. I don''t quite understand them and was hoping someone could explain or give me examples on how to use the "self." properly. For example, I had "def foo" in my model "Account" and in one of

...u client and server) and it > > works. However, it does not do PIN enforcement at SSH login. It only > > requests the PIN during the set-up process (when the key is being > > generated). Is that the way it's supposed to work? > > Assuming you are using this device as a FIDO token (and not PKCS#11), > this is expected. OpenSSH doesn't yet support requiring PINs for keys > except for a couple of corner cases (e.g. resident keys). > > I hope to add this before OpenSSH 8.4. Somewhat related: touching the FIDO key to authorize the operation. The user is...

...tion manually. [1] "SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and Application to the PGP Web of Trust" Leurent, G and Peyrin, T (2020) https://eprint.iacr.org/2020/014.pdf Security ======== * ssh-agent(1): restrict ssh-agent from signing web challenges for FIDO/U2F keys. When signing messages in ssh-agent using a FIDO key that has an application string that does not start with "ssh:", ensure that the message being signed is one of the forms expected for the SSH protocol (currently public key authentication and sshsig signatures)....

...rted directly to openssh at openssh.com. Below is a summary of changes. More detail may be found in the ChangeLog in the portable OpenSSH tarballs. Thanks to the many people who contributed to this release. Security ======== * ssh-agent(1): restrict ssh-agent from signing web challenges for FIDO/U2F keys. When signing messages in ssh-agent using a FIDO key that has an application string that does not start with "ssh:", ensure that the message being signed is one of the forms expected for the SSH protocol (currently public key authentication and sshsig signatures)....

...the -O flag. * sshd(8): the sshd listener process title visible to ps(1) has changed to include information about the number of connections that are currently attempting authentication and the limits configured by MaxStartups. * ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F support to provide address-space isolation for token middleware libraries (including the internal one). It needs to be installed in the expected path, typically under /usr/libexec or similar. Changes since OpenSSH 8.1 ========================= This release contains some significant n...

...the -O flag. * sshd(8): the sshd listener process title visible to ps(1) has changed to include information about the number of connections that are currently attempting authentication and the limits configured by MaxStartups. * ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F support to provide address-space isolation for token middleware libraries (including the internal one). It needs to be installed in the expected path, typically under /usr/libexec or similar. Changes since OpenSSH 8.1 ========================= This release contains some significant n...

...the -O flag. * sshd(8): the sshd listener process title visible to ps(1) has changed to include information about the number of connections that are currently attempting authentication and the limits configured by MaxStartups. * ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F support to provide address-space isolation for token middleware libraries (including the internal one). It needs to be installed in the expected path, typically under /usr/libexec or similar. Changes since OpenSSH 8.1 ========================= This release contains some significant n...

...rks. However, it does not do PIN enforcement at SSH login. It only > > > > requests the PIN during the set-up process (when the key is being > > > > generated). Is that the way it's supposed to work? > > > > > > Assuming you are using this device as a FIDO token (and not PKCS#11), > > > this is expected. OpenSSH doesn't yet support requiring PINs for keys > > > except for a couple of corner cases (e.g. resident keys). > > > > > > I hope to add this before OpenSSH 8.4. > > > > Somewhat related: tou...

...ocess title visible to ps(1) has changed to include information about the number of connections that are currently attempting authentication and the limits configured by MaxStartups. Changes since OpenSSH 8.1 ========================= This release contains some significant new features. FIDO/U2F Support ---------------- This release adds support for FIDO/U2F hardware authenticators to OpenSSH. U2F/FIDO are open standards for inexpensive two-factor authentication hardware that are widely used for website authentication. In OpenSSH FIDO devices are supported by new public key types &qu...

https://bugzilla.mindrot.org/show_bug.cgi?id=3597 Bug ID: 3597 Summary: Why do we check both nsession_ids and remote_add_provider when judging whether allow remote addition of FIDO/PKCS11 provider libraries is disabled? Product: Portable OpenSSH Version: -current Hardware: Other OS: Windows 10 Status: NEW Severity: trivial Priority: P5 Component: ssh-agent As...

...und: We have DNS set up to return the domain''s address for all sub-domains. So, "dig xyz.cfcl.com" returns the same IP address as "dig cfcl.com". Our router forwards ranges of port numbers to specified machines. So, a request on port 1234 might go to "fido". We are using Apache''s VirtualHost facility to redirect (?) requests to certain machines, as: <VirtualHost *:80> ServerName xyz.cfcl.com ServerAdmin rdm-go8te9J4rpw@public.gmane.org ErrorLog /dev/null CustomLog /de...

...load_resident_keys: trying IOService:/AppleACPIPlatformExpert/PCI0 at 0/AppleACPIPCI/XHC1 at 14/XHC1 at 14000000/HS08 at 14300000/USB2.0 Hub at 14300000/AppleUSB20Hub at 14300000/AppleUSB20HubPort at 14340000/USB2.0 Hub at 14340000/AppleUSB20Hub at 14340000/AppleUSB20HubPort at 14343000/YubiKey OTP+FIDO+CCID at 14343000/IOUSBHostInterface at 1/IOUSBHostHIDDevice at 14343000,1 debug1: read_rks: get metadata for IOService:/AppleACPIPlatformExpert/PCI0 at 0/AppleACPIPCI/XHC1 at 14/XHC1 at 14000000/HS08 at 14300000/USB2.0 Hub at 14300000/AppleUSB20Hub at 14300000/AppleUSB20HubPort at 14340000/USB2.0 H...

I set up the YubiKey with OpenSSH 8.2 (Ubuntu client and server) and it works. However, it does not do PIN enforcement at SSH login. It only requests the PIN during the set-up process (when the key is being generated). Is that the way it's supposed to work? Frank

I don't see a way to do this currently (unless I am missing something) but I would like to be able to specify, that in order for a user to login, they need to use at least 1 public key from 2 separate key sources.? Specifically this would be when using "AuthenticationMethods publickey,publickey".? Right now requiring 2 public keys for authentication will allow 2 public keys from

...something to do with the client as well. Think we're all using vandyke.com's Secure CRT. I guess these bugs are really hard to track down :/ , and I'm not sure what info you need. But I just wanted to tell you that I assume something is wrong in the sshd program. -- JF? [root at fido johanfo]# /usr/sbin/sshd -version /usr/sbin/sshd: invalid option -- v sshd version OpenSSH_2.3.0p1 [root at fido johanfo]# uname -a Linux fido.workone.com 2.2.16-3 #1 Mon Jun 19 18:49:25 EDT 2000 i586 unknown [root at fido johanfo]# w 4:46pm up 106 days, 3:14, 24 users, load average: 0.37, 0...

...an 14 10:00:08 NOTICE[30156]: Binding: sip.conf to odbc Jan 14 10:00:08 NOTICE[30156]: res_config_odbc loaded. Jan 14 10:00:08 NOTICE[30156]: Loading Config sip.conf via odbc engine Jan 14 10:00:08 VERBOSE[30156]: == Creating H.323 Endpoint Jan 14 10:00:09 NOTICE[30156]: Binding: sip.conf to odbc fido|ttyp0:/usr/local/etc/asterisk# so no indications that there is a problem, but a "sip show users" shows no users at all, just: Connected to Asterisk 1.0.3 currently running on fido (pid = 30105) fido*CLI> sip show users Username Secret Accountcode Def.Context...

On Fri, 15 Nov 2019, Damien Miller wrote: > On Fri, 1 Nov 2019, Damien Miller wrote: > > > Hi, > > > > As of this morning, OpenSSH now has experimental U2F/FIDO support, with > > U2F being added as a new key type "sk-ecdsa-sha2-nistp256 at openssh.com" > > or "ecdsa-sk" for short (the "sk" stands for "security key"). > > An update on this: I've just committed internal support for U2F/FIDO2 >...

https://bugzilla.mindrot.org/show_bug.cgi?id=3188 Bug ID: 3188 Summary: Problems creating a second ecdsa-sk key for a second Yubikey Product: Portable OpenSSH Version: 8.3p1 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5 Component: ssh-keygen

Hello, I'm helping the Git for windows team and contributing in git-for-windows repository to help expand the OpenSSH support for fido2 devices on Windows. Currently we are using your internal implementation(sk-usbhic.c) however since Windows 10 version 1903 this requires administrator privileges. I'm trying to create a module for OpenSSH to use webauthn.dll instead of direct calling to libfido2 to eliminate the need for admi...