search for: passphrases

Looking for help regaining access to encrypted ZFS file systems that stopped accepting the encryption key. I have a file server with a setup as follows: Solaris 11 Express 1010.11/snv_151a 8 x 2-TB disks, each one divided into three equal size partitions, three raidz3 pools built from a "slice" across matching partitions: Disk 1 Disk 8 zpools +--+ +--+ |p1| .. |p1| <-

Hello, I have the following problem. I have an application which is running and which has already request a passphrase to the user. This application needs to launch ssh agent and ssh add, but I do not want to be prompt again for the passphrase. My private key is of course encrypted with the passphrase. How can I do ? My only idea for the moment is to change the variable value of ask_passphrase

...by "keypair authentication"? > > > > That's the authentication you use when you have ssh-keygen provide you > > with a private key and a public key, and distribute the public key to all > > the different authorized_keys files. > > But he says not to use passphrases, I'm confused. I'm not sure which "he" you mean here. A possible confusion is that there are two ways the term passphrase can be used when it comes to OpenSSH: * Passphrase authentication, where you log into a machine and the sshd on the other end challenges you to enter a pass...

I am going to preface this email by saying that I know very little about OpenSSH internals, the protocol, etc. I do a lot of work with novice programmers, and one step that comes up relatively early is generating SSH keys. In case you haven't done it in a while, the output looks like this: $ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key

...t passphrase from the command. I can't pass information from one attempt to another, so the script has no idea if it failed already. `ssh` passes the prompt it usually shows as the first argument(`$1`) to SSH_ASKPASS. To make my script possible, I propose also passing the number of attempted passphrases so far to SSH_ASKPASS as the second argument(`$2`). This way I'll be able to detect it is the script's second attempt at inputting a passphrase and not run the passphrase command again. -- You are receiving this mail because: You are watching the assignee of the bug.

Hi list, I do not known, if this is really an issue but i noticed that when connecting to a remote ssh host with the standard linux openssh client using a private key, that there is no line of text indicating when the local key-passwd process was completed and the connection session was established. On a compromised host, the login shell could write the line 'Enter passphrase for key

Remove sshkey_load_private(), as this function's role is similar to sshkey_load_private_type(). --- Dependency: This change depends over recently merged change in openbsd: https://github.com/openbsd/src/commit/b0c328c8f066f6689874bef7f338179145ce58d0 Change log: v1->v2 - Remove declaration of sshkey_load_private() in authfile.h authfile.c | 38

Add private key protection information extraction to shh-keygen using -v option on top of -y option which is already parsing the private key. Technically, the passphrase isn't necessary to do this, but it is the most logical thing to do for me. Adding this to -l option is not appropriate because fingerprinting is using the .pub file when available. An other idea is to add a new option, I

>No. ssh-keygen should never be pamifed. It is worthless to do so. > >If we are going to enforce passphrase quality it should be for all OSes. >The world does not revolve around Linux. No matter what the press may >think. The Linux community didn't invent PAM, Sun did. Many more systems than Linux have PAM, Solaris, HP-UX some BSDs for a start. Having said that I agree with

I have an account where I have DSA key setup with a passphrase. I am trying to write a script to ssh over to another Unix server, without having to type in the passphrase and have ssh read the passphrase from either a file or pass it in from the command line. Is there a way to do something like this? I know that we can it so I don't need to enter a passphrase but we don't want to do

http://bugzilla.mindrot.org/show_bug.cgi?id=818 Summary: ssh-keygen Bad passphrase error Product: Portable OpenSSH Version: 3.8p1 Platform: PPC OS/Version: Linux Status: NEW Severity: major Priority: P2 Component: ssh-keygen AssignedTo: openssh-bugs at mindrot.org ReportedBy: sandino at

...hich is one of the problems with password-auth that key-auth is supposed to improve on). The ways to avoid ever falling into this trap: 1) Always ssh with -v, and read the verbose messages every time, so you are certain you know where the prompt originated. Not likely. 2) Always ssh-add your passphrases locally first, before ssh'ing anywhere. For best results, set BatchMode=yes by default in ~/.ssh/config so that you will never ever ever be prompted legitimately; the connection will simply fail until you remember to ssh-add. Therefore any time you are ever prompted when ssh'i...

Hello, I need to allow for some people to execute ssh with one shared private key for remote executing command on various machines. However, it is not possible to set group permissions for private keys and it is possible to have just one private key file for one user. Please, is it possible to add patches into openssh development tree like these, so that standard behavior of ssh is not changed,

On Tue, Jan 02, 2024 at 03:52:29PM +1100, Damien Miller wrote: > On Mon, 1 Jan 2024, Christian Weisgerber wrote: > > > Chris Green: > > > > > Setting SSH_ASKPASS_REQUIRE=never in the environment on my xubuntu > > > 23.10 system doesn't seem to work. I have set it:- > > > > > > chris$ env | grep SSH > > >

http://bugzilla.mindrot.org/show_bug.cgi?id=1138 Summary: Passphrase asked for (but ignored) if key file permissions too liberal. Product: Portable OpenSSH Version: 4.2p1 Platform: PPC OS/Version: Linux Status: NEW Severity: minor Priority: P1 Component: ssh-add AssignedTo:

On Fri, May 25, 2001 at 02:21:06PM +0200, Nigel Kukard wrote: > Hi, > > [nkukard at wigglytuff .ssh]$ ssh-keygen -pf test_id > Enter old passphrase: > 'ey has comment 'ii > Enter new passphrase (empty for no passphrase): > Enter same passphrase again: > Segmentation fault (core dumped) > [nkukard at wigglytuff .ssh]$ > > > That is the error

Looking at openSSH INSTALL: To generate a host key, run "make host-key". Alternately you can do so manually using the following commands: ssh-keygen -b 1024 -f /etc/ssh/ssh_host_key -N "" ssh-keygen -d -f /etc/ssh/ssh_host_dsa_key -N "" But when I try latter, I get: (gdb) n 1 0x35a6 in save_private_key_ssh2 ( filename=0xb2d2c

...to ask for a key passphrase before using a key to open an encrypted channel. A ssh key which requires a ssh passphrase to be usable can not be used to open a ssh connection if such ssh passphrase is not provided, as it is part of the encryption algorithm. I know we can create ssh keys without passphrases (useful for unattended backups, scripts and so on). However our users will be told not to do that, of course, as they are told not to create weak passwords. co-worker wrote: > I am all for encouraging key-based logins, but I think disabling > password logins completely actually reduces s...

The patch below does two things. 1. If invoked with no arguments, attempt to add both RSA and DSA keys. 2. Remember the last successful passphrase and attempt to use it on subsequent key files which are added. Note that the latter part of the patch extends the period of time during which the passphrase is held in clear text in the ssh-add process, but doesn't introduce any _new_

...> What do you mean by "keypair authentication"? > > That's the authentication you use when you have ssh-keygen provide you > with a private key and a public key, and distribute the public key to all > the different authorized_keys files. > But he says not to use passphrases, I'm confused. -- Chris Green