Displaying 5 results from an estimated 5 matches for "raforg".
2020 Aug 03
6
Deprecation of scp protocol and improving sftp client
I hear you - but it seems that the choice is between (a) limiting "scp" functionality to address the security vulnerability, and (b) killing "scp" altogether.
I'd much prefer (a), even if it means I lose "scp remotehost:foo\* .".
Especially, since (almost always) I have equal privileges on both local and remote hosts, so in that case I just originate that
2020 Feb 11
0
[draft PATCH] whitelist support for refuse options
...wrote this one) for limiting
incoming ssh commands to a fixed list of specific actual
commands (with semi-automatic learning of commands based on
observed behaviour during training mode):
sshdo - controls which commands may be executed via incoming ssh
http://raf.org/sshdo
https://github.com/raforg/sshdo
And another (less easy to use) generic alternative:
authprogs - SSH Command Authenticator
https://github.com/daethnir/authprogs
I don't know if any of the above commands would give you
what you want but they might.
Suggestion: If the above won't do what you need, I'd sugge...
2024 Jul 03
4
Request for a Lockdown option
Dear OpenSSH developers,
Thanks a lot for your work on OpenSSH. We use it a lot and it is very helpful for our daily work. Would it be possible to have a lockdown option as a workaround in case of a remotely exploitable problem in ssh. This may help react to compromised keys/passwords, configuration issues, software bugs or other problems for example when Debian broke ssh .
My Idea would be
2020 Oct 21
6
"Semi-Trusted" SSH-Keys that also require PAM login
Hello all,
in order to connect to my SSH servers from untrusted devices like company computers or my smartphone, I set up 2FA with
google-authenticator hooked into PAM.
However, this is not really 2FA at least for the smartphone, since I use the same device for generating the TANs and it
is also at least inconvenient to always require a new TAN for each connection. I do not want to solely rely
2020 Feb 09
3
[draft PATCH] whitelist support for refuse options
This adds support for whitelisting the acceptable options in the
"refuse options" setting in rsyncd.conf. It introduces "!" as a
special option string that refuses most options and interprets
any following strings as patterns of options to allow.
For example, to allow only verbose and archive:
refuse options = ! verbose archive
The "!" does't refuse no-iconv,