search for: shosts

On Wed, Mar 11, 2020 at 12:25:27AM +0800, John Garry wrote: > From: Hannes Reinecke <hare at suse.com> > > Add a new field 'nr_reserved_cmds' to the SCSI host template to > instruct the block layer to set aside a tag space for reserved > commands. > > Signed-off-by: Hannes Reinecke <hare at suse.com> > --- > drivers/scsi/scsi_lib.c | 1 + >

On Wed, Mar 11, 2020 at 12:25:27AM +0800, John Garry wrote: > From: Hannes Reinecke <hare at suse.com> > > Add a new field 'nr_reserved_cmds' to the SCSI host template to > instruct the block layer to set aside a tag space for reserved > commands. > > Signed-off-by: Hannes Reinecke <hare at suse.com> > --- > drivers/scsi/scsi_lib.c | 1 + >

On Thu, Jan 26, 2017 at 11:41:09AM +0800, Fam Zheng wrote: > This implements the VIRTIO_SCSI_F_FC_HOST feature by reading the config > fields and presenting them as sysfs fc_host attributes. The config > change handler is added here because primary_active will toggle during > migration. Looks like there's active discussion on virtio tc mailing list. It's ok to post patches

On Thu, Jan 26, 2017 at 11:41:09AM +0800, Fam Zheng wrote: > This implements the VIRTIO_SCSI_F_FC_HOST feature by reading the config > fields and presenting them as sysfs fc_host attributes. The config > change handler is added here because primary_active will toggle during > migration. Looks like there's active discussion on virtio tc mailing list. It's ok to post patches

...y-based authentication methods would require keeping O(N*M) (N=number of users, M=number of nodes) items (millions) in sync: every user's key would need to be on every node in their ~/.ssh/authorized_keys and every node's host key needs to be in every other node's /etc/ssh/known_hosts + shosts. With hostbased only the latter part (/etc/ssh/known_hosts + shosts) is needed. With @cert-authority only the shosts is needed. Which is already a significant advantage, because no keys need to be synced any more. With a hypothetical /etc/ssh/authorized_keys (or an equivalent mechanism, like...

I''m trying to create a ssh class where the /etc/ssh/ssh_known_hosts and /etc/ssh/shosts.equiv stays updated. The issue i''m finding is that if I include a "tag == anything" in the Collector filter, it collects all resources EXCEPT it''s own. In this case, the known_hosts and .equiv files will have all the other hostnames, but not it''s own hostna...

v2: Fix endianness of WWNN/WWPN. [Paolo] This series implements the proposed fc_host feature of virtio-scsi. The first patch updates the data structure changes according to the spec proposal; the second patch actually implements the operations. Fam Zheng (2): virtio_scsi: Add fc_host definitions virtio_scsi: Implement fc_host drivers/scsi/virtio_scsi.c | 60

v2: Fix endianness of WWNN/WWPN. [Paolo] This series implements the proposed fc_host feature of virtio-scsi. The first patch updates the data structure changes according to the spec proposal; the second patch actually implements the operations. Fam Zheng (2): virtio_scsi: Add fc_host definitions virtio_scsi: Implement fc_host drivers/scsi/virtio_scsi.c | 60

...f them all over the place) OpenSSH CAs are an obvious solution for not having to keep all host keys in sync in /etc/ssh/known_hosts, however, while OpenSSH does support using a CA in conjunction with hostbased authentication, it still requires a list of all authorized host names in the rhosts / shosts file. That does make sense, as known_hosts is of course primarily for, well, knowing host keys, and doesn't say anything about trusting them for hostbased authentication, so for hostbased using a @cert-authority here is functionally the same as just listing all issued public keys directly....

This implements the VIRTIO_SCSI_F_FC_HOST feature by reading the config fields and presenting them as sysfs fc_host attributes. The config change handler is added here because primary_active will toggle during migration. Signed-off-by: Fam Zheng <famz at redhat.com> --- drivers/scsi/virtio_scsi.c | 55 +++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 54 insertions(+), 1

This implements the VIRTIO_SCSI_F_FC_HOST feature by reading the config fields and presenting them as sysfs fc_host attributes. The config change handler is added here because primary_active will toggle during migration. Signed-off-by: Fam Zheng <famz at redhat.com> --- drivers/scsi/virtio_scsi.c | 60 +++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 59 insertions(+), 1

On 09/11/23, Marian Beermann (public at enkore.de) wrote: > ... while OpenSSH does support using a CA in conjunction with hostbased > authentication, it still requires a list of all authorized host names in the > rhosts / shosts file. I'm not familiar with the use of .rhosts/.shosts, but I don't think those are needed at all with a machine or per-user known_hosts file/files utilizing host certificates. The known_hosts file can have patterns such as the following: @cert-authority *.example.com ecdsa-sha2-nist...

This includes two kernel patches, scsi-target and IO_CMD_EPOLL_WAIT. The former is a modified version of the scsi target infrastructure in mainline. The latter enables applications to handle AIO and non-AIO fds in the same loop. blktap uses the different patch, AIO event queue patch for the same aim. The IO_CMD_EPOLL_WAIT patch will be merged into mainline (and the AIO event queue will not) so

...the business happy are that no cleartext passwords or unencrypted private keys can be stored on disk. Since this is within an automated environment, there is no opportunity for human intervention to type in passwords or passphrases. The original intent was to use host-based authentication via the shosts.equiv file. This is essentially a drop-in replacement for what is already being done, just replacing rsh with OpenSSH. However, OpenSSH is hard-coded to *not* check hosts.equiv/shosts.equiv if the target uid is 0. It is possible to get around this by setting "IgnoreRhosts" to no, and p...

...n distinguish between different ports in known_hosts, we should also be able to distinguish between different ports in .shost, and that allows me to specify which hosts I trust. Of course an incoming SSH connection from etoh.eviladmin.org isn't going to come from the port listed in known_hosts/.shosts, but an entry in .shosts doesn't specify that that hostname/IP is trusted but that the corresponding host key in known_hosts is trusted. I propose that both .shosts and known_hosts identify servers as name[:port] where the default port is 22. When a connection comes in, hostbased authenticatio...

On Fri, 10 Nov 2023, Rory Campbell-Lange wrote: > On 09/11/23, Marian Beermann (public at enkore.de) wrote: > > ... while OpenSSH does support using a CA in conjunction with hostbased > > authentication, it still requires a list of all authorized host names in the > > rhosts / shosts file. > > I'm not familiar with the use of .rhosts/.shosts, but I don't think those are needed at all with a machine or per-user known_hosts file/files utilizing host certificates. > > The known_hosts file can have patterns such as the following: > > @cert-authority...

.../.out$//'`; \ /opt/csw/gnu/sed -e 's|/etc/ssh/ssh_config|/usr/local/etc/ssh_config|g' -e 's|/etc/ssh/ssh_known_hosts|/usr/local/etc/ssh_known_hosts|g' -e 's|/etc/ssh/sshd_config|/usr/local/etc/sshd_config|g' -e 's|/usr/libexec|/usr/local/libexec|g' -e 's|/etc/shosts.equiv|/usr/local/etc/shosts.equiv|g' -e 's|/etc/ssh/ssh_host_key|/usr/local/etc/ssh_host_key|g' -e 's|/etc/ssh/ssh_host_ecdsa_key|/usr/local/etc/ssh_host_ecdsa_key|g' -e 's|/etc/ssh/ssh_host_dsa_key|/usr/local/etc/ssh_host_dsa_key|g' -e 's|/etc/ssh/ssh_host_rsa_key|/...

On 28/08/20 14:21, Matej Genci wrote: > VirtIO 1.0 spec says > The removed and rescan events ... when sent for LUN 0, they MAY > apply to the entire target so the driver can ask the initiator > to rescan the target to detect this. > > This change introduces the behaviour described above by scanning the > entire scsi target when LUN is set to 0. This is both a

On 28/08/20 14:21, Matej Genci wrote: > VirtIO 1.0 spec says > The removed and rescan events ... when sent for LUN 0, they MAY > apply to the entire target so the driver can ask the initiator > to rescan the target to detect this. > > This change introduces the behaviour described above by scanning the > entire scsi target when LUN is set to 0. This is both a

On 11/11/23 9:31 PM, Damien Miller wrote: > It's not discouraged so much as rarely used. It's very useful in some > situations and I can think of good reasons to use it more often (e.g > requiring both host and user identity as part of authentication). > > It definitely has more rough edges than user publickey authentication - > it's harder to set up (admin only)