Displaying 3 results from an estimated 3 matches for "sshfwkd".
Did you mean:
sshfwd
2024 Jul 04
4
Request for a Lockdown option
...P.
I think this could be a good builtin functionality of OpenSSH, it
already has all of the public/private key trust infrastructure
available, what is missing is just the plumbing to connect it the
firewall. Maybe it could go into a separate binary and not in the
default sshd though. How about a sshfwkd?
/Simon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 255 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20240704/1de5ebbc/attachment.asc>
2024 Jul 04
1
Request for a Lockdown option
...ink this could be a good builtin functionality of OpenSSH, it
|already has all of the public/private key trust infrastructure
|available, what is missing is just the plumbing to connect it the
|firewall. Maybe it could go into a separate binary and not in the
|default sshd though. How about a sshfwkd?
With the possibilities that ssh-keygen -Y sign|verify have added,
one could easily adapt the server and client to send "user-name
MSG", so that the server could look into authorized_keys of
user-name and verify MSG, whatever that is.
(Or only use the current encryption thing for user-na...
2024 Jul 04
1
Request for a Lockdown option
On 04.07.24 01:41, Manon Goo wrote:
> - some users private keys are lost
Then you go and remove the corresponding pubkeys from wherever they're
configured.
Seriously, even if you do not scan which pubkey is configured where
*now* (as is part of our usual monitoring), it'll be your "number <3"
task *then* to go hunt it down.
> And you want to lock down the sshd