Displaying 8 results from an estimated 8 matches for "ussh".
Did you mean:
ssh
2018 Sep 17
7
add keys and certificate to forwarded agent on remote host
...for example, over
ansible and keeping a record of who performed the actions, something ssh
certificates solves well.
The problem is then to automate certificate issuance since it would be
pretty arduous for someone to keep issuing short-lived user
certificates.
I was intrigued to read Uber's ussh announcement page and wondered if
this suggests a route for doing so:
(https://medium.com/uber-security-privacy/introducing-the-uber-ssh-certificate-authority-4f840839c5cc)
An employee gets a ussh certificate when they run the ussh command.
This connects to the USSHCA, performs the pam con...
2016 Jul 15
16
[Bug 2598] New: ssh-agent very occasionally won't remove keys or certs despite now() >= lifetime
https://bugzilla.mindrot.org/show_bug.cgi?id=2598
Bug ID: 2598
Summary: ssh-agent very occasionally won't remove keys or certs
despite now() >= lifetime
Product: Portable OpenSSH
Version: 6.9p1
Hardware: amd64
OS: Mac OS X
Status: NEW
Severity: minor
Priority: P5
2017 Dec 25
2
OpenSSH key signing service?
...nd of what I was asking for in
> the OP :)
netflix's bless has been around for a while. https://github.com/Netflix/bless
nial sheridan gave a talk recently at LISA about cashier.
https://github.com/nsheridan/cashier
and finally i'm hoping to have all the necessary approvals to release
ussh early next year. I wrote about ussh here
https://medium.com/uber-security-privacy/introducing-the-uber-ssh-certificate-authority-4f840839c5cc
Cheers,
peter
2020 Jul 21
3
[RFC PATCH 0/4] PAM module for ssh-agent user authentication
On Mon, Jul 20, 2020 at 08:24:45PM -0700, Peter Moody wrote:
> I wrote something a lot like this when I was at uber
>
> https://github.com/pmoody-/pam-ussh
>
> (the uber version is here: https://github.com/uber/pam-ussh)
Needing PAM auth via ssh-agent is not so uncommon and yet using sshd
is not necessarily the first (or best) solution to come to mind.
Having it available as part of openssh would be a useful bridgehead for
educating users tow...
2017 Dec 25
4
OpenSSH key signing service?
On Sun, Dec 24, 2017 at 9:54 PM, David Newall <openssh at davidnewall.com> wrote:
> On 25/12/17 00:11, John Devitofranceschi wrote:
>>
>> Besides ssh.com?s PrivX product, has anyone created a web service that can
>> be used to issue temporary certkeys to authenticated users?
>>
>> Any pointers appreciated!
>
>
> I expect that what I'm about to
2024 Feb 08
2
Authentication using federated identity
I know that there are some methods to use federated identities (e.g.
OAuth2) with SSH authentication but, from what I've seen, they largely
seem clunky and require users to interact with web browsers to get one
time tokens. Which is sort of acceptable for occasional logins but
doesn't work with automated/scripted actions.
I'm just wondering if anyone has done any work on this or
2019 Mar 15
3
prompt to update a host key
On Fri, Mar 15, 2019 at 09:10:26AM +0000, Jochen Bern wrote:
> Imagine sysadminning a boatload of VMs getting IPs from a dynamic pool, a la
>
> $ for ADDR in $CUSTOMER_1_RANGE $CUSTOMER_2_RANGE... ; do
> > ping -c 1 -w 2 $ADDR >/dev/null 2>&1 && ssh root@$ADDR do_urgent_fix
> > done
>
> , and it mightn't be that much of a niche anymore ...
And
2020 Jul 21
11
[RFC PATCH 0/4] PAM module for ssh-agent user authentication
Hi,
The main (and probably the only) use case of this PAM module is to let
sudo authenticate users via their ssh-agent, therefore without having
to type any password and without being tempted to use the NOPASSWD sudo
option for such convenience.
The principle is originally implemented by an existing module [0][1]
and many pages that explain how to use it for such purpose can be
found online.