search for: wuerstlein

Displaying 20 results from an estimated 26 matches for "wuerstlein".

2013 Dec 06
2
new related project nutdown: https://github.com/arwarw/nutdown
...work in progress. There is a suite of tests, some documentation, a Debian package (not upstream and not yet confirming to Debian's policy) and a github repository, but of course everything could be nicer and shinier. Therefore I hereby ask for comments and suggestions. Greetings, Alexander Wuerstlein. ---- Alexander Wuerstlein Informatik 4 Univ. of Erlangen Martensstrasse 1 91058 Erlangen +49-9131-85-27824 arw at arw.name arw at cs.fau.de CDE28BE334E57BBBDA34F007D80C47C8898A5B24 snalwuer at cip.cs.fau.de http://www4.cs.fau.de/~ar...
2017 Nov 02
2
Is it good for agent forwarding to creates socket in /tmp/
Hi Alexander Wuerstlein Thank for the information. Now I agree that it's better to save the socket in /tmp/ I checked the source code and found that it is hard-coded. /* Allocate a buffer for the socket name, and format the name. */ auth_sock_dir = xstrdup("/tmp/ssh-XXXXXXXXXX"); It would b...
2018 Aug 21
2
Good procedure?
...t; > The second step is that the user on host logs in to the CA server, > > using it's password, it's private key and the hostkey. > > The user dos not do that, the localhost computer does this behind the scenes. Sounds like you are reinventing Kerberos. Ciao, Alexander Wuerstlein.
2016 Jan 15
4
Proposal: always handle keys in separate process
...ticate No patch needed. Hope this helps, Thomas [1] https://archive.fosdem.org/2015/schedule/event/caml_crush/ [2] https://github.com/ANSSI-FR/caml-crush On Fri, Jan 15, 2016 at 9:30 AM, Loganaden Velvindron <loganaden at gmail.com> wrote: > On Thu, Jan 14, 2016 at 7:12 PM, Alexander Wuerstlein <arw at cs.fau.de> wrote: >> Hello, >> >> in light of the recent CVE-2016-0777, I came up with the following idea, >> that would have lessened its impact. Feel free to ignore or flame me, >> maybe its stupid or I missed something :) >> > > Feel free t...
2013 Dec 09
0
new related project nutdown: https://github.com/arwarw/nutdown
On Dec 6, 2013, at 8:21 AM, Alexander Wuerstlein wrote: > I'd like to announce "nutdown", a nut client written using perl > UPS::Nut. Thanks for posting this. One thing that I would consider changing is to treat "ups.status" as a set (splitting on whitespace, if any), and to not rely on the order of the status f...
2017 May 12
2
ls hangs in internal-sftp for LDAP users
Le 12/05/2017 ? 12:47, Alexander Wuerstlein a ?crit : > On 2017-05-12T12:07, mh at ow2.org <mh at ow2.org> wrote: >> I'm using 7.2p2-4ubuntu2.1 >> >> I have the same exact problem as described in the first comment in >> https://bugzilla.mindrot.org/show_bug.cgi?id=1573 >> >> Initially, my ldap...
2017 May 18
2
ls hangs in internal-sftp for LDAP users + numeric uid/gid instead of names
...tion, if you don't want to have a socket reaching out of the chroot (including the corresponding possible chroot escape possibility) is to just "copy everything from ldap into a local file". Which would be exactly what https://github.com/google/nsscache does. YMMV. Ciao, Alexander Wuerstlein.
2012 Sep 24
4
samba4: samba-tool and (unix) uids
Hello, at my universities CS computer pools we're trying to migrate our samba3 based NT domain to AD with samba4-rc1. In the past we had a little script which our users could run on their own from their linux account which created a samba user with their own uid/gid and set their password (via smbpasswd). We're trying to recreate this behaviour with "samba-tool user create"
2010 Jul 20
3
fix byte ordering problem in TFTP/PXE fs access
Hello, When trying out (g)pxelinux using TFTP URLs and the '<host>::<path>' syntax, pxelinux seemed to "hang". Some printf debugging and tcpdump revealed that it looped in the timeout after sending the TFTP RRQ. Further investigation revealed, that if a plain IP address (e.g. "tftp://12.34.56.78/something") is used, the byte order is not converted from host
2007 Mar 23
1
Permissions on the ssh-agent socket
...ell as Solaris (Solaris 10 06/06 x86, OpenSSH_4.5p1, OpenSSL 0.9.8d 28 Sep 2006) and FreeBSD (5.4, OpenSSH_3.6.1, SSH protocols 1.5/2.0, OpenSSL 0x0090804f). Unfortunately I have no OpenBSD box available to test that behaviour, so it could perhaps only affect portable OpenSSH. Ciao, Alexander Wuerstlein.
2017 May 18
2
ls hangs in internal-sftp for LDAP users + numeric uid/gid instead of names
Le 12/05/2017 ? 14:03, Alexander Wuerstlein a ?crit : > On 2017-05-12T13:49, mh at ow2.org <mh at ow2.org> wrote: >> Le 12/05/2017 ? 12:47, Alexander Wuerstlein a ?crit : >>> On 2017-05-12T12:07, mh at ow2.org <mh at ow2.org> wrote: >>>> I'm using 7.2p2-4ubuntu2.1 >>>> >>>&gt...
2016 Nov 23
2
Inconsistency between legacy and release notes?
Hi, Someone told me that DSA keys were being deprecated with OpenSSH 7.0. The only reference I could find about this topic on openSSH site is on the legacy page: ?OpenSSH 7.0 and greater similarly disable the ssh-dss (DSA) public key algorithm. It too is weak and we recommend against its use.? There is no explanation about the weakness. But more than that, I could not find any mention
2016 Jan 14
4
Proposal: always handle keys in separate process
...mean that: - ssh client could be stripped of any code that reads ssh-keys directly. - or using the mechanism above could be made an option SpawnPrivateAgent (possibly defaulting to 'yes') - maybe, if that works, one could do a similar thing for sshd and its hostkeys. Ciao, Alexander Wuerstlein.
2016 Nov 28
2
Inconsistency between legacy and release notes?
On Sat, Nov 26, 2016 at 1:16 AM, Alexander Wuerstlein <arw at cs.fau.de> wrote: [...] > Afaik its because DSA key size has (for very weird reasons admittedly: > FIPS 186-4) been limited to 1024 bits which is considered weak nowadays. Use of DSA within the SSH protocol requires the use of SHA1, which is 160 bits (80 bits against a birthday...
2018 Apr 05
2
OpenSSH-Client without reverse tunnel ability
On Thu, Apr 5, 2018 at 7:13 AM, Jan Bergner <jan.bergner at indurad.com> wrote: > Hello all. > > First of all, I want to extend my sincere thanks to all the people who > came to the rescue so quickly. > > In any case, there is obviously room for clarification on my part, so I > will try to describe the situation we had in more detail. > > In short: > Employees
2018 Apr 04
2
OpenSSH-Client without reverse tunnel ability
...tion capabilities of certain shells, e.g. bash /dev/tcp/hostname/4711. Generally I think the problem of data exfiltration is unsolvable given sufficiently knowledable users and general-purpose software. One will always forget to plug one hole and to blacklist one more approach. Ciao, Alexander Wuerstlein.
2017 May 12
3
ls hangs in internal-sftp for LDAP users
I'm using 7.2p2-4ubuntu2.1 I have the same exact problem as described in the first comment in https://bugzilla.mindrot.org/show_bug.cgi?id=1573 Initially, my ldap server hostname and IP is only in /etc/hosts, not in the configured resolver. I can't use the real IP as a workaround in ldap.conf because of the TLS configuration which cares about the hostname. At the time I add the host
2018 Aug 21
2
Good procedure?
Hi, I'm looking for a procedure (on paper first) to provide users on hosts session keys to login to servers providing services like file, print or even access to internet or a sql db. The first step is that user has to authenticate on the local host via password. Paswword and usernames are centrally managed via ldap (or simular). The second step is that the user on host logs in to the CA
2010 Apr 02
1
Extremely weired Thunderbird OpenSSH interaction
Dear OpenSSH developers, first thank you for this great tool! Me and a friend have experienced some seriously crazy interaction between Thunderbird and OpenSSH, the problem is it's not reproducable but as it left definite traces on the server and it could be a serious security problem I still want to report it. so the following happened: My friend is running Ubuntu 9.10 with the new
2015 Sep 26
5
[RFC][PATCH v2] Support a list of sockets on SSH_AUTH_SOCK
The idea behind this change is to add support for different "ssh-agents" being able to run at the same time. It does not change the current behaviour of the ssh-agent (which will set SSH_AUTH_SOCK just for itself). Neither does it change the behaviour of SSH_AGENT_PID (which still supports only one pid). The new implementation will go through the list of sockets (which are separated by a