search for: wuerstlein

...work in progress. There is a suite of tests, some documentation, a Debian package (not upstream and not yet confirming to Debian's policy) and a github repository, but of course everything could be nicer and shinier. Therefore I hereby ask for comments and suggestions. Greetings, Alexander Wuerstlein. ---- Alexander Wuerstlein Informatik 4 Univ. of Erlangen Martensstrasse 1 91058 Erlangen +49-9131-85-27824 arw at arw.name arw at cs.fau.de CDE28BE334E57BBBDA34F007D80C47C8898A5B24 snalwuer at cip.cs.fau.de http://www4.cs.fau.de/~ar...

Hi Alexander Wuerstlein Thank for the information. Now I agree that it's better to save the socket in /tmp/ I checked the source code and found that it is hard-coded. /* Allocate a buffer for the socket name, and format the name. */ auth_sock_dir = xstrdup("/tmp/ssh-XXXXXXXXXX"); It would b...

...t; > The second step is that the user on host logs in to the CA server, > > using it's password, it's private key and the hostkey. > > The user dos not do that, the localhost computer does this behind the scenes. Sounds like you are reinventing Kerberos. Ciao, Alexander Wuerstlein.

...ticate No patch needed. Hope this helps, Thomas [1] https://archive.fosdem.org/2015/schedule/event/caml_crush/ [2] https://github.com/ANSSI-FR/caml-crush On Fri, Jan 15, 2016 at 9:30 AM, Loganaden Velvindron <loganaden at gmail.com> wrote: > On Thu, Jan 14, 2016 at 7:12 PM, Alexander Wuerstlein <arw at cs.fau.de> wrote: >> Hello, >> >> in light of the recent CVE-2016-0777, I came up with the following idea, >> that would have lessened its impact. Feel free to ignore or flame me, >> maybe its stupid or I missed something :) >> > > Feel free t...

On Dec 6, 2013, at 8:21 AM, Alexander Wuerstlein wrote: > I'd like to announce "nutdown", a nut client written using perl > UPS::Nut. Thanks for posting this. One thing that I would consider changing is to treat "ups.status" as a set (splitting on whitespace, if any), and to not rely on the order of the status f...

Le 12/05/2017 ? 12:47, Alexander Wuerstlein a ?crit : > On 2017-05-12T12:07, mh at ow2.org <mh at ow2.org> wrote: >> I'm using 7.2p2-4ubuntu2.1 >> >> I have the same exact problem as described in the first comment in >> https://bugzilla.mindrot.org/show_bug.cgi?id=1573 >> >> Initially, my ldap...

...tion, if you don't want to have a socket reaching out of the chroot (including the corresponding possible chroot escape possibility) is to just "copy everything from ldap into a local file". Which would be exactly what https://github.com/google/nsscache does. YMMV. Ciao, Alexander Wuerstlein.

Hello, at my universities CS computer pools we're trying to migrate our samba3 based NT domain to AD with samba4-rc1. In the past we had a little script which our users could run on their own from their linux account which created a samba user with their own uid/gid and set their password (via smbpasswd). We're trying to recreate this behaviour with "samba-tool user create"

Hello, When trying out (g)pxelinux using TFTP URLs and the '<host>::<path>' syntax, pxelinux seemed to "hang". Some printf debugging and tcpdump revealed that it looped in the timeout after sending the TFTP RRQ. Further investigation revealed, that if a plain IP address (e.g. "tftp://12.34.56.78/something") is used, the byte order is not converted from host

...ell as Solaris (Solaris 10 06/06 x86, OpenSSH_4.5p1, OpenSSL 0.9.8d 28 Sep 2006) and FreeBSD (5.4, OpenSSH_3.6.1, SSH protocols 1.5/2.0, OpenSSL 0x0090804f). Unfortunately I have no OpenBSD box available to test that behaviour, so it could perhaps only affect portable OpenSSH. Ciao, Alexander Wuerstlein.

Le 12/05/2017 ? 14:03, Alexander Wuerstlein a ?crit : > On 2017-05-12T13:49, mh at ow2.org <mh at ow2.org> wrote: >> Le 12/05/2017 ? 12:47, Alexander Wuerstlein a ?crit : >>> On 2017-05-12T12:07, mh at ow2.org <mh at ow2.org> wrote: >>>> I'm using 7.2p2-4ubuntu2.1 >>>> >>>&gt...

Hi, Someone told me that DSA keys were being deprecated with OpenSSH 7.0. The only reference I could find about this topic on openSSH site is on the legacy page: ?OpenSSH 7.0 and greater similarly disable the ssh-dss (DSA) public key algorithm. It too is weak and we recommend against its use.? There is no explanation about the weakness. But more than that, I could not find any mention

...mean that: - ssh client could be stripped of any code that reads ssh-keys directly. - or using the mechanism above could be made an option SpawnPrivateAgent (possibly defaulting to 'yes') - maybe, if that works, one could do a similar thing for sshd and its hostkeys. Ciao, Alexander Wuerstlein.

On Sat, Nov 26, 2016 at 1:16 AM, Alexander Wuerstlein <arw at cs.fau.de> wrote: [...] > Afaik its because DSA key size has (for very weird reasons admittedly: > FIPS 186-4) been limited to 1024 bits which is considered weak nowadays. Use of DSA within the SSH protocol requires the use of SHA1, which is 160 bits (80 bits against a birthday...

On Thu, Apr 5, 2018 at 7:13 AM, Jan Bergner <jan.bergner at indurad.com> wrote: > Hello all. > > First of all, I want to extend my sincere thanks to all the people who > came to the rescue so quickly. > > In any case, there is obviously room for clarification on my part, so I > will try to describe the situation we had in more detail. > > In short: > Employees

...tion capabilities of certain shells, e.g. bash /dev/tcp/hostname/4711. Generally I think the problem of data exfiltration is unsolvable given sufficiently knowledable users and general-purpose software. One will always forget to plug one hole and to blacklist one more approach. Ciao, Alexander Wuerstlein.

I'm using 7.2p2-4ubuntu2.1 I have the same exact problem as described in the first comment in https://bugzilla.mindrot.org/show_bug.cgi?id=1573 Initially, my ldap server hostname and IP is only in /etc/hosts, not in the configured resolver. I can't use the real IP as a workaround in ldap.conf because of the TLS configuration which cares about the hostname. At the time I add the host

Hi, I'm looking for a procedure (on paper first) to provide users on hosts session keys to login to servers providing services like file, print or even access to internet or a sql db. The first step is that user has to authenticate on the local host via password. Paswword and usernames are centrally managed via ldap (or simular). The second step is that the user on host logs in to the CA

Dear OpenSSH developers, first thank you for this great tool! Me and a friend have experienced some seriously crazy interaction between Thunderbird and OpenSSH, the problem is it's not reproducable but as it left definite traces on the server and it could be a serious security problem I still want to report it. so the following happened: My friend is running Ubuntu 9.10 with the new

The idea behind this change is to add support for different "ssh-agents" being able to run at the same time. It does not change the current behaviour of the ssh-agent (which will set SSH_AUTH_SOCK just for itself). Neither does it change the behaviour of SSH_AGENT_PID (which still supports only one pid). The new implementation will go through the list of sockets (which are separated by a