similar to: [Bug 1180] Add finer-grained controls to sshd

http://bugzilla.mindrot.org/show_bug.cgi?id=1180 ------- Comment #7 from dtucker at zip.com.au 2007-02-19 22:41 ------- Created an attachment (id=1240) --> (http://bugzilla.mindrot.org/attachment.cgi?id=1240&action=view) Add support for auth types to Match This patch (against 4.5p1) allows a Match directive to control different authentication types. This patch was just committed

Hi OpenSSH devs, I?m wondering if the following has any merit and can be done securely ... If you could match on principals in the sshd_config, then (for example) on a gateway machine, you could have something like /etc/ssh/authorized_keys/sshfwd: cert-authority,principals=?batcha-fwd,batchb-fwd? ... /etc/ssh/sshd_config containing: Match User sshfwd PubkeyAuthentication yes

On Wed, Nov 19, 2014 at 11:47:11PM +0100, Nicolas Ecarnot wrote: > OK, I'm progressing : the ssh issue seems to be gone. > I changed some parameters but not sure which one are relevant. > When comparing with a fresh install, here are the diffs : > > root:/etc# diff /etc/ssh/sshd_config /tmp/sshd_config > 43a44 > > LogLevel DEBUG3 > 48c49 > < #PermitRootLogin

AFAIK everything you described here could be done using the AuthorizedKeysCommand or AuthorizedPrincipalsCommand directives. These can emit authorized_keys options (inc. permitopen) as well as the allowed keys/principals. On Sun, 12 Nov 2023, Bret Giddings wrote: > Hi OpenSSH devs, > > I?m wondering if the following has any merit and can be done securely ... > > If you could

https://bugzilla.mindrot.org/show_bug.cgi?id=2618 Bug ID: 2618 Summary: net-misc/openssh-7.2_p2: Terribly slow Interactive Logon Product: Portable OpenSSH Version: 7.2p2 Hardware: amd64 OS: Linux Status: NEW Severity: major Priority: P5 Component: sshd

Hi All. For various reasons, we're currently looking at extending (or even overhauling) the config parser used for sshd_config. Right now the syntax I'm looking at is a cumulative "Match" keyword that matches when all of the specified criteria are met. This would be similar the the Host directive used in ssh_config, although it's still limiting (eg you can't easily

No answers on secureshell at securityfocus.com I must be doing something wrong or the server seems to ignore my bind request. Port forwarding is working it just bind to all ips and ignores my bind request. I've also tried this with an rfc1918 address opposed to a loopback and had the same results. Google and the archive haven't helped. Thanks in advance for your time and consideration.

Le 19/11/2014 22:19, Richard W.M. Jones a écrit : > On Wed, Nov 19, 2014 at 10:05:53PM +0100, Nicolas Ecarnot wrote: >> Nov 19 21:54:52 serv-p2v-adm1 sshd[2727]: pam_unix(sshd:session): >> session opened for user root by (uid=0) >> Nov 19 21:54:53 serv-p2v-adm1 sshd[2725]: channel 2: open failed: >> connect failed: Connection refused >> Nov 19 21:54:53

http://bugzilla.mindrot.org/show_bug.cgi?id=1266 Summary: incompatibility between s/key and keys Autentification Product: Portable OpenSSH Version: 4.4p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Miscellaneous AssignedTo: bitbucket at mindrot.org

https://bugzilla.mindrot.org/show_bug.cgi?id=2190 Bug ID: 2190 Summary: Nagios command check_ssh Product: Portable OpenSSH Version: 6.2p1 Hardware: ix86 OS: FreeBSD Status: NEW Severity: normal Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org

Maybe I am not testing the signin correctly. Here is what I am doing. I sign into the client/workstation (hereafter referred to as C/W) via ssh as the local "admin" from another C/W so I can open many terminals to tail log files. Then "sudo -i" into "root". All testing is run as "root". When I sign into "root", I see this: > admin at lws4:~$

Summary: the newish fourth forwarding argument does not correctly specify the interface on the remote machine for a tunnel in -R On OpenSSH_4.3p2 OpenSSL 0.9.7g 11 Apr 2005, on Kanotix 2.9 kernel 2.6.16.2 and Cygwin 1.5.19(0.150/4/2) and (old) FreeBSD 4.6-RELEASE sshd_config file: AllowTcpForwarding yes GatewayPorts yes Set up a forwarding tunnel: From a Kanotix box inside my firewall:

Hi, I am not sure this is a bug in Openssh or not. I am running Openssh 4.1p1. with openssl 0.9.7g Scenario: Due to audit enabled on the system, I will need to set Uselogin to yes so that audit will track system call. But when try to login to system with a LDAP user. I get the following. eg: [n113839 at r3ent15pc ~]$ ssh tfstst1 -l ntesting1 ntesting1 at tfstst1's password: Login incorrect

Hi there ! I have an issue with my OpenSSH + PAM configuration on a RedHat Advanced server 2..1 I want to authenticate users connecting to a server using ssh against a radius server. The radius client/server part works ok when I test it with some utilities. I think I have a problem with my ssh which does not pass the username/password to my pam sshd module. I have upgraded to openssh-4.2p1.

[Not subscribed to this list, so please respond directly if you need to speak to me] In man5/sshd_config.5, a permissible keyword in a 'Match' block is missing. It currently lists only: AllowTcpForwarding, Banner, ForceCommand, GatewayPorts, GSSApiAuthentication, KbdInteractiveAuthentication, KerberosAuthentication, PasswordAuthentication, PermitOpen, PermitRootLogin,

On 08/03/16 02:12, Darren Tucker wrote: > On Wed, Aug 3, 2016 at 7:42 AM, rl <rainer.laatsch at t-online.de> wrote: > [...] >> /Data/openssh-7.3p1/DESTDIR/usr/local/sbin/sshd -p 222 -f \n >> DESTDIR/usr/local/etc/sshd_config > > It looks like you have an embedded newline in the config file name > you're passing to sshd. If that's the case I'm

Hello, We'd like to allow passwords only from the local network, and allow public key auth from on-campus or off-campus. The server runs SuSE Linux, and we might do the same on RHEL/CentOS & Mac OS X if we can get it to work. Unfortunately, Match allows PasswordAuthentication but not ChallengeResponseAuthentication. Is there any reason ChallengeResponseAuthentication cannot be

Hello List. ? i?m trying to setup a limited SSH server with SFTP. The requirements: -????????? There are users to whom only SFTP should be available. (sftp-only group) -????????? There are users to whom SFTP and shell access should be available (admin group) -????????? SFTP clients have to authenticate with username and password -????????? shell users have to authenticate with private key.

The following is a patch I've been working on to support a "ChrootUser" option in the sshd_config file. I was looking for a way to offer sftp access and at the same time restict interactive shell access. This patch is a necessary first step (IMO). It applies clean with 'patch -l'. Also attached is a shell script that helps to build a chrooted home dir on a RedHat 7.2

I've configured OpenSSH_5.3p1 to only allow sftp connections (openssh chroot functionality). i.e. Subsystem sftp internal-sftp Match group sftpusers ChrootDirectory /chroot/%u X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp So far everything works correctly with sftp but when a user ssh's or scp's to the box the login