similar to: [Bug 22] VOLUNTEER:Addition of user based control of authentication methods

I have sshd server sshd -V ... OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014 ... running on linux/64 with cat sshd_config ... PubkeyAuthentication yes PasswordAuthentication no ChallengeResponseAuthentication no

I run OpenSSH on linux @ client which ssh /usr/local/bin/ssh ssh -v OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014 @ server which sshd /usr/local/bin/sshd sshd -v unknown option -- V OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014 usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-c host_cert_file] [-E log_file] [-f config_file] [-g login_grace_time]

I added a few features to openssh for my local use that I think would be more broadly useful. I basically added access control lists to control who would be allowed public key authentication. I added four config file entries for the server: PubkeyAllowUsers PubkeyDenyUsers PubkeyAllowGroups PubkeyDenyGroups These follow the same sematics as the already existing entries for

When using PAM to do password authenticaion the attempt/failure counter appears to be getting confused. This is using a rh62 system with the openssh-2.9p2-1 rpms... On the client side... [matthewm at toadhall (7) matthewm]$ grep Auth /etc/ssh/ssh_config RhostsAuthentication no RhostsRSAAuthentication no HostbasedAuthentication no RSAAuthentication no PubkeyAuthentication yes

Hi, On Fri, Jan 9, 2015, at 10:48 AM, Tim Rice wrote: > My ssh_config has > Host * > HostbasedAuthentication yes > EnableSSHKeysign yes > NoHostAuthenticationForLocalhost yes > > NoHostAuthenticationForLocalhost is not necessary. > The one you are missing is EnableSSHKeysign. > > Additionally, you made no mention of your ssh_known_hosts files. Make > sure

Hi All, I noticed that if I put: AuthorizedKeysFile .ssh/authorized_keys in my sshd_config file, pub/priv key authentication no longer worked. I am using OpenSSH_5.4p1, OpenSSL 0.9.8n 24 Mar 2010 on Archlinux. Sam ****************** Here is my WORKING config ****************** Port 22 ListenAddress 0.0.0.0 Protocol 2 PermitRootLogin no PubkeyAuthentication yes #AuthorizedKeysFile

http://bugzilla.mindrot.org/show_bug.cgi?id=237 Summary: Key authentication failed with SSH 2 / Path wrong Product: Portable OpenSSH Version: 3.1p1 Platform: Sparc OS/Version: Solaris Status: NEW Severity: major Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org

I'm trying to use sftp from a 2.9.9p2 client, connecting to a F-Secure 2.4.0 server, but consistently get the following. debug1: authentications that can continue: hostbased,publickey,password debug1: next auth method to try is publickey debug1: try privkey: /path/acct/.ssh/id_rsa debug1: try pubkey: /path/acct/.ssh/id_dsa debug1: authentications that can continue:

http://bugzilla.mindrot.org/show_bug.cgi?id=1180 Summary: Add finer-grained controls to sshd Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org ReportedBy: dtucker at

All, Forgive me if this is has been covered. I didn't find what I was looking for in the man pages or on the list archives. What is the status of being able to require a user to perform multiple methods of authentication. I.E. BOTH kerberos and pubkey -or- BOTH kerb V and smartcard -etc. etc. etc.- I saw an entry on the archive from Markus and Tom in Arpil 2001 that said

https://bugzilla.mindrot.org/show_bug.cgi?id=2082 Bug ID: 2082 Summary: Please add pubkey fingerprint to authentication log message Classification: Unclassified Product: Portable OpenSSH Version: 6.2p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5

How difficult would it be to enhance the client ssh_config file to allow command-based declarations similar to that provided by the "Host" keyword? The main reason I need something like this is when ssh is used via CVS and Subversion. I want all CVS/Subversion traffic to use a different SSH port and different authentication options. So... you might have an ssh_config file that

http://bugzilla.mindrot.org/show_bug.cgi?id=974 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|normal |enhancement Platform|HPPA |All Summary|Enhancement : Record |Record Badlogins for

I would like disable password authentication in sshd for particular users, without locking their UNIX password, and without requiring all users to use PubkeyAuthentication. I cannot find a documented way to accomplish this in OpenSSH. Is it currently possible? If not, I think this would be a very useful feature to add. I believe that each user should have some control of which authentication

On Thu, 20 Feb 2020 at 10:48, Darren Tucker <dtucker at dtucker.net> wrote: > Well I'd like to see it work, but at the moment it's not clear to me > what the problem is. Turned out I saved an old VAC (8.0) eval kit for my olde faithful AIX box, so I was able to build OpenSSH 8.2 with VAC against OpenSSL 1.1.1d thusly: $ blibpath=/usr/lib:/usr/local/lib CC=/usr/vac/bin/cc

http://bugzilla.mindrot.org/show_bug.cgi?id=712 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO| |793 nThis| | Status|NEW |ASSIGNED ------- Additional

Is there any way to disable the authentication agent globally? I'm not quite sure I understand it's purpose. Here is some background info: workstation: Key pair (dsa). host1: No key pair. No authorized_keys. host2: Has my workstation's key in authorized_keys. I ssh to host1 from my workstation. I ssh to host2 from host1. I am asked for a password. Good. I ssh to host2 from my

Hello! With this email we release an extension to OpenSSH that was initially developed as project for our studies at the Univerity of Applied Sciences in Hagenberg. First we would like to describe the purpose of using Zero-Knowledge (ZK) for user authentication. Traditional authentication methods like challenge-response with passwords or public keys leak information about the credentials of

http://bugzilla.mindrot.org/show_bug.cgi?id=1065 Summary: password expiration and SSH keys don't go well together Product: Portable OpenSSH Version: 4.1p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: PAM support AssignedTo: bitbucket at mindrot.org

https://bugzilla.mindrot.org/show_bug.cgi?id=2678 Bug ID: 2678 Summary: PubKey Authentication fails when more than one user/group ACL is set on any Path component to authorized_keys Product: Portable OpenSSH Version: 5.3p1 Hardware: amd64 OS: Linux Status: NEW