Displaying 20 results from an estimated 10000 matches similar to: "[Bug 1471] New: sshd can block if authorized_keys is a named pipe"
[Bug 1469] New: Should sshd detect and reject vulnerable SSH keys (re: Debian DSA-1571 and DSA-1576)
2008 May 24
9
[Bug 1469] New: Should sshd detect and reject vulnerable SSH keys (re: Debian DSA-1571 and DSA-1576)
https://bugzilla.mindrot.org/show_bug.cgi?id=1469
Summary: Should sshd detect and reject vulnerable SSH keys (re:
Debian DSA-1571 and DSA-1576)
Classification: Unclassified
Product: Portable OpenSSH
Version: 5.0p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
2003 May 12
1
OpenSSH-3.6.1p2 PAM Problems
recently we upgraded a bunch of systems to OpenSSH-3.6.1p2. alot of our systems
have automated logins for backups or systems checks with ssh-keys, but (i think)
as a result of the Openwall/Solar Designer patch, pam_tally is incrementing off
the scales. pam_tally is tallying failed logins for keyed-only accounts:
attempts are made to authenticate those accounts via password authentication
before
2023 Nov 15
1
@cert-authority for hostbased auth - sans shosts?
On 11/11/23 9:31 PM, Damien Miller wrote:
> It's not discouraged so much as rarely used. It's very useful in some
> situations and I can think of good reasons to use it more often (e.g
> requiring both host and user identity as part of authentication).
>
> It definitely has more rough edges than user publickey authentication -
> it's harder to set up (admin only)
2003 Nov 13
1
SSHD password authentication issue in 4.9-RELEASE and 5.1-RELEASE
Wonder if you guys could help me out...have a security problem with sshd
wich enables a user to do a password login tough the sshd_config states
PasswordAuthentication no
My config works fine in both gentoo and openbsd 3.3 but users are able to
login with tunneled clear text passwords in both 4.9 and 5.1
Im lost.tried everything I can think of.
Here is the config:
2004 Dec 09
2
When the 1.0 release is planed?
Hi!
When the 1.0 release is planed?
2002 Mar 29
2
Non-interactive root access via hostbased using shosts.equiv
Hello all!
I'm looking for a solution to the following problem -
I need to be able to use OpenSSH from root on one
system to perform work on several dozen other systems
using some automation. The restrictions that have to
be met to keep the business happy are that no
cleartext passwords or unencrypted private keys can be
stored on disk. Since this is within an automated
environment, there
2004 May 24
3
Dovecot + SSL + Fedora
I've been seeing the Dovecot/SSL/Fedora 1 problem.
I have a dovecot server which tends to die at least once a day,
with messages like these :-
May 24 13:44:44 mail pop3-login: RAND_bytes() failed: error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded
May 24 13:44:44 mail dovecot: Login process died too early - shutting down
I noticed Timo's email about this at:
2003 Aug 19
3
splitting big authorized_keys files
Hello everybody,
I have a problem. You may have the answer :-)
I'd like to use openssh for an authentication service.
But that gives me a user, whose ~/.ssh/authorized_keys file has about 15000
entries.
With about 300 characters per line I'd get 4,5 MB of data.
I believe that this length of file could lead to performance issues; so I'm
looking for solutions.
I already saw the
2009 Jun 16
2
there should be an authorized_keys(5) man page
Hi.
On
http://openssh.org/manual.html
I think there should be
authorized_keys(5)
known_hosts(5)
Can an authorized_keys entry say something like
from=192.168.1.32,192.168.1.33 command=/bin/foo ...
or do I need to make a separate entry for each IP address?
Thanks
Dave
2012 Sep 14
5
[Bug 2042] New: Troubleshooting information should be logged when sshd doesn't have permission to read user's authorized_keys file
https://bugzilla.mindrot.org/show_bug.cgi?id=2042
Priority: P5
Bug ID: 2042
Assignee: unassigned-bugs at mindrot.org
Summary: Troubleshooting information should be logged when sshd
doesn't have permission to read user's authorized_keys
file
Severity: enhancement
Classification: Unclassified
2002 Apr 17
0
[Bug 220] New: sshd fails to read other users authorized_keys over nfs as root
http://bugzilla.mindrot.org/show_bug.cgi?id=220
Summary: sshd fails to read other users authorized_keys over nfs
as root
Product: Portable OpenSSH
Version: 3.0.2p1
Platform: All
URL: http://www.hut.fi/cc/
OS/Version: All
Status: NEW
Severity: major
Priority: P1
Component:
2015 Sep 07
1
[PATCH] customize: Create .ssh as 0700 and .ssh/authorized_keys as 0600 (RHBZ#1260778).
Both ssh-copy-id and ssh create .ssh as 0700. ssh-copy-id creates
.ssh/authorized_keys as 0600.
Thanks: Ryan Sawhill for finding the bug.
---
customize/ssh_key.ml | 4 ++--
src/guestfs.pod | 17 +++++++++++++++++
2 files changed, 19 insertions(+), 2 deletions(-)
diff --git a/customize/ssh_key.ml b/customize/ssh_key.ml
index 09664bf..dd6056f 100644
--- a/customize/ssh_key.ml
+++
2006 Jan 19
3
ownership of authorized_keys
Hi,
I would like to make it impossible for users to change the
contents of the authorized_keys-file.
I just found out about the sshd_config setting:
AuthorizedKeysFile /etc/ssh/authorized_keys/%u
But even in that case that file has to be owned by the user,
unless I set ``StrictModes no'' which would allow other
nastyness. I would like to request that that file could also be
owned by
2002 Jan 14
0
[Bug 66] New: $HOME/authorized_keys not read by sshd
http://bugzilla.mindrot.org/show_bug.cgi?id=66
Summary: $HOME/authorized_keys not read by sshd
Product: Portable OpenSSH
Version: -current
Platform: ix86
OS/Version: Linux
Status: RESOLVED
Severity: normal
Priority: P2
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
ReportedBy:
2013 Jul 15
3
[Bug 2128] New: ssh-copy-id doesn't check if a public key already exists in a remote servers ~/.ssh/authorized_keys file
https://bugzilla.mindrot.org/show_bug.cgi?id=2128
Bug ID: 2128
Summary: ssh-copy-id doesn't check if a public key already
exists in a remote servers ~/.ssh/authorized_keys file
Product: Portable OpenSSH
Version: -current
Hardware: Other
OS: Other
Status: NEW
Severity: enhancement
2007 Jul 13
1
Cygwin: store authorized_keys in /etc/ssh/user/authorized_keys?
Hi folks,
If I try to login on a Cygwin host via ssh, then my
.ssh on a network drive is unaccessible until I login.
I have to enter my password, even if my authorized_keys
would allow me to login without. This is fatal, since it
forces me to use an interactive session for working on a
Windows host. Unusable for automatic builds and tests
managed from a central machine, for example.
There is no
2009 Oct 31
2
authorized_keys command=""
Hello,
as I have read manual, if I use in file authorized_keys option
command="" with some command, no other commands will be permitted. I
have tried it, created authorized_keys2 for root and added there
command="rdiff-backup --server" and after that tried to login. Thit
command was executed, but I was normally able to supply other comand
as root. Can you tell me why?
Thank
2011 Dec 15
3
Retrieving authorized_keys via remote script
Here's a simple patch which retrieves authorized_keys via exec'ing a
program, rather than reading a flat file.
I added a simple option, AuthorizedKeysExec, to sshd_config which simply
executes the respective file, passing the username as argv[1].
Keys are returned via stdout.
Notes:
If AuthorizedKeysExec is set and an authorized_keys file exists,
checking the existing authorized_keys
2006 Oct 07
0
[Bug 1084] provide better error message if keys in authorized_keys contain CR/LF (was " sshd[6895]: fatal: buffer_get: trying to get more bytes 129 than in buffer 34")
http://bugzilla.mindrot.org/show_bug.cgi?id=1084
dtucker at zip.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
------- Comment #2 from dtucker at zip.com.au 2006-10-07 11:42 -------
Change all RESOLVED bug to CLOSED with the exception
2003 May 14
3
[Bug 220] sshd fails to read other users authorized_keys over nfs as root
http://bugzilla.mindrot.org/show_bug.cgi?id=220
------- Additional Comments From djm at mindrot.org 2003-05-14 23:06 -------
Any followup on this, Ben?
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.