similar to: [Bug 1471] New: sshd can block if authorized_keys is a named pipe

https://bugzilla.mindrot.org/show_bug.cgi?id=1469 Summary: Should sshd detect and reject vulnerable SSH keys (re: Debian DSA-1571 and DSA-1576) Classification: Unclassified Product: Portable OpenSSH Version: 5.0p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2

recently we upgraded a bunch of systems to OpenSSH-3.6.1p2. alot of our systems have automated logins for backups or systems checks with ssh-keys, but (i think) as a result of the Openwall/Solar Designer patch, pam_tally is incrementing off the scales. pam_tally is tallying failed logins for keyed-only accounts: attempts are made to authenticate those accounts via password authentication before

On 11/11/23 9:31 PM, Damien Miller wrote: > It's not discouraged so much as rarely used. It's very useful in some > situations and I can think of good reasons to use it more often (e.g > requiring both host and user identity as part of authentication). > > It definitely has more rough edges than user publickey authentication - > it's harder to set up (admin only)

Wonder if you guys could help me out...have a security problem with sshd wich enables a user to do a password login tough the sshd_config states PasswordAuthentication no My config works fine in both gentoo and openbsd 3.3 but users are able to login with tunneled clear text passwords in both 4.9 and 5.1 Im lost.tried everything I can think of. Here is the config:

Hi! When the 1.0 release is planed?

Hello all! I'm looking for a solution to the following problem - I need to be able to use OpenSSH from root on one system to perform work on several dozen other systems using some automation. The restrictions that have to be met to keep the business happy are that no cleartext passwords or unencrypted private keys can be stored on disk. Since this is within an automated environment, there

I've been seeing the Dovecot/SSL/Fedora 1 problem. I have a dovecot server which tends to die at least once a day, with messages like these :- May 24 13:44:44 mail pop3-login: RAND_bytes() failed: error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded May 24 13:44:44 mail dovecot: Login process died too early - shutting down I noticed Timo's email about this at:

Hello everybody, I have a problem. You may have the answer :-) I'd like to use openssh for an authentication service. But that gives me a user, whose ~/.ssh/authorized_keys file has about 15000 entries. With about 300 characters per line I'd get 4,5 MB of data. I believe that this length of file could lead to performance issues; so I'm looking for solutions. I already saw the

Hi. On http://openssh.org/manual.html I think there should be authorized_keys(5) known_hosts(5) Can an authorized_keys entry say something like from=192.168.1.32,192.168.1.33 command=/bin/foo ... or do I need to make a separate entry for each IP address? Thanks Dave

https://bugzilla.mindrot.org/show_bug.cgi?id=2042 Priority: P5 Bug ID: 2042 Assignee: unassigned-bugs at mindrot.org Summary: Troubleshooting information should be logged when sshd doesn't have permission to read user's authorized_keys file Severity: enhancement Classification: Unclassified

http://bugzilla.mindrot.org/show_bug.cgi?id=220 Summary: sshd fails to read other users authorized_keys over nfs as root Product: Portable OpenSSH Version: 3.0.2p1 Platform: All URL: http://www.hut.fi/cc/ OS/Version: All Status: NEW Severity: major Priority: P1 Component:

Both ssh-copy-id and ssh create .ssh as 0700. ssh-copy-id creates .ssh/authorized_keys as 0600. Thanks: Ryan Sawhill for finding the bug. --- customize/ssh_key.ml | 4 ++-- src/guestfs.pod | 17 +++++++++++++++++ 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/customize/ssh_key.ml b/customize/ssh_key.ml index 09664bf..dd6056f 100644 --- a/customize/ssh_key.ml +++

Hi, I would like to make it impossible for users to change the contents of the authorized_keys-file. I just found out about the sshd_config setting: AuthorizedKeysFile /etc/ssh/authorized_keys/%u But even in that case that file has to be owned by the user, unless I set ``StrictModes no'' which would allow other nastyness. I would like to request that that file could also be owned by

http://bugzilla.mindrot.org/show_bug.cgi?id=66 Summary: $HOME/authorized_keys not read by sshd Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: Linux Status: RESOLVED Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy:

https://bugzilla.mindrot.org/show_bug.cgi?id=2128 Bug ID: 2128 Summary: ssh-copy-id doesn't check if a public key already exists in a remote servers ~/.ssh/authorized_keys file Product: Portable OpenSSH Version: -current Hardware: Other OS: Other Status: NEW Severity: enhancement

Hi folks, If I try to login on a Cygwin host via ssh, then my .ssh on a network drive is unaccessible until I login. I have to enter my password, even if my authorized_keys would allow me to login without. This is fatal, since it forces me to use an interactive session for working on a Windows host. Unusable for automatic builds and tests managed from a central machine, for example. There is no

Hello, as I have read manual, if I use in file authorized_keys option command="" with some command, no other commands will be permitted. I have tried it, created authorized_keys2 for root and added there command="rdiff-backup --server" and after that tried to login. Thit command was executed, but I was normally able to supply other comand as root. Can you tell me why? Thank

Here's a simple patch which retrieves authorized_keys via exec'ing a program, rather than reading a flat file. I added a simple option, AuthorizedKeysExec, to sshd_config which simply executes the respective file, passing the username as argv[1]. Keys are returned via stdout. Notes: If AuthorizedKeysExec is set and an authorized_keys file exists, checking the existing authorized_keys

http://bugzilla.mindrot.org/show_bug.cgi?id=1084 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED ------- Comment #2 from dtucker at zip.com.au 2006-10-07 11:42 ------- Change all RESOLVED bug to CLOSED with the exception

http://bugzilla.mindrot.org/show_bug.cgi?id=220 ------- Additional Comments From djm at mindrot.org 2003-05-14 23:06 ------- Any followup on this, Ben? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.