similar to: ssh, .shosts and RH6.2: user logins ok, root not

On 11/15/23, 10:51 AM, "openssh-unix-dev on behalf of Marian Beermann" <openssh-unix-dev-bounces+iain.morgan=nasa.gov at mindrot.org <mailto:nasa.gov at mindrot.org> on behalf of public at enkore.de <mailto:public at enkore.de>> wrote: On 11/15/23 18:09, Chris Rapier wrote: > On 11/11/23 9:31 PM, Damien Miller wrote: > >> It's not discouraged so much as

I just recently installed OpenSSH 2.5.1p1 on a RH6.2 box (kernel 2.2.17). I run ipchains to do packet filtering, allowing incoming connections only to 22 and 80 (and some other ports for specific machines). I was able to run prior versions of openssh in this fashion (I've run it from the first release, I think). Upon installing 2.5.1p1 I found that my attempts to connect hang, here is ssh

Hi, we're looking to reduce the number of host lists that need to be kept in sync in our system. (There are quite a few of them all over the place) OpenSSH CAs are an obvious solution for not having to keep all host keys in sync in /etc/ssh/known_hosts, however, while OpenSSH does support using a CA in conjunction with hostbased authentication, it still requires a list of all authorized

On Fri, 10 Nov 2023, Rory Campbell-Lange wrote: > On 09/11/23, Marian Beermann (public at enkore.de) wrote: > > ... while OpenSSH does support using a CA in conjunction with hostbased > > authentication, it still requires a list of all authorized host names in the > > rhosts / shosts file. > > I'm not familiar with the use of .rhosts/.shosts, but I don't think

On 09/11/23, Marian Beermann (public at enkore.de) wrote: > ... while OpenSSH does support using a CA in conjunction with hostbased > authentication, it still requires a list of all authorized host names in the > rhosts / shosts file. I'm not familiar with the use of .rhosts/.shosts, but I don't think those are needed at all with a machine or per-user known_hosts file/files

Hi, does anyone have any elegant solutions for managing shosts.equiv? In my puppet ssh module, host keys for /etc/ssh/ssh_known_hosts are automatically managed with: @@sshkey { $hostname: ensure => present, type => "rsa", key => $sshrsakey, } Sshkey <<| |>> Is there a similar construct for

Hello, The ssh deamon from OpenSSH_2.5.2p2 first does a seteuid(uid) and then stat($HOME/.shosts) to check whether a .shosts file is there. This seems to be a problem when homedirectories are only accessible "by group permission"; for example in the following (as I guess quite common) case: drwxr-x--- root mygroup 512 Apr 10 12:09 mygroup And my personal homedirectory would now

http://bugzilla.mindrot.org/show_bug.cgi?id=251 Summary: openssh-3.2.2p1-1.src.rpm won't build under RH6.2 Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: openssh-unix-dev at mindrot.org

I figured this out -- looks like 2.5.1p1 is now using ports < 1024 on the client side (wasn't before?). I had a ipchains rule to allow ACK packets to 1024:65535, which was good enough for <= 2.3.0p1 : #allow only ACK tcp packed ipchains -A input -j ACCEPT -i eth0 -s any/0 --dport 1024:65535 -p tcp ! -y So I added the following : #allow return from ssh connections ipchains -A input -j

Hello all! I'm looking for a solution to the following problem - I need to be able to use OpenSSH from root on one system to perform work on several dozen other systems using some automation. The restrictions that have to be met to keep the business happy are that no cleartext passwords or unencrypted private keys can be stored on disk. Since this is within an automated environment, there

On 11/10/23 04:17, Damien Miller wrote: > AIUI what he is asking for is a file that combines the host identity > of the system-wide ssh_known_hosts file with the host/user authorisation > of shosts in a single file. > > This might be a little cleaner, but IMO not so much so as to be highly > motivating (personally). > > -d Yup, but since this is auth code I imagine it

On Sat, 11 Nov 2023, Marian Beermann wrote: > On 11/10/23 04:17, Damien Miller wrote: > > AIUI what he is asking for is a file that combines the host identity > > of the system-wide ssh_known_hosts file with the host/user authorisation > > of shosts in a single file. > > > > This might be a little cleaner, but IMO not so much so as to be highly > >

I'm trying to replace ssh 1.2.27 with openssh 1.2.1-pre* It seems that a openssh client accessing any openssh/ssh server I've setup always results in a password prompt. It also seems that a openssh server requires ssh clients to provide a password regardless of the entries in the /etc/ssh/shosts.equiv file. If I shut off the openssh server and run a ssh server then normal ssh client

Hello; Forgive me for asking on this list, but I've noticed that their has been some recent changes to the code with regards to netgroup.h, and hoping that someone on this list can help, I've already tried the users list. I am having difficulties setting up ssh (ossh4.3p2 with PAM-enabled [DO I NEED IT?] - NIS -Solaris8/Sparc) to authenticate and allow users passwordless entry based

plummer at iarc.fr said: > On 24-May-00 Prof Brian D Ripley wrote: > On Wed, 24 May 2000, Christian Posse wrote: > >> >> I just encountered a problem with the ts package: >> >> > > library(ts) >> Error in dyn.load(x, as.logical(local), > as.logical(now)) : >> unable to load shared library >> "/usr/ >

Hi, could anybody with check in privileges apply the following patch to the contrib cygwin directory? It only updates ssh-host-config to create the *_config files matching the latest versions in the top level dir and it updates a version number in README. Thanks in advance, Corinna Index: contrib/cygwin/README =================================================================== RCS file:

Hi, I installed libogg-1.0beta4.tar.gz on a Cobalt server (Red Hat 6.2) and also installed libao-0.6.0.tar.gz for good measure. I just did a plain ./configure make make install When I come to install libvorbis-1.0beta4 I get *** Could not run Ogg test program, checking why... *** The test program compiled, but did not run. This usually means *** that the run-time linker is not finding Ogg or

http://bugzilla.mindrot.org/show_bug.cgi?id=251 ------- Additional Comments From seba at iq.pl 2002-05-20 09:29 ------- update bug info error at link time: i386-redhat-linux-gcc -o ssh ssh.o sshconnect.o sshconnect1.o sshconnect2.o sshtty.o readconf.o clientloop.o -L. -Lopenbsd-compat/ -L/usr/kerberos/lib -l ssh -lopenbsd-compat -lresolv -lutil -lz -lnsl /usr/lib/libcrypto.a -lkrb5

augeas now supports securetty. This resolves a failure when securetty isn't present in the guest. Resolves RHBZ#639413 --- lib/Sys/VirtV2V/Converter/Linux.pm | 14 ++++---------- 1 files changed, 4 insertions(+), 10 deletions(-) diff --git a/lib/Sys/VirtV2V/Converter/Linux.pm b/lib/Sys/VirtV2V/Converter/Linux.pm index b2eb774..22aa03f 100644 --- a/lib/Sys/VirtV2V/Converter/Linux.pm +++

On 11/11/23 9:31 PM, Damien Miller wrote: > It's not discouraged so much as rarely used. It's very useful in some > situations and I can think of good reasons to use it more often (e.g > requiring both host and user identity as part of authentication). > > It definitely has more rough edges than user publickey authentication - > it's harder to set up (admin only)