Displaying 20 results from an estimated 5000 matches similar to: "authorized_keys2 directory idea"
2002 Jan 23
0
[PATCH] Add multiple AuthorizedKeyFiles options
Hi,
We'd like to run sshd with a configuration morally equivilent to:
# stuff ...
AuthorizedKeysFile /var/db/keys-distributed-by-security-team/%u
AuthorizedKeysFile %h/.ssh/authorized_keys
# be backwards compatable for a bit longer yet
AuthorizedKeysFile %h/.ssh/authorized_keys2
# more stuff ...
The following patch (against the cvs source) turns the authorizedkeysfile
statement in sshd.conf
2001 Aug 15
0
[ossh patch] principal name/patterns in authorized_keys2
As you know, revoking RSA/DSA keys in an SSH environment requires
editing all authorized_keys and authorized_keys2 files that reference
those public keys. This is, well, difficult at best but certainly very
obnoxious, particularly in a large environment.
SSH key management is difficult. This patch simplifies key management
wherever GSS-API/Kerberos is used and is general enough to be used with
2001 Jun 04
1
[PATCH]: Add check_ntsec to ownership/mode tests
Hi,
I have added calls to `check_ntsec()' to the code which checks
for the ownership and modes of identity files and directories.
As you might know, check_ntsec() tests if owner/modes are
supported by the OS (9x/ME=no, NT/W2K=yes), the filesystem
(FAT/FAT32=no, NTFS=yes) and the current Cygwin settings
(ntea/ntsec).
Corinna
Index: auth-rhosts.c
2001 Apr 22
1
relaxing access rights verifications
Hello,
I was trying to build a chrooted sftp account when I faced a problem. The
chroot is done with the patch present in the contrib subdirectory in the
portable version (I'm under linux slackware current).
My problem is that verifying access rights on directories and files are too
tight and then I couldn't have the following things :
The user sftp, with primary group sftp, is chrooted
2000 Aug 23
1
Protocol 2 remote forwarding patch
Hi !
Here's a patch to add remote port forwarding support (protocol 2) for
openssh. I have tried to test that it works like it should but a more
thorough testing is needed. This patch adds both client/server support.
The patch should be applied to openssh-2.1.1p4 source tree.
Also included is a PortForwarding sshd_config option, new ./configure
option --disable-forwarding that should make it
2002 Jan 23
1
Fix AFS and Kerberos interaction
Hello,
I going to use ssh with Kerberos V5 support along with support for AFS. I
don't want to use Kerberos V4 or AFS token passing. The only thing I need
from AFS is creating an AFS token (using appropriate function from krb5 API)
after user's authentication. It seems to me that such scenario is not much
supported by the current code. Rather it is assumed only Kerberos 4 will be
used
2001 Feb 10
3
Protocol 2 remote forwarding patch
Hi all,
I'm very new in this list, as looking for codes to plug up the lack of
functionality of "Protocol 2 Remote Forwardig".
Fortunately, I could find it in MARC's archive. Mr. Jarno Huuskonen
posted the codes in Sept, last year, and I tried applying it to my
FreeBSD box environment.
I couldn't apply an original patch, of course, for incompatibility of
virsion. The
2002 Jan 24
1
PATCH: krb4/krb5/... names/patterns in auth_keys entries
This patch (to OpenSSH 3.0.2p1) adds support for using krb4, krb5 and
other principal names in authorized_keys entries.
It's a sort of replacement for .klogin and .k5login, but it's much more
general than .k*login as it applies to any authentication mechanism
where a name is associated with the ssh client and it supports name
patterns and all the normal authorized_keys entry options
2001 Jun 28
1
Adding 'name' key types
Playing around with the [wonderful] GSS-API patches for OpenSSH [1] I
noticed that there is a bit of functionality missing from
OpenSSH/GSS-API, namely that authorized_keys2 has no meaning when using
GSS authentication.
Yes, ~/.k5login can be used to grant access to an account for
applications that support Kerberos, as does OpenSSH with those GSS
patches, but .k5login does not and cannot provide
2002 Jun 26
1
Revised OpenSSH Security Advisory (adv.iss)
This is the 2nd revision of the Advisory.
1. Versions affected:
Serveral versions of OpenSSH's sshd between 2.3.1 and 3.3
contain an input validation error that can result in an
integer overflow and privilege escalation.
All versions between 2.3.1 and 3.3 contain a bug in the
PAMAuthenticationViaKbdInt code.
All versions between 2.9.9 and 3.3
2002 Apr 10
1
openssh-3.1p1 on GNU/Hurd
Hi,
I've gone and ported the latest version of openssh, 3.1p1, to GNU/Hurd.
I've tried to learn from the other threads on this topic, but I still had
to get rid of MAXHOSTNAMELEN where I could.
James A. Morrison
diff -urN openssh-3.1p1.old/Makefile.in openssh-3.1p1/Makefile.in
--- openssh-3.1p1.old/Makefile.in Tue Feb 26 14:24:22 2002
+++ openssh-3.1p1/Makefile.in Tue Apr 9 16:16:49
2003 Mar 28
0
PRIVSEP annoys me.
what's the point of using a new message type if it's the same as
RSAAuthentication?
the stat() fails because the process that reads
from the network is chrooted.
check PRIVSEP() in auth-rsa.c to figure out how
RSAAuthentication works with PRIVSEP.
On Fri, Mar 28, 2003 at 03:42:06PM +0800, ???? ???? wrote:
>
> I added a new authentication method to openssh called
2001 Jun 04
1
Not an OpenSSH Feature Request
I am not going to put my 2 cents in about added features. I just
appreciate the reams of technical support the OpenBSD developers offers us
for the code they give us for free. $400 for an F-Secure license? I have
my OpenSSH T-shirt!
My request will add zero bytes to the OpenSSH code base, not even in the
contribs directory.
Could the subject lines on the mailing list begin with something like
2001 Feb 17
2
Small aix patch to configure.in
The following aix patch to configure.in forces /usr/include to be searched
before /usr/local/include on AIX systems only. This allows the normal
include rules to untangle <login.h> from "login.h" on AIX when using the AIX
cc compiler or gcc. Please see that it gets applied to the current cvs
source tree. It fixes the only compile time error the current cvs tree has
on aix with
2001 Dec 18
0
ssh: limits on authorized_keys2 (fwd)
Damien wrote:
> Could you redo your traces with "-v -v -v" set? Best send the report to
> openssh-unix-dev at mindrot.org so it isn't just myself looking at it.
Attached are a number of log files from a problem I'm seeing with
DSA/authorized_keys2 when operating ssh strictly with Protocol
2. Damien has not been able to reproduce it with his RSA setup.
When my server has
2002 Jan 17
0
[Bug 72] New: sshd 3.0.2p1 assumes authorized_keys2 unless configured otherwise.
http://bugzilla.mindrot.org/show_bug.cgi?id=72
Summary: sshd 3.0.2p1 assumes authorized_keys2 unless configured
otherwise.
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo:
2013 May 07
3
Trouble writing authorized_keys2
I''ve got a situation where a manifest fails when writing one particular key
for a user. What I have is a manifest that looks like this:
class my::accounts () {
Ssh_authorized_key {
ensure => present,
type => ssh-dss,
}
Then, after making sure the user, group, and authorized_keys2 file exist:
ssh_authorized_key { "key-name-1":
key
2017 Oct 13
2
X11forwarding yes: how to debug/setup after xauth fix
On 13/10/2017 08:03, Damien Miller wrote:
> On Thu, 12 Oct 2017, Michael Felt wrote:
>
>> On 08/10/2017 23:32, Michael Felt wrote:
>>> On 04/10/2017 11:07, Michael Felt wrote:
>>>> I do not often use X11 - but when I do I prefer to enable
>>>> X11forwarding, and when finished - turn it off. This is preferable,
>>>> imho, to having
2000 Oct 07
2
[PATCH]: Add tcp_wrappers protection to port forwarding
Hi,
attached is a patch by Chris Faylor <cgf at cygnus.com> relative to
2.2.0p1.
Description:
OpenSSH does not allow port gatewaying by default. This means that only
the local host can access forwarded ports. Adding "GatewayPorts yes" to
.ssh/config usually does this job.
Unfortunately, OpenSSH does not recognize the same hosts.allow/
hosts.deny options as ssh.com's sshd
2000 Aug 13
1
Patches for openssh port forwarding
Hi !
I hacked together a couple of patches for Openssh 2.1.1p4 port forwarding.
It is a one patch file that does the following two things:
First:
If the server is configured not to allow port forwardings it sends
SSH_SMSG_FAILURE (protocol 1) while openssh client expects SSH_SMSG_SUCCESS.
When the client gets the failure it exists with protocol error message.
This patch will accept both failure