similar to: OpenSSH-RSAAuth-NFS

1/ Most correctly configured unix servers are fairly secure. Workstations on the other hand are extremely easy to compromise. Even if the eeprom (on a sparc) is password protected the fact that a hacker can get physical access to the machine means that it's very likely to be compromised, but thats just life. (I'm sure at least some readers on this list will at some time in there life have

has anyone been using cachefs with 6.x series? i have tried using it but i keep getting hung processes after 2 weeks. ATM, running 6.3 but was curious if its more stable on Centos 6.5? -- --- Get your facts first, then you can distort them as you please.--

Precedence: bulk Hi folks, It seemed to me that it would be useful to be able to control access to my server with the /etc/ssh_known_hosts file, using RSA authentication of the remote host. But the protocol only allows RSA host authentication in conjunction with rhosts, while I prefer RSA user authentication. I've made a patch to the server which adds a new configuration option:

Okay...I've got it narrowed down, just don't know why this is happening... In sshd.c, auth_mask is set to "supported authentication methods": /* Declare supported authentication types. */ auth_mask = 0; if (options.rhosts_authentication) auth_mask |= 1 << SSH_AUTH_RHOSTS; if (options.rhosts_rsa_authentication)

Hi, I have a number of web servers that mount their /htdocs (and /log and /cgi-bin) directories from a large file server. I am currently using NFS for this. The web servers are Linux, the file server a Sun E450. NFS seems dreadfully slow, and I keep reading about how it doesn't do file locking. Is there a good reason not to simply use samba, and share the volumes with samba from the Sun, and

To get around the problem of having to change the root password every time a sys admin leaves the organization Solaris is hardened as follows. in /etc/default login. CONSOLE= Restricted permissions on su so only certain groups can run it. That way its really difficult to log in as root even if the root password is known. For OpenSSH PermitRootLogin is set to without-password and a key is

This patch against OpenBSD -current adds a simple form of PKI to OpenSSH. We'll be using it at work. See README.certkey (the first chunk of the patch) for details. Everything below is BSD licensed, sponsored by Allamanda Networks AG. Daniel --- /dev/null Wed Nov 15 15:14:20 2006 +++ README.certkey Wed Nov 15 15:13:45 2006 @@ -0,0 +1,176 @@ +OpenSSH Certkey + +INTRODUCTION + +Certkey allows

Could people please test -current? We will be making a release fairly soon. -d -- | By convention there is color, \\ Damien Miller <djm at mindrot.org> | By convention sweetness, By convention bitterness, \\ www.mindrot.org | But in reality there are atoms and space - Democritus (c. 400 BCE)

Can anyone with Heimdal KrbV verify this? -------------- next part -------------- An embedded message was scrubbed... From: Dag-Erling Smorgrav <des at ofug.org> Subject: Kerberos buglet in OpenSSH-3.3p1 Date: 25 Jun 2002 14:52:10 +0200 Size: 1291 Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20020626/347e123e/attachment.mht

Hi, there is a tiny bug in readconf.c: options->use_privileged_port is always set to 0 regardless of whether -P is specified or not. This has the effect that RhostsAuthentication is disabled even if "RhostsAuthentication yes" is specified. The (trivial) patch is appended below. Martin ======================================================================== Martin Siegert Academic

i need to get inodeno on ZFS and i am not able to find how to find it in kernel at vfs layer. i have vnode pointer and i am doing VTOZ to get znode but printing z_id from znode pointer gives me deadbeef(unitialized) , can somebody point me how to get that? i looked at zfs_getattr code and it does similar thing which i am doing but its able to get me inode no in getattribute structure(node

I would like to have two compressed ext2 filesystems on my CF card, one for the root fs and the other smaller one to be mounted at /opt/XXX where I can compress what is in ram after modification and write it back to disk at regular intervals of time. can anyone tell me how I can do this? Thanks

Hi, Trying to install the Solaris package I made after configure/compilation under Solaris 8. My configure settings --------------------- OpenSSH has been configured with the following options: User binaries: /usr/local/bin System binaries: /usr/local/sbin Configuration files: /usr/local/etc Askpass program: /usr/local/libexec/ssh-askpass

Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the

Hi, during our usual work I found it anoying that one can not easily see who logged in using public key authentication. In newer versions of SSH the fingerprint of the public key gets logged, but who can tell which key belongs to whom from his head? So I wrote a little ad-hoc patch (vs. 3.5.p1) so that the comment field on the keys in the authorized_keys[2] files get logged to make life

For some reasons the afs tokenforwarding stuff has changed siginificantly from v 2.9p2 to 2.9.9p2. This makes it impossible to use public key authenticication in a standart AFS environment. I don't know the reasons for these changes. In any case attached is a patch which restores the old behaviour. Regards Serge -- Serge Droz Paul Scherrer Institut mailto:serge.droz at

Hi all. As Corinna pointed out, there are some cases where sshd will log some authentications twice when privsep=yes. This can happen on any platform although it seems most obvious on the ones that don't do post-auth privsep. It also occurs when sshd logs to stderr (eg running under daemontools) or when you have a /dev/log in the privsep chroot. The patch below attempts to solve this for

Crap. I hit send too fast. Last sentence in first paragraph should have read "no completely secure way" for authentication to be passed-- because the agent-based forwarding program could have been compromised as well--except for the cases already mentioned such as SRP and RSAAuth where the auth. information is better protected. Even if the SF server had been capable of forwarding the

Hi, I got my * working fine with FWD at office with 2 extensions, i receive calls and i can make calls thru FWD. I got also my * at home, and i connected it using auth=rsa. From my home, i can make calls using my office iax, but if i try to redirect incomming calls from FWD to my * at home, it rejects the call. I created the pub/key pairs for rsa and its working ok and i just pasted the

Dear Sir and Madam: I'm writing to you on behalf of the MIT Kerberos team and several other parties interested in the availability of Kerberos authentication for the SSH protocol. We recently noticed that the OpenSSH developers had added support for the kerberos-2 at ssh.com user authentication mechanism. We are delighted but we believe additional steps are necessary, as explained