Displaying 20 results from an estimated 1000 matches similar to: "making openssh work with chroot()'ed accounts?"
2009 Jun 07
1
Fw: howto use chroot + sshd
Hi everybody.
I got a problem here.
I want to use chroot + sshd service.
env:
RHEL 5.2
tail -1 /etc/pam.d/sshd
session required pam_chroot.so debug
tail /etc/security/chroot.conf
terry /users
ssh terry at 192.168.20.11 faile
tail /var/log/secure
Jun 7 05:05:40 node1 sshd[5397]: pam_chroot(sshd:session): chroot(/users) succeeded <- chroot /users succeeded
Jun
2000 Jun 28
2
SSH-2.2.0 (for Windows) and OpenSSH-2.1.1p1
I just upgraded my Windows SSH client from the 2.1.x version (whatever it
was) to 2.2.0 and am now experiencing difficulties connecting to my
OpenSSH-2.1.1p1 Linux servers.
I'm not as up-to-speed as I should be on the inner workings of the
handshakes that go on, but from the debug logs and from trying different
connection methods, it seems to be isolated to using publickeys. This
2004 Jan 13
3
pam_chroot
Has anyone got the pam_chroot module to successfully work in FreeBSD? I
have FreeBSD 5.2-RELEASE installed. I copied the appropriate binaries and
libraries into my chroot, I can chroot -u test -g test /home/test
/usr/local/bin/bash and it works perfectly. So now I am trying to get the
pam module to work. I added
session required pam_chroot.so debug
into the
2002 Apr 24
1
hostbased authentication and the root account
We have a problem using hostbased authentication in combination with the
root account. We use hostbased authentication to hop from a 'management
server' where we use strong authentication to several systems in a cluster.
The management server is defined in shosts.equiv and the public key of this
server is defined in ssh_known_hosts. This setup works for all users except
for the root user
2001 Oct 18
1
sshd fails to close open file descriptors when forking
I don't like to be the bearer of bad news, but...
In light of the big "ssh hangs on logout" thread (wherein the true
culprit was identified as being programs that don't close inherited
file descriptors), I find it somewhat ironic that one of those "broken
daemon" programs that doesn't close its open fds is sshd. :(
http://bugzilla.mindrot.org/show_bug.cgi?id=3
2005 Feb 07
1
treat output of sshrc as environment assignment lines?
Currently, ~/.ssh/environment can set static environment variables,
and ~/.ssh/rc can run initialization routines. But there is no way
for sshrc to propagate changes to the environment to the user's shell
or command.
There is, however, a possible way to do this. If the
PermitUserEnvironment option is set, sshd could treat the stdout of
sshrc as additional assignment lines of the form
2013 May 07
3
Trouble writing authorized_keys2
I''ve got a situation where a manifest fails when writing one particular key
for a user. What I have is a manifest that looks like this:
class my::accounts () {
Ssh_authorized_key {
ensure => present,
type => ssh-dss,
}
Then, after making sure the user, group, and authorized_keys2 file exist:
ssh_authorized_key { "key-name-1":
key
2009 Mar 08
3
question on using keys
I've read man ssh and man ssh-keygen and some howtos and still am not getting what I expect.
I can do ssh john at 192.168.15.3 and login with a password OK.
I want to be able to do that with keys in preparation for running rsync with keys, so I created
a key on router1, the machine I want to ssh from.
routem at router1:~/.ssh$ lla
total 20
drwx------ 2 routem routem 4096 2009-03-08 09:55 .
2008 Jun 07
2
Chroot'ed SSH
Hi,
Is anyone chrooting users that connect through SSH?
I looked for it on Google and I basically saw several methods:
- OpenSSH 5 supports ChrootDirectory (FC9 apparently has RPMs that
probably could be rebuilt under CentOS 5)
- There seem to be several patches for OpenSSH 4.x to do the chroot,
the most popular seems to be http://chrootssh.sf.net/
- There appears to be a pam_chroot
- There are
2019 Sep 04
2
Mailcrypt plugin private password
Do I have to replace the "password" part with the actual password or can I just copy it like that?
Will dovecot create the keypair automatically or do I have to use doveadm?
4. Sep. 2019, 08:33 von aki.tuomi at open-xchange.com:
>
>
>
> On 4.9.2019 9.21, **** **** via dovecot wrote:
>
>> Hello there,
>>
>> is there a way to make the
2003 Jul 09
3
OpenSSH 3.6.1p2 ON SCO 3.2v4.2 + STRICTMODES -->yes
Greetings,
I have compiled OpenSSH-3.6.1p2 on SCO 3.2v4.2 and
the following problem occurs:
I am unable to login as root using when strictmode is set to yes.
output of debug:
Failed none for root from 192.168.1.1 port 1199 ssh2
debug1: userauth-request for user root service ssh-connection method
publickey
debug1: attempt 1 failures 1
debug2: input_userauth_request: try method publickey
debug1:
2013 Aug 20
1
Unable to use 8192bit keypair for Tinc VPN 1.0.22
Dear All,
I just tried to use 8192bit keypair for Tinc VPN connection. The connection
is unable to build up. After reduce the bit of keypair from 8192bit to
4096bit. Everything is resumed to normal. How large of public/private RSA
keypair can support for TINC VPN 1.0.22 on Windows platform?
Regards,
ERIC
P Please consider your environmental responsibility. Before printing this
e-mail
2004 Nov 08
6
[Bug 951] SSH2 protocol breaks pam chroot auth
http://bugzilla.mindrot.org/show_bug.cgi?id=951
Summary: SSH2 protocol breaks pam chroot auth
Product: Portable OpenSSH
Version: 3.9p1
Platform: Other
URL: ---
OS/Version: Linux
Status: NEW
Severity: major
Priority: P2
Component: PAM support
AssignedTo: openssh-bugs at mindrot.org
2019 Jul 03
3
mail_crypt: multiple keypairs
Hello,
I am testing mail_crypt plugin with per account encryption and wanted to generate a new keypair for an account but noticed that I now end up with 2 keypairs where one is active and the other inactive as you can see below:
$ doveadm mailbox cryptokey list -u email at domain.tld -U
Folder Active Public ID
yes 7b140b4f3d6d68eed2c59259ac5e6f6a280dc82990292dc415b4100d6c797f67
2009 Oct 31
2
authorized_keys command=""
Hello,
as I have read manual, if I use in file authorized_keys option
command="" with some command, no other commands will be permitted. I
have tried it, created authorized_keys2 for root and added there
command="rdiff-backup --server" and after that tried to login. Thit
command was executed, but I was normally able to supply other comand
as root. Can you tell me why?
Thank
2006 Apr 05
3
rsync, ssh and DSA key
hi all
I have generated the key in the source server(10.78.0.107)
ssh-keygen -t dsa -C "root@10.78.0.107"
I have added this key to authorized_keys2 of the destination
server(10.78.0.117)
cat id_dsa.pub >> /root/.ssh/authorized_keys2
but when I execute
rsync -avz -e ssh root@10.78.0.107:/var/mail/ /var/mail
in the destination server I asck me for the password
How to avoid this in
2020 Jan 02
4
u2f seed
In the u2f protocol, my understanding is in the normal case, the web browser seeds the keypair process with the hostname of the remote server. In the case of ssh, the hostname is probably not what I would want to do. But the u2f protocol seems to have a way to handle this. It just needs to be exposed to the user. The content of the private keyfile in ssh is generated somehow. Where is that done?
2019 Dec 31
2
u2f seed
When using openssh with a u2f key, you generate a key via:
ssh-keygen -t ecdsa-sk
Each time you run it, it gives a different key pair. (Randomly seeming).
A differently generated key pair is not valid with the first's public key.
All good so far, but you run into a problem if:
You generate a keypair (A).
You register your public key for (A) on a bunch of ssh servers.
You take
2019 Jun 09
2
OpenSSH forcing the signature to SHA1.
Hello folks,
I am new here, so please be gentle :), and any help will be appreciated.
Essentially what I am trying to do is, to use Jsch ( the java
implementation of SSH client). it has support for Public key based
authentication.
Since there is a requirement for FIPS enablement, we are trying to use the
Algorithm SHA256withRSA, instead of SHA1withRSA.
When the code tries to verify the
2019 Sep 04
1
Mailcrypt plugin private password
Is any of the password schemes supported or is there a reason you chose pkcs5?
4. Sep. 2019, 08:45 von aki.tuomi at open-xchange.com:
>
> It should pick up the password used by the user, there is a caveat here though. The keypair is created on first use, so password will be initialized to empty string going thru pkcs5. This is slightly inconvenient.
>
>
> To avoid