similar to: openssh with s/keys

Hi, I try to get OpenSSH working on Compaq's Tru64 Unix (alias Digital Unix) Version 5.1. It compiles smootly with OpenSSL-0.9.6, but I observer some odd things. (A) AS SERVER The authenification via .ssh/known_host doesn't work. I have the same sshd_config as on FreeBSD (OpenSSH 2.2.0), where it works. sshd -d -d: ----------- debug1: sshd version OpenSSH_2.3.0p1 ... RSA key generation

Hello, I would like to disable any port forwarding on the server, totally. How can I do this? I have seen only 'no-port-forwarding' option for 'authorized_keys' file, but this does not suit me since I will use only 'PasswordAuthentication'. Thanks, Alex PS Please cc: me your reply.

Mon Dec 25 20:19:05 GMT 2000 Greetings. I noticed that in OpenSSH_2.2.0, DSA keys were allowed to be added to ssh-agent, however the ability for allowing ForwardAgent does not yet seem in place for protocol-2. I've noticed that when using protocol-2, no socket is created in /tmp/ssh-*/, and consequently SSH_AUTH_SOCK is not being set. Hence the ability to ssh to another machine (using

I need a way to make sshd require S/KEY authentication to succeed before allowing either password or public-key authentication. Currently, we can only have S/KEY+password, by using PAM for authentication, and configuring PAM accordingly. But PAM of course can't handle SSH public keys. I thought for a while that ideally we could actually use PAM to tell sshd what methods of authentication to

The attached patch for 4.6p1 adds a feature (-u) that will check to see if a key exists on a remote host. I use this for auditing my users transition to v2 keys very useful. If there is any interest I'll provide a patch for v2 ssh keys also. http://vapid.dhs.org/dokuwiki/doku.php?id=vapidlabs:openssh_check_key_patch -- Thanks Larry --- orig/openssh-4.6p1/sshconnect1.c 2006-11-07

Hi, I am trying to use/install openSSH 2.5.2p1 with S/Key support. The recommended libraries come from the following site: http://www.sparc.spb.su/solaris/skey/ Is that a credible source? During the compilation of skey, I notice some reference to sendmail. Could you please advise on this? Also, once S/Key support is built into openSSH do I need to go an get S/Key server and client software

http://bugzilla.mindrot.org/show_bug.cgi?id=165 Summary: Problem with SSH1 Keys on RedHat7.2 Product: Portable OpenSSH Version: 3.1p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: mmahler at

Hi all Patch adds flag -C to ssh-agent which will force confirmation for any key added in agent (similar to ssh-add -c) Helps when forwarded agent authentication is used and each key should be confirmed before use catam --- ssh-agent.c 2006-08-28 14:02:12.000000000 +0300 +++ ssh-agent.c.orig 2006-08-28 13:36:05.000000000 +0300 @@ -111,9 +111,6 @@ /* Default lifetime (0 == forever) */

More specifically, the hashing functions in most operating systems will be provided by OpenSSL, rather than libc. OpenSSL does not have SHA1_End but since it is used only for generating fake challenges, the impact of changing it to SHA1_Final should be small. A more general solution would be to have configure.in test for sha1.h, openssl/sha.h, and SHA1_End. configure.in should also add

Hello, I was searching the internet for an challenge-response system to authenticate an Openssh session with an hardware token. Now i found this, its very old, so i want to now how's the situation today. I couldn't find much documentation. Re: SSH with SecureID > Is there any documentation I'm missing on how to integrate the two? > We'd love to go with 2-factor

could someone please review this change? http://131.188.30.102/~msfriedl/openssh/SSHD_AUTH_PATCH is a diff against openbsd's cvs and will commited ASAP. the patch tries to unify various challenge/response methods in ssh1 and ssh2. faking s/key is dropped, since i am not sure what do do for faking cryptocard and other challenge/response methods. -markus

My keys are secured with a passphrase. That's good for security, but having to type the passphrase either at every login or at every invocation of ssh(1) is annoying. I know I could invoke ssh-add(1) just before invoking ssh(1), if I keep track of whether I invoked it already, or write some hacky scripts; but the rest of OpenSSH is wonderfully usable without any hacks. Hence, this patch.

Hello, when configuring the OpenSSH to authenticate through pam_radius, I encountered the following problem: The radius server is configured to accept username and generic password, it then generates some textual string as a challenge-request and waits again for username and this time for challenge-response. Pam_radius use pam->conv function, retrieved with pam_get_item(PAM_COM), with

I'm finding another problem with OpenSSH 2.5.1p1 on RH 6.2 (at least, I think it's the linux box that is the problem). I'm ssh'ing to a RH 6.2 box from a Solaris 7 server (scp also... seems like the same problem). I'm using authorized_keys and identity.pub files to do it automagically, and all works well when it's from user to user, where the username is the same, but if

We ported OpenSSH's authentication to Pluggable Non-Interactive Authentication Modules (PNIAM). PNIAM is a development effort carried out under GPL in Moscow State University. Pluggable Non Interactive Authentication Modules provide applications with a generic interface to authentication related functions. Actions to be done for each authentication request are specified by a system

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-03:15.openssh Security Advisory The FreeBSD Project Topic: OpenSSH PAM challenge/authentication error Category: core Module: openssh Announced:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-03:15.openssh Security Advisory The FreeBSD Project Topic: OpenSSH PAM challenge/authentication error Category: core Module: openssh Announced:

Hi, We have updated our TIS authserv support patch for OpenSSH 2.5.1p2. You'll find it attached to my message. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1 -------------- next part -------------- diff -urN openssh-2.5.1p2/Makefile.in openssh-2.5.1p2-tis/Makefile.in --- openssh-2.5.1p2/Makefile.in Sun Feb 18 20:13:33 2001 +++

https://bugzilla.mindrot.org/show_bug.cgi?id=2541 Bug ID: 2541 Summary: Add explicit_bzero() before free() in OpenSSH-7.1p2 for auth1.c/auth2.c/auth2-hostbased.c Product: Portable OpenSSH Version: 7.1p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5

Markus and Damien, here is a more detailed explanation about BUG report at "http://bugzilla.mindrot.org/show_bug.cgi?id=592" concerning "bad decrypted len" error in OpenSSH: If anyone wants to do a private key sign, and the key is located in a device or the Microsoft certificate store in which the private key cannot be accessed directly ( you cannot access the private key