similar to: feature request in sshd: require both "pubkey" & "password"

All, Forgive me if this is has been covered. I didn't find what I was looking for in the man pages or on the list archives. What is the status of being able to require a user to perform multiple methods of authentication. I.E. BOTH kerberos and pubkey -or- BOTH kerb V and smartcard -etc. etc. etc.- I saw an entry on the archive from Markus and Tom in Arpil 2001 that said

Hi, I don't mean to be annoying, but it seems like there isn't any interest in partial authentication. Is this true? It's not a future plan for OpenSSH to have this feature? I'd just like to know if I'm on my own or not. Thanks Erik.

When I looked at `man pam_unix`, I did not see any obvious options that would cause ssh to authenticate without prompting for a password at all, short of setting an empty password which is similar to PermitEmptyPasswords option. However, I am not very familiar with the internals of PAM, so pointers to documentation would be greatly appreciated. Also, I think adding a single line to sshd_config

On 6/26/2024 9:34 PM, Henry Qin wrote: > Hi folks, > > I've recently started to work on a patch for openssh that introduces a new > option to disable authentication. > I'd like to explain why I think this might be generally useful, and solicit > opinions on whether such a patch would be acceptable to the maintainers as > a pull request. Why not just use a different

see pam_permit(8) On Thu, Jun 27, 2024 at 10:37?AM Henry Qin <hq6 at cs.stanford.edu> wrote: > > When I looked at `man pam_unix`, I did not see any obvious options that > would > cause ssh to authenticate without prompting for a password at all, short of > setting an empty password which is similar to PermitEmptyPasswords option. > > However, I am not very familiar

https://bugzilla.mindrot.org/show_bug.cgi?id=1388 Summary: Parts of auth2-pubkey.c are completely devoid of debug logging Classification: Unclassified Product: Portable OpenSSH Version: 4.7p1 Platform: Other OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component:

Thanks for the pointer! I played around with PamServiceName set to 'sshd_disable_auth' and got it working with the minimum contents below in the file /etc/pam.d/sshd_disable_auth. auth required pam_permit.so account required pam_permit.so session required pam_permit.so Thus, this does indeed enable disabling authentication. Unfortunately, as far as I can tell, only root can create files

http://bugzilla.mindrot.org/show_bug.cgi?id=464 ------- Additional Comments From pas50 at cam.ac.uk 2003-01-09 02:11 ------- This is apparently a bug with compiling in 64 bit. David foster saw this. http://www.sunmanagers.org/pipermail/summaries/2002-October/004018.html ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

i'm not a maintainer, but my personal opinion is that it's probably easier to prepare a container with this pam configuration On Thu, Jun 27, 2024 at 2:26?PM Henry Qin <hq6 at cs.stanford.edu> wrote: > > Thanks for the pointer! > I played around with PamServiceName set to 'sshd_disable_auth' and got it working with the minimum contents below in the file

I would like to understand your opinion a little more deeply. Are you suggesting that it's easier to (prepare the container and add a line at runtime) compared to (add a line to an sshd config at runtime)? The latter scenario would be the case if the patch is merged. Or did you mean that it's easier to prepare the container than to implement a correct patch into sshd to enable the option

it's not just adding a line at runtime. it's the openssh maintainers maintaining an odd codepath and testing it at each release and answering questions about the configuration, etc. On Thu, Jun 27, 2024 at 3:00?PM Henry Qin <hq6 at cs.stanford.edu> wrote: > > I would like to understand your opinion a little more deeply. > > Are you suggesting that it's easier to

Hi folks, I've recently started to work on a patch for openssh that introduces a new option to disable authentication. I'd like to explain why I think this might be generally useful, and solicit opinions on whether such a patch would be acceptable to the maintainers as a pull request. *Why is this useful?* Openssh has useful capabilities such as remote and local port-forwarding, as well

Hi, I'm trying to use pam_listfile.so to deny logins from all others but few users (names in /etc/loginusers). With password authentication it works fine, but with public key authentication OpenSSH lets in users whose names arent't in /etc/loginusers. AllowUsers in sshd_config does what one would expect. I'm using OpenSSH-3.0.2p1 on Debian testing (package version 1:3.0.2p1-6)

I have a strange problem with sshd (from openssh-2.9p2) on Solaris 7. My shell is bash. When I open an ssh session , and type a Control-C to bash's prompt, the shell hangs. (But, if I for instance run "sleep 10" (during which time the pty is in cooked mode) and press Control-C, the sleep command is interrupted quite normally, and the bash prompt returns.) Adding some debugging

Dear all, does anyone know if there exists an effort to bring some kind of distributed computing to R? The most simple functionality I'm after is to be able to explicitly perform a task on a computing server. Sorry if this is a non-informed newbie question... Best regards Anders Sj?gren PhD Student Dept. of Mathematical Statistics Chalmers University of Technology Gothenburg, Sweden

fyi http://wwwcip.informatik.uni-erlangen.de/~msfriedl/openssh/TODO

On 2/17/16 6:02 PM, Darren Tucker wrote: > On Thu, Feb 18, 2016 at 12:43 PM, Carson Gaspar <carson at taltos.org> wrote: > [...] >> Is there a sane way to run just one test script? LTESTS can't be overridden >> AFAIK... > > make t-exec LTESTS=testname > > where testname is the name of the specific test script without the .sh > extension. Nope, that runs

Here is a new version of my partial auth patch against the April 24, 2001 CVS image. It fixes a couple of things (thanks to Karl M <karlm30 at hotmail.com>), and includes support for hostbased auth. It's still not pretty, but it works. 2 things Karl mentioned aren't fixed: - auth methods are still hard-coded into servconf.c. Fixing this would require a lot of work, and all the

On 2/17/16 3:02 PM, Carson Gaspar wrote: > > Sadly I'm hitting a different autoconf bug :-( I was being an idiot - configure was bombing out & I didn't notice (boy that openssl version error message is loooooong...) With Mr. Wilson's patch, I still get: "sandbox-solaris.c", line 22: #error: "--with-solaris-privs must be used with the Solaris sandbox"

Apparently my ssh agent is feeling energetic today: debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Offering RSA public key: [...] debug1: Authentications that can continue: publickey,password debug1: Offering RSA public key: [...] debug1: Authentications that can continue: publickey,password debug1: Offering RSA public key: