similar to: [Bug 199] New: ssh-agent -k doesn't check $SHELL environment variable

Hi everyone. I have a system where I'd like to give certain users time-limited access to the use of certain SSH private keys without actually exposing the keys. I have the idea of using ssh-agent to do this. The agent would run as a "keyholder" user, and group permissions on the UNIX-domain socket would allow read-write by both that account and the actual ssh user. Right now,

This adds support for systemd socket-based activation in the ssh-agent. When using socket activation, the -a flag value must match the socket path provided by systemd, as a sanity check. Support for this feature is enabled by the --with-systemd configure flag. --- Something tells me upstream would not be interested in this patch, but as it may be useful on linux, I'm submitting it here.

http://bugzilla.mindrot.org/show_bug.cgi?id=199 markus at openbsd.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Additional Comments From markus at openbsd.org 2002-04-02

during my seminar of advanced exploitation techniques (SEAT, [1]) i developed some methods to crack into system via DMA (e.g. via firewire). as part of this i developed a program that steals loaded ssh private keys from ssh-agents. i was astonished to find that the keys are not immediately removed from the agent when a timeout occurs, but only the next time the agent is queried via its socket. i

this patch adds a LogFile option to sshd_config. it just logs messages directly to a file instead of stderr or syslog. the largest change is an additional argument to log_init() in log.c for the log file name (and then changes to the rest of the tools to add a NULL arg). galt -------------- next part -------------- diff -urN openssh-3.5p1-orig/log.c openssh-3.5p1/log.c ---

Let me preface this by saying "Yes, I know *nix filesystems don't need to worry about fragmentation". That said, is there a way to check the overall level of fragmentation of a live ext3 filesystem? I know about filefrag, but that's for specific files. And I think e2fsck tells you, but only if you take the filesystem offline for the scan. Is there anything that will give

Dear folks, system: RH 6.1 Linux on a PIII software: installed binaries resulting from rpm --rebuild openssh-1.2.2-1.src.rpm, downloaded from http://the.wiretapped.net/security/cryptography/ssh/OpenSSH/files/openssh-1.2.2-1.src.rpm problem program: ssh-agent problem description: When execute ssh-agent startx -- -bpp 32 ssh-agent does not pass the -bpp 32 to startx. Why problem exists:

Hi all Patch adds flag -C to ssh-agent which will force confirmation for any key added in agent (similar to ssh-add -c) Helps when forwarded agent authentication is used and each key should be confirmed before use catam --- ssh-agent.c 2006-08-28 14:02:12.000000000 +0300 +++ ssh-agent.c.orig 2006-08-28 13:36:05.000000000 +0300 @@ -111,9 +111,6 @@ /* Default lifetime (0 == forever) */

ssh-agent is a great tool that is often misconfigured with respect to agent forwarding. How many people running ssh-agent and doing a ssh -A have the very same public keys in ~/.ssh/authorized_keys of the machine they are coming from? ssh(1) is very clear in its warning about enabling agent forwarding. The simple act of prompting the user before using the key would enable them to determine

Dear All, I've had a lot of progress on my 6502 family target, but I've hit a bit of a stumbling block wherein some passes inadvertently cause malformed final instruction listings. It's not necessarily llvm's fault, though. An example: %a<def> = COPY %w04 asl_a_16_once %a<imp-def>, %n_flag<imp-def,dead>, %z_flag<imp-def,dead>,

[sorry if this isn't threaded right... I just subscribed] Theodore Ts'o wrote: > > There are two reasons for the reserve. One is to reserve space on the > partition containing /var and /etc for log files, etc. The other is > to avoid the performance degredation when the last 5-10% of the disk > space is used. (BSD actually reserves 10% by default.) Given that > the

Author: jonb Repository: /hg/zfs-crypto/gate Revision: aaf20404f793856b5286f916927b21e04c9276b7 Log message: PSARC/2005/460 Increasing the shell variable name length in csh 1191119 *csh* : can''t use the set command for variable larger than 21 characters in csh Files: update: usr/src/cmd/csh/sh.c update: usr/src/cmd/csh/sh.h update: usr/src/cmd/csh/sh.tconst.c

On Fri, Apr 24, 2015 at 09:47:24AM -0700, Gordon Messmer wrote: > On 04/24/2015 03:57 AM, Pete Geenhuizen wrote: > >if you leave it out the script will run in whatever environment it > >currently is in. > > I'm reasonably certain that a script with no shebang will run with > /bin/sh. I interpret your statement to mean that if a user is using ksh "It

openssh-2.9.9p2 assumes that pid_t, uid_t, gid_t, and mode_t are no wider than int. GCC complains about this assumption on 32-bit Solaris 8 sparc, where these types are 'long', not 'int'. This isn't an actual problem at runtime on this host, as long and int are the same width, but it is a problem on other hosts where pid_t is wider than int. E.g., I've heard that 64-bit

HP has taken OpenSSH version 3.1p1 and made a binary swinstall product for HP-UX customers to use. The source is bundled with the product and is slightly different than OpenSSH 3.1p1, but the changes made were just to make the OpenSSH features work on HP-UX 11.00 and 11i. HP-UX Secure Shell is a fully supported no charge product for HP-UX users with a current HP-UX support contract, and is

In R, how do I execute a script that sets environment variables within the same shell session? Hi all, Could you please shed some lights on how to do this? In a shell, I launched the R session. But then in R, I realized that some environment variables need to be set up. Of course I can use "Sys.setenv()"... But I have so many of them... And for some special reason, I have to first

Hi all, Could you please tell me how do I modify the environment variable (as below), from within R session? LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/mypath export LD_LIBRARY_PATH Thanks a lot! [[alternative HTML version deleted]]

Using puppet 3.0.1, can exec ENC see the incoming environment value? Perhaps indirectly from a log or report somewhere? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to

Is there any way to pass puppet run details to an ENC. Most importantly I want to know the Environment value the puppet Agent is asking for. More generally is it possible to query the puppet configuration values? One thought I had is to turn the puppet config into FACTS. Then the ENC can get the latest values from either Inventory Services or Foreman. But off hand I don''t know how

Hi, JFYI, I discovered the following bug in SNAP 20010213 ssh-agent: It does not inherit its environment if it is invoked as ssh-agent command > ssh-agent -V ssh-agent: illegal option -- V ssh-agent version OpenSSH_2.3.2p1 Usage: ssh-agent [-c | -s] [-k] [command {args...]] > ssh-agent /bin/sh $ env SSH_AGENT_PID=19437 $ I compiled ssh on: SunOS