similar to: PRIVSEP annoys me.

I have add an authentication method to openSSH, I call it ICCAuthentication, much like RSAAuthentication, but the RSA private key is in the IC card. I did not change any source code of scp. I mean scp.c. I set all authentication methods to "no" in sshd_config but ICCAuthentication yes. ssh works very well with this authentication method. But scp is not good with it.

Hi, during our usual work I found it anoying that one can not easily see who logged in using public key authentication. In newer versions of SSH the fingerprint of the public key gets logged, but who can tell which key belongs to whom from his head? So I wrote a little ad-hoc patch (vs. 3.5.p1) so that the comment field on the keys in the authorized_keys[2] files get logged to make life

http://bugzilla.mindrot.org/show_bug.cgi?id=732 Summary: Number of logins mandated by PAM doesn't work correctly Product: Portable OpenSSH Version: 3.7.1p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: PAM support AssignedTo: openssh-bugs at mindrot.org

Attached is a simple patch which allows an auth param 'shell=' like 'command=' When specified, sshd will use this shell instead of the one in /etc/passwd or the default shell. This patch allows you can have some chrooted shell (actually any shell) associated with a specific key. You could do this with command=, but then the command given to ssh will be ignored, and scp will not

Hi, In a mail about two weeks ago, I brought up an idea: --- How SSH makes this easier is that you only have to sync the authorized_keys2 database to root account's .ssh/ every time new admin comes in/leaves the house. This can even be automatized rather easily. A more modular hack would be using authorized_keys2 _directory_, and the keys in there would all be counted as authorized. Thus

Hi, We'd like to run sshd with a configuration morally equivilent to: # stuff ... AuthorizedKeysFile /var/db/keys-distributed-by-security-team/%u AuthorizedKeysFile %h/.ssh/authorized_keys # be backwards compatable for a bit longer yet AuthorizedKeysFile %h/.ssh/authorized_keys2 # more stuff ... The following patch (against the cvs source) turns the authorizedkeysfile statement in sshd.conf

On 2019/4/11 19:01, Yuval Shaia wrote: > Signed-off-by: Yuval Shaia <yuval.shaia at oracle.com> > --- > drivers/infiniband/Kconfig | 1 + > drivers/infiniband/hw/Makefile | 1 + > drivers/infiniband/hw/virtio/Kconfig | 6 + > drivers/infiniband/hw/virtio/Makefile | 4 + >

Signed-off-by: Yuval Shaia <yuval.shaia at oracle.com> --- drivers/infiniband/Kconfig | 1 + drivers/infiniband/hw/Makefile | 1 + drivers/infiniband/hw/virtio/Kconfig | 6 + drivers/infiniband/hw/virtio/Makefile | 4 + drivers/infiniband/hw/virtio/virtio_rdma.h | 40 + .../infiniband/hw/virtio/virtio_rdma_device.c | 59 ++

The primary purpose of the attached patches is for portable OpenSSH to support changing expired passwords as specified in shadow password files. To support that, I did a couple enhancements to the base OpenBSD OpenSSH code. They are: 1. Consolidated the handling of "forced_command" into a do_exec() function in session.c. These were being handled inconsistently and allocated

Signed-off-by: Yuval Shaia <yuval.shaia at oracle.com> --- hw/Kconfig | 1 + hw/rdma/Kconfig | 4 + hw/rdma/Makefile.objs | 2 + hw/rdma/virtio/virtio-rdma-ib.c | 287 ++++++++++++++++++++ hw/rdma/virtio/virtio-rdma-ib.h | 93 +++++++ hw/rdma/virtio/virtio-rdma-main.c

Hello all! I can see a strange problem during invite in dialog in the context of timer handling. Given is the following incoming call from provider at 8.195.88.234 (2 at 2) to my asterisk at 28.19.57.152 (1 at 1): After 900s suddenly *asterisk* starts the timer reinvite - I would have expected the reinvite started by the provider as usual. The expected reinvite by the provider is started

On 13/10/2017 08:03, Damien Miller wrote: > On Thu, 12 Oct 2017, Michael Felt wrote: > >> On 08/10/2017 23:32, Michael Felt wrote: >>> On 04/10/2017 11:07, Michael Felt wrote: >>>> I do not often use X11 - but when I do I prefer to enable >>>> X11forwarding, and when finished - turn it off. This is preferable, >>>> imho, to having

For some reasons the afs tokenforwarding stuff has changed siginificantly from v 2.9p2 to 2.9.9p2. This makes it impossible to use public key authenticication in a standart AFS environment. I don't know the reasons for these changes. In any case attached is a patch which restores the old behaviour. Regards Serge -- Serge Droz Paul Scherrer Institut mailto:serge.droz at

Hi, I am just migrating to Centos from fedora core 3. I have 3 boxes involved here: Box A --Fedora 3 (doing the dns, http, sendmail serving duties) Box B --CentOS Box C --CentOS I used to run root passwordless ssh both ways from boxes A and B mainly set up to keep the 2 boxes in sync w/rsync ... these 2 boxes normally ran one being the slave and the other being the master...the master did all

Hi ! I hacked together a couple of patches for Openssh 2.1.1p4 port forwarding. It is a one patch file that does the following two things: First: If the server is configured not to allow port forwardings it sends SSH_SMSG_FAILURE (protocol 1) while openssh client expects SSH_SMSG_SUCCESS. When the client gets the failure it exists with protocol error message. This patch will accept both failure

Hi My name is Rocky and I am trying to use the org.Dm.eg.db library. When I am using the org.Dm.egFLYBASE2EG[fb_ids] it is stopping at a point where it cannot find any value for a given ID such as the following: Error in .checkKeys(value, Rkeys(x), x@ifnotfound) : value for "FBgn0004461" not found Then the whole thing stops. I cannot retrieve any information on the values that has been

Hello! I'm facing ReInvites as caller from UAS despite configured session-timers=refuse (which can be seen in the SIP trace) always after 900s. (The behavior is the same if session-timers is set to accept). This just happens with one provider (German Telekom to callee at kabelbw). - The incoming ReInvite is answered immediately by asterisk (Status 100 / Status 200 - 0.02s). Media stream

hi all, I need to generate ssh authorize keys for a list of users hosted on different servers.the users are active and each one has its public key (id_rsa.pub) hosted in 1 server. now what i need to do is to generate the authorize keys from each of their public key. the key is easily generating if public key hosted on the Node but my problem is that all public keys are hosted in 1 machine with a

hi, this can be applied to the latest portable CVS. by default bind sshd fake display to localhost. [stevesk at jenny stevesk]$ uname -sr HP-UX B.11.11 [stevesk at jenny stevesk]$ echo $DISPLAY localhost:14.0 [stevesk at jenny stevesk]$ netstat -an|grep 6014 tcp 0 0 127.0.0.1.6014 *.* LISTEN this is currently controlled with sshd_config gatewayports;

Hi, I need to get agent-forwarding working. I have: - a local OpenSUSE 42.1 box, where my key(s) reside (ssh agent running and working) - a remote FreeBSD 10.3 box, where I can login with my key (works) - from the FreeBSD box, I need to get to a CentOS 7 box (without entering a password - does not work) On the FreeBSD box, I can see my keys, when I type ssh-add -l I've enabled