similar to: PRIVSEP annoys me.

I have add an authentication method to openSSH, I call it ICCAuthentication, much like RSAAuthentication, but the RSA private key is in the IC card. I did not change any source code of scp. I mean scp.c. I set all authentication methods to "no" in sshd_config but ICCAuthentication yes. ssh works very well with this authentication method. But scp is not good with it.

Hi, during our usual work I found it anoying that one can not easily see who logged in using public key authentication. In newer versions of SSH the fingerprint of the public key gets logged, but who can tell which key belongs to whom from his head? So I wrote a little ad-hoc patch (vs. 3.5.p1) so that the comment field on the keys in the authorized_keys[2] files get logged to make life

Dear all, NSD 4.11.0 is available: https://nlnetlabs.nl/downloads/nsd/nsd-4.11.0.tar.gz sha256 93956d90d45ffa9f84f8ca2f718a42105e4236d094ce032211849f1a12cdc158 pgp https://nlnetlabs.nl/downloads/nsd/nsd-4.11.0.tar.gz.asc Version 4.11.0 sees various small features and bugfixes. One notable feature is that configuration can be reloaded and evaluated on SIGHUP, when enabled with the new

Dear all, NSD 4.11.0rc1 pre-release is available: https://nlnetlabs.nl/downloads/nsd/nsd-4.11.0rc1.tar.gz sha256 7594d014199585c24f6593649bfc657078d411a3f09eb31192a35a7c031c028f pgp https://nlnetlabs.nl/downloads/nsd/nsd-4.11.0rc1.tar.gz.asc Version 4.11.0rc1 sees various small features and bugfixes. One notable feature is that configuration can be reloaded and evaluated on SIGHUP, when

http://bugzilla.mindrot.org/show_bug.cgi?id=732 Summary: Number of logins mandated by PAM doesn't work correctly Product: Portable OpenSSH Version: 3.7.1p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: PAM support AssignedTo: openssh-bugs at mindrot.org

Attached is a simple patch which allows an auth param 'shell=' like 'command=' When specified, sshd will use this shell instead of the one in /etc/passwd or the default shell. This patch allows you can have some chrooted shell (actually any shell) associated with a specific key. You could do this with command=, but then the command given to ssh will be ignored, and scp will not

Hi, In a mail about two weeks ago, I brought up an idea: --- How SSH makes this easier is that you only have to sync the authorized_keys2 database to root account's .ssh/ every time new admin comes in/leaves the house. This can even be automatized rather easily. A more modular hack would be using authorized_keys2 _directory_, and the keys in there would all be counted as authorized. Thus

Hi, We'd like to run sshd with a configuration morally equivilent to: # stuff ... AuthorizedKeysFile /var/db/keys-distributed-by-security-team/%u AuthorizedKeysFile %h/.ssh/authorized_keys # be backwards compatable for a bit longer yet AuthorizedKeysFile %h/.ssh/authorized_keys2 # more stuff ... The following patch (against the cvs source) turns the authorizedkeysfile statement in sshd.conf

On 2019/4/11 19:01, Yuval Shaia wrote: > Signed-off-by: Yuval Shaia <yuval.shaia at oracle.com> > --- > drivers/infiniband/Kconfig | 1 + > drivers/infiniband/hw/Makefile | 1 + > drivers/infiniband/hw/virtio/Kconfig | 6 + > drivers/infiniband/hw/virtio/Makefile | 4 + >

Signed-off-by: Yuval Shaia <yuval.shaia at oracle.com> --- drivers/infiniband/Kconfig | 1 + drivers/infiniband/hw/Makefile | 1 + drivers/infiniband/hw/virtio/Kconfig | 6 + drivers/infiniband/hw/virtio/Makefile | 4 + drivers/infiniband/hw/virtio/virtio_rdma.h | 40 + .../infiniband/hw/virtio/virtio_rdma_device.c | 59 ++

The primary purpose of the attached patches is for portable OpenSSH to support changing expired passwords as specified in shadow password files. To support that, I did a couple enhancements to the base OpenBSD OpenSSH code. They are: 1. Consolidated the handling of "forced_command" into a do_exec() function in session.c. These were being handled inconsistently and allocated

Signed-off-by: Yuval Shaia <yuval.shaia at oracle.com> --- hw/Kconfig | 1 + hw/rdma/Kconfig | 4 + hw/rdma/Makefile.objs | 2 + hw/rdma/virtio/virtio-rdma-ib.c | 287 ++++++++++++++++++++ hw/rdma/virtio/virtio-rdma-ib.h | 93 +++++++ hw/rdma/virtio/virtio-rdma-main.c

Hello all! I can see a strange problem during invite in dialog in the context of timer handling. Given is the following incoming call from provider at 8.195.88.234 (2 at 2) to my asterisk at 28.19.57.152 (1 at 1): After 900s suddenly *asterisk* starts the timer reinvite - I would have expected the reinvite started by the provider as usual. The expected reinvite by the provider is started

On 13/10/2017 08:03, Damien Miller wrote: > On Thu, 12 Oct 2017, Michael Felt wrote: > >> On 08/10/2017 23:32, Michael Felt wrote: >>> On 04/10/2017 11:07, Michael Felt wrote: >>>> I do not often use X11 - but when I do I prefer to enable >>>> X11forwarding, and when finished - turn it off. This is preferable, >>>> imho, to having

For some reasons the afs tokenforwarding stuff has changed siginificantly from v 2.9p2 to 2.9.9p2. This makes it impossible to use public key authenticication in a standart AFS environment. I don't know the reasons for these changes. In any case attached is a patch which restores the old behaviour. Regards Serge -- Serge Droz Paul Scherrer Institut mailto:serge.droz at

Hi, I am just migrating to Centos from fedora core 3. I have 3 boxes involved here: Box A --Fedora 3 (doing the dns, http, sendmail serving duties) Box B --CentOS Box C --CentOS I used to run root passwordless ssh both ways from boxes A and B mainly set up to keep the 2 boxes in sync w/rsync ... these 2 boxes normally ran one being the slave and the other being the master...the master did all

Hi ! I hacked together a couple of patches for Openssh 2.1.1p4 port forwarding. It is a one patch file that does the following two things: First: If the server is configured not to allow port forwardings it sends SSH_SMSG_FAILURE (protocol 1) while openssh client expects SSH_SMSG_SUCCESS. When the client gets the failure it exists with protocol error message. This patch will accept both failure

Hello! I'm facing ReInvites as caller from UAS despite configured session-timers=refuse (which can be seen in the SIP trace) always after 900s. (The behavior is the same if session-timers is set to accept). This just happens with one provider (German Telekom to callee at kabelbw). - The incoming ReInvite is answered immediately by asterisk (Status 100 / Status 200 - 0.02s). Media stream

Hi My name is Rocky and I am trying to use the org.Dm.eg.db library. When I am using the org.Dm.egFLYBASE2EG[fb_ids] it is stopping at a point where it cannot find any value for a given ID such as the following: Error in .checkKeys(value, Rkeys(x), x@ifnotfound) : value for "FBgn0004461" not found Then the whole thing stops. I cannot retrieve any information on the values that has been

hi all, I need to generate ssh authorize keys for a list of users hosted on different servers.the users are active and each one has its public key (id_rsa.pub) hosted in 1 server. now what i need to do is to generate the authorize keys from each of their public key. the key is easily generating if public key hosted on the Node but my problem is that all public keys are hosted in 1 machine with a