similar to: splitting big authorized_keys files

Hi, I would like to make it impossible for users to change the contents of the authorized_keys-file. I just found out about the sshd_config setting: AuthorizedKeysFile /etc/ssh/authorized_keys/%u But even in that case that file has to be owned by the user, unless I set ``StrictModes no'' which would allow other nastyness. I would like to request that that file could also be owned by

Hi folks, If I try to login on a Cygwin host via ssh, then my .ssh on a network drive is unaccessible until I login. I have to enter my password, even if my authorized_keys would allow me to login without. This is fatal, since it forces me to use an interactive session for working on a Windows host. Unusable for automatic builds and tests managed from a central machine, for example. There is no

Hi All, I noticed that if I put: AuthorizedKeysFile .ssh/authorized_keys in my sshd_config file, pub/priv key authentication no longer worked. I am using OpenSSH_5.4p1, OpenSSL 0.9.8n 24 Mar 2010 on Archlinux. Sam ****************** Here is my WORKING config ****************** Port 22 ListenAddress 0.0.0.0 Protocol 2 PermitRootLogin no PubkeyAuthentication yes #AuthorizedKeysFile

https://bugzilla.mindrot.org/show_bug.cgi?id=1747 Summary: AuthorizedKeysFile not working as advertised Product: Portable OpenSSH Version: 5.4p1 Platform: Other OS/Version: Linux Status: NEW Severity: major Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy:

OpenSSH 3.1 Not really a bug, but an "undocumented feature". The default sshd_config file show the default setting for AuthorizedKeysFile as being: AuthorizedKeysFile .ssh/authorized_keys If you uncomment that default, it changes the "undocumented" setting for "AuthorizedKeysFile2", which is by default: AuthorizedKeysFile2 .ssh/authorized_keys2

https://bugzilla.mindrot.org/show_bug.cgi?id=2328 Bug ID: 2328 Summary: Per-user certificate revocation list (CRL) in authorized_keys Product: Portable OpenSSH Version: 6.7p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd

I have a problem in ssh login without password Systems: vmware-centos 5.2: 192.168.0.4 vista copssh: 192.168.0.2 [192.168.0.4 $] ssh-keygen -t dsa [192.168.0.4 $] scp -p id_dsa.pub tester at 192.168.0.2:.ssh [192.168.0.2 $] cat .ssh/id_dsa.pub >> .ssh/authorized_keys [192.168.0.2 $] chmod 700 .ssh [192.168.0.2 $] chmod 600 .ssh/authorized_keys [192.168.0.4 $] ssh id at 192.168.0.2

Hi OpenSSH devs, I?m wondering if the following has any merit and can be done securely ... If you could match on principals in the sshd_config, then (for example) on a gateway machine, you could have something like /etc/ssh/authorized_keys/sshfwd: cert-authority,principals=?batcha-fwd,batchb-fwd? ... /etc/ssh/sshd_config containing: Match User sshfwd PubkeyAuthentication yes

AFAIK everything you described here could be done using the AuthorizedKeysCommand or AuthorizedPrincipalsCommand directives. These can emit authorized_keys options (inc. permitopen) as well as the allowed keys/principals. On Sun, 12 Nov 2023, Bret Giddings wrote: > Hi OpenSSH devs, > > I?m wondering if the following has any merit and can be done securely ... > > If you could

On Sat, Jul 9, 2016 at 10:30 AM, Ben Lindstrom <mouring at eviladmin.org> wrote: > You'd do this by either moving the authorized_keys to another a root owned > location using "AuthorizedKeysFile" (e.g. AuthorizedKeysFile > /etc/ssh/keys/authorized_keys.%u). Or you use "AuthorizedKeysCommand" and > put the keys into a "database" to reference

Hi List, Happy New Years and I was hoping to get some help on an ssh issue that I am having. For some reason I am unable to scp to hosts on this network using RSA keys. Here is what I am doing/what is going on; scp the public key to remote host [amandabackup at VIRTCENT18 ~]$ scp ~/.ssh/id_rsa_amdump.pub amandabackup at lb1:~ amandabackup at lb1's password: id_rsa_amdump.pub

https://bugzilla.mindrot.org/show_bug.cgi?id=2623 Bug ID: 2623 Summary: AuthorizedKeysFile split pub key and signature with tab `\t` not work. Product: Portable OpenSSH Version: 7.3p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component:

Hi. On http://openssh.org/manual.html I think there should be authorized_keys(5) known_hosts(5) Can an authorized_keys entry say something like from=192.168.1.32,192.168.1.33 command=/bin/foo ... or do I need to make a separate entry for each IP address? Thanks Dave

Both ssh-copy-id and ssh create .ssh as 0700. ssh-copy-id creates .ssh/authorized_keys as 0600. Thanks: Ryan Sawhill for finding the bug. --- customize/ssh_key.ml | 4 ++-- src/guestfs.pod | 17 +++++++++++++++++ 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/customize/ssh_key.ml b/customize/ssh_key.ml index 09664bf..dd6056f 100644 --- a/customize/ssh_key.ml +++

As background, I read: http://therowes.net/~greg/2011/03/23/ssh-trusted-ca-key/ http://www.ibm.com/developerworks/aix/library/au-sshsecurity/ http://bryanhinton.com/blog/openssh-security http://www.linuxhowtos.org/manpages/5/sshd_config.htm

Here's a simple patch which retrieves authorized_keys via exec'ing a program, rather than reading a flat file. I added a simple option, AuthorizedKeysExec, to sshd_config which simply executes the respective file, passing the username as argv[1]. Keys are returned via stdout. Notes: If AuthorizedKeysExec is set and an authorized_keys file exists, checking the existing authorized_keys

https://bugzilla.mindrot.org/show_bug.cgi?id=2128 Bug ID: 2128 Summary: ssh-copy-id doesn't check if a public key already exists in a remote servers ~/.ssh/authorized_keys file Product: Portable OpenSSH Version: -current Hardware: Other OS: Other Status: NEW Severity: enhancement

https://bugzilla.mindrot.org/show_bug.cgi?id=1739 Summary: getcwd does not support size zero argument on Solaris Product: Portable OpenSSH Version: 5.4p1 Platform: Sparc OS/Version: Solaris Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org

https://bugzilla.mindrot.org/show_bug.cgi?id=1841 Summary: Error message if key not first in authorized_keys file Product: Portable OpenSSH Version: 5.6p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org

Howdy, I would like to suggest a change in the ssh documentation for the use of authorized_keys. The man page states: This file is not highly sensitive, but the recommended permissions are read/write for the user, and not accessible by others. I'm may be knit picking, but it could be read that, while not recommended, it is possible to allow access to the authorized_keys file to other