Displaying 20 results from an estimated 7000 matches similar to: "splitting big authorized_keys files"
2006 Jan 19
3
ownership of authorized_keys
Hi,
I would like to make it impossible for users to change the
contents of the authorized_keys-file.
I just found out about the sshd_config setting:
AuthorizedKeysFile /etc/ssh/authorized_keys/%u
But even in that case that file has to be owned by the user,
unless I set ``StrictModes no'' which would allow other
nastyness. I would like to request that that file could also be
owned by
2007 Jul 13
1
Cygwin: store authorized_keys in /etc/ssh/user/authorized_keys?
Hi folks,
If I try to login on a Cygwin host via ssh, then my
.ssh on a network drive is unaccessible until I login.
I have to enter my password, even if my authorized_keys
would allow me to login without. This is fatal, since it
forces me to use an interactive session for working on a
Windows host. Unusable for automatic builds and tests
managed from a central machine, for example.
There is no
2010 Apr 02
2
AuthorizedKeysFile with default value prevents Public/Private key authentication
Hi All,
I noticed that if I put:
AuthorizedKeysFile .ssh/authorized_keys in my sshd_config file,
pub/priv key authentication no longer worked.
I am using OpenSSH_5.4p1, OpenSSL 0.9.8n 24 Mar 2010
on Archlinux.
Sam
****************** Here is my WORKING config ******************
Port 22
ListenAddress 0.0.0.0
Protocol 2
PermitRootLogin no
PubkeyAuthentication yes
#AuthorizedKeysFile
2010 Mar 30
3
[Bug 1747] New: AuthorizedKeysFile not working as advertised
https://bugzilla.mindrot.org/show_bug.cgi?id=1747
Summary: AuthorizedKeysFile not working as advertised
Product: Portable OpenSSH
Version: 5.4p1
Platform: Other
OS/Version: Linux
Status: NEW
Severity: major
Priority: P2
Component: sshd
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy:
2002 Apr 18
2
AuthorizedKeysFile
OpenSSH 3.1
Not really a bug, but an "undocumented feature".
The default sshd_config file show the default setting for AuthorizedKeysFile
as being:
AuthorizedKeysFile .ssh/authorized_keys
If you uncomment that default, it changes the "undocumented" setting for
"AuthorizedKeysFile2", which is by default:
AuthorizedKeysFile2 .ssh/authorized_keys2
2014 Dec 22
4
[Bug 2328] New: Per-user certificate revocation list (CRL) in authorized_keys
https://bugzilla.mindrot.org/show_bug.cgi?id=2328
Bug ID: 2328
Summary: Per-user certificate revocation list (CRL) in
authorized_keys
Product: Portable OpenSSH
Version: 6.7p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
2008 Nov 19
1
HELPA
I have a problem in ssh login without password
Systems: vmware-centos 5.2: 192.168.0.4 vista copssh: 192.168.0.2
[192.168.0.4 $] ssh-keygen -t dsa
[192.168.0.4 $] scp -p id_dsa.pub tester at 192.168.0.2:.ssh
[192.168.0.2 $] cat .ssh/id_dsa.pub >> .ssh/authorized_keys
[192.168.0.2 $] chmod 700 .ssh
[192.168.0.2 $] chmod 600 .ssh/authorized_keys
[192.168.0.4 $] ssh id at 192.168.0.2
2023 Nov 12
1
Match Principal enhancement
Hi OpenSSH devs,
I?m wondering if the following has any merit and can be done securely ...
If you could match on principals in the sshd_config, then (for example) on a gateway machine, you could have something like
/etc/ssh/authorized_keys/sshfwd:
cert-authority,principals=?batcha-fwd,batchb-fwd? ...
/etc/ssh/sshd_config containing:
Match User sshfwd
PubkeyAuthentication yes
2023 Nov 12
1
Match Principal enhancement
AFAIK everything you described here could be done using the
AuthorizedKeysCommand or AuthorizedPrincipalsCommand directives. These
can emit authorized_keys options (inc. permitopen) as well as the allowed
keys/principals.
On Sun, 12 Nov 2023, Bret Giddings wrote:
> Hi OpenSSH devs,
>
> I?m wondering if the following has any merit and can be done securely ...
>
> If you could
2016 Jul 09
2
SSH multi factor authentication
On Sat, Jul 9, 2016 at 10:30 AM, Ben Lindstrom <mouring at eviladmin.org> wrote:
> You'd do this by either moving the authorized_keys to another a root owned
> location using "AuthorizedKeysFile" (e.g. AuthorizedKeysFile
> /etc/ssh/keys/authorized_keys.%u). Or you use "AuthorizedKeysCommand" and
> put the keys into a "database" to reference
2010 Dec 31
2
happy new years ssh key problem :)
Hi List,
Happy New Years and I was hoping to get some help on an ssh issue
that I am having. For some reason I am unable to scp to hosts on this
network using RSA keys. Here is what I am doing/what is going on;
scp the public key to remote host
[amandabackup at VIRTCENT18 ~]$ scp ~/.ssh/id_rsa_amdump.pub amandabackup at lb1:~
amandabackup at lb1's password:
id_rsa_amdump.pub
2016 Oct 08
6
[Bug 2623] New: AuthorizedKeysFile split pub key and signature with tab `\t` not work.
https://bugzilla.mindrot.org/show_bug.cgi?id=2623
Bug ID: 2623
Summary: AuthorizedKeysFile split pub key and signature with
tab `\t` not work.
Product: Portable OpenSSH
Version: 7.3p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component:
2009 Jun 16
2
there should be an authorized_keys(5) man page
Hi.
On
http://openssh.org/manual.html
I think there should be
authorized_keys(5)
known_hosts(5)
Can an authorized_keys entry say something like
from=192.168.1.32,192.168.1.33 command=/bin/foo ...
or do I need to make a separate entry for each IP address?
Thanks
Dave
2015 Sep 07
1
[PATCH] customize: Create .ssh as 0700 and .ssh/authorized_keys as 0600 (RHBZ#1260778).
Both ssh-copy-id and ssh create .ssh as 0700. ssh-copy-id creates
.ssh/authorized_keys as 0600.
Thanks: Ryan Sawhill for finding the bug.
---
customize/ssh_key.ml | 4 ++--
src/guestfs.pod | 17 +++++++++++++++++
2 files changed, 19 insertions(+), 2 deletions(-)
diff --git a/customize/ssh_key.ml b/customize/ssh_key.ml
index 09664bf..dd6056f 100644
--- a/customize/ssh_key.ml
+++
2011 Nov 03
1
Help with CA Certificates for user authentication?
As background, I read:
http://therowes.net/~greg/2011/03/23/ssh-trusted-ca-key/
http://www.ibm.com/developerworks/aix/library/au-sshsecurity/
http://bryanhinton.com/blog/openssh-security
http://www.linuxhowtos.org/manpages/5/sshd_config.htm
2011 Dec 15
3
Retrieving authorized_keys via remote script
Here's a simple patch which retrieves authorized_keys via exec'ing a
program, rather than reading a flat file.
I added a simple option, AuthorizedKeysExec, to sshd_config which simply
executes the respective file, passing the username as argv[1].
Keys are returned via stdout.
Notes:
If AuthorizedKeysExec is set and an authorized_keys file exists,
checking the existing authorized_keys
2013 Jul 15
3
[Bug 2128] New: ssh-copy-id doesn't check if a public key already exists in a remote servers ~/.ssh/authorized_keys file
https://bugzilla.mindrot.org/show_bug.cgi?id=2128
Bug ID: 2128
Summary: ssh-copy-id doesn't check if a public key already
exists in a remote servers ~/.ssh/authorized_keys file
Product: Portable OpenSSH
Version: -current
Hardware: Other
OS: Other
Status: NEW
Severity: enhancement
2010 Mar 24
6
[Bug 1739] New: getcwd does not support size zero argument on Solaris
https://bugzilla.mindrot.org/show_bug.cgi?id=1739
Summary: getcwd does not support size zero argument on Solaris
Product: Portable OpenSSH
Version: 5.4p1
Platform: Sparc
OS/Version: Solaris
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: unassigned-bugs at mindrot.org
2010 Nov 22
9
[Bug 1841] New: Error message if key not first in authorized_keys file
https://bugzilla.mindrot.org/show_bug.cgi?id=1841
Summary: Error message if key not first in authorized_keys file
Product: Portable OpenSSH
Version: 5.6p1
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: unassigned-bugs at mindrot.org
2004 Mar 10
1
MAN pages: authorized_keys
Howdy,
I would like to suggest a change in the ssh documentation for the
use of authorized_keys. The man page states:
This file is not highly sensitive, but the recommended permissions are
read/write for the user, and not accessible by others.
I'm may be knit picking, but it could be read that, while not
recommended, it is possible to allow access to the authorized_keys file
to other