similar to: ssh only with password

On Wed, Apr 22, 2015 at 10:55 AM, ?ngel Gonz?lez <keisial at gmail.com> wrote: > On 22/04/15 16:42, Reuben Hawkins wrote: >> >> Hi SSH-devs, >> >> This may be a bit off topic for this list, but.... >> >> Would it be ok to share a private key in an installer script so long >> as the corresponding public key is setup like this... >> >>

As I understand currently there is no way in sshd_config to match based on the client public key so different configuration for the same username can be applied depending on the key, right? My case is a backup login that needs to run as a root to access all the files and where I want to use ForceCommand to allow the login only to execute a particular command and yet still allow normal root

Michael Stone <mstone at mathom.us> writes: > On Sun, Mar 20, 2016 at 08:30:33PM +0000, Colin Watson wrote: >>How about something like: >> >> if [ "$(sed -n '${s/.*//;p}' ~/.ssh/authorized_keys | wc -l)" = 0 ]; then >> echo >> ~/.ssh/authorized_keys >> fi >> >>I feel like there must be a neater but still portable way

On Wed, Apr 22, 2015 at 1:53 PM, Gert Doering <gert at greenie.muc.de> wrote: > Hi, > > On Wed, Apr 22, 2015 at 01:26:06PM -0700, Reuben Hawkins wrote: >> Let me know if I'm missing something. :) > > Signed keys from a common CA? I don't think the signed key helps in my particular case (I may be wrong, if so please correct me). I'm working on a management

Do people actually use HostbasedAuthentication? It needs several steps to enable and generally seems quite arcane by now. I wonder if this is something that could be trimmed away... -- Christian "naddy" Weisgerber naddy at mips.inka.de

IF ssh is a replacement for rlogin,rsh etc I can accept it respecting rlogin=false as rlogin does and rsh does not, however scp is a replacement for rcp, and rcp does NOT use rlogin attribute, so the implementation is NOT standard as scp fails if rlogin=false, but rcp succeeds, as documented. thanks mark

Hi all. As most of you know, we are preparing OpenSSH 4.4p1 for release. We have had one round of testing and I would like to thank all who responded. We believe that most of the problems reported have been resolved. If you are so inclined, we would appreciate a quick retest to ensure that the fixed ones remain fixed and the working ones remain working. Of the problems identitified, I am only

it's really^3 annoying that no matter the value of $HOME, that tilde_expand_filename() only looks at getpwnam() and friends instead of at least trying getenv("HOME"). What is the use case? HOME=longpath_to_config1 ssh -i ~/.ssh/key1 HOME=longpath_to_config2 ssh -i ~/.ssh/key2 but getpwnam() defeats this by always accessing what's in the passwd file. So .ssh/known_hosts is

One can log into a remote shell via SSH, and one can use an FTP application to log in via SFTP using the same credentials over SSH. Why then, can one not initiate a file transfer from the remote host to the local host when logged into a shell via SSH? I know that I could use scp or rsync to move the files, but the requires authenticating which is not something that I can always do from the host.

Hello, I think I found a problem that should not happen: An OpenSSH client v3.0.2 on Solaris and an OpenSSH server 2.3.0p1 on HP- UX had a problem when authenticating: Password login worked fine, but a password for an existing and configured RSA1 key was never asked, the key never tried. It always fell back to plain password authentication. After fiddling with the client configuration

I was wondering what everyone's thoughts were on a simpler way to exclude addresses from having listeners on them. I know a lot of people have multiple subnets, especially larger corporations. Some networks are non-route-able, and therefor unsuitable for use with SSH, aside from communication between other servers on the same subnet. Given that we may want to exclude those non-route-able

hi, I wrote a patch to openssh sshd.c which enables "exponential backoff", so that an attacker cannot brute force your password by making hundreds of login attempts. here is the code: http://sam.nipl.net/sshd-backoff/ An attacker who fails to login is locked out (by IP address) for 1 minute, and the lockout period doubles for each failed login after that. Normally three logins are

Portable OpenSSH 2.5.1p1 has just been uploaded. It will be available from the mirrors listed at http://www.openssh.com/portable.html shortly. OpenSSH is a 100% complete SSH 1.3 & 1.5 protocol implementation and a 99% SSH 2 protocol implementation, including sftp client and server support. This release contains many portability bug-fixes (listed in the ChangeLog) as well as several new

Portable OpenSSH 2.5.1p1 has just been uploaded. It will be available from the mirrors listed at http://www.openssh.com/portable.html shortly. OpenSSH is a 100% complete SSH 1.3 & 1.5 protocol implementation and a 99% SSH 2 protocol implementation, including sftp client and server support. This release contains many portability bug-fixes (listed in the ChangeLog) as well as several new

Hi Gert, Thanks for your reply. But we can't upgrade to 7.2 version also we don't have plan to upgrade in near future. Can I fix these vulnerabilities in the current version? Regards Abhishek On Tue, Mar 8, 2016 at 6:42 PM, Gert Doering <gert at greenie.muc.de> wrote: > Hi, > > On Tue, Mar 08, 2016 at 06:14:01PM +0530, abhi dhiman wrote: > > Actually I am working

I noticed that AIX now comes with a version of zlib installed in /usr. (I'm working on 5.2) My first inclination was to simply uninstall it and use the one we compile (and put in /usr/local). However, IBM has made zlib part of the RPM package itself! So, I cannot uninstall it without removing RPM.... Next, I tried passing --with-zlib=/usr/local to configure for ssh. This seems to work, but

Hey folks, As most of everyone, I use OpenSSH for almost everything and whenever I can: backups, sync, Git, configuration management, and of course console sessions. So much for an intro ;) My laptop and I roam between three networks, though sometimes I leave the laptop at the office overnight, or hop over to the third site for an hour or two. I'd like to find a way to configure OpenSSH (or

All, When logging into an HP-UX 10.2 system from a Windows NT machine running Cygwin and openssh 2.9p2, control-c sends a sigint to the ssh client on the NT system, thus killing the ssh process. Interestingly enough, this behavior is only observed when using X11 forwarding. I can eliminate the behavior by changing clientloop.c to ignore SIGINT (signal(SIGINT, SIG_IGN) ) but then I'm bak to

I would like to implement an arbitrary script to be executed when logging on via SSH. This is supposedly possible using the ForceCommand option to sshd. However, as soon as I implement any script, even as simple as echoing a string, clients can no longer connect to the server. Clients report only that the connection was dropped by the server. The server, in debug mode, shows: Feb 17 16:14:01

Hi, On Tue, Oct 17, 2017 at 05:54:52AM -0600, The Doctor wrote: > The best solution is if (LIBRESSL) || (OPENSSL < 1010...) > > Else > > Whatever. > > Is that too much work? Littering code with #ifdef is almost never a good idea. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert