similar to: ssh only with password

Displaying 20 results from an estimated 6000 matches similar to: "ssh only with password"

2015 Apr 22
2
shared private key
On Wed, Apr 22, 2015 at 10:55 AM, ?ngel Gonz?lez <keisial at gmail.com> wrote: > On 22/04/15 16:42, Reuben Hawkins wrote: >> >> Hi SSH-devs, >> >> This may be a bit off topic for this list, but.... >> >> Would it be ok to share a private key in an installer script so long >> as the corresponding public key is setup like this... >> >>
2015 Feb 17
2
matching on client public key
As I understand currently there is no way in sshd_config to match based on the client public key so different configuration for the same username can be applied depending on the key, right? My case is a backup login that needs to run as a root to access all the files and where I want to use ForceCommand to allow the login only to execute a particular command and yet still allow normal root
2016 Mar 22
4
ssh-copy-id no newline bug
Michael Stone <mstone at mathom.us> writes: > On Sun, Mar 20, 2016 at 08:30:33PM +0000, Colin Watson wrote: >>How about something like: >> >> if [ "$(sed -n '${s/.*//;p}' ~/.ssh/authorized_keys | wc -l)" = 0 ]; then >> echo >> ~/.ssh/authorized_keys >> fi >> >>I feel like there must be a neater but still portable way
2015 Apr 22
3
shared private key
On Wed, Apr 22, 2015 at 1:53 PM, Gert Doering <gert at greenie.muc.de> wrote: > Hi, > > On Wed, Apr 22, 2015 at 01:26:06PM -0700, Reuben Hawkins wrote: >> Let me know if I'm missing something. :) > > Signed keys from a common CA? I don't think the signed key helps in my particular case (I may be wrong, if so please correct me). I'm working on a management
2016 Dec 19
5
Do people use HostbasedAuthentication?
Do people actually use HostbasedAuthentication? It needs several steps to enable and generally seems quite arcane by now. I wonder if this is something that could be trimmed away... -- Christian "naddy" Weisgerber naddy at mips.inka.de
2001 May 17
5
AIX SSH 2.x ssh and /etc/ftpusers rcp rlogin WRONG !
IF ssh is a replacement for rlogin,rsh etc I can accept it respecting rlogin=false as rlogin does and rsh does not, however scp is a replacement for rcp, and rcp does NOT use rlogin attribute, so the implementation is NOT standard as scp fails if rlogin=false, but rcp succeeds, as documented. thanks mark
2006 Sep 21
5
Testing for the 4.4p1 release, round 2
Hi all. As most of you know, we are preparing OpenSSH 4.4p1 for release. We have had one round of testing and I would like to thank all who responded. We believe that most of the problems reported have been resolved. If you are so inclined, we would appreciate a quick retest to ensure that the fixed ones remain fixed and the working ones remain working. Of the problems identitified, I am only
2017 May 18
2
feature request: use HOME before getpwnam() in misc.c
it's really^3 annoying that no matter the value of $HOME, that tilde_expand_filename() only looks at getpwnam() and friends instead of at least trying getenv("HOME"). What is the use case? HOME=longpath_to_config1 ssh -i ~/.ssh/key1 HOME=longpath_to_config2 ssh -i ~/.ssh/key2 but getpwnam() defeats this by always accessing what's in the passwd file. So .ssh/known_hosts is
2012 Apr 30
5
Transferring file to local machine when SSHing into a foreign box
One can log into a remote shell via SSH, and one can use an FTP application to log in via SFTP using the same credentials over SSH. Why then, can one not initiate a file transfer from the remote host to the local host when logged into a shell via SSH? I know that I could use scp or rsync to move the files, but the requires authenticating which is not something that I can always do from the host.
2002 Mar 06
2
Compatibility issue: OpenSSH v2.3.0p1 vs. 3.0.2: RSA keys
Hello, I think I found a problem that should not happen: An OpenSSH client v3.0.2 on Solaris and an OpenSSH server 2.3.0p1 on HP- UX had a problem when authenticating: Password login worked fine, but a password for an existing and configured RSA1 key was never asked, the key never tried. It always fell back to plain password authentication. After fiddling with the client configuration
2014 Jun 23
2
ListenAdress Exclusion
I was wondering what everyone's thoughts were on a simpler way to exclude addresses from having listeners on them. I know a lot of people have multiple subnets, especially larger corporations. Some networks are non-route-able, and therefor unsuitable for use with SSH, aside from communication between other servers on the same subnet. Given that we may want to exclude those non-route-able
2009 Jan 23
4
sshd exponential backoff patch
hi, I wrote a patch to openssh sshd.c which enables "exponential backoff", so that an attacker cannot brute force your password by making hundreds of login attempts. here is the code: http://sam.nipl.net/sshd-backoff/ An attacker who fails to login is locked out (by IP address) for 1 minute, and the lockout period doubles for each failed login after that. Normally three logins are
2001 Feb 19
1
Portable OpenSSH 2.5.1p1
Portable OpenSSH 2.5.1p1 has just been uploaded. It will be available from the mirrors listed at http://www.openssh.com/portable.html shortly. OpenSSH is a 100% complete SSH 1.3 & 1.5 protocol implementation and a 99% SSH 2 protocol implementation, including sftp client and server support. This release contains many portability bug-fixes (listed in the ChangeLog) as well as several new
2001 Feb 19
1
Portable OpenSSH 2.5.1p1
Portable OpenSSH 2.5.1p1 has just been uploaded. It will be available from the mirrors listed at http://www.openssh.com/portable.html shortly. OpenSSH is a 100% complete SSH 1.3 & 1.5 protocol implementation and a 99% SSH 2 protocol implementation, including sftp client and server support. This release contains many portability bug-fixes (listed in the ChangeLog) as well as several new
2016 Mar 08
2
Need Help to Fix CVE-2008-1483, CVE-2008-5161, CVE-2015-5600 and CVE-2015-6565
Hi Gert, Thanks for your reply. But we can't upgrade to 7.2 version also we don't have plan to upgrade in near future. Can I fix these vulnerabilities in the current version? Regards Abhishek On Tue, Mar 8, 2016 at 6:42 PM, Gert Doering <gert at greenie.muc.de> wrote: > Hi, > > On Tue, Mar 08, 2016 at 06:14:01PM +0530, abhi dhiman wrote: > > Actually I am working
2004 Jul 06
4
AIX and zlib
I noticed that AIX now comes with a version of zlib installed in /usr. (I'm working on 5.2) My first inclination was to simply uninstall it and use the one we compile (and put in /usr/local). However, IBM has made zlib part of the RPM package itself! So, I cannot uninstall it without removing RPM.... Next, I tried passing --with-zlib=/usr/local to configure for ssh. This seems to work, but
2014 Dec 22
9
Dealing with roaming machines
Hey folks, As most of everyone, I use OpenSSH for almost everything and whenever I can: backups, sync, Git, configuration management, and of course console sessions. So much for an intro ;) My laptop and I roam between three networks, though sometimes I leave the laptop at the office overnight, or hop over to the third site for an hour or two. I'd like to find a way to configure OpenSSH (or
2001 Jun 27
2
OpenSSH, Cygwin, eXceed, and SIGINT
All, When logging into an HP-UX 10.2 system from a Windows NT machine running Cygwin and openssh 2.9p2, control-c sends a sigint to the ssh client on the NT system, thus killing the ssh process. Interestingly enough, this behavior is only observed when using X11 forwarding. I can eliminate the behavior by changing clientloop.c to ignore SIGINT (signal(SIGINT, SIG_IGN) ) but then I'm bak to
2016 Feb 17
2
Using 'ForceCommand' Option
I would like to implement an arbitrary script to be executed when logging on via SSH. This is supposedly possible using the ForceCommand option to sshd. However, as soon as I implement any script, even as simple as echoing a string, clients can no longer connect to the server. Clients report only that the connection was dropped by the server. The server, in debug mode, shows: Feb 17 16:14:01
2017 Oct 17
2
Status of OpenSSL 1.1 support
Hi, On Tue, Oct 17, 2017 at 05:54:52AM -0600, The Doctor wrote: > The best solution is if (LIBRESSL) || (OPENSSL < 1010...) > > Else > > Whatever. > > Is that too much work? Littering code with #ifdef is almost never a good idea. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert