similar to: Logging of authorized keys

This is a follow-up on a thread from last year requesting that openssh indicate which authorized key was accepted during a login as opposed to just logging that a key was accepted... Here's the old message: It is possible for ~user/.ssh/authorized_keys to have multiple entries. It would be quite helpful if openssh would enhance the log to indicate WHICH key was

Hey everyone, Basically, I'm trying to figure out if I can configure sshd to require that the user has a key that has been signed by a trusted user CA *and* is listed separately as an authorised key (or the user has a signed key and a different authorised key)? The closest I've come is having an `authorized_keys` file have two entries consisting of the CA key and a normal key with

As background, I read: http://therowes.net/~greg/2011/03/23/ssh-trusted-ca-key/ http://www.ibm.com/developerworks/aix/library/au-sshsecurity/ http://bryanhinton.com/blog/openssh-security http://www.linuxhowtos.org/manpages/5/sshd_config.htm

Hi All, I noticed that if I put: AuthorizedKeysFile .ssh/authorized_keys in my sshd_config file, pub/priv key authentication no longer worked. I am using OpenSSH_5.4p1, OpenSSL 0.9.8n 24 Mar 2010 on Archlinux. Sam ****************** Here is my WORKING config ****************** Port 22 ListenAddress 0.0.0.0 Protocol 2 PermitRootLogin no PubkeyAuthentication yes #AuthorizedKeysFile

Hi List, Happy New Years and I was hoping to get some help on an ssh issue that I am having. For some reason I am unable to scp to hosts on this network using RSA keys. Here is what I am doing/what is going on; scp the public key to remote host [amandabackup at VIRTCENT18 ~]$ scp ~/.ssh/id_rsa_amdump.pub amandabackup at lb1:~ amandabackup at lb1's password: id_rsa_amdump.pub

hello list, I am attempting to ssh via a user account setup for amanda backups from the backup server to the test backup client. AFAIK everything is setup correctly yet when I ssh as the user to the client I have to type the password. the public key is in the authorized_keys file of the client and permissions all seem correct. Here is a verbose output of the ssh session [amandabackup at

I have a problem in ssh login without password Systems: vmware-centos 5.2: 192.168.0.4 vista copssh: 192.168.0.2 [192.168.0.4 $] ssh-keygen -t dsa [192.168.0.4 $] scp -p id_dsa.pub tester at 192.168.0.2:.ssh [192.168.0.2 $] cat .ssh/id_dsa.pub >> .ssh/authorized_keys [192.168.0.2 $] chmod 700 .ssh [192.168.0.2 $] chmod 600 .ssh/authorized_keys [192.168.0.4 $] ssh id at 192.168.0.2

http://bugzilla.mindrot.org/show_bug.cgi?id=1167 Summary: sftp fails to HP - UX os even when pubic keys are present in HP-UX Product: Portable OpenSSH Version: 3.7.1p2 Platform: Other OS/Version: HP-UX Status: NEW Keywords: help-wanted Severity: major Priority: P2 Component:

http://bugzilla.mindrot.org/show_bug.cgi?id=1168 Summary: sftp fails to HP - UX os even when pubic keys are present in HP-UX Product: Portable OpenSSH Version: 3.7.1p2 Platform: Other OS/Version: HP-UX Status: NEW Keywords: help-wanted Severity: major Priority: P2 Component:

http://bugzilla.mindrot.org/show_bug.cgi?id=1170 Summary: sftp fails to HP - UX os even when pubic keys are present in HP-UX Product: Portable OpenSSH Version: 3.7.1p2 Platform: Other OS/Version: HP-UX Status: NEW Keywords: help-wanted Severity: major Priority: P2 Component:

Hi - I have a problem that is driving me round the bend. I have installed Suse 9.3 (64-bit) and compiled Samba 3.0.14a from source. The server is going to be part of an ADS network so I have Kerberos working fine and I have joined the domain ('net ads testjoin' works fine). I have compiled and loaded the idmap_rid module and that seems to be working fine too. wbinfo -u gives me all the

Hi, I would like to be able to log the key/fingerprint/comment field or even line number (pick one) from the authorized_keys file of the account connected to. So I would get a syslog entry something like this... [ID 800047 auth.info] Accepted rsa <authorized_keys comment field> for ROOT from 127.0.0.1 port 34352 instead of [ID 800047 auth.info] Accepted rsa for ROOT from 127.0.0.1 port

Hello, The patch below allows one to configure not only files like "%h/.ssh/authorized_keys" to be used, but also patterns like "%h/.ssh/authorized_keys.d/*". This can be quite useful if somebody or something has to manage an above average number of keys, like when running a git server that determines the user based on the ssh key. (Like what they do at github.com, and what

Hey all, Having a weird ssh issue I'd like some opinions on. If I have my home directory mounted on the NFS server itself, I get permission denied when I try to ssh into it. The correct permissions and ownership are on the home directory, ssh directory and the authorized_users file. Here's what a verbose ssh session looks like: #ssh -v bluethundr at nfs1.example.com OpenSSH_6.2p2,

Hello I think I've found a bug but since no one replied to me on comp.security.ssh, I'll try my luck here. On my client, PreferredAuthentications is set to publickey,password. When using the commands option in authorized_keys file like command="ls" ssh-dss <key>... it is supposed to connect using the private key associated with <key>, perform ls and then quits.

Hello, I have a client machine and a server machine. I generated a pair of private-public rsa keys using ssh-keygen. On the client-machine, I uploaded my private key onto ~/.ssh/id_rsa On the server machine, I appended the content of the public key to .ssh/authorized_keys I can successfully connect from the client to the server with that config. However, on the client-side, if I add a

I just installed puppet on an ubuntu natty narwhal desktop and I''m getting the following error on one of my puppet classes: notice: //myclass/Ssh_authorized_key[adminuser]/ensure: created err: //myclass/Ssh_authorized_key[adminuser]: Could not evaluate: Cannot write SSH authorized keys without user ssh_authorized_key { "adminuser": ensure => present,

I don't see a way to do this currently (unless I am missing something) but I would like to be able to specify, that in order for a user to login, they need to use at least 1 public key from 2 separate key sources.? Specifically this would be when using "AuthenticationMethods publickey,publickey".? Right now requiring 2 public keys for authentication will allow 2 public keys from

File authorized_keys is unusable for mass key storage and manipulation. I wan to store keys in something like mysql server, but It will add big unwanted dependency to package. What if we use auth_rsa.c but instead search in file send key to some script and read sigle return value if key finded and empty if not. I think it will be very customizable. -- With Best Regards, Constantine

I have in the sshd_config the following to disable password authentication Match Group dummies PasswordAuthentication no KbdInteractive no Normally I use denyhosts to detect incorrect logins, but it seems that failed sshkey logins are not logged in auth.log And I really like to have them in order to detect them and use the denyhosts script. Looked in the last nightly builds, but it