similar to: Controlling ssh from an external program

https://bugzilla.mindrot.org/show_bug.cgi?id=69 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org Alias| |generalised-askpass -- Configure bugmail:

The included patch adds a new option to the ssh client: -d fd Read the password from file descriptor fd. If you use 0 for fd, the passphrase will be read from stdin. This is basically the same as GPG:s parameter --passphrase-fd. Flames about why this is a bad idea goes into /dev/null. I really need to do this. There are lots of ugly Expect-hacks out there, but I want a more clean

On 06.07.23 23:37, MCMANUS, MICHAEL P wrote:> So changing the forced command as stated will break the application. I > would need to create a test bed to simulate the listener rather than > use the server as is, where is. That may produce false or misleading > results. Since the forced command is tied to the specific keypair in the authorized_keys, you could -- test with a different

On Tue, Jan 02, 2024 at 03:52:29PM +1100, Damien Miller wrote: > On Mon, 1 Jan 2024, Christian Weisgerber wrote: > > > Chris Green: > > > > > Setting SSH_ASKPASS_REQUIRE=never in the environment on my xubuntu > > > 23.10 system doesn't seem to work. I have set it:- > > > > > > chris$ env | grep SSH > > >

Hello, I am testing mail_crypt plugin with per account encryption and wanted to generate a new keypair for an account but noticed that I now end up with 2 keypairs where one is active and the other inactive as you can see below: $ doveadm mailbox cryptokey list -u email at domain.tld -U Folder Active Public ID yes 7b140b4f3d6d68eed2c59259ac5e6f6a280dc82990292dc415b4100d6c797f67

Hi all, just I tried to upgrade openssh from 3.5p1 to 3.6.1p2 on Reliant Unix 5.45 and run into this error: root at soltest: tail /var/adm/log/messages .... May 23 15:45:28 soltest unix: sshd[4013]: Accepted password for root from 10.128.11.72 port 2624 ssh2 May 23 15:45:28 soltest unix: sshd[4101]: error: setsid: Not owner May 23 15:45:28 soltest unix: sshd[4101]: error: open /dev/tty failed -

Dear All, I just tried to use 8192bit keypair for Tinc VPN connection. The connection is unable to build up. After reduce the bit of keypair from 8192bit to 4096bit. Everything is resumed to normal. How large of public/private RSA keypair can support for TINC VPN 1.0.22 on Windows platform? Regards, ERIC P Please consider your environmental responsibility. Before printing this e-mail

Hi Chris, > There's a couple of headless systems on the LAN where login security > is important to me and I've been thinking about the relative merits of > password and public-key authentication. > <snip> At home, I have a smaller LAN than you, but at $DAYJOB I work with much bigger fleets. Whether at home or work, everything is Linux-based, and OpenSSH is the primary

Is any of the password schemes supported or is there a reason you chose pkcs5? 4. Sep. 2019, 08:45 von aki.tuomi at open-xchange.com: > > It should pick up the password used by the user, there is a caveat here though. The keypair is created on first use, so password will be initialized to empty string going thru pkcs5. This is slightly inconvenient. > > > To avoid

http://bugzilla.mindrot.org/show_bug.cgi?id=1155 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- BugsThisDependsOn| |1218 Bug 1155 depends on bug 1218, which changed state. Bug 1218 Summary: GSSAPI client code permits SPNEGO usage

In the u2f protocol, my understanding is in the normal case, the web browser seeds the keypair process with the hostname of the remote server. In the case of ssh, the hostname is probably not what I would want to do. But the u2f protocol seems to have a way to handle this. It just needs to be exposed to the user. The content of the private keyfile in ssh is generated somehow. Where is that done?

Hello folks, I am new here, so please be gentle :), and any help will be appreciated. Essentially what I am trying to do is, to use Jsch ( the java implementation of SSH client). it has support for Public key based authentication. Since there is a requirement for FIPS enablement, we are trying to use the Algorithm SHA256withRSA, instead of SHA1withRSA. When the code tries to verify the

Do I have to replace the "password" part with the actual password or can I just copy it like that? Will dovecot create the keypair automatically or do I have to use doveadm? 4. Sep. 2019, 08:33 von aki.tuomi at open-xchange.com: > > > > On 4.9.2019 9.21, **** **** via dovecot wrote: > >> Hello there, >> >> is there a way to make the

Hi, When people try and break into my system from the internet I get lots of messages like: Nov 14 19:08:13 rook sshd[6333]: Failed password for invalid user guest from 210.83.48.238 port 40811 ssh2 Nov 14 19:08:19 rook sshd[6338]: Invalid user admin from 210.83.48.238 Nov 14 19:08:19 rook sshd[6338]: Failed password for invalid user admin from 210.83.48.238 port 40920 ssh2 Nov 14 19:08:24 rook

I [1]reported a problem on 5-April-2005 about a problem with the 4.0p1 version and remote port forwarding to SSH 2.4.0 servers. I provided a patch for the problem but [2]was told that no more patches were being considered until 4.1 was released and that I should attach my patch to a new Bugzilla bug. This [3]I did. Is there any chance it will be included in the next release? 1.

When using openssh with a u2f key, you generate a key via: ssh-keygen -t ecdsa-sk Each time you run it, it gives a different key pair. (Randomly seeming). A differently generated key pair is not valid with the first's public key. All good so far, but you run into a problem if: You generate a keypair (A). You register your public key for (A) on a bunch of ssh servers. You take

On Mon, Oct 21, 2024 at 08:50:44PM +0000, Tim Rice via openssh-unix-dev wrote: > Hi Chris, > > > What do you mean by "keypair authentication"? > > That's the authentication you use when you have ssh-keygen provide you > with a private key and a public key, and distribute the public key to all > the different authorized_keys files. > But he says not to

Hi, all. So, in reviewing my OpenSSH keypairs and evaluating the size my RSA keys should be, i realized that, if i update my 2048-bit keypairs to 4096 bits, it really doesn't matter that much, because they're still only encrypted with 3DES, which provides an effective 112 bits of symmetric encryption strength: $ head -4 ~/.ssh/id_rsa -----BEGIN RSA PRIVATE KEY----- Proc-Type:

Hello, I have been having issues with x11 forwarding using my linux-mandrake based servers. I checked my XAUTHORITY variable and it was set to ~/.Xauthority ... After reading the mail archives, I found the /tmp/ssh* directory created during my ssh session, and did this: export XAUTHORITY="/tmp/ssh-hzuA1805/cookies" xeyes ...and the X11 forwarding worked! I'm using the

> Technically creating and encrypting folder key does not > require decrypting user's private key. All folder keys > are encrypted with user's public key. Problem is for that this is a new user. The new user has no private key. I need for generating that private key. It do not the sense encrypts something using a key public if there is no private key. Both key public and private