Displaying 20 results from an estimated 8000 matches similar to: "two factor authentication"
2007 Sep 25
9
OpenSSH PKCS#11merge
[[Sending again, as for some strange reason it is not accepted]]
Hello OpenSSH developers,
I maintain external patch for PKCS#11 smartcard support into
OpenSSH[1] , many users already apply and use this patch.
I wish to know if anyone is interesting in working toward merging this
into mainline.
I had some discussion with Damien Miller, but then he disappeared.
Having standard smartcard
2018 Dec 19
2
RFE: OpenSSH Support for PKCS11 Funneling to PAM for Kerberos/PKINIT
Alon,
On 12/18/2018 06:52 PM, Alon Bar-Lev wrote:
> OK... So you have an issue...
>
> First, you need to delegate your smartcard to remote machine, probably
> using unix socket redirection managed by openssh. This can be done in
> many levels...
> 1. Delegate USB device, this will enable only exclusive usage of the
> smartcard by remote machine.
> 2. Delegate PC/SC, this
2018 Dec 18
2
RFE: OpenSSH Support for PKCS11 Funneling to PAM for Kerberos/PKINIT
Alon,
I should have provided more background. You are assuming that I could
perform the PKINIT prior to connecting to the SSH server. In this case
(and others) there is an interest in not exposing the kerberos servers
to the world and thus someone connecting remotely would not be able to
obtain a TGT or do a PKINIT. The goal would be for SSH to handle all
the auth and only after connecting to
2007 Sep 29
64
[Bug 1371] New: Add PKCS#11 (Smartcards) support into OpenSSH
http://bugzilla.mindrot.org/show_bug.cgi?id=1371
Summary: Add PKCS#11 (Smartcards) support into OpenSSH
Product: Portable OpenSSH
Version: 4.7p1
Platform: All
URL: http://alon.barlev.googlepages.com/openssh-pkcs11
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P2
Component:
2005 Nov 01
3
PKCS#11 support for openssh
Hello OpenSSH developers,
A week ago I've posted a patch that enables openssh to work
with PKCS#11 tokens.
I didn't receive any comments regarding the patch or reply
to my questions.
In current software world, providing a security product that
does not support standard interface for external
cryptographic hardware makes the product obsolete.
Please comment my patch, so I can know
2018 Dec 18
2
RFE: OpenSSH Support for PKCS11 Funneling to PAM for Kerberos/PKINIT
I know OpenSSH currently supports PKCS11 devices (such as smartcards)
for publickey authentication, but I would love to see PKCS11 extended
further. It is currently possible to perform PKCS11 certificate
authentication, via pam_krb5.so (on Linux at least and likely something
similar on other *NIX) which allows smartcard auth to a Kerberos
(including AD) server, where a TGT can also be granted.
2004 Jul 13
10
vulnerability with ssh-agent
Hi
I have written a small introduction to newbies in Danish on ssh and
friends. Now some people are questioning my advice and I think they have
a point.
I am advocating people to use DSA-keys and a config file with this:
Protocol 2
ForwardAgent yes
ForwardX11 yes
Compression yes
CompressionLevel 9
and running ssh-agent and ssh-add, and then loggin in without giving
keys.
One
2005 Oct 05
2
ssh-agent add PKCS#11 support
Hello,
PKCS#11 is a standard API interface that can be used in
order to access cryptographic tokens. You can find the
specification at
http://www.rsasecurity.com/rsalabs/node.asp?id=2133, most
smartcard and other cryptographic device vendors support
PKCS#11, opensc also provides PKCS#11 interface.
I can easily make the scard.c, scard-opensc.c and
ssh-agent.c support PKCS#11.
PKCS#11 is
2006 May 27
2
[ANNOUNCE] PKCS#11 support in OpenSSH 4.3p2 (version 0.11)
Hello,
The version 0.11 of "PKCS#11 support in OpenSSH" is published.
Changes:
1. Updated against OpenSSH 4.3p2.
2. Modified against Roumen Petrov's X.509 patch (version
5.4), so self-signed certificates are treated by the X.509
patch now.
3. Added --pkcs11-x509-force-ssh if X.509 patch applied,
until some issues with the X.509 patch are resolved.
4. Fixed issues with gcc-2.
You
2008 Jun 20
2
OpenSC smartcard access should use raw public keys, not X.509 certificates
A non-text attachment was scrubbed...
Name: use-public-keys-instead-of-certs-with-opensc.patch
Type: text/x-diff
Size: 5512 bytes
Desc: enable the use of raw public keys on OpenSC-supported
smartcards
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20080620/0fbcb856/attachment.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not
2004 May 02
7
Connection caching?
Hey all,
on the distcc mailing list, a thread about load balancing
got a bit out of hand, and we started thinking about
moving fsh-like connection caching into ssh itself
to get rid of the overhead of starting up the python
interpreter to run rsh.
(Interestingly, mit's "rex", described at
http://www.lcs.mit.edu/publications/pubs/pdf/MIT-LCS-TR-884.pdf,
considers connection caching
2008 Feb 02
2
[PATCH] Requiring multiple auth mechanisms (updated)
Jefferson Ogata's patch
http://marc.info/?l=openssh-unix-dev&m=108134938701018&w=2 adds a
multiple authentication methods option to sshd. I updated the patch to
4.7p1 and added logic to allow it to work with privilege separation.
https://bugzilla.mindrot.org/show_bug.cgi?id=1435
-------------- next part --------------
A non-text attachment was scrubbed...
Name:
2005 Jan 25
3
graphing
Does anyone know what Martin used to generate the graphs in the HTB user guide?
http://luxik.cdi.cz/~devik/qos/htb/manual/userg.htm
Thanks!
-Jacob
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
2020 Feb 24
4
Re-adding PKCS#11 key in ssh-agent produces "agent refused operation" error.
On Sat, 2020-02-22 at 10:50 -0600, Douglas E Engert wrote:
> As a side note, OpenSC is looking at issues with using tokens vs
> separate
> readers and smart cards. The code paths in PKCS#11 differ. Removing a
> card
> from a reader leaves the pkcs#11 slot still available. Removing a
> token (Yubikey)
> removes both the reader and and its builtin smart card. Firefox has a
>
2004 Dec 21
3
ssh-agent
Hi :-)
We use ssh-agent for batch jobs.
The jobs get the key from the ssh-agent over the envoirment variables.
When we start many jobs at the same time, the agent dont give the key to
the job.
We have tracet the our script an see the follow:
...
26918: 0.0004 so_socket(PF_UNIX, SOCK_STREAM, 0, "", 1) = 13
26918: 0.0001 fcntl(13, F_SETFD, 0x00000001) = 0
26918: 0.0003 connect(13,
2005 Nov 10
2
Encrypted daemon socket communication
Hi
I have a daemon application that binds and listens on a TCP socket. To add
security, I'd like to embed ssh/sshd in my application to handle the
encryption and authentication for me. How do you suggest I go about it?
Regards,
Jaco
--
"The future belongs to those who believe in their dreams."
-- Nelson Mandela
2009 Mar 24
1
[PATCH] "Include" option for ssh configs
Hello,
Attached is a patch to add support for an "include" file in ssh configs. It is
written against openssh-5.2p1.
## ~/.ssh/config
Include ~/.ssh/config.contrib
## end
- Leading ~/ expands to $HOME according to getpwuid_r?.
- Leading ~username expands to $HOME for username according to getpwnam_r.
- Fallbacks to /home/$USER are implemented for when struct passwd.pw_dir is
NULL?
2010 Aug 21
2
What's the point of UseDNS?
According to the manpage:
UseDNS Specifies whether sshd should look up the remote host name and
check that the resolved host name for the remote IP address maps back to
the very same IP address. The default is ``yes''.
Thing is, while sshd *checks*, this doesn't actually control whether or
not the client is allowed to connect, it seems at most to be an option
that causes
2007 Oct 10
1
Re: scp -t . - possible idea for additional parameter
>> I understand that that is not how scp works today.>And it will likely never change.
Why not? Just because "That's how we've always not done it" doesn't sound like a very good reason to me.
>> I'm suggesting that we make a minor change to how it works.>scp is maintained for compatibility reasons only, as I've understood>things.
That's still
2008 Aug 25
3
Dell 2950 III for Xen virtualization
Hello everyone,
I just wanted to see if anyone has experience running Xen on:
Dell 2950 III
2 x Quad 2.0 Ghz 1333Mhz FSB
32 GB DDR2 (8x4GB)
2 Disk Perc RAID 1 (7200 RPM SAS)
Broadcom Dual Gigabit Ethernet LOM & TOE
The requirements of each VM are not that high (and are all identical).
I just want to run remote desktop and 1 other application at any
given time (either a web based IE