similar to: two factor authentication

[[Sending again, as for some strange reason it is not accepted]] Hello OpenSSH developers, I maintain external patch for PKCS#11 smartcard support into OpenSSH[1] , many users already apply and use this patch. I wish to know if anyone is interesting in working toward merging this into mainline. I had some discussion with Damien Miller, but then he disappeared. Having standard smartcard

Alon, On 12/18/2018 06:52 PM, Alon Bar-Lev wrote: > OK... So you have an issue... > > First, you need to delegate your smartcard to remote machine, probably > using unix socket redirection managed by openssh. This can be done in > many levels... > 1. Delegate USB device, this will enable only exclusive usage of the > smartcard by remote machine. > 2. Delegate PC/SC, this

Alon, I should have provided more background. You are assuming that I could perform the PKINIT prior to connecting to the SSH server. In this case (and others) there is an interest in not exposing the kerberos servers to the world and thus someone connecting remotely would not be able to obtain a TGT or do a PKINIT. The goal would be for SSH to handle all the auth and only after connecting to

http://bugzilla.mindrot.org/show_bug.cgi?id=1371 Summary: Add PKCS#11 (Smartcards) support into OpenSSH Product: Portable OpenSSH Version: 4.7p1 Platform: All URL: http://alon.barlev.googlepages.com/openssh-pkcs11 OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component:

Hello OpenSSH developers, A week ago I've posted a patch that enables openssh to work with PKCS#11 tokens. I didn't receive any comments regarding the patch or reply to my questions. In current software world, providing a security product that does not support standard interface for external cryptographic hardware makes the product obsolete. Please comment my patch, so I can know

I know OpenSSH currently supports PKCS11 devices (such as smartcards) for publickey authentication, but I would love to see PKCS11 extended further. It is currently possible to perform PKCS11 certificate authentication, via pam_krb5.so (on Linux at least and likely something similar on other *NIX) which allows smartcard auth to a Kerberos (including AD) server, where a TGT can also be granted.

Hi I have written a small introduction to newbies in Danish on ssh and friends. Now some people are questioning my advice and I think they have a point. I am advocating people to use DSA-keys and a config file with this: Protocol 2 ForwardAgent yes ForwardX11 yes Compression yes CompressionLevel 9 and running ssh-agent and ssh-add, and then loggin in without giving keys. One

Hello, PKCS#11 is a standard API interface that can be used in order to access cryptographic tokens. You can find the specification at http://www.rsasecurity.com/rsalabs/node.asp?id=2133, most smartcard and other cryptographic device vendors support PKCS#11, opensc also provides PKCS#11 interface. I can easily make the scard.c, scard-opensc.c and ssh-agent.c support PKCS#11. PKCS#11 is

Hello, The version 0.11 of "PKCS#11 support in OpenSSH" is published. Changes: 1. Updated against OpenSSH 4.3p2. 2. Modified against Roumen Petrov's X.509 patch (version 5.4), so self-signed certificates are treated by the X.509 patch now. 3. Added --pkcs11-x509-force-ssh if X.509 patch applied, until some issues with the X.509 patch are resolved. 4. Fixed issues with gcc-2. You

A non-text attachment was scrubbed... Name: use-public-keys-instead-of-certs-with-opensc.patch Type: text/x-diff Size: 5512 bytes Desc: enable the use of raw public keys on OpenSC-supported smartcards Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20080620/0fbcb856/attachment.bin -------------- next part -------------- A non-text attachment was scrubbed... Name: not

Hey all, on the distcc mailing list, a thread about load balancing got a bit out of hand, and we started thinking about moving fsh-like connection caching into ssh itself to get rid of the overhead of starting up the python interpreter to run rsh. (Interestingly, mit's "rex", described at http://www.lcs.mit.edu/publications/pubs/pdf/MIT-LCS-TR-884.pdf, considers connection caching

Jefferson Ogata's patch http://marc.info/?l=openssh-unix-dev&m=108134938701018&w=2 adds a multiple authentication methods option to sshd. I updated the patch to 4.7p1 and added logic to allow it to work with privilege separation. https://bugzilla.mindrot.org/show_bug.cgi?id=1435 -------------- next part -------------- A non-text attachment was scrubbed... Name:

Does anyone know what Martin used to generate the graphs in the HTB user guide? http://luxik.cdi.cz/~devik/qos/htb/manual/userg.htm Thanks! -Jacob _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

On Sat, 2020-02-22 at 10:50 -0600, Douglas E Engert wrote: > As a side note, OpenSC is looking at issues with using tokens vs > separate > readers and smart cards. The code paths in PKCS#11 differ. Removing a > card > from a reader leaves the pkcs#11 slot still available. Removing a > token (Yubikey) > removes both the reader and and its builtin smart card. Firefox has a >

Hi :-) We use ssh-agent for batch jobs. The jobs get the key from the ssh-agent over the envoirment variables. When we start many jobs at the same time, the agent dont give the key to the job. We have tracet the our script an see the follow: ... 26918: 0.0004 so_socket(PF_UNIX, SOCK_STREAM, 0, "", 1) = 13 26918: 0.0001 fcntl(13, F_SETFD, 0x00000001) = 0 26918: 0.0003 connect(13,

Hi I have a daemon application that binds and listens on a TCP socket. To add security, I'd like to embed ssh/sshd in my application to handle the encryption and authentication for me. How do you suggest I go about it? Regards, Jaco -- "The future belongs to those who believe in their dreams." -- Nelson Mandela

Hello, Attached is a patch to add support for an "include" file in ssh configs. It is written against openssh-5.2p1. ## ~/.ssh/config Include ~/.ssh/config.contrib ## end - Leading ~/ expands to $HOME according to getpwuid_r?. - Leading ~username expands to $HOME for username according to getpwnam_r. - Fallbacks to /home/$USER are implemented for when struct passwd.pw_dir is NULL?

According to the manpage: UseDNS Specifies whether sshd should look up the remote host name and check that the resolved host name for the remote IP address maps back to the very same IP address. The default is ``yes''. Thing is, while sshd *checks*, this doesn't actually control whether or not the client is allowed to connect, it seems at most to be an option that causes

>> I understand that that is not how scp works today.>And it will likely never change. Why not? Just because "That's how we've always not done it" doesn't sound like a very good reason to me. >> I'm suggesting that we make a minor change to how it works.>scp is maintained for compatibility reasons only, as I've understood>things. That's still

Hello everyone, I just wanted to see if anyone has experience running Xen on: Dell 2950 III 2 x Quad 2.0 Ghz 1333Mhz FSB 32 GB DDR2 (8x4GB) 2 Disk Perc RAID 1 (7200 RPM SAS) Broadcom Dual Gigabit Ethernet LOM & TOE The requirements of each VM are not that high (and are all identical). I just want to run remote desktop and 1 other application at any given time (either a web based IE