similar to: [RFC]: OpenSSH vpn lists

Hi OpenSSH devs, I?m wondering if the following has any merit and can be done securely ... If you could match on principals in the sshd_config, then (for example) on a gateway machine, you could have something like /etc/ssh/authorized_keys/sshfwd: cert-authority,principals=?batcha-fwd,batchb-fwd? ... /etc/ssh/sshd_config containing: Match User sshfwd PubkeyAuthentication yes

AFAIK everything you described here could be done using the AuthorizedKeysCommand or AuthorizedPrincipalsCommand directives. These can emit authorized_keys options (inc. permitopen) as well as the allowed keys/principals. On Sun, 12 Nov 2023, Bret Giddings wrote: > Hi OpenSSH devs, > > I?m wondering if the following has any merit and can be done securely ... > > If you could

Stephan Hendl wrote: >Darren Tucker wrote: >> The first part should be easy: use cygwin openssh client using some kind >> of passwordless authentication (eg RSA). >> >> To make it run entirely in the background, run it from cygrunsrv (part >> of Cygwin) or SRVANY (NT resource kit). Neither of these work on W95, >> only NT or W2K. > > How does the

Hi, attached is a patch by Chris Faylor <cgf at cygnus.com> relative to 2.2.0p1. Description: OpenSSH does not allow port gatewaying by default. This means that only the local host can access forwarded ports. Adding "GatewayPorts yes" to .ssh/config usually does this job. Unfortunately, OpenSSH does not recognize the same hosts.allow/ hosts.deny options as ssh.com's sshd

hi all, i've dovecot TLS working correctly w/ locally generated *RSA* CA cert, domain privkey & self-signed domain cert. to that end, my dovecot.conf includes: ssl_key_file = /var/Security/mail.testdomain.com.privkey.rsa.pem ssl_cert_file = /var/Security/mail.testdomain.com.cert.rsa.pem ssl_ca_file =

Getting this: auth-worker(5045): Error: pam(kremels,xxx.xxx.xxx.xxx: pam_authenticate() failed: authentication error (/etc/pam.d/dovecot missing?) # cat /etc/pam.d/dovcot auth required pam_unix.so nullok account required pam_unix.so (file was last updated in April of 2018) passdb { username_filter = "!*@*" driver = pam } userdb { driver = passwd } service auth {

Hi Alberto, No idea about your issue as I'm playing with Samba to build AD only, I can only tell you that I did tested on my Samba AD DC and I can use upper, lower or mixed case in user names: dc108:/opt/initial_setup# id mtest uid=3000017(AD\mtest) gid=3000018(AD\not_system_users) groupes=3000018(AD\not_system_users),3000017(AD\mtest) dc108:/opt/initial_setup# id mTest uid=3000017(AD\mtest)

mathias, that flag help me, is now working, thanks!!! On Mon, Jun 6, 2016 at 11:48 AM, Alberto Moreno <portsbsd at gmail.com> wrote: > Hi mathias, thanks for taking time to see this issue. > > In my case is not a AD, is still a NT4 style. > > I will try the option, thanks. > > On Mon, Jun 6, 2016 at 5:31 AM, mathias dufresne <infractory at gmail.com> > wrote:

Is there a new syntax, or procecure for handling specific port forwarding through tcp wrappers (as is done with the ssh.com version)? It looks like someone had a patch back in october, but the source code has changed a lot since then and I'm not sure how to incorporate it. Any help is appeciated.

Hi, is time to get help. I have a DOMAIN with samba3.6.23-9.el5_11 Centos 5.11 x64 Windows XP/Win7/Win8.1 domain no issues.(x32/x64) I have even 2 Linux Centos 5.x in my domain x64 Now, I have add 1 Centos 6.x x64 updated. Samba 3.6.23-35.el6_8 I had setup LDAP client on this server to get users/groups and add to my domain with net rpc join, no issue. I can see the server on my domain no

Hello, it seems that there is some bug in authentication cache code in dovecot version 1.1.alpha4 - after login attempt with wrong password the correct password also will fail. I can reproduce it very easy: $telnet 10.10.10.30 110 +OK Server. <861.2.46e6c679.jZ8QYpFmU8ZN6XIq7zPhkw==@server2> user testuser +OK pass pass +OK Logged in. quit +OK Logging out. Connection closed by foreign host.

Do you have restarted Dovecot to reload the renewed certificate? Am 22. Juli 2018, 15:04, um 15:04, Voytek Eymont <voytek at sbt.net.au> schrieb: >I've installed LE certs on my Dovecot a while back, and, it has been >working OK since, but, today, an iPhone user said he can't get emails >as >iphone says 'cert is expired', searching around, I see some other

FYI? dovecot 2.2.10 from RedHat 7 has an issue with clients, which won't send SNI.?As you are using version 2.2.27 you might encounter the same behaviour. If the client won't send SNI, my server randomly answers with any cert instead of?the default cert,? --Perhaps dovecot just utilises the last used cert? One speciality?of my certs is, that both share the same Common Name (CN) but differ

How do you enable hostbased authentication in OpenSSH? I have two Red Hat 7.3 machines running openssh-3.4p1, and I would like to be able to ssh from either of the machines to the other, as any user, without using passwords or per-user keys. My /etc/ssh/sshd_config contains: [...] IgnoreRhosts no HostbasedAuthentication yes [...] My /etc/ssh/ssh_config contains: [...]

Hi, Trying to SSH to a server over an OPENVPN link, and it seems to be stalling , and then closing the connection. Can I do some command line magic to stop the stall, or get a password in before it closes? vjofn% ssh -v tuc at 10.2.0.2 OpenSSH_3.5p1 FreeBSD-20030924, SSH protocols 1.5/2.0, OpenSSL 0x0090704f debug1: Reading configuration data /etc/ssh/ssh_config debug1: Rhosts Authentication

Aki hello, thank you. Hopefully excerpts and top posting are acceptable in the mailing list?? On that assumption: Thanks for the input. I've checked out your suggestions (details below) but unfortunately no joy. I also restored my backup 10-ssl.conf. It indeed has the "<" sign with a space before the explicit paths to the files: ? ? ssl_cert =

Hi. I'm testing my migration from my PDC running Centos 5.x Samba3+OpenLDAP. to Centos7 Samba4 OpenLDAP 2.4.40 I had move all my settings and the server has all my users, in console I see all my info. Now, I connect a test machine that was on the same domain but I'm getting the bad message went I try to login with a domain user: 'The trust relation between this workstation and the

Hi, I'm using the Dovecot Prebuilt Binary: deb http://xi.rename-it.nl/debian/ stable-auto/dovecot-2.2 main I configured multiple SSL certificates with client TLS SNI (see http://wiki2.dovecot.org/SSL/DovecotConfiguration). Since my last update I get some warnings: doveconf: Warning: /etc/dovecot/conf.d/10-ssl.conf line 12: Global setting ssl_cert won't change the setting inside an

I've installed LE certs on my Dovecot a while back, and, it has been working OK since, but, today, an iPhone user said he can't get emails as iphone says 'cert is expired', searching around, I see some other iPhone similar issues reported, do I have my conf correct, I have; # cat dovecot.conf | grep ssl ssl = required verbose_ssl = no ssl_cert =

Hi i have a debian box working as a router.. it works quite well, now i want to give more than 1 ip.. is it possible to do it? some of them must be an open ip.. i mean.. all ports opened is it possible? how should i do it? Here is my nat.sh script just in case someone wants it.. (comments r in spanish.. and not right) Thanks in advance, #!/bin/sh echo "AthoS LaN Generando