similar to: Cygwin: store authorized_keys in /etc/ssh/user/authorized_keys?

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greetings, I am not sure if this is the correct place to ask these question, if I am at the wrong place please advise. I am currently working on some modifications to openssh which record the users rsa/dsa identity comment file to a log file when the user logs in (password authentication is disabled). The ssh1 portion of the modification works

Hi, We'd like to run sshd with a configuration morally equivilent to: # stuff ... AuthorizedKeysFile /var/db/keys-distributed-by-security-team/%u AuthorizedKeysFile %h/.ssh/authorized_keys # be backwards compatable for a bit longer yet AuthorizedKeysFile %h/.ssh/authorized_keys2 # more stuff ... The following patch (against the cvs source) turns the authorizedkeysfile statement in sshd.conf

Hello, The patch below allows one to configure not only files like "%h/.ssh/authorized_keys" to be used, but also patterns like "%h/.ssh/authorized_keys.d/*". This can be quite useful if somebody or something has to manage an above average number of keys, like when running a git server that determines the user based on the ssh key. (Like what they do at github.com, and what

Hi folks, Are there any tricks known to let rsync operate on huge tar files? I've got a local tar file (e.g. 2GByte uncompressed) that is rebuilt each night (with just some tiny changes, of course), and I would like to update the remote copies of this file without extracting the tar files into temporary directories. Any ideas? Regards Harri

https://bugzilla.mindrot.org/show_bug.cgi?id=3819 Bug ID: 3819 Summary: safe_path may pass overlapping source and destination pointers on some systems Product: Portable OpenSSH Version: 10.0p1 Hardware: All OS: Linux Status: NEW Severity: normal Priority: P5

https://bugzilla.mindrot.org/show_bug.cgi?id=1388 Summary: Parts of auth2-pubkey.c are completely devoid of debug logging Classification: Unclassified Product: Portable OpenSSH Version: 4.7p1 Platform: Other OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component:

greetings asterisk users :) ive just deployed version 17 and migrated as best I can to pjsip. I can receive calls, and get to my mailbox prompt, however placing calls seems impossible with the following error on dial: Connected to Asterisk GIT-master-0cde95ec89 currently running on dunkel (pid = 517890) dunkel*CLI> dunkel*CLI> == Setting global variable 'SIPDOMAIN' to

ive enabled logging. aside from a realm error i see on my endpoint, im still not sure whats up Asterisk GIT-master-0cde95ec89, Copyright (C) 1999 - 2018, Digium, Inc. and others. Created by Mark Spencer <markster at digium.com> Asterisk comes with ABSOLUTELY NO WARRANTY; type 'core show warranty' for details. This is free software, with components licensed under the GNU General

Hi, during our usual work I found it anoying that one can not easily see who logged in using public key authentication. In newer versions of SSH the fingerprint of the public key gets logged, but who can tell which key belongs to whom from his head? So I wrote a little ad-hoc patch (vs. 3.5.p1) so that the comment field on the keys in the authorized_keys[2] files get logged to make life

This patch (to OpenSSH 3.0.2p1) adds support for using krb4, krb5 and other principal names in authorized_keys entries. It's a sort of replacement for .klogin and .k5login, but it's much more general than .k*login as it applies to any authentication mechanism where a name is associated with the ssh client and it supports name patterns and all the normal authorized_keys entry options

How reasonable, acceptable and difficult would it be to "enhance" openssh so authorizations using kerberos (specifically kerberos tickets) consulted the authorized_keys file? And to be a bit more precise... consulted authorized_keys so it could utilize any "options" (eg. from=, command=, environment=, etc) that may be present? I'm willing to make custom changes, but

I am not going to put my 2 cents in about added features. I just appreciate the reams of technical support the OpenBSD developers offers us for the code they give us for free. $400 for an F-Secure license? I have my OpenSSH T-shirt! My request will add zero bytes to the OpenSSH code base, not even in the contribs directory. Could the subject lines on the mailing list begin with something like

For those interested in managing authorized_keys for multiple users, I''ve just overhauled my document here: https://reductivelabs.com/trac/puppet/wiki/Authorized_keysRecipe Best, Adam Kosmin windowsrefund on #puppet _______________________________________________ Puppet-users mailing list Puppet-users@madstop.com https://mail.madstop.com/mailman/listinfo/puppet-users

http://bugzilla.mindrot.org/show_bug.cgi?id=1084 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED ------- Comment #2 from dtucker at zip.com.au 2006-10-07 11:42 ------- Change all RESOLVED bug to CLOSED with the exception

Hi, I've recently run into a situation where it I want clients (or certain keys) to connect to an OpenSSH server and set up a remote port forwarding channel (-R) without allowing them to do anything else. It seems that current OpenSSH doesn't support this. I would like to suggest the following changes to the options for authorized_keys: * add a no-local-forwarding option that denies

Greetings, I am using OpenSSH Signed Public Key authentication for servers ssh login. All of the servers are setup with below sshd_config options: TrustedUserCAKeys /etc/ssh/ca.pub # CA Public Keys RevokedKeys /etc/ssh/revoke.pub # User Public Keys When i started working on it, for ssh authentication i had to have CA Public Key in User ~/.ssh/authorized_keys, like: cert-authority ssh-rsa

I am a recent convert to openssh. I am very pleased with it, and find it superior to ssh-1.2.27 in many ways (thanks for the good work). I recently found one piece missing from the current release. I have used the 'command' option in the authorized_keys file to restrict access. Using ssh-1.2.27 the original command was placed in the SSH_ORIGINAL_COMMAND envrionment variable. If

Hi, here's a minor and easy to fix bug. Thanks for fixing: > Manual for ssh-copy-id claims public key will be appended to remote file > ~/.ssh/authorised_keys, which should read ~/.ssh/authorized_keys ('s'->'z'). Ciao Christian -- Debian Developer and Quality Assurance Team Member 1024/26CC7853 31E6 A8CA 68FC 284F 7D16 63EC A9E6 67FF 26CC 7853

I've just discovered the permitopen flag. We need such a feature for our poor man's VPN services, but this flag seems to be usable only if you generate your authorized_keys file from a database or something like that: keeping a long list of host/port combinations up to date for several users and keys is no fun. As announced before, we have developed a far more powerful mechanism for

http://bugzilla.mindrot.org/show_bug.cgi?id=66 Summary: $HOME/authorized_keys not read by sshd Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: Linux Status: RESOLVED Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: