similar to: [PATCH] Requiring multiple auth mechanisms (updated)

Displaying 20 results from an estimated 800 matches similar to: "[PATCH] Requiring multiple auth mechanisms (updated)"

2008 Feb 02
3
[Bug 1435] New: Multiple authentication methods patch
https://bugzilla.mindrot.org/show_bug.cgi?id=1435 Summary: Multiple authentication methods patch Classification: Unclassified Product: Portable OpenSSH Version: 4.7p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org
2004 Apr 07
2
Requiring multiple auth mechanisms
I looked around for a while, but couldn't find any code for requiring multiple authentication mechanisms in openssh. So I wrote an implemention. I thought at first I should change the PasswordAuthentication, PubkeyAuthentication, etc. keywords to allow no/yes/required. But there's some funky stuff in auth2.c with respect to keyboard interactive auth that would make this kind of
2004 May 02
7
Connection caching?
Hey all, on the distcc mailing list, a thread about load balancing got a bit out of hand, and we started thinking about moving fsh-like connection caching into ssh itself to get rid of the overhead of starting up the python interpreter to run rsh. (Interestingly, mit's "rex", described at http://www.lcs.mit.edu/publications/pubs/pdf/MIT-LCS-TR-884.pdf, considers connection caching
2008 Feb 06
2
[Bug 1438] New: Adds an out-of-band challenge (OBC) authentication method ( via kbdint)
https://bugzilla.mindrot.org/show_bug.cgi?id=1438 Summary: Adds an out-of-band challenge (OBC) authentication method (via kbdint) Classification: Unclassified Product: Portable OpenSSH Version: 4.7p1 Platform: All OS/Version: Linux Status: NEW Keywords: patch Severity: normal
2004 Dec 21
3
ssh-agent
Hi :-) We use ssh-agent for batch jobs. The jobs get the key from the ssh-agent over the envoirment variables. When we start many jobs at the same time, the agent dont give the key to the job. We have tracet the our script an see the follow: ... 26918: 0.0004 so_socket(PF_UNIX, SOCK_STREAM, 0, "", 1) = 13 26918: 0.0001 fcntl(13, F_SETFD, 0x00000001) = 0 26918: 0.0003 connect(13,
2005 Nov 10
2
Encrypted daemon socket communication
Hi I have a daemon application that binds and listens on a TCP socket. To add security, I'd like to embed ssh/sshd in my application to handle the encryption and authentication for me. How do you suggest I go about it? Regards, Jaco -- "The future belongs to those who believe in their dreams." -- Nelson Mandela
2009 Mar 24
1
[PATCH] "Include" option for ssh configs
Hello, Attached is a patch to add support for an "include" file in ssh configs. It is written against openssh-5.2p1. ## ~/.ssh/config Include ~/.ssh/config.contrib ## end - Leading ~/ expands to $HOME according to getpwuid_r?. - Leading ~username expands to $HOME for username according to getpwnam_r. - Fallbacks to /home/$USER are implemented for when struct passwd.pw_dir is NULL?
2007 Oct 10
1
Re: scp -t . - possible idea for additional parameter‏
>> I understand that that is not how scp works today.>And it will likely never change. Why not? Just because "That's how we've always not done it" doesn't sound like a very good reason to me. >> I'm suggesting that we make a minor change to how it works.>scp is maintained for compatibility reasons only, as I've understood>things. That's still
2004 Sep 22
4
restricting non-pty cmds with passwd auth
Hi, I'm looking for a way to force users to use a pty and their login shell. They have a .profile that forces them to use a specific application. They are currently logging in with telnetd, so this is effective. I want to move to openssh, but this would allow "ssh user at host /bin/sh" and any other commands they can think of to bypass this restriction. Is there a way to
2009 Nov 18
1
SFTP Chroot
Hi all, Today, I was tasked at work with setting up a chroot SFTP server on a 64bit Arch Linux server. I naturally turned to Arch Linux's wiki article on the subject (http://wiki.archlinux.org/index.php/SFTP-chroot) and the directions were very clear. However, the directions did not work. I kept getting a "Write failed: Broken pipe" error after attempting to connect. Upon digging
2007 Jul 26
2
BUG?: Assigning a Perl script as user shell + sending commands on ssh connect
Hi, This is sort of a strange issue. But I am experimenting with ways to have a user log in and be presented with a perl script to interact with. When I do either or both of the following: 1) set the user's shell to /usr/bin/myperlscript 2) specify ForceCommand /usr/bin/myperlscript, applied to my user ...I get strange behavior when a command is appended to the client connect
2004 May 12
3
Oddness with agent forwarding and -i
Hey everyone, I hope this isn't an old issue; I wasn't able to locate it in the archives. I have a number of scripts which make use of ssh -i and scp -i, where the target host has the specified key in its authorized_keys file with a command= override to do immediate processing of the received data. This works extremely well, as we are able to establish single-function, triggered-action
2008 Feb 08
3
[Bug 1439] New: Adds Virtual Token (VToken) authentication method to kbdint
https://bugzilla.mindrot.org/show_bug.cgi?id=1439 Summary: Adds Virtual Token (VToken) authentication method to kbdint Classification: Unclassified Product: Portable OpenSSH Version: 4.7p1 Platform: All OS/Version: Linux Status: NEW Keywords: patch Severity: normal Priority: P2
2008 Feb 08
3
[Bug 1439] New: Adds Virtual Token (VToken) authentication method to kbdint
https://bugzilla.mindrot.org/show_bug.cgi?id=1439 Summary: Adds Virtual Token (VToken) authentication method to kbdint Classification: Unclassified Product: Portable OpenSSH Version: 4.7p1 Platform: All OS/Version: Linux Status: NEW Keywords: patch Severity: normal Priority: P2
2004 Jul 13
10
vulnerability with ssh-agent
Hi I have written a small introduction to newbies in Danish on ssh and friends. Now some people are questioning my advice and I think they have a point. I am advocating people to use DSA-keys and a config file with this: Protocol 2 ForwardAgent yes ForwardX11 yes Compression yes CompressionLevel 9 and running ssh-agent and ssh-add, and then loggin in without giving keys. One
2008 Feb 06
2
[PATCH] Out-of-band challenge (OBC) authentication method
This patch (https://bugzilla.mindrot.org/show_bug.cgi?id=1438) creates a kbdint device that provides a server-based authentication mechanism. The server generates and emails you a random string when you attempt to login. You're authenticated if you can correctly answer the challenge. You can use a regular email account, a pager, cell phone or other email capable device to receive the
2007 Nov 11
1
ftp-server patch - restrict user to directory
Hi, please find a patch against openssh-4.7p1 This patch: 1) Allows for an optional configuration file 2) Allows a user to be restricted to a directory and it's children. Enjoy -- Alain Williams Linux Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 http://www.phcomp.co.uk/ Parliament Hill Computers Ltd. Registration Information:
2009 Apr 30
2
ChrootDirectory %h
Hi, many people are having problems using SFTP with ChrootDirectory when the jail directory (or the path above) is not owned by root. The question is if chroot'ing to usual home directories can be allowed, even though they are owned by regular users. I know that this topic has been discussed on the list several times now, so I searched the list archives for posts that invalidate the
2008 May 27
6
Openssh + AFS
The native authentication methods of openssh are (not counting insecure RhostsRSAAuthentication) 1) public key 2) password For users with home dirs in AFS space, method 1) does not work. Except with (non foolproof) fiddling on the access controls within the home directory. This might lead to security issues when done by inexperienced users. Without some work, only 2) remains. Being forced to send
2003 Sep 22
1
Updating a linear model
My google search for Plackett's Algorithm didn't return too much except that Plackett's algorithm appears to be useful in Control Theory - it is elaborated as "Plackett's algorithm for on-line recursive least squares estimation". Sounds something like what I want. I am looking at developing a user modelling type app (new data points coming in and wanting to dynamically