similar to: there should be an authorized_keys(5) man page

Hi, I would like to make it impossible for users to change the contents of the authorized_keys-file. I just found out about the sshd_config setting: AuthorizedKeysFile /etc/ssh/authorized_keys/%u But even in that case that file has to be owned by the user, unless I set ``StrictModes no'' which would allow other nastyness. I would like to request that that file could also be owned by

Hi, I noticed that in regress/cert-userkey.sh the signing key is added to the authorized_keys file with the tag "cert-authority" whereas in sshd(8) the tag is documented as "from=cert-authority." Since the former seems to work, I assume the latter is a typo. While on the subject of typos (which I have been known to make more than my fair share of) I noticed the phrase

Hi All, I noticed that if I put: AuthorizedKeysFile .ssh/authorized_keys in my sshd_config file, pub/priv key authentication no longer worked. I am using OpenSSH_5.4p1, OpenSSL 0.9.8n 24 Mar 2010 on Archlinux. Sam ****************** Here is my WORKING config ****************** Port 22 ListenAddress 0.0.0.0 Protocol 2 PermitRootLogin no PubkeyAuthentication yes #AuthorizedKeysFile

Is there a risk associated with having authorized_keys files set to readable but "StrictMode no"? I am thinking particularly in the case of having public keys all centralized in a directory in /etc or something. Is it really a potential hack vector if someone can read a public key, or is the only real danger if they were writable? --- Don Hoover dxh at yahoo.com

Hi all, I have a very strange problem with the public key authentication with 2 machines. I generated the key, configured the authorized_keys etc.. etc.. This is all ok, now: The ssh works without the password for the "root" user, any other user cannot use the key and ssh ask me for the password !! I cannot understand why only the root is able to connect without the password. So, the ssh

Hi. There should be a checklist of everything that can go wrong with making an ssh connection. Here's one entry for the list, which I didn't know before, and * I couldn't see the problem from the -ddd and -vvv output, and * there were no /var/log/* file entries to give hints. Here's what I did sudo kill <pid-of-sshd> /usr/sbin/sshd No good. Usually I did kill

As background, I read: http://therowes.net/~greg/2011/03/23/ssh-trusted-ca-key/ http://www.ibm.com/developerworks/aix/library/au-sshsecurity/ http://bryanhinton.com/blog/openssh-security http://www.linuxhowtos.org/manpages/5/sshd_config.htm

Hello, I would like to know whether OpenSSH supports x509 certificate based authentication. It looks like OpenSSH has dependency on OpenSSL so does this mean that OpeSSH also supports x509 certificate based authentication. If it does support, can you please point me to the necessary documentation. Thanks Naitik

https://bugzilla.mindrot.org/show_bug.cgi?id=1720 Summary: would be nice if authorized_keys(5) existed Product: Portable OpenSSH Version: 5.3p1 Platform: Other URL: http://bugs.debian.org/441817 OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: Documentation

Hi, The server move was completed over the weekend. Please let me know if anything is broken. -d

Howdy, I would like to suggest a change in the ssh documentation for the use of authorized_keys. The man page states: This file is not highly sensitive, but the recommended permissions are read/write for the user, and not accessible by others. I'm may be knit picking, but it could be read that, while not recommended, it is possible to allow access to the authorized_keys file to other

I have a problem getting key authentication to work with one remote user (git), even though it works fine for the remote user "root". The remote file .ssh/authorized_keys is identical for both users - I cp'ed it from the root account to the git home dir. On local machine (OS X, by the way) I have: $ cd $ ls -l .ssh -rw------- 1 jussihirvi staff 668 Aug 24 16:13 id_rsa (the

Hi there, We could set AuthorizedKeysCommand script, this will allow only to replace authorized_keys file with keys stored in a database... But why this command is so limited? Why i can't just set a command script which will get a username and public key as arguments and let him do it's own authorization?? I think this will allow for much more powerful tricks. For example do to an

http://bugzilla.mindrot.org/show_bug.cgi?id=1319 Summary: ssh-keygen does not properly handle multiple keys Product: Portable OpenSSH Version: 4.5p1 Platform: Other OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh-keygen AssignedTo: bitbucket at mindrot.org

Changes since OpenSSH 6.1 ========================= This release introduces a number of new features: Features: * ssh(1)/sshd(8): Added support for AES-GCM authenticated encryption in SSH protocol 2. The new cipher is available as aes128-gcm at openssh.com and aes256-gcm at openssh.com. It uses an identical packet format to the AES-GCM mode specified in RFC 5647, but uses simpler and

Hi SSH-devs, This may be a bit off topic for this list, but.... Would it be ok to share a private key in an installer script so long as the corresponding public key is setup like this... command="cat ~/.ssh/id_rsa.pub" ssh-rsa AAAA... I'm looking for a secure way to get a user to share their public key through SSH which can be invoked from an installer on another host...for

Hi List, Happy New Years and I was hoping to get some help on an ssh issue that I am having. For some reason I am unable to scp to hosts on this network using RSA keys. Here is what I am doing/what is going on; scp the public key to remote host [amandabackup at VIRTCENT18 ~]$ scp ~/.ssh/id_rsa_amdump.pub amandabackup at lb1:~ amandabackup at lb1's password: id_rsa_amdump.pub

On Wed, Jan 21, 2015 at 17:29:00 +0000, Alex Bligh wrote: > > On 21 Jan 2015, at 15:36, Jason Vas Dias <jason.vas.dias at gmail.com> wrote: > > > Please can OpenSSH provide some way of specifying which shell to use to > > execute commands on a host. > > Using dash as an example of another shell: > > ssh 127.0.0.1 -t dash > > and > >

Greetings, I discovered an issue in the latest version of SSH, where the number of password prompts are doubled. If I specify 1, I get 2, and so on. Best regards, Trey Henefield, CISSP Senior IAVA Engineer Ultra Electronics Advanced Tactical Systems, Inc. 4101 Smith School Road Building IV, Suite 100 Austin, TX 78744 USA Trey.Henefield at ultra-ats.com Tel: +1 512 327 6795 ext. 647 Fax: +1

Dear All, I am trying to use the hostcertificate to do the hostbaed authentication with the steps in the regress/cert-hostkey.sh But it seems that it can not login with the hostcertificate.: Here is debug message from the ssh client : ssh -2 -oUserKnownHostsFile=/opt/ssh/etc/known_hosts-cert \ > -oGlobalKnownHostsFile=/opt/ssh/etc/known_hosts-cert sshia3 -p 1111 -vvv debug1: checking