Displaying 20 results from an estimated 1000 matches similar to: "Minor tweak to sshd_config(5)"
2013 Sep 05
1
Using multiple certificates for a given private key
Hi,
I'm experimenting with certificates for users, giving access via the
TrustedUserCAKeys mechanism. Unfortunately, there seems to be a limit of
one certificate per SSH key on the user's side, which prevents using the
same key for hosts using different TrustedUserCAKeys. Is there a clean
way around this?
To make the above clearer, consider the following situation:
A collection of hosts
2020 Jun 01
2
would it be possible to extend TrustedUserCAKeys so that certain keys could not be used to authenticate a particular user?
Wondering if it would make sense to have more granular control of
trustedUserCAkeys? I have 1 key used to sign root certs, the key is
shortlived, and is rotated daily. And I have a 2nd key to sign non-
privileged user certs. The non-privileged certs have a longer validity
period, and the signing keys are not rotated as frequently. It would
be nice to ensure this second signing key's
2010 Apr 27
2
ssh certificate usage
I am trying to find out how I can use the new self-signed certificates
So what I read in the man pages, it should be something like:
client:
1) ssh-keygen -f ca_rsa # generate a ssh keypair for use as a certificate
Server(s):
2) make sure your /etc/ssh/sshd_config has TrustedUserCAKeys assigned
TrustedUserCAKeys /etc/ssh/sshcakeys # or whatever name or
location you like
3) edit
2020 Jan 30
3
SSH certificates - restricting to host groups
On Thu, Jan 30, 2020 at 7:11 AM Christian, Mark
<mark.christian at intel.com> wrote:
>
> On Thu, 2020-01-30 at 12:27 +0000, Brian Candler wrote:
> > As a concrete example: I want Alice to be able to login as "alice"
> > and
> > "www" to machines in group "webserver" (only). Also, I want Bob to
> > be
> > able to login as
2020 Jun 16
2
client host certificates and receiving host configuration
I'm working on a small server written in Go to add short-lived user
certificates to the forwarded agents of authorized users.
https://github.com/rorycl/sshagentca
This seems to work quite well for accessing sshd servers with the
appropriately configured "TrustedUserCAKeys" directive.
I have been in a debate about how similarly adding host certificates to
forwarded agents could
2020 Jun 17
3
client host certificates and receiving host configuration
On 17/06/20, Damien Miller (djm at mindrot.org) wrote:
> > Firstly, given a host CA signing key on the sshagentca server, would an
> > appropriately constructed host certificate added to a forwarded agent
> > replace the necessity for a '@cert-authority' line in a user's known_hosts
> > file?
>
> I'm not sure I want to add yet another path (the agent)
2019 May 20
4
Authenticate against key files before AuthorizedKeysCommand
Hello,
Currently OpenSSH has a fixed order on how the key authenticates the
user: at first it tries to authenticate against TrustedUserCAKeys,
afterwards it does it against the output keys from the
AuthorizedKeysCommand and finally against the files as set in
AuthorizedKeysFile. I have an use-case where this order is not ideal.
This is because in my case the command fetches keys from the cloud
2019 Aug 28
0
TLS_REQCERT and Samba AD DC
Hai Andrew,
> -----Oorspronkelijk bericht-----
> Van: Andrew Bartlett [mailto:abartlet at samba.org]
> Verzonden: woensdag 28 augustus 2019 10:19
> Aan: L.P.H. van Belle; samba at lists.samba.org
> Onderwerp: TLS_REQCERT and Samba AD DC
>
> On Wed, 2019-08-28 at 10:08 +0200, L.P.H. van Belle via samba wrote:
> >
> > What is in /etc/ldap/ldap.conf
> > Does
2013 Jun 18
0
Problems in slogin.1, sshd_config.5, ssh_config.5
This is automatically generated email about markup problems in a man
page for which you appear to be responsible. If you are not the right
person or list, please tell me so I can correct my database.
See http://catb.org/~esr/doclifter/bugs.html for details on how and
why these patches were generated. Feel free to email me with any
questions. Note: These patches do not change the modification
2015 Nov 01
2
[Bug 2487] New: AuthorizedPrincipalsCommand should probably document whether it only applies to TrustedUserCAKeys CAs
https://bugzilla.mindrot.org/show_bug.cgi?id=2487
Bug ID: 2487
Summary: AuthorizedPrincipalsCommand should probably document
whether it only applies to TrustedUserCAKeys CAs
Product: Portable OpenSSH
Version: -current
Hardware: All
OS: All
Status: NEW
Severity: enhancement
2018 Apr 10
4
Signed SSH key issue with OpenSSH6.4p1
Hi All,
Please pardon me if it is the wrong list to ask how-to etc.
I am having an issue with the Signed SSH keys. I am being asked for the
passphrase for my signed public key, even though I don't have any.
I am running CentOS7 with OpenSSH_6.4p1, OpenSSL 1.0.1e-fips 11 Feb 2013.
1) I have ca server with ca user keys (ca-user-key.pub)
2) I created user ssh rsa keys (user-id-org and
2019 Aug 28
8
Problems joining station in domain
Hai,
I re-checked your config that looks all good, few minor things.
Now, i noticed this in Andrews comment.
Quote:
The problem here is that Samba's python libraries are trying to find
the DNS record they just added over RPC, but can't using LDAP. They do
this to fix the ownership of the records, as otherwise they will be
owed by the administrator, not the DC.
What is in
2011 Nov 03
1
Help with CA Certificates for user authentication?
As background, I read:
http://therowes.net/~greg/2011/03/23/ssh-trusted-ca-key/
http://www.ibm.com/developerworks/aix/library/au-sshsecurity/
http://bryanhinton.com/blog/openssh-security
http://www.linuxhowtos.org/manpages/5/sshd_config.htm
2019 Jan 26
2
[PATCH 2/2] Cygwin: only tweak sshd_config file if it's new, drop creating sshd user
The sshd_config tweaks were executed even if the old file was
still in place. Fix that. Also disable sshd user creation.
It's not used on Cygwin.
---
contrib/cygwin/ssh-host-config | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config
index 52916d14ba94..cc36ea102f42 100644
---
2016 Jun 01
2
Fwd: command line options to force function/loop alignments.
Hi ,
This is regrading ,with below commit
Revision 256571 - (view) (download) - [select for diffs]
Modified Tue Dec 29 12:18:07 2015 CST (5 months ago) by mcrosier
File length: 35649 byte(s)
Diff to previous 254562 (colored)
Add command line options to force function/loop alignments.
These are being added for testing purposes.
http://reviews.llvm.org/D15648
How do we enable/disable above
2009 Nov 12
2
Turning off "Fixed Duplicates" feature
Is there a way to disable this feature? Seems to be causing more harm then
good right now. Without getting into too much details it is fixing the
duplcates but it does not remove the old file, and the new file it creates
is not marked as read like the old one was. I understand that this problem
can be created by multiple rsyncs and files changing in between, but is
there any way that I can
2010 Jun 16
2
[LLVMdev] Loopinfo Analysis
Hello,
I have a question regrading the analysis pass that generates loop info from an .ll code. My previous understanding was there will be just one loop header(in the loop info) for a particular loop. But, when i use isLoopHeader() member function from the loop info class I get 'true' return value for two different basic blocks. Note both basic blocks are loop conditional block(break
2011 Aug 23
4
Correlation discrepancy
Dear R list, I have one very elementary question regrading correlation between two variables.
x = c(44,46,46,47,45,43,45,44)
y = c(44,43,41,41,46,48,44,43)
> cov(x, y)
[1] -2.428571
However, if I try to calculate the covariance using the formula as
covariance = sum((x-mean(x))*(y-mean(y)))/8 # no of of paired obs. = 8
or
covariance = sum(x*y)/8-(mean(x)*mean(y))
gives
2000 Mar 23
1
Found a bug in the OpsnSSH configuration script
[I'm cc:ing openssl-users at openssl.org, because questions about this
are getting there over and over...]
There's a problem that several people who installed OpenSSL to be able
to uyse OpenSSH have faced:
Could not find working SSLeay / OpenSSL libraries, please install
I don't recall how SSLeay was installed, but for OpenSSL, there's a
glitch in the way it tries to find