similar to: Minor tweak to sshd_config(5)

Hi, I'm experimenting with certificates for users, giving access via the TrustedUserCAKeys mechanism. Unfortunately, there seems to be a limit of one certificate per SSH key on the user's side, which prevents using the same key for hosts using different TrustedUserCAKeys. Is there a clean way around this? To make the above clearer, consider the following situation: A collection of hosts

Wondering if it would make sense to have more granular control of trustedUserCAkeys? I have 1 key used to sign root certs, the key is shortlived, and is rotated daily. And I have a 2nd key to sign non- privileged user certs. The non-privileged certs have a longer validity period, and the signing keys are not rotated as frequently. It would be nice to ensure this second signing key's

I am trying to find out how I can use the new self-signed certificates So what I read in the man pages, it should be something like: client: 1) ssh-keygen -f ca_rsa # generate a ssh keypair for use as a certificate Server(s): 2) make sure your /etc/ssh/sshd_config has TrustedUserCAKeys assigned TrustedUserCAKeys /etc/ssh/sshcakeys # or whatever name or location you like 3) edit

On Thu, Jan 30, 2020 at 7:11 AM Christian, Mark <mark.christian at intel.com> wrote: > > On Thu, 2020-01-30 at 12:27 +0000, Brian Candler wrote: > > As a concrete example: I want Alice to be able to login as "alice" > > and > > "www" to machines in group "webserver" (only). Also, I want Bob to > > be > > able to login as

I'm working on a small server written in Go to add short-lived user certificates to the forwarded agents of authorized users. https://github.com/rorycl/sshagentca This seems to work quite well for accessing sshd servers with the appropriately configured "TrustedUserCAKeys" directive. I have been in a debate about how similarly adding host certificates to forwarded agents could

On 17/06/20, Damien Miller (djm at mindrot.org) wrote: > > Firstly, given a host CA signing key on the sshagentca server, would an > > appropriately constructed host certificate added to a forwarded agent > > replace the necessity for a '@cert-authority' line in a user's known_hosts > > file? > > I'm not sure I want to add yet another path (the agent)

Hello, Currently OpenSSH has a fixed order on how the key authenticates the user: at first it tries to authenticate against TrustedUserCAKeys, afterwards it does it against the output keys from the AuthorizedKeysCommand and finally against the files as set in AuthorizedKeysFile. I have an use-case where this order is not ideal. This is because in my case the command fetches keys from the cloud

Hai Andrew, > -----Oorspronkelijk bericht----- > Van: Andrew Bartlett [mailto:abartlet at samba.org] > Verzonden: woensdag 28 augustus 2019 10:19 > Aan: L.P.H. van Belle; samba at lists.samba.org > Onderwerp: TLS_REQCERT and Samba AD DC > > On Wed, 2019-08-28 at 10:08 +0200, L.P.H. van Belle via samba wrote: > > > > What is in /etc/ldap/ldap.conf > > Does

This is automatically generated email about markup problems in a man page for which you appear to be responsible. If you are not the right person or list, please tell me so I can correct my database. See http://catb.org/~esr/doclifter/bugs.html for details on how and why these patches were generated. Feel free to email me with any questions. Note: These patches do not change the modification

https://bugzilla.mindrot.org/show_bug.cgi?id=2487 Bug ID: 2487 Summary: AuthorizedPrincipalsCommand should probably document whether it only applies to TrustedUserCAKeys CAs Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: enhancement

Hi All, Please pardon me if it is the wrong list to ask how-to etc. I am having an issue with the Signed SSH keys. I am being asked for the passphrase for my signed public key, even though I don't have any. I am running CentOS7 with OpenSSH_6.4p1, OpenSSL 1.0.1e-fips 11 Feb 2013. 1) I have ca server with ca user keys (ca-user-key.pub) 2) I created user ssh rsa keys (user-id-org and

Hai, I re-checked your config that looks all good, few minor things. Now, i noticed this in Andrews comment. Quote: The problem here is that Samba's python libraries are trying to find the DNS record they just added over RPC, but can't using LDAP. They do this to fix the ownership of the records, as otherwise they will be owed by the administrator, not the DC. What is in

As background, I read: http://therowes.net/~greg/2011/03/23/ssh-trusted-ca-key/ http://www.ibm.com/developerworks/aix/library/au-sshsecurity/ http://bryanhinton.com/blog/openssh-security http://www.linuxhowtos.org/manpages/5/sshd_config.htm

The sshd_config tweaks were executed even if the old file was still in place. Fix that. Also disable sshd user creation. It's not used on Cygwin. --- contrib/cygwin/ssh-host-config | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config index 52916d14ba94..cc36ea102f42 100644 ---

Hi , This is regrading ,with below commit Revision 256571 - (view) (download) - [select for diffs] Modified Tue Dec 29 12:18:07 2015 CST (5 months ago) by mcrosier File length: 35649 byte(s) Diff to previous 254562 (colored) Add command line options to force function/loop alignments. These are being added for testing purposes. http://reviews.llvm.org/D15648 How do we enable/disable above

Is there a way to disable this feature? Seems to be causing more harm then good right now. Without getting into too much details it is fixing the duplcates but it does not remove the old file, and the new file it creates is not marked as read like the old one was. I understand that this problem can be created by multiple rsyncs and files changing in between, but is there any way that I can

Hello, I have a question regrading the analysis pass that generates loop info from an .ll code. My previous understanding was there will be just one loop header(in the loop info) for a particular loop. But, when i use isLoopHeader() member function from the loop info class I get 'true' return value for two different basic blocks. Note both basic blocks are loop conditional block(break

Dear R list, I have one very elementary question regrading correlation between two variables. x = c(44,46,46,47,45,43,45,44) y = c(44,43,41,41,46,48,44,43) > cov(x, y) [1] -2.428571 However, if I try to calculate the covariance using the formula as covariance = sum((x-mean(x))*(y-mean(y)))/8       # no of of paired obs. = 8 or     covariance = sum(x*y)/8-(mean(x)*mean(y)) gives

Hi, I had a question regrading wine and office.

[I'm cc:ing openssl-users at openssl.org, because questions about this are getting there over and over...] There's a problem that several people who installed OpenSSL to be able to uyse OpenSSH have faced: Could not find working SSLeay / OpenSSL libraries, please install I don't recall how SSLeay was installed, but for OpenSSL, there's a glitch in the way it tries to find