similar to: Question about host certificates

On 17/06/20, Damien Miller (djm at mindrot.org) wrote: > > Firstly, given a host CA signing key on the sshagentca server, would an > > appropriately constructed host certificate added to a forwarded agent > > replace the necessity for a '@cert-authority' line in a user's known_hosts > > file? > > I'm not sure I want to add yet another path (the agent)

I'm working on a small server written in Go to add short-lived user certificates to the forwarded agents of authorized users. https://github.com/rorycl/sshagentca This seems to work quite well for accessing sshd servers with the appropriately configured "TrustedUserCAKeys" directive. I have been in a debate about how similarly adding host certificates to forwarded agents could

Dear All, I am trying to use the hostcertificate to do the hostbaed authentication with the steps in the regress/cert-hostkey.sh But it seems that it can not login with the hostcertificate.: Here is debug message from the ssh client : ssh -2 -oUserKnownHostsFile=/opt/ssh/etc/known_hosts-cert \ > -oGlobalKnownHostsFile=/opt/ssh/etc/known_hosts-cert sshia3 -p 1111 -vvv debug1: checking

Hi, Based on some experimentation with 5.4p1 and a cursory examination of the source code, it doesn't look like hostbased authentication takes advantage of certificates other than to authenticate the server. Is that correct? In cluster environments, hostbased authentication is still useful but the size of the ssh_known_hosts file can become unwieldy in large clusters. As an example, a few

Hello, OpenSSH-wizards. In our company, we have looked into SSH-HostKey-signing in order to realize automated access without the need to accept the server's hostkey, manually. I got it to work with the HostCertificate-directive inside the sshd_config. Now, I was wondering whether it is possible to have multiple signatures, so I can, for example, sign the hostkey once with a

Hello, I am trying to reach a web service using the SOAP package. I succeeded calling the web service, but not sending parameters to it. After much research and tries, I think I found that the problem lies in the namespace including the parameters in the SOAP body. In short, my question is: how can I send unqualified parameters in the SOAP body of a call produced through the SOAP package?

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================== "Where does he get those wonders toys?" -- The Joker (Batman 1989) ============================================================== Release Announcements ===================== This is the latest stable release of Samba. This is

I checked recent revisions 138624 and 138620 and both produce this log with gcc-4.6.0 on FreeBSD-8.2-STABLE amd64: gmake[2]: Entering directory `/usr/home/yuri/llvm-svn/llvm-objects/lib/CodeGen' llvm[2]: Compiling LLVMTargetMachine.cpp for Release build /usr/home/yuri/llvm-svn/llvm/lib/CodeGen/LLVMTargetMachine.cpp:253:3: error: ‘AsmStreamer’ does not name a type

Hello list. I recently moved to an AD environment. I'm still keeping a samba servers to make my cups-managed printers available to windows users, rather than duplicating configuration with a Windows print service. But I'm facing two problems, probably due to the way we manage AD. First, all my host belong to a Unix-managed DNS domain (msr-inria.inria.fr), not to the windows-managed

Hi, The default value for the option CanonicalizeFallbackLocal. In the manual, The default value "no". CanonicalizeFallbackLocal Specifies whether to fail with an error when hostname canonical- ization fails. The default, ?no?, will attempt to look up the unqualified hostname using the system resolver?s search rules. A value

Hi, I’m on Mac OS X 10.9.2 with all last updates; if I have this source: class xxx explicit { }; int main (int argc, char **argv) { return 0; } and I compile it with clang++ -std=c++11 -Wall -pedantic -c I obtain this error: nn:1: error: expected unqualified-id { ^ 1 error generated. But the C++ 11 standard permits explicit on classes. It’s a bug? -------------- next part

I am looking for a way to append a domain to unqualified user names based on the port that the client connected to. Like this: port 9110 - @test.com port 9111 - @other.com port 9112 - @third.com it looks like auth-default-realm does this, but you can only specify it once for the whole process. I know I could do this by running a separate copy of dovecot attached to each port in question, but I

I have found that the "schema.table" syntax used in Postgresql (and Oracle) does not work directly with RODBC. This works library(RODBC) con<-odbcConnect("mydb") d<-sqlQuery(con,"select * from meso.trees") However this does not. d<-sqlFetch(con,"meso.trees") Error in odbcTableExists(channel, sqtable) : ?meso.trees?: table not found on channel

Making third-party plugins for Dovecot is really hard and frustrating. Using dovecot 2.2.33.2 and the following sources, the compile errors keep coming. The use of g++ is mandated as the underlying backend this plugin will access only has a C++ interface. == Source 1 /* g++-7 -c a.cpp */ #include <byteswap.h> #include <dovecot/lib.h> #include <dovecot/auth-request.h> #include

hello :) i use Mac OS X 10.4.5 , and ruby 1.8.4 , wxWidgets 2.4.2 ( from cvs ). i tried to compile wxRuby, but there are always errors around "id" , dialog.cpp: In static member function ''static VALUEWxDialog::init(int,VALUE*, VALUE)'':dialog.cpp:60: error: expected unqualified-id before''='' tokenmake: *** [dialog.o] Error 1 like above. in that case, in

Does anyone know how to read a SYSTAT .syd file on Linux? (Splus 6 does it, but it is easier to find a Windows box with Systat than to download their demo. I'm wondering if there is a better way than either of these options.) Jon -- Jonathan Baron, Professor of Psychology, University of Pennsylvania Home page: http://www.sas.upenn.edu/~baron R search page:

Am 06.08.2016 um 18:51 schrieb Rowland Penny: > On Sat, 6 Aug 2016 18:18:22 +0200 > Reindl Harald <h.reindl at thelounge.net> wrote: > > >> i know who you meant but that person *did not* reserve .local and so >> stop abuse unrelated people because things they are not responsible >> for just because you have a problem using their software for whatever >>

Daniel P. Berrangé <berrange@redhat.com> writes: > On Wed, Sep 04, 2019 at 03:38:25PM +0200, Milan Zamazal wrote: >> Hi, I'm trying to add TLS migrations to oVirt, but I've hit a problem >> with certificate checking. > >> >> oVirt uses the destination host IP address, rather than the host name, >> in the migration URI passed to

I am investigating whether dovecot(https://github.com/dovecot/core/) handles case insensitive Message-ID headers as per RFC. I can't raise a support issue with cPanel team (https://tickets.cpanel.net/review/login.cgi) as that needs an paid account with them. There may be an issue with the CPANEL/WHM DKIM module. Is the source code online? Rob

Full_Name: foo ba baz Version: R2.2.0 OS: Mac OS X (10.4) Submission from: (NULL) (219.66.32.183) chisq.test(matrix(c(9,10,9,11),2,2)) Chi-square value must be 0, and, P value must be 0 R does over correction when | a d - b c | < n / 2 &#65292;chi-sq must be 0