similar to: About new feature option AuthorizedPrincipalsFile in openssh5.6

On Thu, Jan 30, 2020 at 7:11 AM Christian, Mark <mark.christian at intel.com> wrote: > > On Thu, 2020-01-30 at 12:27 +0000, Brian Candler wrote: > > As a concrete example: I want Alice to be able to login as "alice" > > and > > "www" to machines in group "webserver" (only). Also, I want Bob to > > be > > able to login as

Hello, I am trying to work out the best way to issue SSH certificates in such way that they only allow access to specific usernames *and* only to specific groups of host. As a concrete example: I want Alice to be able to login as "alice" and "www" to machines in group "webserver" (only). Also, I want Bob to be able to login as "bob" and

https://bugzilla.mindrot.org/show_bug.cgi?id=2487 Bug ID: 2487 Summary: AuthorizedPrincipalsCommand should probably document whether it only applies to TrustedUserCAKeys CAs Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: enhancement

Hi, Users who are interested in certificate authentication might be interested in this change: > - djm at cvs.openbsd.org 2010/05/07 11:30:30 > [auth-options.c auth-options.h auth.c auth.h auth2-pubkey.c key.c] > [servconf.c servconf.h sshd.8 sshd_config.5] > add some optional indirection to matching of principal names listed > in certificates. Currently, a

I don't know if anyone would be interested in this but I'm including a patch to allow for offsets when transferring files with SCP. It's pretty simple and assumes the user knows what they are doing (for example, if transferring with a wild card the offset would apply to all files). -A is the number of bytes offset from the beginning of the files. -Z is the number of bytes inset

As background, I read: http://therowes.net/~greg/2011/03/23/ssh-trusted-ca-key/ http://www.ibm.com/developerworks/aix/library/au-sshsecurity/ http://bryanhinton.com/blog/openssh-security http://www.linuxhowtos.org/manpages/5/sshd_config.htm

Hi, OpenSSH 5.6 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a moderately large release, with a number of new features and bug fixes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH

https://bugzilla.mindrot.org/show_bug.cgi?id=2288 Bug ID: 2288 Summary: documentation of options defaulting to "none" Product: Portable OpenSSH Version: 6.7p1 Hardware: All OS: All Status: NEW Severity: trivial Priority: P5 Component: Documentation Assignee:

Hi all, this is a patch to make Ciphers, MACs and KexAlgorithms available in Match blocks. Now I can reach a -current machine with some Android terminal app without changing the default ciphers for all clients: Match Address 192.168.1.2 Ciphers aes128-cbc MACs hmac-sha1 KexAlgorithms diffie-hellman-group-exchange-sha1 Index: servconf.c

On 30/01/2020 15:02, Christian, Mark wrote: > On Thu, 2020-01-30 at 12:27 +0000, Brian Candler wrote: >> As a concrete example: I want Alice to be able to login as "alice" >> and >> "www" to machines in group "webserver" (only). Also, I want Bob to >> be >> able to login as "bob" and "www" to machines in group

OpenSSH 5.6 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches,

Hello, [if I'm not in the right mailing list, please advise it to me] I'm using ssh certificates for my servers and my users. I have questions about it: I can use the same CA in order to certify all my hosts. Every clients can use it, and it's a great setup. But, if I use the same CA for all my clients, it means that any clients can log in to any server because hosts trusts my

Hi all, when I execute the command "rake db:schema:dump" i get this error in the db/schema.rb file. ____________________________________________________ # Could not dump table "region" because of following ActiveRecord::StatementInvalid # OCIError: ORA-00918: column ambiguously defined: SELECT lower(i.index_name) as index_name, i.uniqueness, lowe r(c.column_name) as

Hi, OpenSSH 6.1 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This release contains a couple of new features and bug fixes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available

OpenSSH 5.6 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches,

https://bugzilla.mindrot.org/show_bug.cgi?id=2490 Bug ID: 2490 Summary: allow to set AuthorizedKeysFile none Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at

OpenSSH 6.1 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches,

OpenSSH 6.1 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches,

On 18/09/18, Tim Jones (b631093f-779b-4d67-9ffe-5f6d5b1d3f8a at protonmail.ch) wrote: ... > So issue your users with Yubikeys. You can enforce the Yubikey so it > requires the user to enter a PIN *and* touch the Yubikey. This means > there's an incredibly high degree of confidence that it was the user > who performed the actiion (i.e. two-factor authentication of physical >

I have just installed Xen by following http://wiki.xen.org/wiki/Xen_Beginners_Guide All in all pretty good, however it mentions using the xl toolset but when I first installed only the xm toolset would work. This was great for creating linux based domains but it gave me an error about hvm when I tried creating a Windows domain. I then apt-get install xen-tools-common and edited /etc/default/xen