Displaying 20 results from an estimated 1000 matches similar to: "new option ssh-add -v to verify if key is loaded into the agent"
2016 Dec 28
2
certificates keys on pkcs11 devices
Hi,
I have not found any way to use a Certificate with ssh-agent when my Key is
stored on a pkcs11 device. I can add my key with
ssh-add -s /usr/local/lib/opensc-pkcs11.so
but
ssh-add -s /usr/local/lib/opensc-pkcs11.so ~/.ssh/mykey-cert.pub
does not add the certificate to my agent. As far as I undestand, in
ssh-add.c line 580
if (pkcs11provider != NULL) {
if (update_card(agent_fd,
2017 Oct 26
3
[RFC 0/2] add engine based keys
Engine keys are private key files which are only understood by openssl
external engines. ?The problem is they can't be loaded with the usual
openssl methods, they have to be loaded via ENGINE_load_private_key().
?Because they're files, they fit well into openssh pub/private file
structure, so they're not very appropriately handled by the pkcs11
interface because it assumes the private
2018 Nov 03
7
Log ssh sessions using open source tools
Hi,
Are there any open source tools to keep track of ssh sessions? For example,
if a specific user is ssh logging to remote server and what commands or
scripts are being run. Basically, i need to log all users sessions.
Thanks in Advance and i look forward to hearing from you.
Best Regards,
Kaushal
2010 Jan 12
2
[patch] Automatically add keys to agent
My keys are secured with a passphrase. That's good for security, but
having to type the passphrase either at every login or at every
invocation of ssh(1) is annoying.
I know I could invoke ssh-add(1) just before invoking ssh(1), if I keep
track of whether I invoked it already, or write some hacky scripts; but
the rest of OpenSSH is wonderfully usable without any hacks.
Hence, this patch.
2018 Nov 19
2
[PATCH] openssl-compat: Test for OpenSSL_add_all_algorithms before using.
OpenSSL 1.1.0 has deprecated this function.
---
configure.ac | 1 +
openbsd-compat/openssl-compat.c | 2 ++
openbsd-compat/openssl-compat.h | 4 ++++
3 files changed, 7 insertions(+)
diff --git a/configure.ac b/configure.ac
index 3f7fe2cd..db2aade8 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2710,6 +2710,7 @@ if test "x$openssl" = "xyes" ; then
])
2011 Jun 10
4
[Bug 1914] New: ssh-add: add an option to cryptographically verify if agent can access the matching private key of a given public key
https://bugzilla.mindrot.org/show_bug.cgi?id=1914
Summary: ssh-add: add an option to cryptographically verify if
agent can access the matching private key of a given
public key
Product: Portable OpenSSH
Version: 5.8p2
Platform: All
OS/Version: Linux
Status: NEW
Severity: enhancement
2010 Apr 06
3
Using OpenSSH with smart cards HOWTO
On Tue, 2010-04-06 at 15:52 +0300, Lars Nooden wrote:
> You might wish to focus on sftp instead of scp.
Okay, I will have a look.
I had some problems:
1) I would like to store smart card information
-o PKCS11Provider=/usr/lib/opensc-pkcs11.so
in /etc/ssh/ssh-config. Is it possible?
2) ssh-add -s does not seem to work.
Read:
2016 Oct 27
11
[Bug 2635] New: Unable to use SSH Agent and user level PKCS11Provider configuration directive
https://bugzilla.mindrot.org/show_bug.cgi?id=2635
Bug ID: 2635
Summary: Unable to use SSH Agent and user level PKCS11Provider
configuration directive
Product: Portable OpenSSH
Version: 7.3p1
Hardware: Other
OS: Linux
Status: NEW
Severity: normal
Priority: P5
[Bug 2465] New: openssh portable does not check if arc4random_buf is declared in the system headers?
2015 Sep 12
6
[Bug 2465] New: openssh portable does not check if arc4random_buf is declared in the system headers?
https://bugzilla.mindrot.org/show_bug.cgi?id=2465
Bug ID: 2465
Summary: openssh portable does not check if arc4random_buf is
declared in the system headers?
Product: Portable OpenSSH
Version: 7.1p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: normal
Priority: P5
2018 May 25
5
Suggestion: Deprecate SSH certificates and move to X.509 certificates
That's not a very good source, since it's only available to one person.
On Fri, May 25, 2018 at 7:12 AM, Peter Moody <mindrot at hda3.com> wrote:
> On Thu, May 24, 2018 at 9:09 PM, Yegor Ievlev <koops1997 at gmail.com> wrote:
>> How can I revoke one SSH certificate without having to replace the
>> root certificate and all certificates signed by it?
>
>
2008 Mar 14
15
Is anyone running Rails 2.x against a MS SQL Server DB?
I am unable to get ActiveRecord session support to work under 2.x
against a SQL Server database. I''m starting to wonder if anyone is
running 2.x against SQL Server?
Is anyone running under the following configuration:
Rails 2.x
SQL Server 2000 DB (using AR adapter in ODBC mode)
AR store for ActionController session store.
I''d like to chat with you if you are.
Thanks,
Wes
--
2014 Jul 12
1
openssh portable and libressl portable cause recursion between arc4random and RAND_bytes
Hi,
Yesterday I tried to replace the system openssl in a gentoo system with
libressl.
With openssh an interesting issue popped up:
* RAND_bytes in libressl calls arc4random
* arc4random is a compat function both in openssh and libressl
* arc4random from openssh uses RAND_bytes
So what's happening is a recursion. arc4random wants to use RAND_bytes
and RAND_bytes wants to use arc4random. The
2014 May 15
0
ANNOUNCE: log-user-session (full SSH session auditing)
log-user-session is shell-wrapper that can be used via ForceCommand to
implement full logging of user sessions. It supports the following
features:
- Flexible directory structure for the shell output log files.
- Support setuid-mode to write the files as another user.
- Properly starts the user shell as login shell.
- Optionally log only the command line of remote commands instead of
the full
2020 Jan 20
4
Security implications of using ControlMaster
Dear Mailing List
We are using a ControlMaster with a short ControlPersist to access the
bastion host which then gives access to customer hosts.
Our Information Security Manager would like to disallow the
ControlMaster. His attack scenario is an admin workstation with a
compromised root account. An attacker can then use the ControlMaster to
trivially get shell access on the bastion host
2016 Sep 02
4
[Bug 2610] New: ssh should not complain about "no slots" when PKCS11Provider is specified, but no slot is found nor used
https://bugzilla.mindrot.org/show_bug.cgi?id=2610
Bug ID: 2610
Summary: ssh should not complain about "no slots" when
PKCS11Provider is specified, but no slot is found nor
used
Product: Portable OpenSSH
Version: 7.3p1
Hardware: Other
OS: Linux
Status: NEW
2001 Jul 29
1
add version 2 identities by default, too
[ I'm not subscribed to this list; please CC any followups to me as
well ]
When a user invokes "ssh-add" with no arguments, I think we should
default to adding both version 1 and version 2 keys. Here's a patch
against the source included with my Debian package of OpenSSH:
walters at space-ghost:/usr/src/ssh/openssh-2.9p2$ diff -u ssh-add.c~ ssh-add.c
--- ssh-add.c~ Thu Apr
2013 Mar 13
2
Time zone for chrooted internal-sftp?
Hi,
A question regarding chroot, internal-sftp, and time zones: Is it possible to get the time stamps presented by the chrooted internal-sftp to always be aligned with the system global time zone setting?
What is the reason this not done by default, that is couldn't the chrooted internal-sftp inherit the time zone information from the SSH daemon?
/John
--
John Olsson
Ericsson AB
2015 Mar 03
2
configure and have crypt or DES_crypt
Hello,
With current portable master source tree HAVE_CRYPT and HAVE_DES_CRYPT
are not defined.
It seems to me this is regression introduced with implementation of
configure options --with-openssl.
Impacted code is in xcrypt.c:
...
# if defined(WITH_OPENSSL) && !defined(HAVE_CRYPT) &&
defined(HAVE_DES_CRYPT)
# include <openssl/des.h>
# define crypt DES_crypt
# endif
...
2005 Jul 26
1
Linux in-kernel keys support
Hi all,
I recently made a patch to openssh 4.1p1 to allow it to use the
in-kernel key management provided by 2.6.12 or later Linux kernels.
I've attached the patch (which is still only a proof-of-concept, for
instance its very verbose right now) to this mail.
Now, my question is, is this a completely insane idea and would (a later
version of) the patch have a chance of making it into the
2014 Apr 04
3
[Bug 2221] New: Explicit identity files are being used after implicit files are attempted
https://bugzilla.mindrot.org/show_bug.cgi?id=2221
Bug ID: 2221
Summary: Explicit identity files are being used after implicit
files are attempted
Product: Portable OpenSSH
Version: 6.2p1
Hardware: Other
OS: Linux
Status: NEW
Severity: minor
Priority: P5
Component: