similar to: [PATCH] add log= directive to authorized_hosts

On Thu, May 04, 2017 at 09:37:59AM +1000, Adam Eijdenberg wrote: > Hi Devin, have you looked at using openssh certificates to help manage [...] > While the feature has been around for a while now (and is really > useful), there doesn't seem to be huge amount of documentation around > it. I found the following useful when getting a client of my running Yeah, when I wrote about it

Hi, sorry if it is the wrong approuch to suggest improvments to OpenSSH, but here comes my suggestion: I recently stumbled upon the scponly shell which in it's chroot:ed form is an ideal solution when you want to share some files with people you trust more or less. The problem is, if you use the scponlyc as shell, port forwarding is still allowed. This can of course be dissallowed in

Hi All, Just reporting in on how testing has gone. After reducing obs to 32k max and banners to a max of 10000, plus some minor platform changes - root is not 0, for example, all normal tests have passed except for: multiplex - hangs at the end of this output. We had a similar issue that single reads of data were not working in dd but that does not seem to be the case in this test suite. test

As background, I read: http://therowes.net/~greg/2011/03/23/ssh-trusted-ca-key/ http://www.ibm.com/developerworks/aix/library/au-sshsecurity/ http://bryanhinton.com/blog/openssh-security http://www.linuxhowtos.org/manpages/5/sshd_config.htm

Hello, SSH supports ~/.ssh/authorzied_keys for SSH keys and ~/.ssh/authorized_principals for X509 certs. I could not find an equivalent of authorzied_keys using Kerberos authentication. IMHO it should be possible using the Kerberos principal very much like the principal contained inside a X509 certificate. My main use case is assigning a specific command to a user logging in using Kerberos

This may be a dumb question, but is there any reason why scp a at b:c d: fails, where scp a at b:c . scp c d: succeeds? I get "Host key verification failed.". I'm using nothing more complex than RSA authorized_hosts based authentication. I'm seeing this on openssh-client 1:5.8p1-1ubuntu3 and OS-X 10.6 OpenSSH_5.2p1, OpenSSL 0.9.8r 8 Feb 2011. -- Alex Bligh

Hello, [if I'm not in the right mailing list, please advise it to me] I'm using ssh certificates for my servers and my users. I have questions about it: I can use the same CA in order to certify all my hosts. Every clients can use it, and it's a great setup. But, if I use the same CA for all my clients, it means that any clients can log in to any server because hosts trusts my

kinit/nfsmount.c:mount_nfs_root() should use the bootpath specified by bootp/dhcp. If the "nfsroot" option is specified then it overrides the boot server bootpath and a message indicating the override is printed. --- klibc-0.194/kinit/nfsroot.c.orig 2005-01-05 04:13:47.043897880 -0700 +++ klibc-0.194/kinit/nfsroot.c 2005-01-05 04:13:09.316633296 -0700 @@ -66,34 +66,21 @@ const int

Hello, Currently OpenSSH has a fixed order on how the key authenticates the user: at first it tries to authenticate against TrustedUserCAKeys, afterwards it does it against the output keys from the AuthorizedKeysCommand and finally against the files as set in AuthorizedKeysFile. I have an use-case where this order is not ideal. This is because in my case the command fetches keys from the cloud

>> the fact that ssh insists on tap* and tun* tun/tap-device-names is a >> real nag and prevents from nice and easy solutions in some cases. > > Could you offer some examples? some client: ssh -o "Tunnel Ethernet" -w any office next client: ssh -o "Tunnel Ethernet" -w any office ...and so forth. interface configuration on the hub for all clients:

> On 24 Jan 2017, at 06:01, Darren Tucker <dtucker at zip.com.au> wrote: > > On Tue, Jan 24, 2017 at 4:54 PM, Vishwanath KC <vicchi.cit at gmail.com> wrote: > [...] >> Distributor ID: Debian >> Description: Debian GNU/Linux 8.2 (jessie) > > As you've seen, sshd requires that the system's getpwnam() function > knows the user, without which

Odd question I know. I am looking for source for as recent a kernel as possible running the old style xenlinux/xenified kernel (i.e. capable of running the xen3.3.x hypervisor). Any ideas where I can get this - preferably in git form? I think Stefano Stabellini had something that worked up to 2.6.36 (from memory). And yes, we would all prefer all our customers moved to xen4 but this is difficult

As per Alex's suggestion, attached is the proof of concept "sfile" script. If there is anyone out there with great C skills who can recreate this functionality "out of the box", I think there would be a few happy campers (at least two, anyways). -------- Forwarded Message -------- Subject: Re: Encrypt /decrypta file with ssh keys. Date: Fri, 5 Aug 2016 17:24:35

Does xen-4.1.1 really require python 2.7 (as per Ubuntu packaging) or will it actually work on python 2.6? I am trying to backport it to an Ubuntu LTS version and would rather not have to bring in Python 2.7 if possible. -- Alex Bligh

On 20 Mar 2016, at 19:15, Philip Hands <phil at hands.com> wrote: > Is anyone going to be upset by the resulting blank lines being added by > ssh-copy-id when the file was not missing a terminating newline? Well it would be at least mildly annoying my previously nice looking file now has a pile of blank lines in just because someone didn't know how to use their editor ... --

> On 5 Aug 2016, at 18:09, James Murphy <james.murphy.debian at gmail.com> wrote: > > The more mainstream thing to do is just use gpg, which has this > functionality already built in. Is this not suitable for your use case? The advantage of Colin's approach is that gpg requires out of band exchange of gpg keys separately from ssh keys. If you already have ssh keys

Also, if password-based auth is not allowed, WTF would you want to log passwords? This whole idea is ugly, and smacks of a teenage-level prank attempt. I would strongly object against any such modification of the main source (though I'm sure the maintainers are sane enough to never let such a crap in). Of course the original poster is free to hack his own copy in whatever way he wants.?

I've upgraded from syslinux-4.05 to syslinux-6.03-pre18 (pre11 was the same) and am having some issues getting lua.c32 to work. I'm using lpxelinux.0 if that's relevant. My boot file and the contents of default.lua are below. As you can see they are fantastically simple. Essentially I'm just using lua to put the results of ipappend in the right place on the command line. The

This is problem 1 of 3 problems we are having with live migration and/or ACPI on Xen-4.3 and Xen-4.2. Any help would be appreciated. Detailed description of problem: We are using Xen-4.3-rc1 with dom0 running Ubuntu Precise and 3.5.0-23-generic kernel, and domU running Ubuntu Precise (12.04) cloud images running 3.2.0-39-virtual. We are using the xl.conf below on qemu-upstream-dm and HVM and

If an ssh server receives a tun/tap tunnel request and sets up the tunnel concerned, as far as I can see there is currently no way for the server to configure the tunnel in a manner dependent upon (e.g) the key used to set up the ssh session. Whilst an id based on the key can be passed to the ssh child process, where the tunnel is dynamically allocated, its tunnel name is lost. This patch