similar to: [PATCH] add log= directive to authorized_hosts

Displaying 20 results from an estimated 800 matches similar to: "[PATCH] add log= directive to authorized_hosts"

2017 May 04
5
OpenSSH contract development / patch
On Thu, May 04, 2017 at 09:37:59AM +1000, Adam Eijdenberg wrote: > Hi Devin, have you looked at using openssh certificates to help manage [...] > While the feature has been around for a while now (and is really > useful), there doesn't seem to be huge amount of documentation around > it. I found the following useful when getting a client of my running Yeah, when I wrote about it
2004 Jan 19
3
Security suggestion concering SSH and port forwarding.
Hi, sorry if it is the wrong approuch to suggest improvments to OpenSSH, but here comes my suggestion: I recently stumbled upon the scponly shell which in it's chroot:ed form is an ideal solution when you want to share some files with people you trust more or less. The problem is, if you use the scponlyc as shell, port forwarding is still allowed. This can of course be dissallowed in
2005 Feb 22
0
TR: 3.8.1p1 option "permitopennet" added
Patch is below : diff -nru openssh-3.8.1p1/auth-options.c openssh-3.8.1p1-devs//auth-options.c --- openssh-3.8.1p1/auth-options.c Tue Jun 3 02:25:48 2003 +++ openssh-3.8.1p1-devs//auth-options.c Mon Feb 21 16:56:49 2005 @@ -265,6 +265,81 @@ xfree(patterns); goto next_option; } + +/* e.g: permitopenned="158.156.0.0/255.255.255.0:25[-1024]" + * note that part between [] is
2016 Feb 09
2
Test Status OpenSSH 7.1 P2 on HPE NSE
Hi All, Just reporting in on how testing has gone. After reducing obs to 32k max and banners to a max of 10000, plus some minor platform changes - root is not 0, for example, all normal tests have passed except for: multiplex - hangs at the end of this output. We had a similar issue that single reads of data were not working in dd but that does not seem to be the case in this test suite. test
2011 Nov 03
1
Help with CA Certificates for user authentication?
As background, I read: http://therowes.net/~greg/2011/03/23/ssh-trusted-ca-key/ http://www.ibm.com/developerworks/aix/library/au-sshsecurity/ http://bryanhinton.com/blog/openssh-security http://www.linuxhowtos.org/manpages/5/sshd_config.htm
2019 Oct 04
2
authorized_principals for Kerberos authentication
Hello, SSH supports ~/.ssh/authorzied_keys for SSH keys and ~/.ssh/authorized_principals for X509 certs. I could not find an equivalent of authorzied_keys using Kerberos authentication. IMHO it should be possible using the Kerberos principal very much like the principal contained inside a X509 certificate. My main use case is assigning a specific command to a user logging in using Kerberos
2011 Oct 10
1
scp with different users
This may be a dumb question, but is there any reason why scp a at b:c d: fails, where scp a at b:c . scp c d: succeeds? I get "Host key verification failed.". I'm using nothing more complex than RSA authorized_hosts based authentication. I'm seeing this on openssh-client 1:5.8p1-1ubuntu3 and OS-X 10.6 OpenSSH_5.2p1, OpenSSL 0.9.8r 8 Feb 2011. -- Alex Bligh
2011 Jul 07
4
Use of ssh certificates in a multi server of different kind environment.
Hello, [if I'm not in the right mailing list, please advise it to me] I'm using ssh certificates for my servers and my users. I have questions about it: I can use the same CA in order to certify all my hosts. Every clients can use it, and it's a great setup. But, if I use the same CA for all my clients, it means that any clients can log in to any server because hosts trusts my
2005 Jan 05
1
[PATCH] kinit/nfsmount.c path from bootp
kinit/nfsmount.c:mount_nfs_root() should use the bootpath specified by bootp/dhcp. If the "nfsroot" option is specified then it overrides the boot server bootpath and a message indicating the override is printed. --- klibc-0.194/kinit/nfsroot.c.orig 2005-01-05 04:13:47.043897880 -0700 +++ klibc-0.194/kinit/nfsroot.c 2005-01-05 04:13:09.316633296 -0700 @@ -66,34 +66,21 @@ const int
2019 May 20
4
Authenticate against key files before AuthorizedKeysCommand
Hello, Currently OpenSSH has a fixed order on how the key authenticates the user: at first it tries to authenticate against TrustedUserCAKeys, afterwards it does it against the output keys from the AuthorizedKeysCommand and finally against the files as set in AuthorizedKeysFile. I have an use-case where this order is not ideal. This is because in my case the command fetches keys from the cloud
2018 May 30
2
tunnel interface names
>> the fact that ssh insists on tap* and tun* tun/tap-device-names is a >> real nag and prevents from nice and easy solutions in some cases. > > Could you offer some examples? some client: ssh -o "Tunnel Ethernet" -w any office next client: ssh -o "Tunnel Ethernet" -w any office ...and so forth. interface configuration on the hub for all clients:
2017 Jan 24
2
Need information to bypass the preauth in openssh
> On 24 Jan 2017, at 06:01, Darren Tucker <dtucker at zip.com.au> wrote: > > On Tue, Jan 24, 2017 at 4:54 PM, Vishwanath KC <vicchi.cit at gmail.com> wrote: > [...] >> Distributor ID: Debian >> Description: Debian GNU/Linux 8.2 (jessie) > > As you've seen, sshd requires that the system's getpwnam() function > knows the user, without which
2012 May 15
7
Xen 3.3.x on recent dom0 kernels
Odd question I know. I am looking for source for as recent a kernel as possible running the old style xenlinux/xenified kernel (i.e. capable of running the xen3.3.x hypervisor). Any ideas where I can get this - preferably in git form? I think Stefano Stabellini had something that worked up to 2.6.36 (from memory). And yes, we would all prefer all our customers moved to xen4 but this is difficult
2009 Feb 13
10
[Bug 1554] New: No feedback when configuration file permissions are set incorrectly.
https://bugzilla.mindrot.org/show_bug.cgi?id=1554 Summary: No feedback when configuration file permissions are set incorrectly. Product: Portable OpenSSH Version: 5.1p1 Platform: ix86 OS/Version: Cygwin on NT/2k Status: NEW Severity: minor Priority: P3 Component: ssh AssignedTo:
2002 Aug 13
1
[PATCH] global port forwarding restriction
Here's another patch for people providing ssh access to restricted environments. We allow our users to use port forwarding when logging into our mail servers so that they can use it to fetch mail over an encrypted channel using clients that don't support TLS, for example fetchmail. (In fact, fetchmail has built-in ssh support.) However we don't want them connecting to other places
2016 Aug 05
4
Fwd: Re: Encrypt /decrypta file with ssh keys.
As per Alex's suggestion, attached is the proof of concept "sfile" script. If there is anyone out there with great C skills who can recreate this functionality "out of the box", I think there would be a few happy campers (at least two, anyways). -------- Forwarded Message -------- Subject: Re: Encrypt /decrypta file with ssh keys. Date: Fri, 5 Aug 2016 17:24:35
2011 Nov 23
3
Minimum python version for xen-4.1.1
Does xen-4.1.1 really require python 2.7 (as per Ubuntu packaging) or will it actually work on python 2.6? I am trying to backport it to an Ubuntu LTS version and would rather not have to bring in Python 2.7 if possible. -- Alex Bligh
2016 Mar 20
3
ssh-copy-id no newline bug
On 20 Mar 2016, at 19:15, Philip Hands <phil at hands.com> wrote: > Is anyone going to be upset by the resulting blank lines being added by > ssh-copy-id when the file was not missing a terminating newline? Well it would be at least mildly annoying my previously nice looking file now has a pile of blank lines in just because someone didn't know how to use their editor ... --
2016 Aug 05
3
Encrypt /decrypta file with ssh keys.
> On 5 Aug 2016, at 18:09, James Murphy <james.murphy.debian at gmail.com> wrote: > > The more mainstream thing to do is just use gpg, which has this > functionality already built in. Is this not suitable for your use case? The advantage of Colin's approach is that gpg requires out of band exchange of gpg keys separately from ssh keys. If you already have ssh keys
2016 Dec 18
2
Extend logging of openssh-server - e.g. plaintext password
Also, if password-based auth is not allowed, WTF would you want to log passwords? This whole idea is ugly, and smacks of a teenage-level prank attempt. I would strongly object against any such modification of the main source (though I'm sure the maintainers are sane enough to never let such a crap in). Of course the original poster is free to hack his own copy in whatever way he wants.?