Displaying 20 results from an estimated 200 matches similar to: "Help with CA Certificates for user authentication?"
2016 Feb 09
2
Test Status OpenSSH 7.1 P2 on HPE NSE
Hi All,
Just reporting in on how testing has gone. After reducing obs to 32k max and
banners to a max of 10000, plus some minor platform changes - root is not 0,
for example, all normal tests have passed except for:
multiplex - hangs at the end of this output. We had a similar issue that
single reads of data were not working in dd but that does not seem to be the
case in this test suite.
test
2019 Oct 04
2
authorized_principals for Kerberos authentication
Hello,
SSH supports ~/.ssh/authorzied_keys for SSH keys and
~/.ssh/authorized_principals for X509 certs.
I could not find an equivalent of authorzied_keys
using Kerberos authentication.
IMHO it should be possible using the Kerberos principal
very much like the principal contained inside a X509
certificate.
My main use case is assigning a specific command to
a user logging in using Kerberos
2015 May 22
5
[Bug 2404] New: scp skips file/directory on permissions error
https://bugzilla.mindrot.org/show_bug.cgi?id=2404
Bug ID: 2404
Summary: scp skips file/directory on permissions error
Product: Portable OpenSSH
Version: 6.7p1
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: P5
Component: scp
Assignee: unassigned-bugs at mindrot.org
2005 Aug 24
1
Test Failure on Mac OS X 10.4.2
I was able to get it to compile but the tests are failing. When I run
the test as root I get:
run test connect.sh ...
Connection closed by 127.0.0.1
ssh connect with protocol 1 failed
failed simple connect
make[1]: *** [t-exec] Error 1
make: *** [tests] Error 2
However, when I run as a normal user I got:
test remote exit status: proto 1 status 0
2000 Jan 29
4
rsync over ssh - lockups with pipe()
For a couple of years people have been reporting intermittent problems
with rsync over ssh freezing during a large transfer (typically
several GB). I have now gotten to the bottom of these problems, and
have written a small test program which demonstrates a deadlock in
sshd when doing large bi-directional transfers. Luckily the problem is
easily solved by modifying sshd to use socketpair() instead
2018 Jun 08
4
vanilla build of 7.7p1 release on linux/4.17 fails with gcc8 @ "/usr/bin/ld: unrecognized option '-Wl,-z,retpolineplt'"
On 8 June 2018 at 11:21, PGNet Dev <pgnet.dev at gmail.com> wrote:
> fyi
>
> add'l -- and looks unrelated -- issue
> /usr/include/pthread.h:251:12: note: previous declaration of ?pthread_join? was here
> extern int pthread_join (pthread_t __th, void **__thread_return);
What included pthread.h? That's explicitly not supported by sshd:
$ grep THREAD
2004 Oct 25
1
Bug in sftp's chmod
Hi,
I've discovered that on OpenSSH_3.6.1p1 (the latest SSH available on
OSX, but I've also tried a couple of different linux distributions),
when you 'sftp' to it, and try to 'chmod' some file or directory, only
last three octal digits do actually matter.
Example:
sftp sshtest at localhost
Connecting to localhost...
sshtest at localhost's password:
sftp> ls -l
2011 Oct 08
3
[PATCH] add log= directive to authorized_hosts
Attached is a patch which adds a log= directive to authorized_keys. The text
in the log="text" directive is appended to the log line, so you can easily
tell which key is matched.
For instance the line:
log="hello world!",no-agent-forwarding,command="/bin/true",no-pty,
no-user-rc,no-X11-forwarding,permitopen="127.0.0.1:7"
ssh-rsa AAAAB3Nza....xcgaK9xXoU=
2011 May 11
3
[Bug 1904] New: sshd refuses certificate-based authentication if password has expired
https://bugzilla.mindrot.org/show_bug.cgi?id=1904
Summary: sshd refuses certificate-based authentication if
password has expired
Product: Portable OpenSSH
Version: 4.3p2
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo:
2011 Jul 07
4
Use of ssh certificates in a multi server of different kind environment.
Hello,
[if I'm not in the right mailing list, please advise it to me]
I'm using ssh certificates for my servers and my users.
I have questions about it:
I can use the same CA in order to certify all my hosts. Every clients can use it,
and it's a great setup. But, if I use the same CA for all my clients, it means that
any clients can log in to any server because hosts trusts my
2019 May 20
4
Authenticate against key files before AuthorizedKeysCommand
Hello,
Currently OpenSSH has a fixed order on how the key authenticates the
user: at first it tries to authenticate against TrustedUserCAKeys,
afterwards it does it against the output keys from the
AuthorizedKeysCommand and finally against the files as set in
AuthorizedKeysFile. I have an use-case where this order is not ideal.
This is because in my case the command fetches keys from the cloud
2017 May 03
2
OpenSSH contract development / patch
Hi OpenSSH developers;
Thank you for your amazing work.
I?m emailing to see if any knowledgeable OpenSSH developer is willing to help us review / revamp some patches we have for OpenSSH, and provide advice on some of the more advanced uses of OpenSSH. This would be a for pay contract engagement. We are trying to be super respectful of the process, and are happy to be very creative ? we are
2013 Sep 05
1
Using multiple certificates for a given private key
Hi,
I'm experimenting with certificates for users, giving access via the
TrustedUserCAKeys mechanism. Unfortunately, there seems to be a limit of
one certificate per SSH key on the user's side, which prevents using the
same key for hosts using different TrustedUserCAKeys. Is there a clean
way around this?
To make the above clearer, consider the following situation:
A collection of hosts
2012 Jan 20
2
show plot
Dear All
I have 54000 plots in R,
How can I observe them?
If I have to save them one-by-one?
Soheila
[[alternative HTML version deleted]]
2003 Oct 07
4
Beginner's query - segmentation fault
I am dealing with a huge matrix in R (20 columns, 54000 rows) and have
lots of missing values within the dataset which are currently displayed as
the value "-999.00" I am trying to create a new matrix (or change the
existing one) to display these values as "NA" so that I can then perform
the necessary analysis on the columns within the matrix.
The matrix name is temp and the
1999 Jan 14
3
Transferring data from S+ to R
I would like to know if there is an easy way to transfer all the data from
a S+ directory (".Data" or "_data") to an R image? I would like to transfer
all the functions and all the data sets (data frames, vectors, lists, etc.).
I'm working under Windows NT and am using S+ 3.3 for Windows.
Zivan
Zivan Karaman
Limagrain Genetics Research, B.P. 115, 63203 Riom Cedex,
2007 Oct 15
1
how to use normalmixEM to get correct result?
Dear R-Users,
I have a large number of data(54000) and the field of data is 50 to 2.0e9. I want to use normalmixEM (package:mixtools) to fit them in finite mixture narmal distributions,but get some mistakes.I don't know which steps make the error.
I have used the following functions before
>x<-read.table("data")
>log.x<-log10(x$V1)
>log.x<-sort(log.x)
2020 Apr 03
3
[PATCH v2 03/17] drm: Nuke mode->vrefresh
From: Ville Syrj?l? <ville.syrjala at linux.intel.com>
Get rid of mode->vrefresh and just calculate it on demand. Saves
a bit of space and avoids the cached value getting out of sync
with reality.
Mostly done with cocci, with the following manual fixups:
- Remove the now empty loop in drm_helper_probe_single_connector_modes()
- Fix __MODE() macro in ch7006_mode.c
- Fix DRM_MODE_ARG()
2017 May 04
5
OpenSSH contract development / patch
On Thu, May 04, 2017 at 09:37:59AM +1000, Adam Eijdenberg wrote:
> Hi Devin, have you looked at using openssh certificates to help manage
[...]
> While the feature has been around for a while now (and is really
> useful), there doesn't seem to be huge amount of documentation around
> it. I found the following useful when getting a client of my running
Yeah, when I wrote about it
2017 Jun 07
4
domain join RODC failed
Hello,
I try to test joining new RODC (samba-tool domain join unn.global RODC
-U Administrator -d5) and it's fail with message:
Could not find machine account in secrets database: Failed to fetch
machine account password for UNN from both secrets.ldb (Could not find
entry to match filter: '(&(flatname=UNN)(objectclass=primaryDomain))'
base: 'cn=Primary Domains': No