similar to: FW: Help with CA Certificates for user authentication?

https://bugzilla.mindrot.org/show_bug.cgi?id=1039 Iain Morgan <imorgan at nas.nasa.gov> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |imorgan at nas.nasa.gov --- Comment #13 from Iain Morgan <imorgan at nas.nasa.gov> --- My apologies for

As background, I read: http://therowes.net/~greg/2011/03/23/ssh-trusted-ca-key/ http://www.ibm.com/developerworks/aix/library/au-sshsecurity/ http://bryanhinton.com/blog/openssh-security http://www.linuxhowtos.org/manpages/5/sshd_config.htm

https://bugzilla.mindrot.org/show_bug.cgi?id=1169 Iain Morgan <imorgan at nas.nasa.gov> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |imorgan at nas.nasa.gov --- Comment #10 from Iain Morgan <imorgan at nas.nasa.gov> --- Perhaps this could

https://bugzilla.mindrot.org/show_bug.cgi?id=1424 Iain Morgan <imorgan at nas.nasa.gov> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |imorgan at nas.nasa.gov --- Comment #36 from Iain Morgan <imorgan at nas.nasa.gov> --- Created attachment

> > Message: 8 > Date: Tue, 30 Jul 2013 12:46:50 -0700 > From: Iain Morgan <imorgan at nas.nasa.gov> > To: Damien Miller <djm at mindrot.org> > Cc: "openssh-unix-dev at mindrot.org" <openssh-unix-dev at mindrot.org> > Subject: Re: Call for testing: OpenSSH-6.3 > Message-ID: <20130730194649.GC18047 at linux124.nas.nasa.gov> >

Il giorno dom 4 nov 2018 alle ore 01:45 Ben Lindstrom <mouring at offwriting.org> ha scritto: > > I don't see it as a bug. Yes, this is why I put a question mark in the subject. > As if I'm writing a batch script I want to see the echo of the command and the output so if there is a failure I know where the failure is. I see: you have a single batch file with no

No, I just think 15 years or so is more than enough time to have addressed the issue. On Thu, Mar 26, 2015 at 14:05:08 -0700, Dan Kaminsky wrote: > So, this isn't your problem and you don't respect the people's whose > problem it is. > > On Thu, Mar 26, 2015 at 12:43 PM, Iain Morgan <imorgan at nas.nasa.gov> wrote: > > > On Thu, Mar 26, 2015 at 11:55:18

Thanks, Iain. I am willing to hear from other users whether anyone else sees this as a bug before filing it. -- Vincenzo Romano Il giorno ven 2 nov 2018, 20:03 Iain Morgan <imorgan at nas.nasa.gov> ha scritto: > If you truly intend this as a bug report, you should file it at > bugzilla.mindrot.org. > > On Fri, Nov 02, 2018 at 12:25:22 +0100, Vincenzo Romano wrote: > >

Hi, OpenSSH 2.9p2 behaves differently with 'PermitRootLogin without-password' than does SSH 2.2.27 with 'PermitRootLogin nopwd': nopython.imorgan 153> ssh root at sun523 root at sun523's password: ROOT LOGIN REFUSED FROM nopython.nas.nasa.gov nopython.imorgan 154> ssh root at sun566 root at sun566's password: Permission denied. In the case of OpenSSH, you simply

On 29 September 2017 at 11:05, Iain Morgan <imorgan+openssh at nas.nasa.gov> wrote: [...] > This is due to my shell being csh, which is pickier about undefined > variables than the Bourne-style shells. The attached patch fixes the > issue. Thanks for figuring this out. > - 'test -z "$SSH_USER_AUTH"' || fail "SSH_USER_AUTH present" > +

---------- Forwarded message ---------- Date: Fri, 18 Jan 2013 10:19:35 +1100 (EST) From: Damien Miller <djm at mindrot.org> To: Iain Morgan <Iain.Morgan at nasa.gov> Subject: Re: Inconsisten declaration of ssh_aes_ctr_iv() On Thu, 17 Jan 2013, Iain Morgan wrote: > > Could you tell me the declaration of the function pointer do_cipher in > > OpenSSL's evp.h on your

Hi, >>> It would be nice to know what the precise technical issues are that have >>> prevented support for this from being added. From what I recall, it >>> seemed like the delay was largely due to details of the client >>> behaviour, and possibly some feature creep. It would indeed be really great to have some details on this point. Concerning the test of

Hello, While running 'cvs up' against the CVS repository for the portable branch of OpenSSH, I received the following warning: % cvs up @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be

On 11/15/23, 10:51 AM, "openssh-unix-dev on behalf of Marian Beermann" <openssh-unix-dev-bounces+iain.morgan=nasa.gov at mindrot.org <mailto:nasa.gov at mindrot.org> on behalf of public at enkore.de <mailto:public at enkore.de>> wrote: On 11/15/23 18:09, Chris Rapier wrote: > On 11/11/23 9:31 PM, Damien Miller wrote: > >> It's not discouraged so much as

Hi, I'm experimenting with host certificates in 5.4p1 and seem to have hit a usability issue. I've generated a host certificate, added the HostCertificate option to the sshd_config and restarted sshd. I've replaced the system's ssh_known_hosts file with one that has a single entry of the form: @cert-authority *.example.domain ssh-rsa ... This works provided that I use the

Hi, Based on some experimentation with 5.4p1 and a cursory examination of the source code, it doesn't look like hostbased authentication takes advantage of certificates other than to authenticate the server. Is that correct? In cluster environments, hostbased authentication is still useful but the size of the ssh_known_hosts file can become unwieldy in large clusters. As an example, a few

Hi, With the 20100127 snapshot, there appears to be a bug in the multiplexing support that causes the master to die under some circumstances when a slave session exits. The error messages that I am getting are: cfe1.imorgan> exit Connection to cfe1 closed. $ channel_by_id: 2: bad id: channel free client_input_channel_req: channel 2: unknown channel channel_by_id: 2: bad id: channel free

Greetings, For those interested in using certificates with hostbased authentication, I have just submitted an enhancement request[1] to the OpenSSH bugzilla site with a preliminary patch that adds support for this. Despite the fact that hostbased authentication is, by default, disabled for both the client and server, there are environments where hostbased authentication can be very useful. One

Damien, Here's a forwarded bug for you. Cheers, Phil. --[[message/rfc822]] Subject: Bug#52414: ssh-add uses ssh-askpass, but ssh doesn't Reply-To: David Huggins-Daines <dhd at plcom.on.ca>, 52414 at bugs.debian.org Resent-From: David Huggins-Daines <dhd at plcom.on.ca> Resent-To: debian-bugs-dist at lists.debian.org Resent-CC: Philip Hands <phil at hands.com>

Hi, On RHEL 6.3 with gcc 4.4.6, a number of compiler warnings are emitted when building recent snapshots: These all seem to be harmless, but annoying. readpassphrase.c:127: warning: ignoring return value of ?write?, declared with attribute warn_unused_result readpassphrase.c:146: warning: ignoring return value of ?write?, declared with attribute warn_unused_result make[1]: Leaving directory