similar to: TPM-protected client keys

At this point it should be obvious, but let me state that I don?t have motivation/time to spend on this right now, given that upstream shows 0 interest in this at all :(. Hence, any help on this is welcome. On Sat, Dec 27, 2014 at 1:53 AM, Thomas Habets <thomas at habets.se> wrote: > On 24 December 2014 at 18:57, Michael Stapelberg > <stapelberg+openssh at google.com> wrote:

Hey, Judging from the (private) responses I?ve got, there is quite a bit of interest in the U2F feature I proposed a while ago. Therefore, I?ve taken some time to resolve the remaining issues, and I think the resulting patch (attached to this email) is in quite a good state now. I also posted the new version of the patch to https://bugzilla.mindrot.org/show_bug.cgi?id=2319 (which I?ve opened

Hello. I need help with limiting bandwidth. I have read every tutorial I''ve come over and I just can''t make anything work. Ok, here''s the scenario: I have a gateway, which has five network interfaces (eth0 -> eth4), eth0 is the ''external'' one and eth[1-4] are supposed to be limited to 128Kbit/s each. The interfaces eth[1-4] each have a C-class

Hi, everyone, I need some help in figuring out what may have happened here, as newly created files on an OST are being corrupted. I don''t know if this applies to all files written to this OST, or just to files of order 2GB size, but files are definitely being corrupted, with no errors reported by the OSS machine. Let me describe the situation. We had been running Lustre 1.8.4 for

Setup: Server: Mac OS X Server which serves dhcp and tftp requests client: Acer with PXE boot agent 4.0.19 file to transfer: -rw-r--r-- 1 root wheel 10988 Apr 12 13:50 pxelinux.0 The default tftpd daemon doesn't support the tsize option (I think, look at the packet trace at the end, it reports the file isn't found, but I think this is because of tsize ... but I could be

> (Blargh is right (https://blog.habets.se/2011/07/OpenSSH-certificates.html <https://blog.habets.se/2011/07/OpenSSH-certificates.html>). Googling for this stuff is *hard*:) Does https://www.sweharris.org/post/2016-10-30-ssh-certs/ help at all? Stephen

On Fri, Jan 15, 2016 at 1:07 PM, Alex Bligh <alex at alex.org.uk> wrote: > On 15 Jan 2016, at 11:44, Thomas ? Habets <habets at google.com> wrote: >> On 15 January 2016 at 08:48, Alex Bligh <alex at alex.org.uk> wrote: [snip] > 3. Server compares supplied address/port pair with what it sees > (to detect DNAT like Amazon elastic IPs), and if they are the >

On Wed, Nov 27, 2019 at 03:11:51PM +0000, Martin Habets wrote: > Your @work correctly identifies that the drivers/net/ethernet/sfc drivers need patching, but the actual patches for them are missing. > Please add those. Makes me wonder if any other files are missing patches. > > Martin Good point, pattern was missing _ in variable name. Will repost a fixed version.

A problem here getting winbind traffic to be encrypted using Kerberos. I have set up a test environment with a pair of servers (actually lxc containers): - samba server (ubuntu 16.04, stock samba 4.3.11) - client machine (ubuntu 16.04) joined with "net ads join" and winbind The client machine has the following in /etc/samba/smb.conf: ------- [global] #netbios name = client-ad

Hi! The Netfilter project proudly presents: iptables 1.6.1 iptables is the userspace command line program used to configure the Linux 2.4.x and later packet filtering ruleset. It is targeted towards system administrators. This update contains accumulated bugfixes, several new extensions and lots of translations via iptables-translate to ease migration to nftables. See ChangeLog that comes

Hey all - I''ve got a question that I haven''t seen addressed anywhere and was wondering if anyone has put any thought into it or not... Here''s my setup... I have several *small* sites running apache/mongrel. Each has a single mongrel instance. Most don''t get any traffic (no one reads my blog :). And I was thinking, I could host a couple of more

Em qua., 27 de nov. de 2019 ?s 12:12, Martin Habets <mhabets at solarflare.com> escreveu: > > Your @work correctly identifies that the drivers/net/ethernet/sfc drivers need patching, but the actual patches for them are missing. > Please add those. Makes me wonder if any other files are missing patches. Since, I'm adding new stuffs to virtion_net (2/2), I will split this into a

This allows incrementing the correct timeout statistic without any mess. Down the road, devices can learn to reset just the specific queue. The patch was generated with the following script: use strict; use warnings; our $^I = '.bak'; my @work = ( ["arch/m68k/emu/nfeth.c", "nfeth_tx_timeout"], ["arch/um/drivers/net_kern.c", "uml_net_tx_timeout"],

This allows incrementing the correct timeout statistic without any mess. Down the road, devices can learn to reset just the specific queue. The patch was generated with the following script: use strict; use warnings; our $^I = '.bak'; my @work = ( ["arch/m68k/emu/nfeth.c", "nfeth_tx_timeout"], ["arch/um/drivers/net_kern.c", "uml_net_tx_timeout"],

This allows incrementing the correct timeout statistic without any mess. Down the road, devices can learn to reset just the specific queue. The patch was generated with the following script: use strict; use warnings; our $^I = '.bak'; my @work = ( ["arch/m68k/emu/nfeth.c", "nfeth_tx_timeout"], ["arch/um/drivers/net_kern.c", "uml_net_tx_timeout"],

Hi Karthik, thanks for taking a look at this. I'm not working with gluster long enough to make heads or tails out of the logs. The logs are attached to this mail and here is the other information: # gluster volume info home Volume Name: home Type: Replicate Volume ID: fe6218ae-f46b-42b3-a467-5fc6a36ad48a Status: Started Snapshot Count: 1 Number of Bricks: 1 x 3 = 3 Transport-type: tcp

The intent of this option is similar to "tls-auth" in openvpn[1]: To refuse to talk to anyone who doesn't know the shared secret. You could compare this to port knocking, in that it solves a similar problem. This also prevents RST attacks from killing an existing connection, even when attacker can sniff sequence numbers. This feature doesn't work through NAT, since the source

On 15 January 2016 at 08:48, Alex Bligh <alex at alex.org.uk> wrote: > > The socket option is enabled *after* connection establishment, thus > > doesn't protect against SYN floods. This is because server doesn't > > know (in userspace) what the address of the peer is until they > > connect. Again because signed addresses. > So could they exchange a secret