similar to: Overhaul of Authorized_keys recipe

Hello all, I'm wondering if samba(TNG?) can offer a solution for keeping NDS in sync with Active Directory? Perhaps, samba would be only be part of a larger solution involving openldap and or other components. Although I've used samba in the past on stand-alone servers, I have am not up to speed on it's ability to plug into an AD environment (act as a DC) so please excuse me if my

Hi all, I''ve just rewritten the Puppet introduction from scratch: https://reductivelabs.com/trac/puppet/wiki/PuppetIntroduction I think it''s better, but I''m not convinced it''s a whole heckuva lot better. Comments are very much appreciated, especially if you can recommend a better approach to the document. I tried to organize it how I have been giving

Puppeteers, One of the more ... interesting components of our configuration has been how we''re handling users. We don''t have an LDAP solution (yet), so we''re using Puppet to handle users. This isn''t overly complex, at least at first glance. We have three types of users. * System admins * Web developers * R&D developer The system admins have userids on all

Hello All, I''m using the "Branch Testing" approach documented at https://reductivelabs.com/trac/puppet/wiki/BranchTesting and am seeing an issue with certificates. On all clients, I can run puppetd --masterport=8141 successfully but see the following error when I run against the default (8140) port: err: Could not retrieve configuration: Certificates were not trusted:

Hello all, How are you using the sshkey type? Are you using it to list hosts and keys in a class that nodes include in order to manage /etc/ssh/ssh_known_hosts or something else? How does any of this relate to the sshrsakey and sshdsakey facts on the host? I read some stuff about this on the Virtual Resources page but it''s too vague for my simple mind and I''d be reluctant to use

Hi all, I''m proud to announce that I seem to have pushed a new release of Puppet out in record time. This is a minor upgrade, mostly bugfixes and small features, but there are lots of each. See the changelog[1] for an idea of what this release provides, but keep in mind that this changelog is my first real attempt at keeping an up-to-date changelog. Enjoy! 1 -

Hi all, I''ve just implemented a [crude] manifest to apply a set authorized_keys file to the root account of a puppet client. class rootssh_test { file { "/root/.ssh/authorized_keys": owner => root, group => root, mode => 0600, content => template("rootssh_test") } } The template has two ssh id_rsa lines in. When the client applies

I''m in the process of automating the build of Oracle RAC nodes running on Linux but there''s one part I can''t quite get my head around. Oracle RAC requires that the oracle user on each node has an authorized_keys file containing the public keys of the oracle user on every other node. It also requires that the known_hosts file contains host keys for all other nodes to

Hi all, again. It looks like my last attempt of sending this message got cut off, at least it looks like that in the archive[1], so I''m trying again: <rerun> Luke Kanies suggested that I take this up here since his memory on the subject was a bit poor. I am trying to cat various files together into one file. According to the documentation "sourceselect => all" might

https://bugzilla.mindrot.org/show_bug.cgi?id=2042 Priority: P5 Bug ID: 2042 Assignee: unassigned-bugs at mindrot.org Summary: Troubleshooting information should be logged when sshd doesn't have permission to read user's authorized_keys file Severity: enhancement Classification: Unclassified

http://bugzilla.mindrot.org/show_bug.cgi?id=220 Summary: sshd fails to read other users authorized_keys over nfs as root Product: Portable OpenSSH Version: 3.0.2p1 Platform: All URL: http://www.hut.fi/cc/ OS/Version: All Status: NEW Severity: major Priority: P1 Component:

Hi folks, If I try to login on a Cygwin host via ssh, then my .ssh on a network drive is unaccessible until I login. I have to enter my password, even if my authorized_keys would allow me to login without. This is fatal, since it forces me to use an interactive session for working on a Windows host. Unusable for automatic builds and tests managed from a central machine, for example. There is no

Hello everybody, I have a problem. You may have the answer :-) I'd like to use openssh for an authentication service. But that gives me a user, whose ~/.ssh/authorized_keys file has about 15000 entries. With about 300 characters per line I'd get 4,5 MB of data. I believe that this length of file could lead to performance issues; so I'm looking for solutions. I already saw the

https://bugzilla.mindrot.org/show_bug.cgi?id=1947 Bug #: 1947 Summary: Log authorized_keys format issues and refuse to accept keys Classification: Unclassified Product: Portable OpenSSH Version: 5.8p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2

I've written up a little HOWTO on how I set up my CVS server to allow anonymous access via ssh. I did it a little bit differently than the method documented by Theo and crew. Where their login shell has a lot of stuff in it, mine is a simple execle() statement. Url is here: http://reactor-core.org/#code After following the steps outlined in the HOWTO, I came across the following

Both ssh-copy-id and ssh create .ssh as 0700. ssh-copy-id creates .ssh/authorized_keys as 0600. Thanks: Ryan Sawhill for finding the bug. --- customize/ssh_key.ml | 4 ++-- src/guestfs.pod | 17 +++++++++++++++++ 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/customize/ssh_key.ml b/customize/ssh_key.ml index 09664bf..dd6056f 100644 --- a/customize/ssh_key.ml +++

https://bugzilla.mindrot.org/show_bug.cgi?id=2678 Bug ID: 2678 Summary: PubKey Authentication fails when more than one user/group ACL is set on any Path component to authorized_keys Product: Portable OpenSSH Version: 5.3p1 Hardware: amd64 OS: Linux Status: NEW

http://bugzilla.mindrot.org/show_bug.cgi?id=1326 Summary: Allow non-public-key credentials in authorized_keys file (Kerberos, etc.) Product: Portable OpenSSH Version: 4.4p1 Platform: All OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: Kerberos support

https://bugzilla.mindrot.org/show_bug.cgi?id=1720 Summary: would be nice if authorized_keys(5) existed Product: Portable OpenSSH Version: 5.3p1 Platform: Other URL: http://bugs.debian.org/441817 OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: Documentation

Here's a simple patch which retrieves authorized_keys via exec'ing a program, rather than reading a flat file. I added a simple option, AuthorizedKeysExec, to sshd_config which simply executes the respective file, passing the username as argv[1]. Keys are returned via stdout. Notes: If AuthorizedKeysExec is set and an authorized_keys file exists, checking the existing authorized_keys