similar to: Restrict extranet connection to a group

Hey. Perhaps someone can help me with the following (OpenSSH 6.7): I have a host reachable via miscellaneous interfaces (and network addresses) running SSH. Some specific users should be only reachable from the inside, so e.g. though something like this would do the job in sshd_config: #general config #... Match User foo LocalAddress 10.0.0.1,fe80:abba::0 PasswordAuthentication

[Not subscribed to this list, so please respond directly if you need to speak to me] In man5/sshd_config.5, a permissible keyword in a 'Match' block is missing. It currently lists only: AllowTcpForwarding, Banner, ForceCommand, GatewayPorts, GSSApiAuthentication, KbdInteractiveAuthentication, KerberosAuthentication, PasswordAuthentication, PermitOpen, PermitRootLogin,

http://bugzilla.mindrot.org/show_bug.cgi?id=582 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WONTFIX ------- Comment #2 from djm at mindrot.org 2005-11-06 03:46 -------

Hi, I'd like to allow PAM authentication only from the local network, and from the Internet only allow public key authentication. A similar-enough problem has been discussed on this list previously: http://www.gossamer-threads.com/lists/openssh/dev/47179?search_string=match%20challengeresponseauthentication;#47179 More specifically, I would like to allow PAM authentication from the

When using PAM to do password authenticaion the attempt/failure counter appears to be getting confused. This is using a rh62 system with the openssh-2.9p2-1 rpms... On the client side... [matthewm at toadhall (7) matthewm]$ grep Auth /etc/ssh/ssh_config RhostsAuthentication no RhostsRSAAuthentication no HostbasedAuthentication no RSAAuthentication no PubkeyAuthentication yes

Hello, I was chasing some unexpected behaviour from OpenSSH, and have come across an oddity in the source code which may or may not be a bug. In auth2-kbdint.c, the Authmethod struct declares options.kbd_interactive_authentication as the enabled flag for this method. However in the implementation function a few lines above, it checks options.challenge_response_authentication to decide whether to

https://bugzilla.mindrot.org/show_bug.cgi?id=1922 Bug #: 1922 Summary: Disabling ChallengeResponseAuthentication also disables KbdInteractiveAuthentication Classification: Unclassified Product: Portable OpenSSH Version: 5.8p2 Platform: All OS/Version: All Status: NEW Severity: normal

Easy one. I have win98 clients that login and connect to the shares fine. My problem is the user home directory, each user can see their folders and can even open them but they cannot save to their home directory. Each users home dir is setup as 0700 (-rwx------), as are the files and subdir's, which I believe is Read, Write, Execute for the owner of the file. What am I missing? Chris.

I have sshd server sshd -V ... OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014 ... running on linux/64 with cat sshd_config ... PubkeyAuthentication yes PasswordAuthentication no ChallengeResponseAuthentication no

Hi list, following my last mail I added a small jpg to clarify my request... How do I have to configure my dumm0 to enable communication between my firewall domU and my dom0. As mentioned I can ping/ssh from outside to domU (FW), I can ping ssh from there to domU(2.1) and domU(2.2). But I can''t get through to dom0. As most of the basic understanding is missing on my side even a

Hi, My first post to the list so hopefully I'm not making any newbie blunders. Searched high and low for solutions to get the Nortel vpn Extranet client installer to run properly using wine. I get a ton of fixmes like these and lots of other errors, in particular ones to do with DLL32/DLL16/NETDI/SETUP16 - details follow... fixme:key:GetQueueStatus QS_xxxx flags (4000) are not handled

Hi all, I just implemented (compiled from tarball) Openssh-2.3.0p1 on two different platform: an HP-UX 11.00 (the client) and a Redhat 6.2 (the server). On server (Linux RH-6.2) side the following compile options are considered: # CC="egcs" \ > ./configure \ > --prefix=/opt/openssh \ > --sysconfdir=/etc/opt/openssh \ > --with-tcp-wrappers \ > --with-ipv4-default \ >

With a little help, I managed to get ssh to compile. (original post 05.02.02) Now, I can login using an account that is local to the target machine but logins with AFS accounts fail. The details: IRIX 6.5.15 ssh 3.1.p1 gcc 3.0.1 ssl-0.9.6c zlib-1.1.4. I am configuring with: env CC=gcc CFLAGS=-g LDFLAGS=-Wl,-rpath,/usr/local/krb4/lib,-rpath,/usr/local/ssl/lib ./configure

I have setup an OpenSSH_3.5p1 ssh/sftp server on my SunOS 4.1.4 box. I can ssh to it just fine. The problem is SFTP from certain clients. I can SFTP to it using my OpenSSH_3.5p1 sftp client. I can SFTP to it from MacSFTP from MacSSH.org, version 1.0.5. However, I have several clients that cannot connect. I have had them try CuteFTP Pro v2, v3, WS_FTP Pro v7.62, PuTTy pSFTP. None are able to

Hi all, this is a patch to make Ciphers, MACs and KexAlgorithms available in Match blocks. Now I can reach a -current machine with some Android terminal app without changing the default ciphers for all clients: Match Address 192.168.1.2 Ciphers aes128-cbc MACs hmac-sha1 KexAlgorithms diffie-hellman-group-exchange-sha1 Index: servconf.c

HI: I tried to deploy a SFTP server with chroot but when i tried to connnect the client send the next error: Write failed: Broken pipe Couldn't read packet: Connection reset by peer The sshd_conf file is the next: ------------------------------------------------------------------- # Package generated configuration file # See the sshd_config(5) manpage for details # What ports, IPs and

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've seen a few posts, but no solutions as of yet. Here's a bit more info. BoxA - Solaris 2.7, Maintenance Update 01/09/2001, SunWorks cc compiler BoxB - Solaris 2.8, gcc-2.95.2 gcc compiler BoxC - Solaris 2.7, Maintenance Update 01/09/2001, gcc-2.95.2 gcc compiler BoxD - OpenBSD 2.8, patched to STABLE, gcc-2.95.2 _and_ BSD cc compilers

http://bugzilla.mindrot.org/show_bug.cgi?id=580 Summary: disable kbdint if host key mismatch Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: openssh-bugs at mindrot.org ReportedBy: fcusack at

I need a way to make sshd require S/KEY authentication to succeed before allowing either password or public-key authentication. Currently, we can only have S/KEY+password, by using PAM for authentication, and configuring PAM accordingly. But PAM of course can't handle SSH public keys. I thought for a while that ideally we could actually use PAM to tell sshd what methods of authentication to

Can anybody help me with this : ? I first generated rsa key with this : ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key then I went on to generate the DSA key too....(just incase my SSHD does not like RSA). ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key and then I ran root at 00_00_09_PECA_NP1:/usr/bin# sshd -d -d -d -d -d -d -d -d -d debug3: RNG is ready, skipping seeding debug2: