Displaying 20 results from an estimated 400 matches similar to: "problem with AuthorizedKeysCommand on OpenBSD"
2013 Jun 19
4
AuthorizedKeysCommand idea
Hi,
I've been kicking this idea around, and the problem with it escapes
me. I'm looking for someone to tell me why this is a bad idea.
The new OpenSSH includes the AuthorizedKeysCommand, which was mostly
added to let people use a command to look up user keys in LDAP.
LDAP key lookup have some limitations -- specifically, the common
openssh-lpk_openldap schema won't let you add
2011 Jun 21
1
SSH book reviewers wanted
Hi,
Thought there would be some interest here. I'm writing a small book
on OpenSSH. Am now looking for tech reviewers.
http://blather.michaelwlucas.com/archives/902
==ml
--
Michael W. Lucas
http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/
Latest book: Network Flow Analysis http://www.networkflowanalysis.com/
mwlucas at BlackHelicopters.org, Twitter @mwlauthor
2013 Nov 11
2
"Unwilling to Perform" UNIX Attributes
Hi,
I'm running Samba 4.0.8, on FreeBSD 9.2, from operating system
packages, as a DC. I have a BDC, running the same. I'm using a Windows
7 workstation with "Active Directory Users and Computers" snap-in to
manage usernames, passwords, etc. The workstation is part of the
domain, and I'm logged on as Administrator in the domain.
I can create groups and add members to them
2012 Apr 12
0
SSH book for review
Hi,
I've recently published a short book on OpenSSH, as part of my
"exterminate ALL the passwords" initiative.
I'm giving copies to anyone who is interested in writing a review for
a blog -- either theirs, or a tech association they're with, or
basically anywhere.
http://www.michaelwlucas.com/nonfiction/ssh-mastery
Please contact me off-list if interested.
Thanks,
==ml
2012 Feb 21
1
any hope for bug 1663 or similar function?
Hi folks,
Is there any hope for an external source of public keys, such as given
in bug 1663?
I have dozens of servers, and I have to patch sshd on the vast
majority of them. OpenSSH is a BSD program, but the BSD boxes are the
most difficult to manage because of this.
Thanks,
==ml
--
Michael W. Lucas
http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/
Latest book: SSH Mastery
2014 Jun 27
1
Using AuthorizedKeysCommand in unprivileged sshd mode
Hi,
I have a setup in which I run sshd as unprivileged user at dedicated port
to serve specific application.
It is working perfectly!
One tweak I had to do, since the AuthorizedKeysCommand feature requires
file to be owned by root, I had to use root owned command at root owned
directory, although it does not add a security value.
At auth2-pubkey.c::user_key_command_allowed2(), we have the
2019 May 20
4
Authenticate against key files before AuthorizedKeysCommand
Hello,
Currently OpenSSH has a fixed order on how the key authenticates the
user: at first it tries to authenticate against TrustedUserCAKeys,
afterwards it does it against the output keys from the
AuthorizedKeysCommand and finally against the files as set in
AuthorizedKeysFile. I have an use-case where this order is not ideal.
This is because in my case the command fetches keys from the cloud
2013 Apr 15
7
[Bug 2092] New: AuthorizedKeysCommand: bad ownership or modes for file
https://bugzilla.mindrot.org/show_bug.cgi?id=2092
Bug ID: 2092
Summary: AuthorizedKeysCommand: bad ownership or modes for file
Classification: Unclassified
Product: Portable OpenSSH
Version: 6.2p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: minor
Priority: P5
Component: sshd
2014 May 30
2
AuthorizedKeysCommand run as the user
Is there any way to make the AuthorizedKeysCommand as the user which is trying
to log in?
Thanks.
--
Yves.
2013 Oct 17
10
[Bug 2161] New: AuthorizedKeysCommand is not executed when defined inside Match block
https://bugzilla.mindrot.org/show_bug.cgi?id=2161
Bug ID: 2161
Summary: AuthorizedKeysCommand is not executed when defined
inside Match block
Product: Portable OpenSSH
Version: -current
Hardware: All
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: sshd
2012 Oct 31
5
AuthorizedKeysCommand support added
Hi,
I just commited the patch on https://bugzilla.mindrot.org/b/1663 It adds
an AuthorizedKeysCommand option to sshd_config to use helper program to
fetch a user's authorized keys. Quite a few people have asked for this
to allow storage of public keys in LDAP or other databases.
The program is executed (directly, not via the shell) with a single
argument of the user being logged in. It
2023 May 22
6
[Bug 3574] New: ssh ignores AuthorizedPrincipalsCommand if AuthorizedKeysCommand is also set
https://bugzilla.mindrot.org/show_bug.cgi?id=3574
Bug ID: 3574
Summary: ssh ignores AuthorizedPrincipalsCommand if
AuthorizedKeysCommand is also set
Product: Portable OpenSSH
Version: 9.3p1
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5
Component:
2005 Jan 20
0
wine, wineserver, and x.org using 100% of CPU
Hi,
I installed Wine 20050111 on my FreeBSD 6-current (freshly updated
yesterday afternoon) to play SimCity 2000.
Whenever I start the program with "wine SIMCITY.EXE", the various
start-up pop-ups appear, as well as the dialog asking if you want to
start a new city, open an old city, etc. I get the side toolbar. The
main window where you play the game is never drawn, however; it
2014 Oct 10
12
[Bug 2287] New: AuthorizedKeysCommandUser should have it's default documented
https://bugzilla.mindrot.org/show_bug.cgi?id=2287
Bug ID: 2287
Summary: AuthorizedKeysCommandUser should have it's default
documented
Product: Portable OpenSSH
Version: 6.2p1
Hardware: All
OS: All
Status: NEW
Severity: trivial
Priority: P5
Component:
2012 Nov 20
4
Connection info with AuthorizedKeysCommand
I see that support for AuthorizedKeysCommand has been added. The
arguments supplied to the command is just the authenticating user. Can
we add the SSH connection details (ie. source and destination IPs and
ports) as well?
This command seems to be the idea way of requiring one set of
credentials from inside an organisation (say the user's own
authorized_keys file) and another set from outside
2013 Jun 09
1
pass fingerprint to authorizedkeyscommand
Hi guys,
It might be nice if AuthorizedKeysCommand would receive the fingerprint of
the offered key as an argument, so that programs like gitolite could
implement more refined key-based identity lookup that offers better
performance than AuthorizedKeysFile's linear scan.
The following patch is untested but is the basic idea:
diff -ru openssh-6.2p1/auth2-pubkey.c
2014 Feb 05
1
Make SSH_ORIGINAL_COMMAND available in AuthorizedKeysCommand context
Hi
Using SSH_ORIGINAL_COMMAND in AuthorizedKeys is so helpful, I'd like to
know if it might be possible to access it in the AuthorizedKeysCommand
context (via env ?). Is this possible ? can anybody give me advice on
going into this ?
If possible, I'll use this SSH_ORIGINAL_COMMAND to send client specifics
information to the AuthorizedKeysCommand script. Currently, the only
alternative
2015 Mar 16
2
[Bug 2367] New: AuthorizedKeysCommand add key fingerprint as second argument
https://bugzilla.mindrot.org/show_bug.cgi?id=2367
Bug ID: 2367
Summary: AuthorizedKeysCommand add key fingerprint as second
argument
Product: Portable OpenSSH
Version: 6.7p1
Hardware: Other
OS: FreeBSD
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
2014 Mar 20
2
patch to send incoming key to AuthorizedKeysCommand via stdin
Hi all,
I'm new to the list, so please forgive me if this is duplicated effort.
I have created a patch for openssh which modifies the AuthorizedKeysCommand
directive so that the incoming user's public key is sent to the specified
program via stdin. This provides a means to identify the connecting user
based solely on their public key and not just by the username.
The inspiration for
2014 Apr 14
1
AuthorizedKeysCommand size issue?
I'm running into issues with AuthorizedKeysCommand when the sum of the size of
the public keys become bigger than ~ 12 KB.
I created a bash script that runs
#!/bin/bash
curl -s --compressed http://someurl.example.com/pubkeys/$1
and am getting "error: returned status 23".
CURLE_WRITE_ERROR (23): An error occurred when writing received data to a
local file, or an error