similar to: SSH users authentication depending on their public key.

I am writing a program that synchronizes my companies Windows laptops with our home server. Due to the nature of our proxy/firewall, I must use SSH with port forwarding to achieve this goal. Currently I establish the SSH connection using the following command: ssh ssh_user@proxy.example.com -i file_name -L 873:200.200.60.60:7000 -N and then run rsync with the following command: rsync

how do you backup system files like /etc/ over ssh to another machine and keep permissions the same on the remote backup location ? i tried using -a flag, but because i'm connecting through ssh i'm not using Rsync module on the remote computer and therefore i cant write files as root so -a flag is not working. all the files are being written with owner SSH_USER and group SSH_USER_GROUP i

http://bugzilla.mindrot.org/show_bug.cgi?id=959 Summary: enhancement: supporting a remote scp path option in scp Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: scp AssignedTo: openssh-bugs at mindrot.org

Hey folks. Sorry for the SUPER long email but if you''ve been experiencing the same problems with restarting your mongrel cluster with Capistrano, then I have two solutions that have worked for me and I''m pretty sure will for you as well. THE PROBLEM I was having trouble restarting my clusters using Capistrano. I''ve seen this come up before on the mailing list and

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thanks for all the help so far. I am learning a lot from it. I have a script that I will post bellow that when I run it gives me this error. mysql/website_forum/nntp_settings.MYD io timeout after 180 seconds - exiting rsync error: timeout in data send/receive (code 30) at io.c(103) rsync: connection unexpectedly closed (1493583 bytes read so far)

We have a system on which users are given a very restricted environment (their shell is a menu) where they should not be able to run arbitrary commands. However, because their shell is not statically linked, ld.so provides a nice clutch of holes for them to exploit. The patch below adds a new configuration option to sshd which quashes their attempts to set LD_PRELOAD etc. using ~/.ssh/environment

Hello, Our campus environment would find it very useful to pass user- environment variables for certain login ssh connections, but of course want to avoid the security problems with LD_PRELOAD and PermitUserEnvironment as described in sshd_config manpages. Would the best answer be a patch that adds PermitUserEnvironment support inside match blocks? Are there technical or other reasons

I'm having trouble with the rsync wrapper's I've found online: rsync_wrapper[8458]: SSH_ORIGINAL_COMMAND environment variable apparently not set rsync: connection unexpectedly closed (0 bytes read so far) rsync error: error in rsync protocol data stream (code 12) at io.c(189) I'm not sure if this is a problem of incompatibility between my RHES3 and the wrappers I've found or

Hi, I would like to compare a backup dir with a directory list in --compare-dest= but I don't know how to specify this list. If a have only one dir it's ok, but if I have 2 or more dir I have an error ? Here is my script: #!/bin/bash SSH_USER= SSH_HOST= TOBCK=/ EXCLUDES=/root/bckscript/ns200176/excludes LOG=/root/bckscript/ns200176/rsync_$(date +'%Y-%m-%d_%H.%M.S').log

Hello everyone, I know this is not correct place to ask this question but please help if you know As mentioned some tutorial, i install git version 1.7.3.4 in home directory (/var/chroot/home/content/xx/xxxxxxx/git). then I initialize git repository by git init --bare in my samplerepo.git then i add code in .bashrc file as follow export GIT_BIN=${HOME}/git export

https://bugzilla.mindrot.org/show_bug.cgi?id=1800 Summary: PermitUserEnvironment accepting pattern of allowed userenv variables Product: Portable OpenSSH Version: 5.5p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo:

Hi all, I'm stuck with a little dilemma and I thought someone could give me a little advice. Is there a way to use rsync with an ssh certificate? what I have: ---------------- First of all I am forced to use the root account with ssh which I know is a big no, no, but sometimes it can't be helped. Second, I need to use a certificate without a password as root which is even worst than

Hello all, in order to connect to my SSH servers from untrusted devices like company computers or my smartphone, I set up 2FA with google-authenticator hooked into PAM. However, this is not really 2FA at least for the smartphone, since I use the same device for generating the TANs and it is also at least inconvenient to always require a new TAN for each connection. I do not want to solely rely

Is it true that when running rsync via ssh (i.e. rsync -e ssh ...) the rsyncd.conf file is not applicable on the remote since rsync is launched via the ssh exec call once connected rather than from rsyncd as in a direct connect. If so, I am trying to find the best way to restrict rsync -e ssh on the remote machine. Prepending the authorized_keys entry with command='rsync ...' 1024...

Hello List, I'am using the ForceCommand in my sshd configuration to log all the user actions on my device. ForceCommand /usr/bin/log-session.sh The Log Session Script itself is working fine for logging. But now I want also use SCP to copy files and this won't work together with the ForceCommand above. The copied file is created but its zero byte on the target. scp file.tar.gz

When using client certificate authentication, is there any way to extract the key ID from the certificate in a force command on the server? I would like to be able to configure Gitolite [1] with a certificate authority key and then use the key ID as the Gitolite user ID when a client connects. Currently I can achieve the same effect by embedding the username in a "force-command"

Hi Using SSH_ORIGINAL_COMMAND in AuthorizedKeys is so helpful, I'd like to know if it might be possible to access it in the AuthorizedKeysCommand context (via env ?). Is this possible ? can anybody give me advice on going into this ? If possible, I'll use this SSH_ORIGINAL_COMMAND to send client specifics information to the AuthorizedKeysCommand script. Currently, the only alternative

Seems like my day for Rails posts... :) OK. I''ve started using Swtichtower to help with deploying changes to my production rails apps. Unfortunately I''ve come accros an inconsistency that I can''t quite figure out. It''s about the PATH env var under Bash. I''ve created a task that just does a: run "env", to show what I''m seeing:

https://bugzilla.mindrot.org/show_bug.cgi?id=2253 Bug ID: 2253 Summary: No "$@"-like SSH_ORIGINAL_COMMAND leads to escaping, arg-sep and metachar issues Product: Portable OpenSSH Version: 6.6p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5

http://bugzilla.mindrot.org/show_bug.cgi?id=1158 Summary: Setting the environment in authorized_keys does not work Product: Portable OpenSSH Version: 3.9p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org