similar to: [Bug 2276] New: AuthorizedKeysCommand: add an option for alternate owner

Displaying 20 results from an estimated 6000 matches similar to: "[Bug 2276] New: AuthorizedKeysCommand: add an option for alternate owner"

2014 Jun 27
1
Using AuthorizedKeysCommand in unprivileged sshd mode
Hi, I have a setup in which I run sshd as unprivileged user at dedicated port to serve specific application. It is working perfectly! One tweak I had to do, since the AuthorizedKeysCommand feature requires file to be owned by root, I had to use root owned command at root owned directory, although it does not add a security value. At auth2-pubkey.c::user_key_command_allowed2(), we have the
2013 Mar 22
52
[Bug 2081] New: extend the parameters to the AuthorizedKeysCommand
https://bugzilla.mindrot.org/show_bug.cgi?id=2081 Bug ID: 2081 Summary: extend the parameters to the AuthorizedKeysCommand Classification: Unclassified Product: Portable OpenSSH Version: 6.2p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: sshd
2007 Sep 29
64
[Bug 1371] New: Add PKCS#11 (Smartcards) support into OpenSSH
http://bugzilla.mindrot.org/show_bug.cgi?id=1371 Summary: Add PKCS#11 (Smartcards) support into OpenSSH Product: Portable OpenSSH Version: 4.7p1 Platform: All URL: http://alon.barlev.googlepages.com/openssh-pkcs11 OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component:
2014 Sep 16
8
[Bug 2277] New: config: add option to customize moduli file location
https://bugzilla.mindrot.org/show_bug.cgi?id=2277 Bug ID: 2277 Summary: config: add option to customize moduli file location Product: Portable OpenSSH Version: 6.6p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee:
2016 Jul 25
3
ssh-pkcs11.c
Hi Alon, I confirmed with pkcs11-tool (from OpenSC) and I can confirm that pressing return when asked for the pin causes the login to stop (and not to try a empty pin). Can you confirm if a empty pin is actually a valid pin, and if not, can the patch be accepted? Once again, the problem is that from a user experience, *some/most* users would expect they can skip pkcs11 token authentication just
2016 Jun 17
3
ssh-pkcs11.c
On Fri, Jun 17, 2016 at 7:57 PM, Alon Bar-Lev <alon.barlev at gmail.com> wrote: > On 17 June 2016 at 20:58, Nuno Gon?alves <nunojpg at gmail.com> wrote: >> Hi, >> >> It seems there is a bug with the pkcs11 feature where a zero-length >> PIN is accepted. I believe this is a bug, since the user might want to >> press return when asked for the PIN to
2015 May 21
2
[PATCH] build: ssh-agent: condition util.h include
Signed-off-by: Alon Bar-Lev <alon.barlev at gmail.com> --- ssh-agent.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ssh-agent.c b/ssh-agent.c index 9e2a37f..415a5ea 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -68,7 +68,9 @@ #include <time.h> #include <string.h> #include <unistd.h> +#ifdef HAVE_UTIL_H #include <util.h> +#endif #include
2007 Sep 25
9
OpenSSH PKCS#11merge
[[Sending again, as for some strange reason it is not accepted]] Hello OpenSSH developers, I maintain external patch for PKCS#11 smartcard support into OpenSSH[1] , many users already apply and use this patch. I wish to know if anyone is interesting in working toward merging this into mainline. I had some discussion with Damien Miller, but then he disappeared. Having standard smartcard
2015 Nov 15
2
~/.ssh/config permissions
Hi, Working with apache-sshd I found that it forces ~/.ssh/config to be owned by user without group/others permissions. It failed for me within my valid openssh environment. Within sources (readconf.c::read_config_file), I found that openssh only enforces ownership by user and not group/others write. When I opened an issue, I was referred to this[1] wiki page (not sure who maintain it) claiming
2012 Nov 13
1
problem with AuthorizedKeysCommand on OpenBSD
Hi, I'm attempting to test the AuthorizedKeysCommand feature with the new port of ssh-ldap-wrapper to OpenBSD. I'm running yesterday's OpenBSD-current i386 snapshot, which includes AuthorizedKeysCommand. The port of ssh-ldap-helper (at http://old.nabble.com/-new--ssh-ldap-helper-td34667413.html) contains all the bits I need, and the individual pieces appear to work once configured:
2012 Nov 20
4
Connection info with AuthorizedKeysCommand
I see that support for AuthorizedKeysCommand has been added. The arguments supplied to the command is just the authenticating user. Can we add the SSH connection details (ie. source and destination IPs and ports) as well? This command seems to be the idea way of requiring one set of credentials from inside an organisation (say the user's own authorized_keys file) and another set from outside
2013 Jun 09
1
pass fingerprint to authorizedkeyscommand
Hi guys, It might be nice if AuthorizedKeysCommand would receive the fingerprint of the offered key as an argument, so that programs like gitolite could implement more refined key-based identity lookup that offers better performance than AuthorizedKeysFile's linear scan. The following patch is untested but is the basic idea: diff -ru openssh-6.2p1/auth2-pubkey.c
2013 Oct 17
10
[Bug 2161] New: AuthorizedKeysCommand is not executed when defined inside Match block
https://bugzilla.mindrot.org/show_bug.cgi?id=2161 Bug ID: 2161 Summary: AuthorizedKeysCommand is not executed when defined inside Match block Product: Portable OpenSSH Version: -current Hardware: All OS: Linux Status: NEW Severity: normal Priority: P5 Component: sshd
2023 May 22
6
[Bug 3574] New: ssh ignores AuthorizedPrincipalsCommand if AuthorizedKeysCommand is also set
https://bugzilla.mindrot.org/show_bug.cgi?id=3574 Bug ID: 3574 Summary: ssh ignores AuthorizedPrincipalsCommand if AuthorizedKeysCommand is also set Product: Portable OpenSSH Version: 9.3p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component:
2014 Mar 20
2
patch to send incoming key to AuthorizedKeysCommand via stdin
Hi all, I'm new to the list, so please forgive me if this is duplicated effort. I have created a patch for openssh which modifies the AuthorizedKeysCommand directive so that the incoming user's public key is sent to the specified program via stdin. This provides a means to identify the connecting user based solely on their public key and not just by the username. The inspiration for
2014 Feb 05
1
Make SSH_ORIGINAL_COMMAND available in AuthorizedKeysCommand context
Hi Using SSH_ORIGINAL_COMMAND in AuthorizedKeys is so helpful, I'd like to know if it might be possible to access it in the AuthorizedKeysCommand context (via env ?). Is this possible ? can anybody give me advice on going into this ? If possible, I'll use this SSH_ORIGINAL_COMMAND to send client specifics information to the AuthorizedKeysCommand script. Currently, the only alternative
2013 Apr 15
7
[Bug 2092] New: AuthorizedKeysCommand: bad ownership or modes for file
https://bugzilla.mindrot.org/show_bug.cgi?id=2092 Bug ID: 2092 Summary: AuthorizedKeysCommand: bad ownership or modes for file Classification: Unclassified Product: Portable OpenSSH Version: 6.2p1 Hardware: amd64 OS: Linux Status: NEW Severity: minor Priority: P5 Component: sshd
2006 Feb 04
1
BIDI (Hebrew) Support
Hello, I've looked for a BIDI HOW-TO, but did not find any. I use wine-0.9.5, and run IE using ies4linux. It works great including Hebrew showing Hebrew text correctly. The problem is that I could not write any Hebrew character... Whenever I type a character I get "?". So I've looked at wine-bidi issues, and found that I need to compile wine with icu library. I did! using
2013 Jun 19
4
AuthorizedKeysCommand idea
Hi, I've been kicking this idea around, and the problem with it escapes me. I'm looking for someone to tell me why this is a bad idea. The new OpenSSH includes the AuthorizedKeysCommand, which was mostly added to let people use a command to look up user keys in LDAP. LDAP key lookup have some limitations -- specifically, the common openssh-lpk_openldap schema won't let you add
2006 Jul 22
6
two factor authentication
Are there any plans on the table to add native support for two-factor authentication, such as password *and* public key? Visa PCI standards require two-factor authentication for remote access and if password+key was available in openssh it would be much easier to maintain and support than a full-blown vpn with all the cross-platform compatibility issues that come with one. Thanks! Jacob