Displaying 20 results from an estimated 10000 matches similar to: "[Bug 2277] New: config: add option to customize moduli file location"
2014 Sep 16
13
[Bug 2276] New: AuthorizedKeysCommand: add an option for alternate owner
https://bugzilla.mindrot.org/show_bug.cgi?id=2276
Bug ID: 2276
Summary: AuthorizedKeysCommand: add an option for alternate
owner
Product: Portable OpenSSH
Version: 6.6p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
2007 Sep 29
64
[Bug 1371] New: Add PKCS#11 (Smartcards) support into OpenSSH
http://bugzilla.mindrot.org/show_bug.cgi?id=1371
Summary: Add PKCS#11 (Smartcards) support into OpenSSH
Product: Portable OpenSSH
Version: 4.7p1
Platform: All
URL: http://alon.barlev.googlepages.com/openssh-pkcs11
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P2
Component:
2016 Jul 25
3
ssh-pkcs11.c
Hi Alon,
I confirmed with pkcs11-tool (from OpenSC) and I can confirm that
pressing return when asked for the pin causes the login to stop (and
not to try a empty pin).
Can you confirm if a empty pin is actually a valid pin, and if not,
can the patch be accepted?
Once again, the problem is that from a user experience, *some/most*
users would expect they can skip pkcs11 token authentication just
2015 May 21
2
[PATCH] build: ssh-agent: condition util.h include
Signed-off-by: Alon Bar-Lev <alon.barlev at gmail.com>
---
ssh-agent.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/ssh-agent.c b/ssh-agent.c
index 9e2a37f..415a5ea 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -68,7 +68,9 @@
#include <time.h>
#include <string.h>
#include <unistd.h>
+#ifdef HAVE_UTIL_H
#include <util.h>
+#endif
#include
2016 Jun 17
3
ssh-pkcs11.c
On Fri, Jun 17, 2016 at 7:57 PM, Alon Bar-Lev <alon.barlev at gmail.com> wrote:
> On 17 June 2016 at 20:58, Nuno Gon?alves <nunojpg at gmail.com> wrote:
>> Hi,
>>
>> It seems there is a bug with the pkcs11 feature where a zero-length
>> PIN is accepted. I believe this is a bug, since the user might want to
>> press return when asked for the PIN to
2007 Sep 25
9
OpenSSH PKCS#11merge
[[Sending again, as for some strange reason it is not accepted]]
Hello OpenSSH developers,
I maintain external patch for PKCS#11 smartcard support into
OpenSSH[1] , many users already apply and use this patch.
I wish to know if anyone is interesting in working toward merging this
into mainline.
I had some discussion with Damien Miller, but then he disappeared.
Having standard smartcard
2015 Nov 15
2
~/.ssh/config permissions
Hi,
Working with apache-sshd I found that it forces ~/.ssh/config to be
owned by user without group/others permissions. It failed for me
within my valid openssh environment.
Within sources (readconf.c::read_config_file), I found that openssh
only enforces ownership by user and not group/others write.
When I opened an issue, I was referred to this[1] wiki page (not sure
who maintain it) claiming
2014 Jan 24
1
Openssh, moduli and ssh-keygen
Hi,
my question is related to the kex algorithm
diffie-hellman-group-exchange-sha256 and moduli generation. I've seen that
through ssh-keygen, I'm able to re-generate my moduli file used by DH but
I'm note sure to understand one point in the ssh-keygen manpage :
"Screened DH groups may be installed in /etc/ssh/moduli. It is important
that this file contains moduli of a range of
2014 Jun 27
1
Using AuthorizedKeysCommand in unprivileged sshd mode
Hi,
I have a setup in which I run sshd as unprivileged user at dedicated port
to serve specific application.
It is working perfectly!
One tweak I had to do, since the AuthorizedKeysCommand feature requires
file to be owned by root, I had to use root owned command at root owned
directory, although it does not add a security value.
At auth2-pubkey.c::user_key_command_allowed2(), we have the
2018 Dec 19
2
RFE: OpenSSH Support for PKCS11 Funneling to PAM for Kerberos/PKINIT
Alon,
On 12/18/2018 06:52 PM, Alon Bar-Lev wrote:
> OK... So you have an issue...
>
> First, you need to delegate your smartcard to remote machine, probably
> using unix socket redirection managed by openssh. This can be done in
> many levels...
> 1. Delegate USB device, this will enable only exclusive usage of the
> smartcard by remote machine.
> 2. Delegate PC/SC, this
2004 Feb 24
2
Updated moduli file in OpenSSH 3.8
Hi,
Can anybody briefly explain the significance of the updated moduli file?
Is this a critical update? Should all existing installations update
their moduli file?
Thanks in advance,
-- Dan
2013 Mar 22
52
[Bug 2081] New: extend the parameters to the AuthorizedKeysCommand
https://bugzilla.mindrot.org/show_bug.cgi?id=2081
Bug ID: 2081
Summary: extend the parameters to the AuthorizedKeysCommand
Classification: Unclassified
Product: Portable OpenSSH
Version: 6.2p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
2006 Feb 04
1
BIDI (Hebrew) Support
Hello,
I've looked for a BIDI HOW-TO, but did not find any.
I use wine-0.9.5, and run IE using ies4linux. It works great
including Hebrew showing Hebrew text correctly.
The problem is that I could not write any Hebrew
character... Whenever I type a character I get "?".
So I've looked at wine-bidi issues, and found that I need to
compile wine with icu library. I did! using
2006 Jul 22
6
two factor authentication
Are there any plans on the table to add native support for two-factor
authentication, such as password *and* public key?
Visa PCI standards require two-factor authentication for remote access
and if password+key was available in openssh it would be much easier
to maintain and support than a full-blown vpn with all the
cross-platform compatibility issues that come with one.
Thanks!
Jacob
2015 Feb 22
3
PKI host based principal
Hello,
Maybe I did not understand correctly the PKI trust, so forgive me if I am wrong.
For example, I have multiple hosts that all serves as monitoring
server, I would like to trust only these hosts, so I enrol a
certificate for these using "monitoring" principal, so I can connect
only to these.
At first I thought we can do Match statement at ssh_config, however,
the Match is being
2016 Jun 17
2
ssh-pkcs11.c
Hi,
It seems there is a bug with the pkcs11 feature where a zero-length
PIN is accepted. I believe this is a bug, since the user might want to
press return when asked for the PIN to ignore that slot/key.
This is caused at pkcs11_rsa_private_encrypt:
snprintf(prompt, sizeof(prompt),
"Enter PIN for '%s': ", si->token.label);
pin = read_passphrase(prompt, RP_ALLOW_EOF);
if
2006 May 27
2
[ANNOUNCE] PKCS#11 support in OpenSSH 4.3p2 (version 0.11)
Hello,
The version 0.11 of "PKCS#11 support in OpenSSH" is published.
Changes:
1. Updated against OpenSSH 4.3p2.
2. Modified against Roumen Petrov's X.509 patch (version
5.4), so self-signed certificates are treated by the X.509
patch now.
3. Added --pkcs11-x509-force-ssh if X.509 patch applied,
until some issues with the X.509 patch are resolved.
4. Fixed issues with gcc-2.
You
2016 Dec 13
1
pkcs #11/hardware support for server keys/sshd?
On 13 December 2016 at 21:00, Kenny Simpson <theonetruekenny at gmail.com> wrote:
> Hello,
> Is there any support (existing or planned) for host keys/certs being
> managed by some hardware device (tpm,hsm,etc..) instead of a flat
> file?
man ssh
search for PKCS#11
2016 Dec 13
4
pkcs #11/hardware support for server keys/sshd?
Hello,
Is there any support (existing or planned) for host keys/certs being
managed by some hardware device (tpm,hsm,etc..) instead of a flat
file?
thanks,
-Kenny
2018 Dec 18
2
RFE: OpenSSH Support for PKCS11 Funneling to PAM for Kerberos/PKINIT
Alon,
I should have provided more background. You are assuming that I could
perform the PKINIT prior to connecting to the SSH server. In this case
(and others) there is an interest in not exposing the kerberos servers
to the world and thus someone connecting remotely would not be able to
obtain a TGT or do a PKINIT. The goal would be for SSH to handle all
the auth and only after connecting to