similar to: ANNOUNCE: log-user-session (full SSH session auditing)

Dear openssh developers In a shell script I need to verify if a key belonging to a given public key file is already loaded into the agent. To achieve this, I added a new option -v to ssh-add which does this verification. The patch bases on openssh v5.8p1. The regression test agent.sh was extended to test this new feature. Is there any chance for inclusion of attached patch? Cheers Konrad --

On Sat, 11 Nov 2023, Bob Proulx wrote: > I am supporting a site that allows members to upload release files. I > have inherited this site which was previously existing. The goal is > to allow members to file transfer to and from their project area for > release distribution but not to allow general shell access and not to > allow access to other parts of the system. > >

On 12.11.23 03:52, Damien Miller wrote: > On Sat, 11 Nov 2023, Bob Proulx wrote: > >> I am supporting a site that allows members to upload release files. I >> have inherited this site which was previously existing. The goal is >> to allow members to file transfer to and from their project area for >> release distribution but not to allow general shell access and not

Hi, Are there any open source tools to keep track of ssh sessions? For example, if a specific user is ssh logging to remote server and what commands or scripts are being run. Basically, i need to log all users sessions. Thanks in Advance and i look forward to hearing from you. Best Regards, Kaushal

As I understand currently there is no way in sshd_config to match based on the client public key so different configuration for the same username can be applied depending on the key, right? My case is a backup login that needs to run as a root to access all the files and where I want to use ForceCommand to allow the login only to execute a particular command and yet still allow normal root

At the risk of beating a dead horse, I'd like to see the chroot security checks relaxed a bit. On newer Linux kernels, there's a prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) that prevents privilege elevation (via setuid binaries, etc) for the caller and all of its descendants. That means that chroot(untrusted directory), prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0), setreuid(uid, uid), execve(a

Hi, many people are having problems using SFTP with ChrootDirectory when the jail directory (or the path above) is not owned by root. The question is if chroot'ing to usual home directories can be allowed, even though they are owned by regular users. I know that this topic has been discussed on the list several times now, so I searched the list archives for posts that invalidate the

######################### kernel auditing project ########################### This is a mission statement for a project under way and ready to get going. The Linux kernel auditing project(LKAP). The purpose of this project is self-explanatory. It's an attempt to audit the linux kernel for any security vulnerabilities and/or holes and/or possible vulnerabilities and/or possible holes, and

I am supporting a site that allows members to upload release files. I have inherited this site which was previously existing. The goal is to allow members to file transfer to and from their project area for release distribution but not to allow general shell access and not to allow access to other parts of the system. Currently rsync and old scp has been restricted using a restricted shell

Dear Mailing List We are using a ControlMaster with a short ControlPersist to access the bastion host which then gives access to customer hosts. Our Information Security Manager would like to disallow the ControlMaster. His attack scenario is an admin workstation with a compromised root account. An attacker can then use the ControlMaster to trivially get shell access on the bastion host

http://bugzilla.mindrot.org/show_bug.cgi?id=1069 Summary: session being terminated after succesful authentication Product: Portable OpenSSH Version: 4.1p1 Platform: UltraSparc OS/Version: Solaris Status: NEW Severity: major Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org

http://bugzilla.mindrot.org/show_bug.cgi?id=125 ------- Additional Comments From jrj at purdue.edu 2003-01-04 06:29 ------- The following attachment updates the suggested patch to 3.5p1. The attachment is a gzip'd tar file. Once you download it, ungzip it and then untar it into a temp directory (or use the 'z' option of GNU tar). Then look at the README for more information.

http://bugzilla.mindrot.org/show_bug.cgi?id=125 ------- Additional Comments From Brian.King at xwave.com 2002-11-16 07:20 ------- One of the suggested work-a-rounds was to set "UseLogin yes" in sshd_config. This does not work 100% of the time. SSH clients used in non-interactive modes still exhibit the problem. e.g.: ssh {hostname} "crontab -l >crontmp ; crontab

http://bugzilla.mindrot.org/show_bug.cgi?id=125 ------- Additional Comments From jrj at purdue.edu 2002-07-14 13:31 ------- Created an attachment (id=131) Update of bug #2 patch to 3.4p1 ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=125 dleach at securenet.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dleach at securenet.com.au ------- You are receiving this mail because: ------- You are the assignee for the bug, or are

http://bugzilla.mindrot.org/show_bug.cgi?id=125 ------- Additional Comments From jrj at purdue.edu 2003-07-10 08:23 ------- Created an attachment (id=355) --> (http://bugzilla.mindrot.org/attachment.cgi?id=355&action=view) Gzip'd tar file with 3.6p1 (and later) patch This version of the patch applies against 3.6p1 (and later). In addition to being an update to a new release,

http://bugzilla.mindrot.org/show_bug.cgi?id=125 jrj at purdue.edu changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #438 is|0 |1 obsolete| | ------- Additional Comments From jrj at purdue.edu 2003-11-15 16:00 ------- Created an

http://bugzilla.mindrot.org/show_bug.cgi?id=125 jrj at purdue.edu changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #500 is|0 |1 obsolete| | ------- Additional Comments From jrj at purdue.edu 2004-03-04 10:33 ------- Created an

http://bugzilla.mindrot.org/show_bug.cgi?id=125 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #619 is|0 |1 obsolete| | ------- Additional Comments From dtucker at zip.com.au 2004-05-31 23:25 -------

http://bugzilla.mindrot.org/show_bug.cgi?id=125 jrj at purdue.edu changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #192 is|0 |1 obsolete| | Attachment #355 is|0 |1 obsolete|