similar to: patch to send incoming key to AuthorizedKeysCommand via stdin

https://bugzilla.mindrot.org/show_bug.cgi?id=2081 Bug ID: 2081 Summary: extend the parameters to the AuthorizedKeysCommand Classification: Unclassified Product: Portable OpenSSH Version: 6.2p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: sshd

Hi all, I'm new to the list, so please forgive me if this is duplicated effort. I have created a patch for openssh which modifies the AuthorizedKeysCommand directive so that the incoming user's public key is sent to the specified program via stdin. This provides a means to identify the connecting user based solely on their public key and not just by the username. The inspiration for

On 21 March 2014 10:56, Scott Duckworth <sduckwo at clemson.edu> wrote: > On Fri, Mar 21, 2014 at 12:15 PM, Daniel Kahn Gillmor <dkg at fifthhorseman.net> > wrote: >> those limits suggest that the size is 128kiB on anything resembling a >> modern Linux system. > > How about other platforms? Especially embedded systems which may have a lot less RAM? -- Eitan

https://bugzilla.mindrot.org/show_bug.cgi?id=1663 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #33 from Damien Miller <djm at mindrot.org> --- mark bugs closed by openssh-6.2 release as

https://bugzilla.mindrot.org/show_bug.cgi?id=2367 Bug ID: 2367 Summary: AuthorizedKeysCommand add key fingerprint as second argument Product: Portable OpenSSH Version: 6.7p1 Hardware: Other OS: FreeBSD Status: NEW Severity: enhancement Priority: P5 Component: sshd

Hi, is there a particular reason why this feature is "user" based and not "user-pubkey" based? What I mean is that it works for installation with small number of pubkeys per user. But imagine i.e. a GitHub scale - all users logging in as user "git". On each auth request all the keys from database would be fetched and feeded to OpenSSH. Now I am only asking this out

Dear All, I have data in HDF file format and would like to read it into R. I have tried the package hdf5 without success. Any ideas and suggestions?? Kind regards, Katrin -- Katrin Fleischer Vrije Universiteit Amsterdam Faculty of Earth and Life Sciences Subdepartment Hydrolgy and Geo-Environmental Sciences Room E-360 De Boelelaan 1085 1081 HV AMSTERDAM Tel: +31 20 59 87391

https://bugzilla.mindrot.org/show_bug.cgi?id=2276 Bug ID: 2276 Summary: AuthorizedKeysCommand: add an option for alternate owner Product: Portable OpenSSH Version: 6.6p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd

I see that support for AuthorizedKeysCommand has been added. The arguments supplied to the command is just the authenticating user. Can we add the SSH connection details (ie. source and destination IPs and ports) as well? This command seems to be the idea way of requiring one set of credentials from inside an organisation (say the user's own authorized_keys file) and another set from outside

Hi, I'm attempting to test the AuthorizedKeysCommand feature with the new port of ssh-ldap-wrapper to OpenBSD. I'm running yesterday's OpenBSD-current i386 snapshot, which includes AuthorizedKeysCommand. The port of ssh-ldap-helper (at http://old.nabble.com/-new--ssh-ldap-helper-td34667413.html) contains all the bits I need, and the individual pieces appear to work once configured:

Hi, I have a setup in which I run sshd as unprivileged user at dedicated port to serve specific application. It is working perfectly! One tweak I had to do, since the AuthorizedKeysCommand feature requires file to be owned by root, I had to use root owned command at root owned directory, although it does not add a security value. At auth2-pubkey.c::user_key_command_allowed2(), we have the

Hi guys, It might be nice if AuthorizedKeysCommand would receive the fingerprint of the offered key as an argument, so that programs like gitolite could implement more refined key-based identity lookup that offers better performance than AuthorizedKeysFile's linear scan. The following patch is untested but is the basic idea: diff -ru openssh-6.2p1/auth2-pubkey.c

Hi Using SSH_ORIGINAL_COMMAND in AuthorizedKeys is so helpful, I'd like to know if it might be possible to access it in the AuthorizedKeysCommand context (via env ?). Is this possible ? can anybody give me advice on going into this ? If possible, I'll use this SSH_ORIGINAL_COMMAND to send client specifics information to the AuthorizedKeysCommand script. Currently, the only alternative

Is there any way to make the AuthorizedKeysCommand as the user which is trying to log in? Thanks. -- Yves.

https://bugzilla.mindrot.org/show_bug.cgi?id=3574 Bug ID: 3574 Summary: ssh ignores AuthorizedPrincipalsCommand if AuthorizedKeysCommand is also set Product: Portable OpenSSH Version: 9.3p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component:

I'm running into issues with AuthorizedKeysCommand when the sum of the size of the public keys become bigger than ~ 12 KB. I created a bash script that runs #!/bin/bash curl -s --compressed http://someurl.example.com/pubkeys/$1 and am getting "error: returned status 23". CURLE_WRITE_ERROR (23): An error occurred when writing received data to a local file, or an error

https://bugzilla.mindrot.org/show_bug.cgi?id=2092 Bug ID: 2092 Summary: AuthorizedKeysCommand: bad ownership or modes for file Classification: Unclassified Product: Portable OpenSSH Version: 6.2p1 Hardware: amd64 OS: Linux Status: NEW Severity: minor Priority: P5 Component: sshd

https://bugzilla.mindrot.org/show_bug.cgi?id=2496 Bug ID: 2496 Summary: sshd hangs when using AuthorizedKeysCommand Product: Portable OpenSSH Version: 7.1p1 Hardware: amd64 OS: FreeBSD Status: NEW Severity: normal Priority: P5 Component: sshd Assignee: unassigned-bugs at

Hi there, We could set AuthorizedKeysCommand script, this will allow only to replace authorized_keys file with keys stored in a database... But why this command is so limited? Why i can't just set a command script which will get a username and public key as arguments and let him do it's own authorization?? I think this will allow for much more powerful tricks. For example do to an

Dear all, I have built glm models based on presences/absences and a number of predictor maps and would like to compute habitat suitability based on the modelled coefficients. I thought this is pretty straight forward and wanted to use predict() and supply the new data in a data frame, with one column for each predictor. However, I do get an error msg warning me that the number of rows for