similar to: Using confirmation of key usage per-host?

Hi I have written a small introduction to newbies in Danish on ssh and friends. Now some people are questioning my advice and I think they have a point. I am advocating people to use DSA-keys and a config file with this: Protocol 2 ForwardAgent yes ForwardX11 yes Compression yes CompressionLevel 9 and running ssh-agent and ssh-add, and then loggin in without giving keys. One

Hi, I usually have around 10 identities loaded in my local ssh-agent and when I use the "ForwardAgent" option all them are forwarded to the remote server, which is not ideal. I usually only need to forward one (or two) of the identities and I would like to be able to choose which one(s) to forward. Looking for solutions it seems that the only option is to create a new ssh-agent, add

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi everyone, maybe this is an old fart, but I cant get it to work. I am running libvirt on a laptop, where a dnsmasq is already running to delegate dns info for my local (not-public) network. My resolv.conf (on the host) lists the system-dnsmasq as first server. I had to set the listen-adress for the system-dnsmasq to 127.0.0.1 and set

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10.04.2014 13:08 Laine Stump wrote: > On 04/06/2014 08:33 AM, Johannes Kastl wrote: >> There was a bug in libvirt for quite awhile that caused >> locally-unresolved requests for hostnames in the domain given by >> the network's <domain name='xyzzy'/> element to be dropped rather >> than forwarded. Is

Hi, I have a VM with a git repository whose origin is on github. I have several keys known to github, so I needed to set git's core.sshcommand config parameter in the repository to something like this: ssh -i ~/.ssh/id_ed25519_github2 But it meant that I needed to copy that key to the VM. The same key is available via my forwarded ssh-agent connection. Is it possible to tell ssh to use

On 2/17/16 6:02 PM, Darren Tucker wrote: > On Thu, Feb 18, 2016 at 12:43 PM, Carson Gaspar <carson at taltos.org> wrote: > [...] >> Is there a sane way to run just one test script? LTESTS can't be overridden >> AFAIK... > > make t-exec LTESTS=testname > > where testname is the name of the specific test script without the .sh > extension. Nope, that runs

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Laine, thanks for the answer. On 13.04.14 16:13 Laine Stump wrote: > There is no provision for that. If you want additional hosts to be > known by the libvcirt instance of dnsmasq, you must enter them into > the xml. I can set the addn-hosts in the .conf file in /var/lib/libvirt/dnsmasq/<nameofthenetwork>.conf. I was just not

Here is a new version of my partial auth patch against the April 24, 2001 CVS image. It fixes a couple of things (thanks to Karl M <karlm30 at hotmail.com>), and includes support for hostbased auth. It's still not pretty, but it works. 2 things Karl mentioned aren't fixed: - auth methods are still hard-coded into servconf.c. Fixing this would require a lot of work, and all the

On 2/17/16 3:02 PM, Carson Gaspar wrote: > > Sadly I'm hitting a different autoconf bug :-( I was being an idiot - configure was bombing out & I didn't notice (boy that openssl version error message is loooooong...) With Mr. Wilson's patch, I still get: "sandbox-solaris.c", line 22: #error: "--with-solaris-privs must be used with the Solaris sandbox"

Dear Samba-Team, I already wrote to Jeremy Allison an he told me to post my problem to you: I have the following problem: The smbd and winbindd start fine, everthing seems to be okay, all users can be authenticated. But a few minutes later the winbindd is suddenly unable to authenticate some users against the Domain. You can see it in the snapshot. Messages like "Unable to initgroups"

Guys, Im looking for a good text file editor for asterisk config files that can be embedded on a web page for online editing (on an interface), any recommendations? ________________________________________________________________ Anton Krall Direccion General Intruder Consulting A Division of IntruderEnterprises S.A. de C.V. www.Intruder.com.mx www.IntruderStore.com.mx Tel. 3872-2200 ext. 201

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi everyone, I am trying to get libvirt with qemu-kvm to work on my machines running openSUSE 13.1 / Tumbleweed. My question is in regard to using qemu+ssh, which would be my preference, as I already have a working ssh-key authentication with SSH-Agent. I set the permissions of the manage-socket to 0770, added my user to the libvirt group and set

Dear list, I'm wondering if anyone can help me calculate the deviance of either a zeroinfl or hurdle model from package pscl? Even if someone could point me to the correct formula for calculating the deviance, I could do the rest on my own. I am trying to calculate a pseudo-R-squared measure based on the R^{2}_{DEV} of [1], so I need to be able to calculate the deviance of the full and null

http://bugzilla.mindrot.org/show_bug.cgi?id=990 Summary: OpenSSH cannot connect to an IBM RSA (Remote Supervisor Adaptor) II Product: Portable OpenSSH Version: 3.9p1 Platform: All OS/Version: All Status: NEW Severity: major Priority: P2 Component: ssh AssignedTo: openssh-bugs at

Bug: all .out files get rebuilt every make. This is silly, and breaks make install if root cannot write to your build dir. Fix: add dependancy check sop .out files only get rebuilt if the source file changes FixBug: if any source file gets changed, all .out files get rebuilt. This is because man pages and config files both get .out extensions but get created differently. It's

My question is regarding the possibility of someone wiretapping the communication and repeat the action. What if an intruder notice that there's a secure session starting (by guessing at the dst IP address and unintelligible payload) and then start capturing all the packets on this session for the purpose of repeating the whole session again? The secure user could add/delete interfaces and

Because ForwardX11 and ForwardAgent are so useful but introduce risk when used to a not well-secured server, I added a "warn" value to the ForwardX11 and ForwardAgent options which causes the ssh client to print a big warning whenever the forwarding is actually used. I plan to make "ForwardX11=warn" the default in my ssh_config distribution. I'm not proposing that this

On 2/17/16 9:50 AM, Carson Gaspar wrote: > Solaris 10 has setppriv, but does not have priv_basicset. To work on > Solaris 10, the call would need to be replaced with the equivalent set > of explicitly listed privs: The prior art in other apps on the system seems to suggest that priv_str_to_set is a better fallback if priv_basicset is not available. I've attached a patch that seems

If HostbasedUsesNameFromPacketOnly is set to yes, sshd does not remove the trailing dot from the client supplied hostname, causing sshd to attempt to look up "foo.example.com." (note trailing period) in known_hosts and .shosts instead of "foo.example.com" Trivial patch attached. -- Carson -------------- next part -------------- An embedded and charset-unspecified text was

Recently configured postfix to use the dovecot lda as I wanted to use sieve. Got that working a few days ago but noticed that I wasn't getting any emails to aliases. Checked the logs and saw messages like: Mar 1 08:19:59 carson postfix/lmtp[16949]: 0DCD22016BE: to=< sales at example.com>, relay=carson.example.com[private/dovecot-lmtp], delay=0.07, delays=0.01/0.01/0/0.04, dsn=5.1.1,