similar to: ~/.ssh/config permissions

http://bugzilla.mindrot.org/show_bug.cgi?id=1371 Summary: Add PKCS#11 (Smartcards) support into OpenSSH Product: Portable OpenSSH Version: 4.7p1 Platform: All URL: http://alon.barlev.googlepages.com/openssh-pkcs11 OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component:

https://bugzilla.mindrot.org/show_bug.cgi?id=2276 Bug ID: 2276 Summary: AuthorizedKeysCommand: add an option for alternate owner Product: Portable OpenSSH Version: 6.6p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd

https://bugzilla.mindrot.org/show_bug.cgi?id=2277 Bug ID: 2277 Summary: config: add option to customize moduli file location Product: Portable OpenSSH Version: 6.6p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee:

Hi Alon, I confirmed with pkcs11-tool (from OpenSC) and I can confirm that pressing return when asked for the pin causes the login to stop (and not to try a empty pin). Can you confirm if a empty pin is actually a valid pin, and if not, can the patch be accepted? Once again, the problem is that from a user experience, *some/most* users would expect they can skip pkcs11 token authentication just

On Fri, Jun 17, 2016 at 7:57 PM, Alon Bar-Lev <alon.barlev at gmail.com> wrote: > On 17 June 2016 at 20:58, Nuno Gon?alves <nunojpg at gmail.com> wrote: >> Hi, >> >> It seems there is a bug with the pkcs11 feature where a zero-length >> PIN is accepted. I believe this is a bug, since the user might want to >> press return when asked for the PIN to

Signed-off-by: Alon Bar-Lev <alon.barlev at gmail.com> --- ssh-agent.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ssh-agent.c b/ssh-agent.c index 9e2a37f..415a5ea 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -68,7 +68,9 @@ #include <time.h> #include <string.h> #include <unistd.h> +#ifdef HAVE_UTIL_H #include <util.h> +#endif #include

[[Sending again, as for some strange reason it is not accepted]] Hello OpenSSH developers, I maintain external patch for PKCS#11 smartcard support into OpenSSH[1] , many users already apply and use this patch. I wish to know if anyone is interesting in working toward merging this into mainline. I had some discussion with Damien Miller, but then he disappeared. Having standard smartcard

On Sat, 4 May 2024, openssh at tr.id.au wrote: > Hey there, > > I often want different behavior in my ssh client depending on > whether I'm logging into an interactive session or running > a remote non-interactive command. We can see at, say, > https://unix.stackexchange.com/a/499562/305714 that this isn't a > unique wish, and existing solutions are kind of baroque.

... and I guess your next question will be about compilation environment, so: ``` $ gcc --version gcc (Gentoo 13.2.1_p20240210 p14) 13.2.1 20240210 Copyright (C) 2023 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. ``` I'm running on gentoo. I tested that the

https://bugzilla.mindrot.org/show_bug.cgi?id=2081 Bug ID: 2081 Summary: extend the parameters to the AuthorizedKeysCommand Classification: Unclassified Product: Portable OpenSSH Version: 6.2p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: sshd

Hello, I've looked for a BIDI HOW-TO, but did not find any. I use wine-0.9.5, and run IE using ies4linux. It works great including Hebrew showing Hebrew text correctly. The problem is that I could not write any Hebrew character... Whenever I type a character I get "?". So I've looked at wine-bidi issues, and found that I need to compile wine with icu library. I did! using

Are there any plans on the table to add native support for two-factor authentication, such as password *and* public key? Visa PCI standards require two-factor authentication for remote access and if password+key was available in openssh it would be much easier to maintain and support than a full-blown vpn with all the cross-platform compatibility issues that come with one. Thanks! Jacob

Hey there, I often want different behavior in my ssh client depending on whether I'm logging into an interactive session or running a remote non-interactive command. We can see at, say, https://unix.stackexchange.com/a/499562/305714 that this isn't a unique wish, and existing solutions are kind of baroque. Typical reasons to do this are to immediately go into a screen or tmux session; for

Hello, Maybe I did not understand correctly the PKI trust, so forgive me if I am wrong. For example, I have multiple hosts that all serves as monitoring server, I would like to trust only these hosts, so I enrol a certificate for these using "monitoring" principal, so I can connect only to these. At first I thought we can do Match statement at ssh_config, however, the Match is being

On Mon, 30 Mar 2015 09:19:02 +1100 (AEDT) Damien Miller <djm at mindrot.org> wrote: > What version of OpenSSH is this? 6.8 portable on Linux. > Also, when reporting fuzzer-derived problems it really helps to > include the test-case. The "test case" is a one byte file containing a zero byte. But here it is :-) -- Hanno B?ck http://hboeck.de/ mail/jabber: hanno at

Hi, I have a setup in which I run sshd as unprivileged user at dedicated port to serve specific application. It is working perfectly! One tweak I had to do, since the AuthorizedKeysCommand feature requires file to be owned by root, I had to use root owned command at root owned directory, although it does not add a security value. At auth2-pubkey.c::user_key_command_allowed2(), we have the

Hi, It seems there is a bug with the pkcs11 feature where a zero-length PIN is accepted. I believe this is a bug, since the user might want to press return when asked for the PIN to ignore that slot/key. This is caused at pkcs11_rsa_private_encrypt: snprintf(prompt, sizeof(prompt), "Enter PIN for '%s': ", si->token.label); pin = read_passphrase(prompt, RP_ALLOW_EOF); if

On 13 December 2016 at 21:00, Kenny Simpson <theonetruekenny at gmail.com> wrote: > Hello, > Is there any support (existing or planned) for host keys/certs being > managed by some hardware device (tpm,hsm,etc..) instead of a flat > file? man ssh search for PKCS#11

Hello, Is there any support (existing or planned) for host keys/certs being managed by some hardware device (tpm,hsm,etc..) instead of a flat file? thanks, -Kenny

This provides a mechanism to attach arbitrary configure options into the ssh_config file and use them from the LocalCommand and ProxyCommand. Examples: # set FOO to foo LocalEnvMod FOO = foo # append bar to FOO with default separator "," LocalEnvMod FOO += bar # unset FOO LocalEnvMod FOO = # append foo to BAR with separator ":", if BAR is empty