similar to: Test Status OpenSSH 7.1 P2 on HPE NSE

On February 9, 2016 7:28 PM, Darren Tucker wrote: > To: Randall S. Becker <rsbecker at nexbridge.com> > Cc: OpenSSH Devel List <openssh-unix-dev at mindrot.org> > Subject: Re: Test Failure OpenSSH 7.1 P2 on HPE NSE for key-commands > > On Wed, Feb 10, 2016 at 10:35 AM, Randall S. Becker > <rsbecker at nexbridge.com> wrote: > > Thread split from my

On February 8, 2016 3:30 PM, Darren Tucker wrote: > To: Randall S. Becker <rsbecker at nexbridge.com> > Cc: OpenSSH Devel List <openssh-unix-dev at mindrot.org> > Subject: Re: [Bug] Regression problem in transfer.sh for OpenSSH 7.1 P2 on > HPE NSE above dd-size 32k > > On Tue, Feb 9, 2016 at 6:36 AM, Randall S. Becker > <rsbecker at nexbridge.com> wrote:

G'Day, I am requesting help in resolving an issue on the HPE NonStop platform in OpenSSH 7.1 P2 in the regression suite for all dd-size above 32k. Previous tests are all passing, but in the for-loop inside regress/transfer.sh, when s is 64k, the command: dd if=$DATA obs=${s} 2> /dev/null | \ ${SSH} -q -$p -F $OBJ/ssh_proxy somehost "cat >

On February 9, 2016 9:30 PM, Darren Tucker wrote: > To: Randall S. Becker <rsbecker at nexbridge.com> > Cc: OpenSSH Devel List <openssh-unix-dev at mindrot.org> > Subject: Re: Test Failure OpenSSH 7.1 P2 on HPE NSE for integrity > [...] > This one looks odd. The ssh session itself looks OK: it authenticates then > sends a printf shell command (basically, just a way

On Fri, Feb 12, 2016 at 9:25 AM, Randall S. Becker <rsbecker at nexbridge.com> wrote: > On February 10, 2016 10:23 AM, I wrote: >> On February 9, 2016 9:30 PM, Darren Tucker wrote: >> [...] >> > This one looks odd. The ssh session itself looks OK: it authenticates >> > then sends a printf shell command (basically, just a way of >> > guaranteeing a

Thread split from my previous communication. Here is the key-commands logs on the platform. ***************** failed-regress.log ************ trace: AuthorizedKeysCommand with arguments FAIL: connect failed trace: AuthorizedKeysCommand without arguments FAIL: connect failed ***************** failed-ssh.log ************ trace: AuthorizedKeysCommand with arguments

As background, I read: http://therowes.net/~greg/2011/03/23/ssh-trusted-ca-key/ http://www.ibm.com/developerworks/aix/library/au-sshsecurity/ http://bryanhinton.com/blog/openssh-security http://www.linuxhowtos.org/manpages/5/sshd_config.htm

Hello, Currently OpenSSH has a fixed order on how the key authenticates the user: at first it tries to authenticate against TrustedUserCAKeys, afterwards it does it against the output keys from the AuthorizedKeysCommand and finally against the files as set in AuthorizedKeysFile. I have an use-case where this order is not ideal. This is because in my case the command fetches keys from the cloud

I noticed "make tests" for openssh-5.2p1 fails the multiplex.sh tests. Turns out this is because I happen to have some non-standard configuration options in $HOME/.ssh/config and most of the multiplex.sh tests do not use a "-F $OBJ/ssh_config" option, which means they end up reading the users $HOME/.ssh/config. Is this on purpose or a bug?

Hello, SSH supports ~/.ssh/authorzied_keys for SSH keys and ~/.ssh/authorized_principals for X509 certs. I could not find an equivalent of authorzied_keys using Kerberos authentication. IMHO it should be possible using the Kerberos principal very much like the principal contained inside a X509 certificate. My main use case is assigning a specific command to a user logging in using Kerberos

Thread split from my previous communication. Here is the integrity logs on the platform. I had to cut this should due to the length of the logs (5Mb). ***************** failed-regress.log ************ trace: test integrity: hmac-sha1 @2900 FAIL: unexpected error mac hmac-sha1 at 2900: Bytes per second: sent 65665.7, received 55994.0. trace: test integrity: hmac-sha1 @2901 FAIL:

Hello, [if I'm not in the right mailing list, please advise it to me] I'm using ssh certificates for my servers and my users. I have questions about it: I can use the same CA in order to certify all my hosts. Every clients can use it, and it's a great setup. But, if I use the same CA for all my clients, it means that any clients can log in to any server because hosts trusts my

Attached is a patch which adds a log= directive to authorized_keys. The text in the log="text" directive is appended to the log line, so you can easily tell which key is matched. For instance the line: log="hello world!",no-agent-forwarding,command="/bin/true",no-pty, no-user-rc,no-X11-forwarding,permitopen="127.0.0.1:7" ssh-rsa AAAAB3Nza....xcgaK9xXoU=

https://bugzilla.mindrot.org/show_bug.cgi?id=3205 Bug ID: 3205 Summary: Support HPE NonStop Server Port Product: Portable OpenSSH Version: 8.3p1 Hardware: Other OS: Other Status: NEW Severity: enhancement Priority: P5 Component: Build system Assignee: unassigned-bugs at

Hi, It's that time again... OpenSSH 6.2 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This release contains some substantial new features and a number of bugfixes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD:

Corresponds with GT215. Don't rely on the lock test logic being unconditionally enabled, and disable test logic when done (presumably to save power). v2: Remove warning, nvkm_msec already warns on time-out Signed-off-by: Roy Spliet <nouveau at spliet.org> --- drivers/gpu/drm/nouveau/nvkm/subdev/clk/gf100.c | 8 +++++++- drivers/gpu/drm/nouveau/nvkm/subdev/clk/gk104.c | 8 +++++++- 2

FreeBSD 10.1-RELEASE passes tests DragonflyBSD snapshot passes tests Debian 8 run test connect.sh ... Missing privilege separation directory: /var/empty FATAL: sshd_proxy broken Makefile:192: recipe for target 't-exec' failed make[1]: *** [t-exec] Error 1 make[1]: Leaving directory '/home/sme/openssh/regress' Makefile:544: recipe for target 'tests' failed make: ***

Hello, how can I dynamically allow or disallow users with OpenSSH? I have some nodes that users can submit jobs to, and can optionally be handed a session to the requested node. But I want to prevent them from SSH-ing in to nodes unless they have a job running on that node. My idea was to implement libssh's callback abilities and have a script that checks the username against jobs running on

Following a series of three patches, two of which have been sitting in my tree for a while, the third is the result of some inspection of an NV134 BIOS that seems to use the 0xaf upcode to upload training patterns. Please test! Roy Ps. Sorry they come from yet another e-mail address. My previous provider, eclipso, actively blocks users of git send-email. Inquiries fall on deaf ears, hence I

Peter and Jason, thanks for your replies on this. I was able to accomplish this with a combination of Peter's solution and setting "AuthorizedKeysFile none" as suggested in the Stack Overflow question. On Wed, Mar 6, 2019 at 2:30 PM Peter Moody <mindrot at hda3.com> wrote: > > why aren't the authorized keys/principals commands sufficient? > > $ getent group