similar to: Multifactor authentication troubles

https://bugzilla.mindrot.org/show_bug.cgi?id=2246 Bug ID: 2246 Summary: PAM enhancements for OpenSSH server Product: Portable OpenSSH Version: 6.6p1 Hardware: Sparc OS: Solaris Status: NEW Severity: enhancement Priority: P5 Component: PAM support Assignee: unassigned-bugs at

https://bugzilla.mindrot.org/show_bug.cgi?id=2408 Bug ID: 2408 Summary: Expose authentication information to PAM Product: Portable OpenSSH Version: -current Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: PAM support Assignee:

Hey everyone, Basically, I'm trying to figure out if I can configure sshd to require that the user has a key that has been signed by a trusted user CA *and* is listed separately as an authorised key (or the user has a signed key and a different authorised key)? The closest I've come is having an `authorized_keys` file have two entries consisting of the CA key and a normal key with

I don't see a way to do this currently (unless I am missing something) but I would like to be able to specify, that in order for a user to login, they need to use at least 1 public key from 2 separate key sources.? Specifically this would be when using "AuthenticationMethods publickey,publickey".? Right now requiring 2 public keys for authentication will allow 2 public keys from

On Thu, Dec 18, 2014 at 2:01 AM, Damien Miller <...> wrote: > On Wed, 17 Dec 2014, Dmt Ops wrote: > >> vi /etc/ssh/sshd_config >> ... >> - ChallengeResponseAuthentication no >> + ChallengeResponseAuthentication yes >> + KbdInteractiveAuthentication yes >>

Hello All, The attached patch allows openssh to specify which pam service name to authenticate users against by specifying the PAMServiceName attribute in the sshd_config file. Because the parameter can be included in the Match directive sections, it allows different authentication based on the Match directive. In our case, we use it to allow different levels of authentication based on the

Dear All I would like to produce interaction boxplots and this seems to work: par(mfrow=c(2,2)) A=sample(rnorm(50,50,10)) B=sample(rnorm(50,100,10)) Test=merge(A,B,by=0)#by=0 where 0 is the row.names TreatA=(gl(2,50,100,labels=c("High","Low"))) TreatB=rep(gl(2,25,50,labels=c("High","Low")),2) Newdata=data.frame(TreatA,TreatB,Test)

On Tue, 2020-07-21 at 14:47 +1000, Damien Miller wrote: > On Mon, 20 Jul 2020, Jordan J wrote: [...] > > Firstly, would the following or some combination thereof be > > possible or is there an obvious impediment. Secondly, if it proved > > possible are the maintainers open to a patch providing it? > > > > 1. Update the SSH ecdsa-sk public key type to contain the

Hi, first of: my familiarity with OpenSSH/Pam code-base is very limited.. Please excuse me if some of this does not make any sense or seems stupid! I'm investigating if it is possible for a PAM module to find out which public key was accepted (when 'AuthenticationMethods publickey,keyboard-interactive' is used). From my digging in the source, it seems it is currently not. Would

https://bugzilla.mindrot.org/show_bug.cgi?id=983 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED Assignee|pgsery at swcp.com |djm at mindrot.org --- Comment #58 from Damien Miller

Hello all, in order to connect to my SSH servers from untrusted devices like company computers or my smartphone, I set up 2FA with google-authenticator hooked into PAM. However, this is not really 2FA at least for the smartphone, since I use the same device for generating the TANs and it is also at least inconvenient to always require a new TAN for each connection. I do not want to solely rely

Hello Damien, Brian and all, thanks for the suggestions. I actually had not considered host-based authentication and looked it up. As I understand from my first quick reading, I would need to specify the clients which are allowed to use host-based auth on the server with a DNS name or an IP, which would not work for a client behind a CG NAT or in a cellular network. Or did I get this wrong?

----- Forwarded message from Andrea Barisani <lcars at infis.univ.trieste.it> ----- Date: Fri, 2 May 2003 14:01:33 +0200 From: Andrea Barisani <lcars at infis.univ.trieste.it> To: openssh at openssh.com Subject: openssh 3.6.1_p2 problem with pam Hi, I've just updated to openssh 3.6.1_p2 and I notice this behaviour: # ssh -l lcars mybox [2 seconds delay] lcars at mybox's

https://bugzilla.mindrot.org/show_bug.cgi?id=2322 Bug ID: 2322 Summary: please let the server enable/disable delayed compression on a per user basis Product: Portable OpenSSH Version: 3.7p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5

Hi all, I have just received the following e-mail from an Asterisk user: "I just made a call via BT to a mobile. Then an incoming call came in and Ann else answered it - it made my call go completely fuzzy and I could hear what the woman on the other line was saying to Ann but I couldn't hear my conversation! When Ann's call finished - mine went even fuzzier and all I could hear

http://bugzilla.mindrot.org/show_bug.cgi?id=580 Summary: disable kbdint if host key mismatch Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: openssh-bugs at mindrot.org ReportedBy: fcusack at

I run OpenSSH on linux @ client which ssh /usr/local/bin/ssh ssh -v OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014 @ server which sshd /usr/local/bin/sshd sshd -v unknown option -- V OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014 usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-c host_cert_file] [-E log_file] [-f config_file] [-g login_grace_time]

I have sshd server sshd -V ... OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014 ... running on linux/64 with cat sshd_config ... PubkeyAuthentication yes PasswordAuthentication no ChallengeResponseAuthentication no

Hi, On Fri, Jan 9, 2015, at 10:48 AM, Tim Rice wrote: > My ssh_config has > Host * > HostbasedAuthentication yes > EnableSSHKeysign yes > NoHostAuthenticationForLocalhost yes > > NoHostAuthenticationForLocalhost is not necessary. > The one you are missing is EnableSSHKeysign. > > Additionally, you made no mention of your ssh_known_hosts files. Make > sure

https://bugzilla.mindrot.org/show_bug.cgi?id=2323 Bug ID: 2323 Summary: Two factor authentication with two different SSH keys Product: Portable OpenSSH Version: 6.7p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs