similar to: DEFAULT_PKCS11_WHITELIST on 64-bit Linux systems

On 12/30/2016 02:40 AM, Damien Miller wrote: > On Wed, 28 Dec 2016, Iain Morgan wrote: > >> Hello, >> >> On RHEL 6/amd64, the stock value for DEFAULT_PKCS11_WHITELIST is not >> very useful. On such systems, /usr/lib64/* would need to be added to the >> pattern list. Although users can specify the -P option every time they >> launch ssh-agent, it might be

Engine keys are private key files which are only understood by openssl external engines. ?The problem is they can't be loaded with the usual openssl methods, they have to be loaded via ENGINE_load_private_key(). ?Because they're files, they fit well into openssh pub/private file structure, so they're not very appropriately handled by the pkcs11 interface because it assumes the private

[[Sending again, as for some strange reason it is not accepted]] Hello OpenSSH developers, I maintain external patch for PKCS#11 smartcard support into OpenSSH[1] , many users already apply and use this patch. I wish to know if anyone is interesting in working toward merging this into mainline. I had some discussion with Damien Miller, but then he disappeared. Having standard smartcard

No, I just think 15 years or so is more than enough time to have addressed the issue. On Thu, Mar 26, 2015 at 14:05:08 -0700, Dan Kaminsky wrote: > So, this isn't your problem and you don't respect the people's whose > problem it is. > > On Thu, Mar 26, 2015 at 12:43 PM, Iain Morgan <imorgan at nas.nasa.gov> wrote: > > > On Thu, Mar 26, 2015 at 11:55:18

https://bugzilla.mindrot.org/show_bug.cgi?id=2305 Bug ID: 2305 Summary: sshd does not accept @cert-authority when doing host based authentication. Product: Portable OpenSSH Version: 6.5p1 Hardware: amd64 OS: Linux Status: NEW Severity: normal Priority: P5 Component:

https://bugzilla.mindrot.org/show_bug.cgi?id=1462 Summary: Unaligned access warnings on IA64 when using umac-64 Classification: Unclassified Product: Portable OpenSSH Version: 5.0p1 Platform: Itanium2 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo:

On Thu, Mar 26, 2015 at 11:55:18 -0700, Dan Kaminsky wrote: > You're right. My argument the is the next build of OpenSSH should be > OpenSSH 7, and the one after that 8, then 9, then 10. No minor releases? > Sure, go ahead. Deprecate the point, > > Do you manage any machines running SSHv1? > If by "running" you mean accepting SSH1, of course not. From a

Thanks, Iain. I am willing to hear from other users whether anyone else sees this as a bug before filing it. -- Vincenzo Romano Il giorno ven 2 nov 2018, 20:03 Iain Morgan <imorgan at nas.nasa.gov> ha scritto: > If you truly intend this as a bug report, you should file it at > bugzilla.mindrot.org. > > On Fri, Nov 02, 2018 at 12:25:22 +0100, Vincenzo Romano wrote: > >

> At one point, I had wondered about separating out the client and server > support as well. At first glance, that would seem to help move things > forward and would address most of the reported use cases. However, I > have some users who would need the client support as well. > > I suspect that adding the server support first might be a problem for > the developers. Such a

https://bugzilla.mindrot.org/show_bug.cgi?id=1039 Iain Morgan <imorgan at nas.nasa.gov> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |imorgan at nas.nasa.gov --- Comment #13 from Iain Morgan <imorgan at nas.nasa.gov> --- My apologies for

I looked at the 1.3 whitelist documentation and realized that the ops example, while interesting in and of itself, did not do what I think a whitelist does. Back to symmetry, if a blacklist is a list of sites not allowed to connect in through the fire wall, maybe to a web server, for example, then a whitelist should be a list of machines that are allowed to access a service or services, again,

https://bugzilla.mindrot.org/show_bug.cgi?id=2211 Bug ID: 2211 Summary: Too many hostbased authentication attempts Product: Portable OpenSSH Version: 6.5p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at

> > Message: 8 > Date: Tue, 30 Jul 2013 12:46:50 -0700 > From: Iain Morgan <imorgan at nas.nasa.gov> > To: Damien Miller <djm at mindrot.org> > Cc: "openssh-unix-dev at mindrot.org" <openssh-unix-dev at mindrot.org> > Subject: Re: Call for testing: OpenSSH-6.3 > Message-ID: <20130730194649.GC18047 at linux124.nas.nasa.gov> >

On 06/12/2015 12:18 PM, Jonathan Billings wrote: > On Sat, Jun 13, 2015 at 12:05:16PM -0600, jd1008 wrote: >> Mark, please be aware that noscript has also a whitelist >> that is not viewable by the user. >> The whitelist tab does NOT list the hidden white listed >> entries. > You mean the noscript.mandatory about:config entry? I looked at it on > my computer and

Dear Friend, I done configuration using RBLSMTPD with WHITELIST, but I don't know it is correct. Please check files below are corrects. Thanks Adriano === FILE WHITELIST.DOMINIO.RBL. ==== $ttl 900 whitelist.dominio.rbl. IN SOA host1.xxxxxx.com. root.xxxxx.com. ( 2006112002 ; serial; 3600 ; refresh period (1 hora); 900 ; retry time (15 minutos); 1800 ; expire tiem (30 minutos); 900 ;

https://bugzilla.mindrot.org/show_bug.cgi?id=1798 Summary: Add fsync() support to sftp/sftp-server Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: sftp-server AssignedTo: unassigned-bugs at mindrot.org

On 29 September 2017 at 11:05, Iain Morgan <imorgan+openssh at nas.nasa.gov> wrote: [...] > This is due to my shell being csh, which is pickier about undefined > variables than the Bourne-style shells. The attached patch fixes the > issue. Thanks for figuring this out. > - 'test -z "$SSH_USER_AUTH"' || fail "SSH_USER_AUTH present" > +

Hello, I would like to know whether OpenSSH supports x509 certificate based authentication. It looks like OpenSSH has dependency on OpenSSL so does this mean that OpeSSH also supports x509 certificate based authentication. If it does support, can you please point me to the necessary documentation. Thanks Naitik

On 06/12/2015 12:27 PM, Valeri Galtsev wrote: > On Sat, June 13, 2015 1:22 pm, jd1008 wrote: >> >> On 06/12/2015 12:18 PM, Jonathan Billings wrote: >>> On Sat, Jun 13, 2015 at 12:05:16PM -0600, jd1008 wrote: >>>> Mark, please be aware that noscript has also a whitelist >>>> that is not viewable by the user. >>>> The whitelist tab does NOT

https://bugzilla.mindrot.org/show_bug.cgi?id=2137 Bug ID: 2137 Summary: progress meter shows wrong speed during resume Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: minor Priority: P5 Component: sftp Assignee: unassigned-bugs at