similar to: ssh-agent check for new fresh certificate (and key)? worthwhile doing?

Displaying 20 results from an estimated 3000 matches similar to: "ssh-agent check for new fresh certificate (and key)? worthwhile doing?"

2017 Feb 01
2
ssh-agent check for new fresh certificate (and key)? worthwhile doing?
On Thu, Feb 2, 2017 at 1:16 AM, Peter Moody <mindrot at hda3.com> wrote: > why not add the certificate to the running ssh-agent with a timeout > that expires when the cert does? That's an excellent idea. I've modified our tooling to do exactly that (https://github.com/continusec/geecert/commit/dfeee14b278e28d15bf532bb6e6e8ffe530e6b11). Thank you for the suggestion. > I
2017 Feb 02
2
ssh-agent check for new fresh certificate (and key)? worthwhile doing?
Damien Miller wrote: > On Thu, 2 Feb 2017, Adam Eijdenberg wrote: > >> On Thu, Feb 2, 2017 at 10:42 AM Damien Miller <djm at mindrot.org> wrote: >>> On Thu, 2 Feb 2017, Adam Eijdenberg wrote: >>>> I guess a case could be made for ssh-add to always set a timeout when >>>> adding a certificate with an expiry time, but I think for now I'm
2017 Feb 02
2
[Bug 2675] New: When adding certificates to ssh-agent, use expiry date as upper bound for lifetime
https://bugzilla.mindrot.org/show_bug.cgi?id=2675 Bug ID: 2675 Summary: When adding certificates to ssh-agent, use expiry date as upper bound for lifetime Product: Portable OpenSSH Version: 7.4p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5
2017 Feb 02
3
ssh-agent check for new fresh certificate (and key)? worthwhile doing?
On Thu, Feb 2, 2017 at 10:42 AM Damien Miller <djm at mindrot.org> wrote: > On Thu, 2 Feb 2017, Adam Eijdenberg wrote: > > I guess a case could be made for ssh-add to always set a timeout when > > adding a certificate with an expiry time, but I think for now I'm > > happy enough to do that on our end. > > That sounds like a fine idea. Damien, to clarify did
2017 Dec 25
3
OpenSSH key signing service?
> (Blargh is right (https://blog.habets.se/2011/07/OpenSSH-certificates.html <https://blog.habets.se/2011/07/OpenSSH-certificates.html>). Googling for this stuff is *hard*:) Does https://www.sweharris.org/post/2016-10-30-ssh-certs/ help at all? Stephen
2017 May 03
2
OpenSSH contract development / patch
Hi OpenSSH developers; Thank you for your amazing work. I?m emailing to see if any knowledgeable OpenSSH developer is willing to help us review / revamp some patches we have for OpenSSH, and provide advice on some of the more advanced uses of OpenSSH. This would be a for pay contract engagement. We are trying to be super respectful of the process, and are happy to be very creative ? we are
2016 Sep 26
28
[Bug 2617] New: sign_and_send_pubkey: no separate private key for certificate
https://bugzilla.mindrot.org/show_bug.cgi?id=2617 Bug ID: 2617 Summary: sign_and_send_pubkey: no separate private key for certificate Product: Portable OpenSSH Version: 7.3p1 Hardware: 68k OS: Mac OS X Status: NEW Severity: normal Priority: P5 Component: ssh
2008 Nov 09
2
rsync for the brave
Anyone here run rsync on a Win32 platform? I know, I'm a glutton for pain. Anyway, I'm using 'cwrsync' on one system to copy files from a local drive (F:) to a mapped (network) drive (Y:). The problem I'm having is with that infamous 'Network Trash Folder'. I can't get it to ignore it on the remote (mapped) drive, and it doesn't exist on the local drive.
2008 Jan 14
5
Help finding "JRE" to run Netbeans in Linux
I''ve spent the last year developing a large Ruby on Rails 2.0 application with over a 100 tables and controllers and hope to be deploying it soon. Before I moved from my Windows XP computer to deployment, I wanted to run it in a local Linux environment to sort out: 1. Amazon S3 files 2. RMagick (went south when I upgraded to Rails 2.0) 3. ARMailer (mail spooling program) I''ve
2008 Feb 13
0
[LLVMdev] OT: Organizing a Supercomputing '08 workshop
All: Sorry if this is a bit off-topic, but... having two successful workshops at Supercomputing, I'm contemplating a third (I'm a glutton for punishment.) This year, the focus will be on many/multicore's programmability gap -- the gap between today's languages and the multicore/manycore architectures that we're trying to program. A stellar example is software development on
2001 Dec 20
1
CVS Broken Again?
Hi All, Is the CVS source broken again? My attempts to compile indicate a missing file in vorbis/lib, bitbuffer.c (and its h file). Copying in an old downloaded copy produces the following from MSCV 7 (attempting to build OggEnc, having built SDK/all - apparently not without error :-).. encode.obj : error LNK2019: unresolved external symbol _vorbis_bitrate_flushpacket referenced in function
2008 May 14
0
R and F9
Hi all, Being the glutton for self-inflicted punishment that I am, I did a clean install of F9 yesterday. :-) As it relates to R: 1. Building R from SVN: R version 2.7.0 Patched (2008-05-12 r45683) It builds and passes make check all without issue. F9 is using: gcc (GCC) 4.3.0 20080428 (Red Hat 4.3.0-8) 2. As was noted with F8, the lack of the Java-JavaScript bridge in the default
2017 May 15
4
Golang CertChecker hostname validation differs to OpenSSH
On Mon, May 15, 2017 at 11:39 AM, Peter Moody <mindrot at hda3.com> wrote: > my reading of the sshd manpage is that ssh is more permissive than it should be > > SSH_KNOWN_HOSTS FILE FORMAT : > ... > > A hostname or address may optionally be enclosed within `[' and `]' > brackets then followed by `:' and a non-standard port number. Hi Peter, I'm not
2017 May 15
5
Golang CertChecker hostname validation differs to OpenSSH
Hi all, Last week I noticed that the CertChecker in the Go implementation of x/crypto/ssh seems to be doing host principal validation incorrectly and filed the following bug: https://github.com/golang/go/issues/20273 By default they are looking for a principal named "host:port" inside of the certificate presented by the server, instead of just looking for the host as I believe OpenSSH
2024 Apr 19
2
[Bug 3681] New: SSH Agent Certificate Not Recognized with 'IdentitiesOnly' Configured
https://bugzilla.mindrot.org/show_bug.cgi?id=3681 Bug ID: 3681 Summary: SSH Agent Certificate Not Recognized with 'IdentitiesOnly' Configured Product: Portable OpenSSH Version: 9.7p1 Hardware: All OS: All Status: NEW Severity: trivial Priority: P5 Component:
2018 Sep 18
3
add keys and certificate to forwarded agent on remote host
On 18/09/18, Tim Jones (b631093f-779b-4d67-9ffe-5f6d5b1d3f8a at protonmail.ch) wrote: ... > So issue your users with Yubikeys. You can enforce the Yubikey so it > requires the user to enter a PIN *and* touch the Yubikey. This means > there's an incredibly high degree of confidence that it was the user > who performed the actiion (i.e. two-factor authentication of physical >
2018 Sep 17
2
add keys and certificate to forwarded agent on remote host
On 17/09/18, Peter Stuge (peter at stuge.se) wrote: > Rory Campbell-Lange wrote: > > Can ssh-add work on the remote socket file? > > I expect that it will just work<tm>. The local socket is just a > socket, and the protocol[1] message SSH_AGENT_ADD_KEY is the same. Local: $ ssh-agent > /tmp/agent.env $ source /tmp/agent.env $ ssh-add ~/.ssh/id_user $ ssh
2013 Mar 20
3
Host name look up failure- unable to generate certificate in agent and transfer that to master for signature.
Hi all, 1)I installed puppet agent in one of the server and i gave the name of the master for which it needs to be connected as puppet. But am unable to connect to the host..the certificate is not present in the master when i searched for it with this command *puppet cert list -all *am getting this error in the master *err: Could not call list: header too long header too long.* ** 2)When
2002 Mar 03
1
startup problems SHRegGetUSValueA (0x403d78)
I'm having problems to start up wines I get an error fixme:dhell:SHRegGetUSValueA (0x403d78),stub! and then a delay and a line that looks ike this err:ntdll:RtlWaitForCriticalSelection timeout I run mandrake 8.1 I ran che winecheck utility and there were no errors I also have the ATI all in wonder and try to start win98 in wine. Does anybody successful run Wine with ATI all in wonder
2018 Sep 17
7
add keys and certificate to forwarded agent on remote host
Apologies if this post is inappropriate to this list; please redirect me if so. Our team uses ssh extensively for server access and maintenance (Debian). An issue is acting as root when operating, for example, over ansible and keeping a record of who performed the actions, something ssh certificates solves well. The problem is then to automate certificate issuance since it would be pretty