similar to: ssh-agent check for new fresh certificate (and key)? worthwhile doing?

On Thu, Feb 2, 2017 at 1:16 AM, Peter Moody <mindrot at hda3.com> wrote: > why not add the certificate to the running ssh-agent with a timeout > that expires when the cert does? That's an excellent idea. I've modified our tooling to do exactly that (https://github.com/continusec/geecert/commit/dfeee14b278e28d15bf532bb6e6e8ffe530e6b11). Thank you for the suggestion. > I

Damien Miller wrote: > On Thu, 2 Feb 2017, Adam Eijdenberg wrote: > >> On Thu, Feb 2, 2017 at 10:42 AM Damien Miller <djm at mindrot.org> wrote: >>> On Thu, 2 Feb 2017, Adam Eijdenberg wrote: >>>> I guess a case could be made for ssh-add to always set a timeout when >>>> adding a certificate with an expiry time, but I think for now I'm

https://bugzilla.mindrot.org/show_bug.cgi?id=2675 Bug ID: 2675 Summary: When adding certificates to ssh-agent, use expiry date as upper bound for lifetime Product: Portable OpenSSH Version: 7.4p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5

On Thu, Feb 2, 2017 at 10:42 AM Damien Miller <djm at mindrot.org> wrote: > On Thu, 2 Feb 2017, Adam Eijdenberg wrote: > > I guess a case could be made for ssh-add to always set a timeout when > > adding a certificate with an expiry time, but I think for now I'm > > happy enough to do that on our end. > > That sounds like a fine idea. Damien, to clarify did

> (Blargh is right (https://blog.habets.se/2011/07/OpenSSH-certificates.html <https://blog.habets.se/2011/07/OpenSSH-certificates.html>). Googling for this stuff is *hard*:) Does https://www.sweharris.org/post/2016-10-30-ssh-certs/ help at all? Stephen

Hi OpenSSH developers; Thank you for your amazing work. I?m emailing to see if any knowledgeable OpenSSH developer is willing to help us review / revamp some patches we have for OpenSSH, and provide advice on some of the more advanced uses of OpenSSH. This would be a for pay contract engagement. We are trying to be super respectful of the process, and are happy to be very creative ? we are

https://bugzilla.mindrot.org/show_bug.cgi?id=2617 Bug ID: 2617 Summary: sign_and_send_pubkey: no separate private key for certificate Product: Portable OpenSSH Version: 7.3p1 Hardware: 68k OS: Mac OS X Status: NEW Severity: normal Priority: P5 Component: ssh

Anyone here run rsync on a Win32 platform? I know, I'm a glutton for pain. Anyway, I'm using 'cwrsync' on one system to copy files from a local drive (F:) to a mapped (network) drive (Y:). The problem I'm having is with that infamous 'Network Trash Folder'. I can't get it to ignore it on the remote (mapped) drive, and it doesn't exist on the local drive.

I''ve spent the last year developing a large Ruby on Rails 2.0 application with over a 100 tables and controllers and hope to be deploying it soon. Before I moved from my Windows XP computer to deployment, I wanted to run it in a local Linux environment to sort out: 1. Amazon S3 files 2. RMagick (went south when I upgraded to Rails 2.0) 3. ARMailer (mail spooling program) I''ve

All: Sorry if this is a bit off-topic, but... having two successful workshops at Supercomputing, I'm contemplating a third (I'm a glutton for punishment.) This year, the focus will be on many/multicore's programmability gap -- the gap between today's languages and the multicore/manycore architectures that we're trying to program. A stellar example is software development on

Hi All, Is the CVS source broken again? My attempts to compile indicate a missing file in vorbis/lib, bitbuffer.c (and its h file). Copying in an old downloaded copy produces the following from MSCV 7 (attempting to build OggEnc, having built SDK/all - apparently not without error :-).. encode.obj : error LNK2019: unresolved external symbol _vorbis_bitrate_flushpacket referenced in function

Hi all, Being the glutton for self-inflicted punishment that I am, I did a clean install of F9 yesterday. :-) As it relates to R: 1. Building R from SVN: R version 2.7.0 Patched (2008-05-12 r45683) It builds and passes make check all without issue. F9 is using: gcc (GCC) 4.3.0 20080428 (Red Hat 4.3.0-8) 2. As was noted with F8, the lack of the Java-JavaScript bridge in the default

On Mon, May 15, 2017 at 11:39 AM, Peter Moody <mindrot at hda3.com> wrote: > my reading of the sshd manpage is that ssh is more permissive than it should be > > SSH_KNOWN_HOSTS FILE FORMAT : > ... > > A hostname or address may optionally be enclosed within `[' and `]' > brackets then followed by `:' and a non-standard port number. Hi Peter, I'm not

Hi all, Last week I noticed that the CertChecker in the Go implementation of x/crypto/ssh seems to be doing host principal validation incorrectly and filed the following bug: https://github.com/golang/go/issues/20273 By default they are looking for a principal named "host:port" inside of the certificate presented by the server, instead of just looking for the host as I believe OpenSSH

On 18/09/18, Tim Jones (b631093f-779b-4d67-9ffe-5f6d5b1d3f8a at protonmail.ch) wrote: ... > So issue your users with Yubikeys. You can enforce the Yubikey so it > requires the user to enter a PIN *and* touch the Yubikey. This means > there's an incredibly high degree of confidence that it was the user > who performed the actiion (i.e. two-factor authentication of physical >

On 17/09/18, Peter Stuge (peter at stuge.se) wrote: > Rory Campbell-Lange wrote: > > Can ssh-add work on the remote socket file? > > I expect that it will just work<tm>. The local socket is just a > socket, and the protocol[1] message SSH_AGENT_ADD_KEY is the same. Local: $ ssh-agent > /tmp/agent.env $ source /tmp/agent.env $ ssh-add ~/.ssh/id_user $ ssh

Hi all, 1)I installed puppet agent in one of the server and i gave the name of the master for which it needs to be connected as puppet. But am unable to connect to the host..the certificate is not present in the master when i searched for it with this command *puppet cert list -all *am getting this error in the master *err: Could not call list: header too long header too long.* ** 2)When

I'm having problems to start up wines I get an error fixme:dhell:SHRegGetUSValueA (0x403d78),stub! and then a delay and a line that looks ike this err:ntdll:RtlWaitForCriticalSelection timeout I run mandrake 8.1 I ran che winecheck utility and there were no errors I also have the ATI all in wonder and try to start win98 in wine. Does anybody successful run Wine with ATI all in wonder

Apologies if this post is inappropriate to this list; please redirect me if so. Our team uses ssh extensively for server access and maintenance (Debian). An issue is acting as root when operating, for example, over ansible and keeping a record of who performed the actions, something ssh certificates solves well. The problem is then to automate certificate issuance since it would be pretty

Hi, The back end of our functional compiler often generates sequential switch statements in LLVM typed assembly that scrutinize on the same expression. For example, in C syntax: #1 switch( e ) { case e2: { e3 } ... } switch( e ) { case e2: { e4 } ... } In this case, it would be nice if the second switch would be embedded in each arm of the first switch. Because the set