similar to: Golang CertChecker hostname validation differs to OpenSSH

On Mon, May 15, 2017 at 11:39 AM, Peter Moody <mindrot at hda3.com> wrote: > my reading of the sshd manpage is that ssh is more permissive than it should be > > SSH_KNOWN_HOSTS FILE FORMAT : > ... > > A hostname or address may optionally be enclosed within `[' and `]' > brackets then followed by `:' and a non-standard port number. Hi Peter, I'm not

On Wed, May 17, 2017 at 2:46 AM, Damien Miller <djm at mindrot.org> wrote: > On Mon, 15 May 2017, Adam Eijdenberg wrote: >> https://github.com/golang/go/issues/20273 >> >> By default they are looking for a principal named "host:port" inside >> of the certificate presented by the server, instead of just looking >> for the host as I believe OpenSSH

> Uri (earlier in this thread) does answer this question clearly (that > the principal should be the hostname only), and, now that I've found > PROTOCOL.certkeys, this seems to be spelt out unambiguously there too: In turn this means: One cannot expect several SSH services on a single host to be securely distinguishable from each other by their particular

https://bugzilla.mindrot.org/show_bug.cgi?id=2617 Bug ID: 2617 Summary: sign_and_send_pubkey: no separate private key for certificate Product: Portable OpenSSH Version: 7.3p1 Hardware: 68k OS: Mac OS X Status: NEW Severity: normal Priority: P5 Component: ssh

https://bugzilla.mindrot.org/show_bug.cgi?id=2675 Bug ID: 2675 Summary: When adding certificates to ssh-agent, use expiry date as upper bound for lifetime Product: Portable OpenSSH Version: 7.4p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5

As background, for one of my clients we built out a command line tool which does SSO with Google Apps, then generates a new SSH key pair, and sends this off to an internal service which verifies the request and then issues a new short lived (24 hour) certificate (if interested the code for the server and client is open-sourced here: https://github.com/continusec/geecert), overwriting the previous

On Thu, Feb 2, 2017 at 10:42 AM Damien Miller <djm at mindrot.org> wrote: > On Thu, 2 Feb 2017, Adam Eijdenberg wrote: > > I guess a case could be made for ssh-add to always set a timeout when > > adding a certificate with an expiry time, but I think for now I'm > > happy enough to do that on our end. > > That sounds like a fine idea. Damien, to clarify did

Damien Miller wrote: > On Thu, 2 Feb 2017, Adam Eijdenberg wrote: > >> On Thu, Feb 2, 2017 at 10:42 AM Damien Miller <djm at mindrot.org> wrote: >>> On Thu, 2 Feb 2017, Adam Eijdenberg wrote: >>>> I guess a case could be made for ssh-add to always set a timeout when >>>> adding a certificate with an expiry time, but I think for now I'm

--- configure.ac | 2 +- golang/Makefile.am | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 4e2bc65..9abec95 100644 --- a/configure.ac +++ b/configure.ac @@ -1530,7 +1530,7 @@ AS_IF([test "x$enable_golang" != "xno"],[ AC_CHECK_PROG([GOLANG],[go],[go],[no]) AS_IF([test "x$GOLANG" !=

Hello. I'm very happy with libguestfs, but now i'm try to write packer plugin to strip images: 1) resize filesystem to minimum 2) resize partitions to minimum 3) create/resize file with needed size But golang binding have not docs. Is that possible to generate something suitable to godoc.org to determine api methods and input,output variables for functions? -- Vasiliy Tolstov, e-mail:

Go 1.17 or newer is required to use unsafe.Slice(), which in turn allows us to write a simpler conversion from a C array to a Go object during callbacks. To check if this makes sense, look at https://repology.org/project/go/versions compared to our list in ci/manifest.yml, at the time I made this commit: Alpine 3.15: 1.17.10 AlmaLinux 8: 1.19.10 CentOS Stream 8: 1.20.4 Debian 10: 1.11.6 Debian

Hi, i cannot import libguestfs golang lib, go get package libguestfs.org/guestfs: unrecognized import path " libguestfs.org/guestfs" (https fetch: Get https://libguestfs.org/guestfs?go-get=1: dial tcp [2001:41c9:1:422::215]:443: getsockopt: connection refused) Any ideas? has the url changed or something? @rwmjones -- Regards, Shashwat Shagun

Hi OpenSSH developers; Thank you for your amazing work. I?m emailing to see if any knowledgeable OpenSSH developer is willing to help us review / revamp some patches we have for OpenSSH, and provide advice on some of the more advanced uses of OpenSSH. This would be a for pay contract engagement. We are trying to be super respectful of the process, and are happy to be very creative ? we are

I'm on libguestfs Fedora git master branch: $ git log | head -1 commit 8eb1aa2406632eb4202bbd976459334854295a77 $ yum-builddep libguestfs $ fedpkg local Results in: ========== . . . make[4]: Leaving directory `/home/kashyap/fedora-packaging/libguestfs/master/libguestfs-1.25.18/gobject' Making all in docs make[4]: Entering directory

On 4/23/20 2:13 PM, Richard W.M. Jones wrote: > Compiling nbdkit from source when an older nbdkit is installed would > fail because certain symbols such as .get_ready are not defined in the > (installed) <nbdkit-plugin.h>: > > ../../src/libguestfs.org/nbdkit/nbdkit.go:541:8: plugin.get_ready undefined (type _Ctype_struct_nbdkit_plugin has no field or method get_ready) >

All: I have a problem connecting Openssh 3.0.2p1 on Solaris 8 using hostname authentication for non-root users. When I connect to the sshd from a second machine as root it works fine using HostbasedAuthentication, but it always fails with non-root users. I suspect that I am having a permissions problem somewhere, but I'll be damned if I can figure out where. Any and all help

Version 1 was here: https://www.redhat.com/archives/libguestfs/2020-April/thread.html#00160 Version 2 side-steps the objections to the first patch by using a well-formed alternate nbdkit.pc file and running ordinary pkg-config against it, so any parsing of --cflags etc will be done by pkg-config. The first patch is essentially the same idea as:

Commit 6725fa0e12 changed copy_uint32_array() to utilize a Go hack for accessing a C array as a Go slice in order to potentially benefit from any optimizations in Go's copy() for bulk transfer of memory over naive one-at-a-time iteration. But that commit also acknowledged that no benchmark timings were performed, which would have been useful to demonstrat an actual benefit for using hack in

Version 2: https://www.redhat.com/archives/libguestfs/2020-April/thread.html#00166 Version 3 contains all changes discussed in the previous review. Rich.

Go API functions returned (<val>, *GuestfsError) that made code like this fail to build: n, err := os.Stdin.Read(buf) if err != nil { log.Fatal(err) } n, err = g.Pwrite_device(dev, buf[:n], off) ... As err should be of error (interface) type as of the stdlib call, and should be of *GuestfsError type as of the libguestfs call. The concrete error value that