similar to: SSHD and PAM

On Wed, 2018-01-03 at 13:50 +0530, Sudarshan Soma wrote: > HI, I do see some refernce on it: but seems not closed > https://marc.info/?l=secure-shell&m=115513863409952&w=2 > > http://bugzilla.mindrot.org/show_bug.cgi?id=1215 > > > Is this patch available in latest versions, 7.6? No. It never was. The SSSD is using NSS (Name Service Switch) [1] way of getting

Sudarshan Soma wrote: > Does sssd/NSS has a way to fetch user names from sources like > RADIUS/TACACS server? My impression is that while this might be theoretically possible, nobody does this. Especially it's not clear to me how you would push group membership to the system. And AFAICS in case of TACACS+ there's also only a single "role" available (translate this to

Thanks somuch. I am checking it. Best Regards, On Tue, Jul 18, 2017 at 9:08 PM, Reuti <reuti at staff.uni-marburg.de> wrote: > > > Am 08.07.2017 um 18:41 schrieb Sudarshan Soma <sudarshan12s at gmail.com>: > > > > Hi , > > I have the following requirement . > > other than following users, any other user sshd connection should be > > redirected

Hi, Can I send ssh request to sshd to prompt for username along with password. Ex: cogan at localhost$ ssh myserver Login:xyz password: Login is automatically taken as cogan, wanted to ignore this and instead prompt login and take it from user, Please suggest. Best Regards,

+ added subject On Mon, Jan 30, 2017 at 11:32 PM, Sudarshan Soma <sudarshan12s at gmail.com> wrote: > Hi, > I am trying to give access to sshd port 22 to connect to different port > 1023 by differentiating with special user, customuser. Following is how i > tried, but it doesnt work, please suggest. > > outside, user issues command > ssh customuser at ip, it fails >

Hi , I have the following requirement . other than following users, any other user sshd connection should be redirected to 2024 instead of port 22. root, ftp, guest So ssh root at ip // should be sent to sshd running at port 22 ssh otheruser at ip // should be sent to sshd running at port 2024 I know that we can do something like this: ssh -o ProxyCommand='ssh -W localhost:2024 cliuser

Hi Darren, It is linux 3.10.40.cge-rt38 #1 SMP Fri Jul 22 12:59:33 PDT 2016 i686 GNU/Linux On Tue, Feb 21, 2017 at 3:39 AM, Darren Tucker <dtucker at zip.com.au> wrote: > On Tue, Feb 21, 2017 at 4:19 AM, Sudarshan Soma <sudarshan12s at gmail.com> > wrote: > > Hi I changed sshd_config to run script, .profile for user cliuser like > > What platform is this on? If

Hi , when i connect to sshd , the session doesnt allow me to issue ^C ^Z, it doesnt work. Please let me know if there are any settings to control it. telnet works fine. my settings, version: OpenSSH_6.6p1, OpenSSL 1.0.1h 5 Jun 2014 stty -a speed 38400 baud; rows 24; columns 80; line = 0; intr = ^C; quit = ^\; erase = ^?; kill = ^U; eof = ^D; eol = <undef>; eol2 = <undef>; swtch =

Thanks Darren, the intention to do this : allow users to access my own shell/CLI(including authentication) on port 22. their firewall settings doesnt allow anything other than port 22, so I would internally redirect to port 1023 when customuser is provided. I will try enabling logs, thanks. On Tue, Jan 31, 2017 at 5:10 AM, Darren Tucker <dtucker at zip.com.au> wrote: > On Tue, Jan 31,

Hi Darren, the clients config would need customer to change firewall settings to allow 1023 port. my server is behind the firewall. firewall settings say that my server 1023 is not accessable from outside. So If user tries -p 1023, it is rejected. hence user can only issue ssh customuser at ip . I am trying to instead connect to 1023 from my server, which doesnt go to firewall, hence from my

Hi, I am trying to give access to sshd port 22 to connect to different port 1023 by differentiating with special user, customuser. Following is how i tried, but it doesnt work, please suggest. outside, user issues command ssh customuser at ip, it fails inside sshd_config, i wrote the following: Match user customuser ForceCommand . /etc/myscript inside myscript, I do the following: read

Thanks Ben. i am checking in linux. I do have this command working: ssh localhost -o password=abc123 SSH started with password Could not create directory '/root/.ssh'. Permission denied, please try again. Permission denied, please try again. Permission denied (publickey,password,keyboard-interactive). will try to getback on openssh used. But is it possible to show some pointers for my

Hi, We would like to use openssh in fips mode. It looks it is not provided as a configurable option through sshd_config, Are there plans to do incorporate such change. Do we have to change openssh code for now until the option is provided. If sshd is operating in fipsmode, does it provide additional errors/audits to indicate failures such as pair wise consistency failed during on of the sshd

Thanks Darren, will check on your response. I am attaching sshd, ssh logs with debug flags. Please see if it gives any hint: when I press ^C in ssh session, no log gets printed in both server/client side. Best Regards, On Wed, Jan 18, 2017 at 3:09 AM, Darren Tucker <dtucker at zip.com.au> wrote: > On Wed, Jan 18, 2017 at 5:10 AM, Sudarshan Soma <sudarshan12s at gmail.com>

Hi I changed sshd_config to run script, .profile for user cliuser like this: Match user cliuser ForceCommand . /home/cliuser/.profile cat /home/cliuser/.profile #!/bin/sh if [[ "$1" == "-c" ]]; then exit 5 fi trap 'exit' 1 2 3 4 15 ssh -tt secadmin at 127.0.0.1 -p 2024 exit Now, with this, i wanted connections to sshd coming on 2025 to go to 2024 for user

Okay, I guess I?ll be the first to take Colin Percival up in that the following statement applies to me: ?If you find a security problem -- or even if you find something which might possibly be a security problem but you're not certain if it is or not -- then please let us know.? I recently installed pam_radius according to the instructions located at the following address:

6.2p2 prints the same version string in the debugging output as it does when invoked with -V: % ssh -V OpenSSH_6.2p2, OpenSSL 0.9.8y 5 Feb 2013 % ssh -v nonesuch |& head -1 OpenSSH_6.2p2, OpenSSL 0.9.8y 5 Feb 2013 6.3p1 and newer don't - I don't have anything at hand that runs 6.3p1, but here are 6.[456]p1: % ssh -V OpenSSH_6.4p1, OpenSSL 1.0.1e-freebsd 11 Feb 2013 % ssh -v

Hi, I am trying to get Openssh 5.5p1 to work with TACACS+. I have the TACACS + PAM module compiled on Ubuntu. I have compiled SSH --with-pam. When the user is defined in /etc/passwd, the SSH authentication to the TACACS+ server takes place successfully. If I REMOVE the user from /etc/passwd OpenSSH sends a string called INCORRECT to the TACACS+ server and it denies authentication. I am trying

Hello, when configuring the OpenSSH to authenticate through pam_radius, I encountered the following problem: The radius server is configured to accept username and generic password, it then generates some textual string as a challenge-request and waits again for username and this time for challenge-response. Pam_radius use pam->conv function, retrieved with pam_get_item(PAM_COM), with

http://bugzilla.mindrot.org/show_bug.cgi?id=1215 Jesse Zbikowski <embeddedlinuxguy at gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |embeddedlinuxguy at gmail.com --- Comment #7 from Jesse Zbikowski <embeddedlinuxguy at