similar to: SSH cert extensions and authz key options

Displaying 20 results from an estimated 10000 matches similar to: "SSH cert extensions and authz key options"

2018 Jan 24
3
SSH cert extensions and authz key options
Damien, your advice is appreciated. Damien Miller wrote: > On Fri, 12 Jan 2018, Michael Str?der wrote: >> I'm looking at sshd(8), section AUTHORIZED_KEYS FILE FORMAT and >> description for CLI arg -O in ssh-keygen(1). >> >> It seems to me that there could be a 1:1 mapping between SSH cert >> extensions and authz key options by just adding prefix
2020 Jan 30
5
SSH certificates - restricting to host groups
Hello, I am trying to work out the best way to issue SSH certificates in such way that they only allow access to specific usernames *and* only to specific groups of host. As a concrete example: I want Alice to be able to login as "alice" and "www" to machines in group "webserver" (only). Also, I want Bob to be able to login as "bob" and
2020 Feb 17
2
Use of "no-touch-required" with "cert-authority"
Hello, In testing security key support in OpenSSH 8.2, I had some trouble making the ?no-touch-required? option in the authorized_keys file work in conjunction with OpenSSH certificates. I think I?ve figured it out, but I think there may be a bug in ssh-keygen related to this. To make ?no-touch-required? work with certificates, I actually had to do three things: Generate the security key with
2020 Jan 30
6
SSH certificates - restricting to host groups
On 30/01/2020 15:02, Christian, Mark wrote: > On Thu, 2020-01-30 at 12:27 +0000, Brian Candler wrote: >> As a concrete example: I want Alice to be able to login as "alice" >> and >> "www" to machines in group "webserver" (only). Also, I want Bob to >> be >> able to login as "bob" and "www" to machines in group
2019 Sep 13
2
revoking ssh-cert.pub with serial revokes also younger certs
Hi there! What am I doing wrong? I created a ssh-certificate id_user_rsa-cert.pub with this dump: id_user_rsa-cert.pub: root at host # ssh-keygen -Lf id_user_rsa-cert.pub ??????? Type: ssh-rsa-cert-v01 at openssh.com user certificate ??????? Public key: RSA-CERT SHA256:kPitwgxblaUH4viBoFoozSPq9Pblubbedk ??????? Signing CA: ED25519 SHA256:8p2foobarQo3Tfcblubb5+I5cboeckvpnktiHdUs ??????? Key ID:
2019 May 21
2
OpenSSH Certificate Extensions
Hello: I am working to implement certificate-based authentication for some internal applications. It would be very helpful to be able to pass information server-side by specifying some custom options via the Extensions of the signed certificate, allowing the authenticity of the options to be verified readily. However, I have not been able to find too much for specifying behaviors, etc.
2010 Apr 27
2
ssh certificate usage
I am trying to find out how I can use the new self-signed certificates So what I read in the man pages, it should be something like: client: 1) ssh-keygen -f ca_rsa # generate a ssh keypair for use as a certificate Server(s): 2) make sure your /etc/ssh/sshd_config has TrustedUserCAKeys assigned TrustedUserCAKeys /etc/ssh/sshcakeys # or whatever name or location you like 3) edit
2009 Jan 27
7
authz.dll
I've downloaded the latest DB2 client, and its ODBC registration program complains that this is missing. No threads or references here. There didn't appear to be a download for it at M$. A search yielded lots o sites that offered it. Any recommendations? thanks
2010 Jun 07
3
X509 based certificate authentication in OpenSSH
Hello, I would like to know whether OpenSSH supports x509 certificate based authentication. It looks like OpenSSH has dependency on OpenSSL so does this mean that OpeSSH also supports x509 certificate based authentication. If it does support, can you please point me to the necessary documentation. Thanks Naitik
2019 Sep 16
2
revoking ssh-cert.pub with serial revokes also younger certs
Hi Daminan! Hmmm... thought about a little... when i use -vvv with ssh-keygen -Qf i see "debug1:..." So i think, debug is compiled in. ssh-keygen --help gives me ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number] file ... so... option -z is not the serial of the certificate, it is the version-number of the KRL-File... My openssh-Verision from Debian is
2018 Sep 06
4
Some wishes regarding revoked keys
Hello. I am trying to play through the following test scenario about certificate revocation on Ubuntu 18.04, which has OpenSSH of this version: OpenSSH_7.6p1 Ubuntu-4, OpenSSL 1.0.2n? 7 Dec 2017 1. A CA key is created ssh-keygen -t ed25519 -f ca 2. The CA public key is added to ~/.ssh/authorized_keys on some server: cert-authority ssh-ed25519 AAAA...e ca at yoga 3. A user key is created on a
2004 Mar 18
2
ssh only with password
Hello, I must relogin on the same machine in my shell with ssh and without password. For this I tried the procedure ssh-keygen -t dsa and ssh-keygen -t rsa. I copied the entries in /.ssh/id_dsa.pub and /.ssh/id_rsa.pub in /.ssh/authorized_keys When I open a shell I type exec ssh-agent $SHELL and then ssh-add and give my passphrases. When I now type ssh machinename my PC wants my password. I
2010 Mar 16
9
openssh-5.5p1
Hi, We will probably do an openssh-5.5p1 release soon, mainly for the sshd_config:AuthorizedKeysFile bug, but containing a few other small patches too. If you have any portability fixes that need to go in then
2014 Feb 09
1
master user and ACL's
Hi, Quick question...I read in the docs that: "Master user is still subject to ACLs just like any other user, which means that by default the master user has no access to any mailboxes of the user." ... and that the standard workaround is to return master_user=%u from the userdb. But why is the master_user authn-id used in the ACLs and not the authz-id (requested-login-user) ?
2014 Apr 01
4
How can I have the same ssh key for dual boot (ssh-keygen)
I use: ssh-keygen -t rsa to generate a key file (id_rsa.pub) which I copy into authorized_keys2 on other machines in order to permit ssh to these machines without being asked for a password. The thing is that I have dual boot on this machine: one for fedora and one for ubuntu. The two key files which were generated on these machine are different. Is there a way so that I will have the same key
2001 Oct 17
2
OpenSSH_2.9.9p2 Configuration problem
I've recently upgraded some of my machines from an ssh1 environment to an openssh one, and consequently, I'm now using the ssh2 protocol. I can't seem to get it to allow remote logins without prompting for a passphrase or password. Is this possible? I've created id_dsa and id_rsa files etc., using ssh-keygen and have copied the public information to the remote authorized_keys
2011 Jan 27
6
SSH Automatic Log-on Failure - Centos 5.5
Hallo, I wanted to avoid typing-in my password every occasion I remotely logged-on to a server. I created my SSH keys and copied the public part to the server and renamed it authorized_keys. My command line is: ssh root at xxxxxx.com -p 1234 The output shows the logging-on routine wants 3 types of authentication. Surely one successful authentication is sufficient ? OpenSSH_4.3p2, OpenSSL
2006 Apr 05
3
rsync, ssh and DSA key
hi all I have generated the key in the source server(10.78.0.107) ssh-keygen -t dsa -C "root@10.78.0.107" I have added this key to authorized_keys2 of the destination server(10.78.0.117) cat id_dsa.pub >> /root/.ssh/authorized_keys2 but when I execute rsync -avz -e ssh root@10.78.0.107:/var/mail/ /var/mail in the destination server I asck me for the password How to avoid this in
2002 Feb 12
4
Rsync with script
Hi, I am trying to mirror a server every night using rsync. I have to backup multiple directories and multiple individual files. I also want to use ssh as transport. The problem is that I cannot get ssh to work without asking password for each step. I tried the public key thing but it doesnt work. Can some one give instructions for a layman like me. Also I want to know how to pass argument to
2010 Aug 09
8
Call for testing: OpenSSH-5.6
Hi, OpenSSH 5.6 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a moderately large release, with a number of new features and bug fixes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH