similar to: add keys and certificate to forwarded agent on remote host

On 17/09/18, Peter Stuge (peter at stuge.se) wrote: > Rory Campbell-Lange wrote: > > Can ssh-add work on the remote socket file? > > I expect that it will just work<tm>. The local socket is just a > socket, and the protocol[1] message SSH_AGENT_ADD_KEY is the same. Local: $ ssh-agent > /tmp/agent.env $ source /tmp/agent.env $ ssh-add ~/.ssh/id_user $ ssh

On Fri, Mar 15, 2019 at 09:10:26AM +0000, Jochen Bern wrote: > Imagine sysadminning a boatload of VMs getting IPs from a dynamic pool, a la > > $ for ADDR in $CUSTOMER_1_RANGE $CUSTOMER_2_RANGE... ; do > > ping -c 1 -w 2 $ADDR >/dev/null 2>&1 && ssh root@$ADDR do_urgent_fix > > done > > , and it mightn't be that much of a niche anymore ... And

> > Details on these, please? Since that was kind of what I was asking for in > the OP :) netflix's bless has been around for a while. https://github.com/Netflix/bless nial sheridan gave a talk recently at LISA about cashier. https://github.com/nsheridan/cashier and finally i'm hoping to have all the necessary approvals to release ussh early next year. I wrote about ussh here

Hi David, > hmm, what I'm finding doesn't seem to use the FIDO challenge/response to the > server, instead it looks like a public/private key that's unlocked with a touch, > possibly storing the private key on the hardware dongle (but it seems like > there's still a key you need to put on the client system) > > Quoting from the yubikey website: > OpenSSH

Stuart Henderson wrote: >> This is why I push for challenge/response tokens, not simply >> cert authentication, and really wish that FIDO (such as yubikey) >> was an option, but the discussions I've seen about suporting >> that have not been encouraging. > > hmm? That works pretty well in OpenSSH. hmm, what I'm finding doesn't seem to use the FIDO

https://bugzilla.mindrot.org/show_bug.cgi?id=3188 Bug ID: 3188 Summary: Problems creating a second ecdsa-sk key for a second Yubikey Product: Portable OpenSSH Version: 8.3p1 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5 Component: ssh-keygen

On Mon, 13 Aug 2018, Blumenthal, Uri - 0553 - MITLL wrote: > Lack of time on the Open Source projects is understandable, and not uncommon. > > However, PKCS11 has been in the codebase practically forever - the ECC > patches that I saw did not alter the API or such. It is especially > non-invasive when digital signature is concerned. > > Considering how long those patches have

On Mon, Jul 20, 2020 at 08:24:45PM -0700, Peter Moody wrote: > I wrote something a lot like this when I was at uber > > https://github.com/pmoody-/pam-ussh > > (the uber version is here: https://github.com/uber/pam-ussh) Needing PAM auth via ssh-agent is not so uncommon and yet using sshd is not necessarily the first (or best) solution to come to mind. Having it available as

Hey, Judging from the (private) responses I?ve got, there is quite a bit of interest in the U2F feature I proposed a while ago. Therefore, I?ve taken some time to resolve the remaining issues, and I think the resulting patch (attached to this email) is in quite a good state now. I also posted the new version of the patch to https://bugzilla.mindrot.org/show_bug.cgi?id=2319 (which I?ve opened

On Sun, Dec 24, 2017 at 9:54 PM, David Newall <openssh at davidnewall.com> wrote: > On 25/12/17 00:11, John Devitofranceschi wrote: >> >> Besides ssh.com?s PrivX product, has anyone created a web service that can >> be used to issue temporary certkeys to authenticated users? >> >> Any pointers appreciated! > > > I expect that what I'm about to

Hi all, What is best way to show only records belonging to logged user? I understand that it is better to handle this in model and not controller. I am thinking of intercepting find methods in model and add clause something like "WHERE id_user = #{user_id}". I would like to hear if you would do it likewise and if yes is it better to hack find_by_sql() or find() method? thanks in

https://bugzilla.mindrot.org/show_bug.cgi?id=2598 Bug ID: 2598 Summary: ssh-agent very occasionally won't remove keys or certs despite now() >= lifetime Product: Portable OpenSSH Version: 6.9p1 Hardware: amd64 OS: Mac OS X Status: NEW Severity: minor Priority: P5

Hi to all, I have a doubt on like passing other URL parameters to InPlaceEditor function. For Ajax.Updater I can use "parameters:", but for InPlaceEditor (or InPlaceCollectionEditor) I cannot use "parameters". How I make to pass other parameters to the page that callback? A sample code: ---------------------------------- var editor= new Ajax.InPlaceCollectionEditor(el, url,

Hi all, I''m using Rails/Mysql as development platform. the production server is under Rails/Oracle. Right now, i''m trying to install my application under the production server, the connection to orcale is fine via Rails, but i have a weird problem. example : here is a extract from my db scheme : Table User :_____________ id_user | first_name |

G'day, In our infrastructure we're trying to be more diligent about switching to sk keys (and/or certs backed by sk keys.) However, there are some services like Gerrit and Jenkins which are written in java and I guess they will never support sk keys, or at least, it seems like it won't happen any time soon. For such services, typical practices at the moment include putting

Hi there! I recently installed centos 8 on my laptop. I have the following problems 1. I tried the use the default evolution 3.28. The problem with 3.28 is that when i try to create an event i get the error "Failed to create an event in the calendar ?CalDAV : Calendar?" "Cannot create calendar object: Failed to put data: HTTP error code 400 (Bad Request)" 2.I tried

Hello, I?m trying out the ?resident key? functionality in OpenSSH 8.2, and I?m having trouble getting it to find keys that I?ve created. I?m trying to create a new resident key using: ssh-keygen -O resident -t ed25519-sk -f <filename> This creates a key, but I?m not actually sure it is creating a ?resident? key, as when I try to dump out the resident keys with either ?ssh-keygen -K?

I set up the YubiKey with OpenSSH 8.2 (Ubuntu client and server) and it works. However, it does not do PIN enforcement at SSH login. It only requests the PIN during the set-up process (when the key is being generated). Is that the way it's supposed to work? Frank

We will be connecting our Asterisk server to ISDN 30 and intend using the Sangoma A101 card. The install location is in London (UK). Sangoma card at Voipon http://www.voipon.co.uk/sangoma-a101-pri-isdn-card-p-132.html?gclid=CI32vJz22I0CFQXklAodIgjHaA I would be grateful to hear if this is the right choice of card. Usage reports would be helpful. Regards Rory -- Rory Campbell-Lange

well i've tried everything trying to get r/w access to my linux box (debian 2.2.3 running samba 2.0.7) from win2k. can only get readonly. i'm hoping some kind sould might be able to take a look at my samba config and let me know what i'm doing wrong... # Samba config file created using SWAT # from localhost (127.0.0.1) # Date: 2001/11/01 00:39:30 # Global parameters [global]