similar to: Support for RFC4252 in sshd with PAM

Displaying 20 results from an estimated 200 matches similar to: "Support for RFC4252 in sshd with PAM"

2012 Dec 17
2
How to control which command is executed with "plain ssh" from remote machine?
Hi! Is it possible to override in OpenSSH so that the shell specified in the /etc/passwd (or what comes from the LDAP server) is not executed at login? We have na?vely tried to specify this with subsystem but found out that by default the ssh client does not specify any subsystem. So how to override something that is unset from the client? /John -- John Olsson Ericsson AB BSC/BSS System
2023 Aug 10
2
Packet Timing and Data Leaks
Philipp Marek wrote: > An easy workaround is to use a password manager (a plain file as a minimum) If you can/want to use a file then consider using a key instead. publickey authentication is non-interactive on the wire and the key is already unlocked so packet timing leaks nothing about your passphrase. //Peter
2024 Nov 23
1
[PATCH] sshsig: check hashalg before selecting the RSA signature algorithm
There is no hash algorithm associated with SSH keys. The key format for RSA keys is always ?ssh-rsa?, and it is capable of being used with any of the available signature algorithms (ssh-rsa for SHA-1 and rsa-sha2-256 or rsa-sha2-512 for SHA-2). See section 3 in https://www.rfc-editor.org/rfc/rfc8332: rsa-sha2-256 RECOMMENDED sign Raw RSA key rsa-sha2-512 OPTIONAL
2003 Jan 18
0
[Patch] User-dependent IdentityFile
Here is the user-dependent IdentityFile patch for openssh3.5 (BSD version), which allows private key files to be placed system wide (for all users) in a secure (non-NFS) mounted location. This addresses an important security hole on systems where home directories are NFS mounted, particularly if there are users who use blank passphrases (or when lpd is tunneled through ssh on systems running lpd
2006 Feb 22
8
[Bug 1159] %u and %h not handled in IdentityFile
http://bugzilla.mindrot.org/show_bug.cgi?id=1159 Summary: %u and %h not handled in IdentityFile Product: Portable OpenSSH Version: 4.3p2 Platform: All URL: http://www.math.ualberta.ca/imaging/snfs/openssh.html OS/Version: Linux Status: NEW Keywords: patch Severity: normal Priority: P2
2002 Mar 07
0
[Bug 147] New: ssh dies if it gets SSH_MSG_USERAUTH_PASSWD_CHANGEREQ
http://bugzilla.mindrot.org/show_bug.cgi?id=147 Summary: ssh dies if it gets SSH_MSG_USERAUTH_PASSWD_CHANGEREQ Product: Portable OpenSSH Version: 3.0p1 Platform: Other OS/Version: All Status: NEW Severity: normal Priority: P4 Component: ssh AssignedTo: openssh-unix-dev at mindrot.org
2013 Jan 07
14
[Bug 2058] New: SSH Banner message displays UTF-8 multibyte char incorrrectly
https://bugzilla.mindrot.org/show_bug.cgi?id=2058 Bug ID: 2058 Summary: SSH Banner message displays UTF-8 multibyte char incorrrectly Classification: Unclassified Product: Portable OpenSSH Version: 6.1p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5
2024 May 28
6
[Bug 3693] New: Is SFTP local command execution implemented based on an RFC protocol?
https://bugzilla.mindrot.org/show_bug.cgi?id=3693 Bug ID: 3693 Summary: Is SFTP local command execution implemented based on an RFC protocol? Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: sftp
2024 Nov 23
2
[PATCH] sshsig: check hashalg before selecting the RSA signature algorithm
Hi, I sent this patch back inn april and I still have a need for this. Would it be possible to get any pointers how we can have `hashalg` selectable by `ssh-keygen -Y`? -- Morten Linderud PGP: 9C02FF419FECBE16 On Thu, Apr 11, 2024 at 09:16:39PM +0200, Morten Linderud wrote: > `ssh-keygen -Y sign` only selects the signing algorithm `rsa-sha2-512` > and this prevents ssh-agent
2018 Feb 22
3
Attempts to connect to Axway SFTP server result in publickey auth loopin
We are attempting to use openssh sftp to connect to a server that is running some version of the Axway SFTP server. After a publickey auth completes, the server resends publickey as a valid auth. This results in a loop as openssh sftp resubmits the publickey information. This seems similar to a discussion in 2014 that terminated with the thought that it might be nice if the client tracked
2023 Jul 20
1
[Bug 3590] New: Why is the service name in the USERAUTH REQUEST message "ssh-connect" instead of "ssh-userauth"?
https://bugzilla.mindrot.org/show_bug.cgi?id=3590 Bug ID: 3590 Summary: Why is the service name in the USERAUTH REQUEST message "ssh-connect" instead of "ssh-userauth"? Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: trivial
2011 Jul 01
3
Timing of banner
A user at a Windows PC uses our SSH client software (Anzio) to access a Linux sshd. User would like the banner from the server to display BEFORE entering a login name. According to the SSH spec, this should be allowed. But the OpenSSH source seems to have specifically prevented this. Is there a good reason for this? Regards, ....Bob Rasmussen, President, Rasmussen Software, Inc.
2002 Nov 01
3
[Bug 423] Workaround for pw change in privsep mode (3.5.p1)
http://bugzilla.mindrot.org/show_bug.cgi?id=423 ------- Additional Comments From michael_steffens at hp.com 2002-11-02 02:40 ------- Created an attachment (id=162) --> (http://bugzilla.mindrot.org/attachment.cgi?id=162&action=view) Patch: Workaround for pw change in privsep mode (3.5.p1) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are
2013 Jan 14
4
AuthorizedKeysCommand
Hi there, We could set AuthorizedKeysCommand script, this will allow only to replace authorized_keys file with keys stored in a database... But why this command is so limited? Why i can't just set a command script which will get a username and public key as arguments and let him do it's own authorization?? I think this will allow for much more powerful tricks. For example do to an
2004 Jun 17
2
SSH_MSG_USERAUTH_PASSWD_CHANGEREQ and 3.1.0 F-SECURE SSH - Proces s Software SSH for OpenVMS
I have found that this server, <snip> debug1: Remote protocol version 1.99, remote software version 3.1.0 F-SECURE SSH - Process Software SSH for OpenVMS debug1: no match: 3.1.0 F-SECURE SSH - Process Software SSH for OpenVMS </snip> does not follow the IETF secsh draft [1] related to the SSH_MSG_USERAUTH_PASSWD_CHANGEREQ message. <snip> ... Normally, the server responds
2015 Aug 25
19
[Bug 2453] New: Document authentication method "none" for AuthenticationMethods
https://bugzilla.mindrot.org/show_bug.cgi?id=2453 Bug ID: 2453 Summary: Document authentication method "none" for AuthenticationMethods Product: Portable OpenSSH Version: 7.1p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5
2004 Jun 25
0
SSH_MSG_USERAUTH_PASSWD_CHANGEREQ and 3.1.0 F-SECURE SSH - Pr oces s Software SSH for OpenVMS
Darren, > -----Original Message----- > From: Darren Tucker [mailto:dtucker at zip.com.au] > Sent: Thursday, June 17, 2004 11:08 PM > To: Scott Rankin > Subject: Re: SSH_MSG_USERAUTH_PASSWD_CHANGEREQ and 3.1.0 > F-SECURE SSH - Pr oces s Software SSH for OpenVMS > > > Scott Rankin wrote: > >>That will depend on which versions exhibit the problems. Is it >
2003 Dec 07
0
[PATCH] Do PAM chauthtok via keyboard-interactive.
Hi All. Attached is another patch that attempts to do pam_chauthtok() via SSH2 keyboard-interactive authentication. It now passes the results from the authentication thread back to the monitor (based on a suggestion from djm). Because of this, it doesn't call do_pam_account twice and consequently now works on AIX 5.2, which the previous version didn't. I haven't tested it on any
2003 Nov 13
0
[PATCH] Perform do_pam_chauthtok via SSH2 keyboard-interactive.
Hi All. Attached is a patch to perform pam_chauthtok via SSH2 keyboard-interactive. It should be simpler, but since Solaris seems to ignore the CHANGE_EXPIRED_AUTHTOK flag, it calls do_pam_account to check if it's expired. To minimise the change in behaviour, it also caches the result so pam_acct_mgmt still only gets called once. This doesn't seem to work on AIX 5.2, I don't know
2004 Sep 14
1
PATCH: Public key authentication defeats passwd age warning.
All, I tried to sign up for this list a few weeks ago, but I don't think it worked. After I confirmed my intention to be on the list, I only got one single message from someone on the list, and that was it. So, either this is a particularly quiet list, or my subscription was dropped somehow just after it was made. So, if you could kindly CC me directly on any responses to this, I sure would