similar to: Working with PAM stages

Hi Using SSH_ORIGINAL_COMMAND in AuthorizedKeys is so helpful, I'd like to know if it might be possible to access it in the AuthorizedKeysCommand context (via env ?). Is this possible ? can anybody give me advice on going into this ? If possible, I'll use this SSH_ORIGINAL_COMMAND to send client specifics information to the AuthorizedKeysCommand script. Currently, the only alternative

Hi, I'm likely going to release 5.5p1 in the next couple of days, mainly for the AuthorizedKeys bug. If you would like to test on your platform or submit any patches (portability only) then this is your last chance :) -d

https://bugzilla.mindrot.org/show_bug.cgi?id=2681 Bug ID: 2681 Summary: postauth processes to log via monitor Product: Portable OpenSSH Version: 7.4p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at

https://bugzilla.mindrot.org/show_bug.cgi?id=2263 Bug ID: 2263 Summary: sshd privsep monitor process doesn't handle SIGXFSZ signal Product: Portable OpenSSH Version: 6.6p1 Hardware: All OS: Linux Status: NEW Severity: normal Priority: P5 Component: sshd

Hi, I have two host machines both installed with libvirt and virt-manager, which provides me with GUI. I have virtual machines running in one of the host. Now I want to migrate some of the virtual machines to the other machines. I am trying to migrate using the Virtual Machine Manager. When I select migrate, it pops up a window to choose the new host. The dropdown menu to choose the new host for

I don't see a way to do this currently (unless I am missing something) but I would like to be able to specify, that in order for a user to login, they need to use at least 1 public key from 2 separate key sources.? Specifically this would be when using "AuthenticationMethods publickey,publickey".? Right now requiring 2 public keys for authentication will allow 2 public keys from

Hi all, When a client requests dynamic remote forwarding with -R it delays forking into the background. In ssh.c we see if (options.fork_after_authentication) { if (options.exit_on_forward_failure && options.num_remote_forwards > 0) { debug("deferring postauth fork until remote forward " "confirmation received");

Domain users using Windows 7 systems lose the ability to connect to Samba shares. Some users can connect one day but then lose the ability the next. When the problem starts to occur the log.smbd displays: =============================================== check_ntlm_password: authentication for user [user1] -> [user1] -> [MYDOMAIN\user1] succeeded ntlmssp_server_postauth: invalid

On Fri, 9 Jun 2023, Chris Rapier wrote: > Hi all, > > When a client requests dynamic remote forwarding with -R it delays forking > into the background. In ssh.c we see > > if (options.fork_after_authentication) { > if (options.exit_on_forward_failure && > options.num_remote_forwards > 0) { > debug("deferring postauth fork until

https://bugzilla.mindrot.org/show_bug.cgi?id=1782 Summary: Match support for HostbasedUsesNameFromPacketOnly Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org

Hello, I'm migrating many accounts to a new server with vpopmail 5.4.33 and dovecot 2.0.11. I've already vpopmail 5.4.32 and dovecot 1.2.16 on others servers running without problems. With dovecot 2.0.11 my lastauth file is not updated. This file usually is update on any access (smtp, pop3, imap) with the client's IP, for every mailbox. Now it's updated only when a client

Hi, I posted this question to the OpenBSD bugs list last week, however I have had no reply and it was suggested on IRC that I post here instead. So I must apologise if this is not appropriate. For a reference here is my previous post: https://marc.info/?l=openbsd-bugs&m=156080681530337&w=2 I am running OpenBSD 6.5-stable (also tested on -current). When I ssh somewhere I get a sig abort

I think I've found a bug with sshd handling audit events for commands (like scp) over ssh1 connections. Specifically, after updating to a recent FreeBSD 6.x with audit support, I'm getting log messages like these when using scp over ssh1: Sep 12 14:13:16 <auth.info> bm55 sshd[12335]: Accepted rsa for xxx from A.B.C.D port 2981 Sep 12 14:13:16 <auth.crit> bm55 sshd[12335]:

Hi all, I have no problem with creating ssh keys for users, but as soon as I specify ''options'', puppet keeps repeating and replacing the key with an identical key. I have written the various options in various formats, like one big strings, as an array, with double quotes or single quotes, etc, etc (see examples below), but the issue stays as a string ... @authorizedkey {

One more error/warning from the latest Puppet from git: In the provider I have KEYS = Facter.value(:roothome) + "/.ssh/authorized_keys" Puppet::Type.type(:authorizedkey).provide(:parsed, ... I get an error on the Puppetmaster: Could not autoload "/usr/lib/ruby/site_ruby/1.8/puppet/provider/authorizedkey/parsed.rb": undefined method `+'' for nil:NilClass Could not

Hi everyone, I just upgraded to 5.6 and keep on getting the following error message: [root at rwjafs1 ~]# yum update Loaded plugins: fastestmirror, priorities Loading mirror speeds from cached hostfile * base: centos.mirror.nac.net * extras: mirror.batblue.com * updates: mirror.atlanticmetro.net Setting up Update Process Resolving Dependencies --> Running transaction check ---> Package

I see that support for AuthorizedKeysCommand has been added. The arguments supplied to the command is just the authenticating user. Can we add the SSH connection details (ie. source and destination IPs and ports) as well? This command seems to be the idea way of requiring one set of credentials from inside an organisation (say the user's own authorized_keys file) and another set from outside

Hi all I have MFCR2 successfully installed but seems to get warnings a s seen below when I start asterisk. Am running on Redhat 9. Asterisk Ready. *CLI> Dec 20 08:40:38 WARNING[1175077440]: chan_unicall.c:634 unicall_error: UniCall: mfcr2 far_unblocking_expired Dec 20 08:40:38 WARNING[1175077440]: chan_unicall.c:634 unicall_error: UniCall: mfcr2 local_unblocking_expired Dec 20 08:40:38

I''ve just installed xen on opensuse 12.1 (4.1 as provided by yast) as will as libvirt + tools however I''m unable to start the libvirt daemon. Here are the log messages: 22:42:02.951: 2548: info : libvirt version: 0.9.6 22:42:02.951: 2548: error : virSysinfoRead:465 : internal error Failed to find path for dmidecode binary 22:42:02.956: 2548: error : virGetUserID:2122 : Failed

Hi, I'm attempting to test the AuthorizedKeysCommand feature with the new port of ssh-ldap-wrapper to OpenBSD. I'm running yesterday's OpenBSD-current i386 snapshot, which includes AuthorizedKeysCommand. The port of ssh-ldap-helper (at http://old.nabble.com/-new--ssh-ldap-helper-td34667413.html) contains all the bits I need, and the individual pieces appear to work once configured: