similar to: Accessing SSH key path using SSH_ASKPASS and passwordstore

Engine keys are private key files which are only understood by openssl external engines. ?The problem is they can't be loaded with the usual openssl methods, they have to be loaded via ENGINE_load_private_key(). ?Because they're files, they fit well into openssh pub/private file structure, so they're not very appropriately handled by the pkcs11 interface because it assumes the private

I've architected this in a way that looks future proof at least to the openssl provider transition. What will happen in openssl 3.0.0 is that providers become active and will accept keys via URI. The current file mechanisms will still be available but internally it will become a file URI. To support the provider interface, openssl will have to accept keys by URI instead of file and may

Engine keys are keys whose file format is understood by a specific engine rather than by openssl itself. Since these keys are file based, the pkcs11 interface isn't appropriate for them because they don't actually represent tokens. The current most useful engine for openssh keys are the TPM engines, which allow all private keys to be stored in a form only the TPM hardware can decode,

Hi, I have not found any way to use a Certificate with ssh-agent when my Key is stored on a pkcs11 device. I can add my key with ssh-add -s /usr/local/lib/opensc-pkcs11.so but ssh-add -s /usr/local/lib/opensc-pkcs11.so ~/.ssh/mykey-cert.pub does not add the certificate to my agent. As far as I undestand, in ssh-add.c line 580 if (pkcs11provider != NULL) { if (update_card(agent_fd,

Add support to load additional certificates for already loaded private keys. Useful if the private key is on a PKCS#11 hardware token. The private keys inside ssh-agent are now using a refcount to share the private parts between "Identities". The reason for this change was that the PKCS#11 code might have redirected ("wrap") the RSA functions to a hardware token. We don't

Hello, I have a client machine and a server machine. I generated a pair of private-public rsa keys using ssh-keygen. On the client-machine, I uploaded my private key onto ~/.ssh/id_rsa On the server machine, I appended the content of the public key to .ssh/authorized_keys I can successfully connect from the client to the server with that config. However, on the client-side, if I add a

Hi, The main (and probably the only) use case of this PAM module is to let sudo authenticate users via their ssh-agent, therefore without having to type any password and without being tempted to use the NOPASSWD sudo option for such convenience. The principle is originally implemented by an existing module [0][1] and many pages that explain how to use it for such purpose can be found online.

We are attempting to use openssh sftp to connect to a server that is running some version of the Axway SFTP server. After a publickey auth completes, the server resends publickey as a valid auth. This results in a loop as openssh sftp resubmits the publickey information. This seems similar to a discussion in 2014 that terminated with the thought that it might be nice if the client tracked

Allow users to specify certificates to be used for authentication on the command line with the '-z' argument when running ssh. For successful authentication, the key pair associated with the certificate must also be presented during the ssh. Certificates may also be specified in ssh_config as a CertificateFile. This option is meant the address the issue mentioned in the following

https://bugzilla.mindrot.org/show_bug.cgi?id=2670 Bug ID: 2670 Summary: Add ssh_config option that sets the lifetime of the key if added via AddKeysToAgent Product: Portable OpenSSH Version: 7.2p2 Hardware: amd64 OS: All Status: NEW Severity: enhancement Priority: P5

https://bugzilla.mindrot.org/show_bug.cgi?id=2564 Bug ID: 2564 Summary: ssh_config AddKeysToAgent doesn't set key name/path Product: Portable OpenSSH Version: 7.2p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee:

https://bugzilla.mindrot.org/show_bug.cgi?id=2620 Bug ID: 2620 Summary: Option AddKeysToAgent doesnt work with keys provided by PKCS11 libraries. Product: Portable OpenSSH Version: 7.3p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5

I'm trying to use zfs acls in solaris 10. I've looked at past posts regarding this and some online help, but am stuck. I'm currently using samba 3.3.9; I've had the same problem with 3.3.7. samba is compiled and running as an Active Directory member server (compiled with ldap and kerberos). The zfs disk is local. I'm not using winbind. I compiled with zfsacl module.

Hello everybody, current git breaks local forwarding (and possibly more). Looks like the option in ignored completely. I bisected the issue and found this commit to be the culprit: commit f361df474c49a097bfcf16d1b7b5c36fcd844b4b Author: jcs at openbsd.org <jcs at openbsd.org> Date: Sun Nov 15 22:26:49 2015 +0000 upstream commit Add an AddKeysToAgent client option which can

My keys are secured with a passphrase. That's good for security, but having to type the passphrase either at every login or at every invocation of ssh(1) is annoying. I know I could invoke ssh-add(1) just before invoking ssh(1), if I keep track of whether I invoked it already, or write some hacky scripts; but the rest of OpenSSH is wonderfully usable without any hacks. Hence, this patch.

From: Paul Emmerich <p.emmerich at first-colo.net> Hi, the new API for initramfs and files in master lacked the ability to build initramfs objects from files loaded via HTTP/TFTP in Lua. The documentation indicated that it should be possible (and I believe I did that in an older version). I implemented a few new functions to handle files/initramfs objects better. Changes: * NEW:

I''ve almost entirely converted a rails 2.3.5 app to 3pre. I''m having some trouble with protect_from_forgery. I had protect_from_forgery set in application_controller.rb, but run some uploadify ajax stuff in one of my controllers, where I had protect_from_forgery, :except => :add_file set. In rails 3 I''m getting ActionController::InvalidAuthenticityToken on the ajax

On 09/21/2016 11:30 AM, H wrote: > You are right, I'll look at it again. Let me ask, what other password managers are people using, if any? I use keepass, but I know people who like: https://www.passwordstore.org/

Hi, There is small bug in ssh_askpass(). Fix like this. Additionally removing '\r' is for Win32 environment. --- readpass.c 2001/10/09 05:42:49 1.1.1.1 +++ readpass.c 2001/10/09 08:06:38 @@ -45,7 +45,7 @@ { pid_t pid; size_t len; - char *nl, *pass; + char *pass; int p[2], status; char buf[1024]; @@ -71,16 +71,15 @@ fatal("ssh_askpass: exec(%s): %s", askpass,

http://bugzilla.mindrot.org/show_bug.cgi?id=69 Summary: Generalize SSH_ASKPASS Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: ssh AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: bbum at codefab.com