Displaying 20 results from an estimated 9000 matches similar to: ""Semi-Trusted" SSH-Keys that also require PAM login"
2020 Oct 23
3
"Semi-Trusted" SSH-Keys that also require PAM login
Hello Damien, Brian and all,
thanks for the suggestions. I actually had not considered host-based
authentication and looked it up.
As I understand from my first quick reading, I would need to specify the
clients which are allowed to use host-based auth on the server with a
DNS name or an IP, which would not work for a client behind a CG NAT or
in a cellular network.
Or did I get this wrong?
2018 Apr 04
5
OpenSSH-Client without reverse tunnel ability
Good day!
A few weeks ago, we had a security breach in the company I'm working
for, because employees used "ssh -R" to expose systems from our internal
network to some SSH server in the outer world.
Of course, this is a breach of our internal security policy, but lead us
to wonder, whether there is a technical solution to prevent our users
from creating SSH-reverse-tunnels.
After
2018 Apr 05
2
OpenSSH-Client without reverse tunnel ability
On Apr 4 13:58, Nico Kadel-Garcia wrote:
> On Wed, Apr 4, 2018 at 11:43 AM, Alexander Wuerstlein
> <snalwuer at cip.informatik.uni-erlangen.de> wrote:
> > On 2018-04-04T17:27, mlrx <openssh-unix-dev at 18informatique.com> wrote:
> >> Le 04/04/2018 ? 13:32, Jan Bergner a ?crit :
> >> > Good day!
> >> >
> >> > Is it possible to
2018 Apr 05
2
OpenSSH-Client without reverse tunnel ability
On Thu, Apr 5, 2018 at 7:13 AM, Jan Bergner <jan.bergner at indurad.com> wrote:
> Hello all.
>
> First of all, I want to extend my sincere thanks to all the people who
> came to the rescue so quickly.
>
> In any case, there is obviously room for clarification on my part, so I
> will try to describe the situation we had in more detail.
>
> In short:
> Employees
2013 May 13
3
[PATCH] Specify PAM Service name in sshd_config
Hello All,
The attached patch allows openssh to specify which pam service name to
authenticate users against by specifying the PAMServiceName attribute in
the sshd_config file. Because the parameter can be included in the Match
directive sections, it allows different authentication based on the Match
directive. In our case, we use it to allow different levels of
authentication based on the
2016 Jul 04
3
SSH multi factor authentication
There has been some good discussion around our IBM security team as to what
actually constitutes SSH multi factor authentication. There are 2 options
being discussed.
One, the Google Authenticator (OTP authentication).
Two, Public/Private key authentication (pubkeyauthentication = yes) which
supports pass phrase private key authentication.
Which of these is considered multi-factor
2019 Jun 25
4
Requiring certificate signature and an authorized key to authenticate
Hey everyone,
Basically, I'm trying to figure out if I can configure sshd to require that the user has a key that has been signed by a trusted user CA *and* is listed separately as an authorised key (or the user has a signed key and a different authorised key)?
The closest I've come is having an `authorized_keys` file have two entries consisting of the CA key and a normal key with
2020 Jun 03
7
Auth via Multiple Publickeys, Using Multiple Sources, One Key per Source
I don't see a way to do this currently (unless I am missing something)
but I would like to be able to specify, that in order for a user to
login, they need to use at least 1 public key from 2 separate key
sources.? Specifically this would be when using "AuthenticationMethods
publickey,publickey".? Right now requiring 2 public keys for
authentication will allow 2 public keys from
2016 Jul 22
3
Multifactor authentication troubles
I'm writing a PAM module to do authentication through Signal (as in Open
Whisper Systems) [1]. I would like to be able to offer
(Public key AND Signal) or (Password AND Signal)
for authentication. This suggests setting AuthenticationMethods to
publickey,keyboard-interactive:pam password,keyboard-interactive:pam
However, when PAM is enabled "password" means "show password
2014 Dec 18
4
chaining AUTH methods -- adding GoogleAuthenticator 2nd Factor to pubkey auth? can't get the GA prompt :-/
I have sshd server
sshd -V
...
OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014
...
running on linux/64
with
cat sshd_config
...
PubkeyAuthentication yes
PasswordAuthentication no
ChallengeResponseAuthentication no
2012 May 12
1
[LLVMdev] [cfe-dev] Odd PPC inline asm constraint
On Sat, 2012-05-12 at 00:47 -0500, Hal Finkel wrote:
> On Tue, 01 May 2012 21:25:29 -0500
> Peter Bergner <bergner at vnet.ibm.com> wrote:
> > By the strict letter of the 32-bit ABI, the save and restore of
> > r31 at a negative offset of r1 is verboten. The ABI states the
> > the stack space below the stack pointer is declared as volatile.
> > I actually
2005 Jun 09
1
need good wrapper
I'm having trouble with the rsync wrapper's I've found online:
rsync_wrapper[8458]: SSH_ORIGINAL_COMMAND environment variable
apparently not set
rsync: connection unexpectedly closed (0 bytes read so far)
rsync error: error in rsync protocol data stream (code 12) at io.c(189)
I'm not sure if this is a problem of incompatibility between my RHES3
and the wrappers I've found or
2012 May 02
4
[LLVMdev] [cfe-dev] Odd PPC inline asm constraint
On Tue, 2012-05-01 at 19:58 -0500, Peter Bergner wrote:
> On Tue, 2012-05-01 at 17:47 -0500, Hal Finkel wrote:
> > By default it should build for
> > whatever the current host is (no special flags required). To
> > specifically build for something else, use:
> > -ccc-host-triple powerpc64-unknown-linux-gnu
> > or
> > -ccc-host-triple
2012 May 01
4
[LLVMdev] [cfe-dev] Odd PPC inline asm constraint
On Tue, 01 May 2012 17:23:07 -0500
Peter Bergner <bergner at vnet.ibm.com> wrote:
> On Tue, 2012-05-01 at 16:06 -0500, Hal Finkel wrote:
> > LLVM/clang now will build in the normal way (./configure; make
> > install) on PPC (you'll need at least the 3.1 release candidate (or
> > trunk)). I generally build on my PPC64 hosts with:
> > make ENABLE_OPTIMIZED=1
2016 Feb 18
2
Let PAM know about accepted pubkey?
Hi,
first of: my familiarity with OpenSSH/Pam code-base is very limited..
Please excuse me if some of this does not make any sense or seems stupid!
I'm investigating if it is possible for a PAM module to find out which
public key was accepted (when 'AuthenticationMethods
publickey,keyboard-interactive' is used). From my digging in the source,
it seems it is currently not.
Would
2004 Mar 01
4
AW: samba configuration multiple ethernet card
Ok, and then?
in file smb.conf.192.168.0.1
[global]
...
bind interfase only = yes
interfaces = eth0
...
[FOR_ALL]
...
in file smb.conf.192.168.0.2
[global]
...
bind interfase only = yes
interfaces = eth1
...
[ADMINS]
...
Does this configuration works?
Is this a good solution? i really don't know, so what's
the global thinking about this.
--
Information Systems
2017 Sep 13
2
sanitizer test case failures after OS update
On 9/13/17 10:31 AM, Peter Bergner via llvm-dev wrote:
> On 9/12/17 8:15 PM, Bill Seurer via llvm-dev wrote:
>> I updated one of my powerpc64le llvm test systems to Fedora 25 and I
>> started getting a whole bunch of sanitizer test case failures. I tried
>> testing some earlier revisions on the new OS that had worked fine under
>> the old but they generate the same
2012 Sep 11
1
setup git in my godaddy server
Hello everyone,
I know this is not correct place to ask this question but please help if
you know
As mentioned some tutorial, i install git version 1.7.3.4 in home directory
(/var/chroot/home/content/xx/xxxxxxx/git).
then I initialize git repository by git init --bare in my samplerepo.git
then i add code in .bashrc file as follow
export GIT_BIN=${HOME}/git
export
2019 Oct 21
2
Multiple Signatures on SSH-Hostkeys
Hello, OpenSSH-wizards.
In our company, we have looked into SSH-HostKey-signing in order to
realize automated access without the need to accept the server's
hostkey, manually.
I got it to work with the HostCertificate-directive inside the
sshd_config.
Now, I was wondering whether it is possible to have multiple
signatures, so I can, for example, sign the hostkey once with a
2012 Apr 28
0
[LLVMdev] Odd PPC inline asm constraint
On Fri, 2012-04-27 at 14:54 -0500, Hal Finkel wrote:
> There is a comment in the file which reads:
>
> /* The weird 'i#*X' constraints on the following suppress a gcc
> warning when __excepts is not a constant. Otherwise, they mean the
> same as just plain 'i'. */
[sinp]
> ("mtfsb0 %s0" : : "i#*X"(__builtin_ffs (__excepts)));
[snip]