Displaying 20 results from an estimated 7000 matches similar to: "Identify multiple users doing reverse port FWD with their pubkeys"
2020 Feb 12
2
Identify multiple users doing reverse port FWD with their pubkeys
Hi Jochen,
On Wed, 12 Feb 2020 at 00:16, Jochen Bern <Jochen.Bern at binect.de> wrote:
>
> On 02/11/2020 07:07 PM, Cl?ment P?ron wrote:
> > - I have X devices (around 30) and one SSH server
> > - Each of them have a unique public key and create one dynamic reverse
> > port forwarding on the server
> > - All of them connect with the same UNIX user (I don't
2020 Feb 10
6
question about pubkey and passphrase
Hi folks,
Since Docker can bind-mount every .ssh directory I am looking for
some way to forbid unprotected private keys.
AFAICS it is currently not possible on the sshd to verify that
the peer's private key was protected by a passphrase. Can you
confirm?
Regards
Harri
2019 Mar 14
7
prompt to update a host key
As far as I can tell, there currently isn't a straightforward way to
use password authentication for connecting to hosts where the host key
changes frequently. I realize this is a fairly niche use case, but
when developing software for devices that often get reimaged
(resulting in a host key change), it can get pretty tedious to attempt
to connect, get a warning, remove the old host key via
2018 May 16
3
end-to-end encryption
On 05/16/2018 06:07 AM, Aki Tuomi wrote:
>> On 15 May 2018 at 22:43 Gandalf Corvotempesta <gandalf.corvotempesta at gmail.com> wrote:
>> Is possible to implement and end-to-end encryption with dovecot, where
>> server-side there is no private key to decrypt messages?
>
> You could probably automate this with sieve and e.g. GnuPG, which would mean
> that all your
2020 Jan 13
4
Adding SNI support to SSH
Christian Weisgerber <naddy at mips.inka.de> writes:
> On 2020-01-12, Dustin Lundquist <dustin at null-ptr.net> wrote:
>
>> I think the intended application is to proxy through a proxy host provided by the service provider. If SSH had a SNI like feature where a host identifier was passed in plain text during the initial connection. This way the user would just need to
2024 Apr 25
1
how to block brute force attacks on reverse tunnels?
On 25.04.24 17:15, openssh-unix-dev-request at mindrot.org digested:
> Subject: how to block brute force attacks on reverse tunnels?
> From: Steve Newcomb <srn at coolheads.com>
> Date: 25.04.24, 17:14
>
> For many years I've been running ssh reverse tunnels on portable Linux,
> OpenWRT, Android etc. hosts so they can be accessed from a server whose
> IP is stable
2020 Jan 13
3
Adding SNI support to SSH
Hi,
On Mon, Jan 13, 2020 at 03:16:00PM +0000, Jochen Bern wrote:
> Out of interest:
> 1. If an extended mechanism were to be implemented, which server pubkey
> do you expect to be seen/stored/verified by the client? The proxy's
> / v4 middlebox's, or the v6 backend's? Or would you require that all
> server-side machines use the *same* host keypairs?
I'd do
2019 Feb 15
2
Can we disable diffie-hellman-group-exchange-sha1 by default?
On Fri, 2019-02-15 at 15:57 +1100, Darren Tucker wrote:
> That was the original intent (and it's mentioned in RFC4419) however
> each moduli file we ship (70-80 instances of 6 sizes) takes about 1
> cpu-month to generate on a lowish-power x86-64 machine. Most of it
> is
> parallelizable, but even then it'd likely take a few hours to
> generate
> one of each size. I
2018 Jan 10
2
Can Dovecot reject unencrypted mail?
Hi,
Is it possible to configure Dovecot to reject mail that is not
encrypted. In other words:
1. If the user tries to send an unencrypted message from their MUA,
the server rejects it.
2. If a third-party tries to send an unencrypted message to the user,
the server rejects it.
The end result would be that no mail stored on the server can be
decrypted by the administrator.
I am aware that:
*
2018 Jun 19
2
Is there such a thing as "Password Safe Forwarding"?
Hello everyone,
I work in a setting where remote logins are usually authenticated with
SSH user keypairs, but many target accounts need to have a password set
nonetheless (to use with sudo, log in via remote KVM, etc.) and cannot
be put under a central user administration like LDAP.
Enter a corporate password policy that requires passwords to be complex,
different everywhere, and of limited
2019 Oct 30
2
encrypt incoming emails with public gpg key before they are stored to maildir
Hello,
I have asked on the postfix mailing list for a solution, how to encrypt
incoming emails with public gpg key
My original idea was to use a smtpd-milter, which would encrypt all
incoming plaintext messages of given user, using the users public gpg
key. This way, it would look as if the original sender has sent the
message encrypted.
Somebody suggested this might be better done in Dovecot,
2018 Sep 11
5
How to send mail to mailbox with disabled domain?
Given the following:
mailboxes:
user1 at example1.com
user2 at example1.com
user3 at example1.com
etc.
aliases:
whatever at example1.com -> user1 at example1.com
whatever at example2.com -> user1 at example1.com
whatever at example3.com -> user1 at example1.com
Now the problem:
example1.com MX goes elsewhere (doesn't point to this server anymore).
Domains example2.com and
2023 Jul 06
1
Subsystem sftp invoked even though forced command created
On 05.07.23 18:01, MCMANUS, MICHAEL P wrote:
> It appears the forced command either does not run or runs to completion
> and exits immediately, as there is no process named "receive.ksh" in
> the process tree.
FWIW, two cents of mine:
-- The script *exiting* should *not* prompt sshd to execute the
requested subsystem "as a second thought", or else it'd happen
2019 Dec 06
2
client to support SNI
Hi.
Looks like every ~2 Years raises someone the question about SNI support in the
openssh client.
2015: https://marc.info/?l=openssh-unix-dev&m=143248436518985&w=2
2017: https://marc.info/?l=openssh-unix-dev&m=150204655205911&w=2
I have read the docs and haven't seen anything about that this feature is
already available in SSH.
https://man.openbsd.org/ssh.1
2016 Nov 17
5
Good email client to use with Dovecot?
On Thu, 17 Nov 2016 14:11:45 +0100
Jochen Bern <Jochen.Bern at binect.de> wrote:
> On 11/17/2016 08:48 AM, Steve Litt wrote:
> > When I use an email client, its purpose is as a window into my
> > Dovecot IMAP, and as a mechanism to reply to and send emails. I
> > don't do filtering or calendaring on my email client (filtering via
> > procmail direct to
2017 Oct 25
6
authenticate as userA, but get authorization to user userB's account
Hello,
given a small organization. There are *personal* mailboxes (mailbox per
user, incl. subfolders et cetera). The users can share specic folders
via the ACL (we call it "other users/", Dovecot calls it "shared"
folder. Additionally there are mailboxes Dovecot calls "public" (we use
the term "groups/"). They are not associated with a specific account,
2018 May 15
4
end-to-end encryption
Hi to all
I was looking at protonmail.com
Is possible to implement and end-to-end encryption with dovecot, where
server-side there is no private key to decrypt messages?
If I understood properly, on protonmail the private key is encrypted with
user's password, so that only an user is able to decrypt the mailbox.
Anything similiar ?
2023 Jul 07
1
Subsystem sftp invoked even though forced command created
On 06.07.23 23:37, MCMANUS, MICHAEL P wrote:> So changing the forced
command as stated will break the application. I
> would need to create a test bed to simulate the listener rather than
> use the server as is, where is. That may produce false or misleading
> results.
Since the forced command is tied to the specific keypair in the
authorized_keys, you could
-- test with a different
2023 Jul 05
1
Subsystem sftp invoked even though forced command created
On 05.07.23 02:50, Damien Miller wrote:
> Some possibilities:
> 1. the receive.ksh script is faulty in some way that causes it to invoke
> sftp-server
How would the script even *know* that the client requested the SFTP
subsystem? Is a subsystem's executable/path, supposedly internally
overwritten with the forced command at that point, exposed through
$SSH_ORIGINAL_COMMAND ?
2016 Nov 17
11
Good email client to use with Dovecot?
Hi all,
When I use an email client, its purpose is as a window into my Dovecot
IMAP, and as a mechanism to reply to and send emails. I don't do
filtering or calendaring on my email client (filtering via procmail
direct to Dovecot).
What email clients are all of you using to look at your IMAP email?
Thanks,
SteveT
Steve Litt
November 2016 featured book: Quit Joblessness: Start Your Own