similar to: [Bug 2663] New: [man] sshd_config(5) AuthenticationMethods segment clarification, proposal and questions

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi everyone, I just came across a contradiction between the man page of AuthenticationMethods and the accepted methods list. According to the sshd_config manual page: """ AuthenticationMethods Specifies the authentication methods that must be successfully completed for a user to be granted access. This option must be followed by one

https://bugzilla.mindrot.org/show_bug.cgi?id=3657 Bug ID: 3657 Summary: AuthenticationMethods any apparently not possible after previous non-any assignment Product: Portable OpenSSH Version: 8.7p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5

https://bugzilla.mindrot.org/show_bug.cgi?id=2398 Bug ID: 2398 Summary: AuthenticationMethods doesn't have default value (inconsistency) and it accept empty value Product: Portable OpenSSH Version: 6.8p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement

https://bugzilla.mindrot.org/show_bug.cgi?id=2502 Bug ID: 2502 Summary: using AuthenticationMethods to require s/key and pam doesn't work Product: Portable OpenSSH Version: 7.1p1 Hardware: amd64 OS: Linux Status: NEW Severity: normal Priority: P5 Component: sshd

https://bugzilla.mindrot.org/show_bug.cgi?id=2270 Bug ID: 2270 Summary: AuthenticationMethods - partial success is considered as failure Product: Portable OpenSSH Version: 6.6p1 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5 Component: sshd

Hi there R-Helpers, Does anyone know if it is possible to sort a dataframe? I.e. Sort alphabetically column 1 ( which has some reocurring elements) then sort alphabetically column2 but keeping the order of column 1 constant; much the same way that the sort function works in Excel. Regards, Wayne Dr Wayne R. Jones Statistician / Research Analyst KSS Group plc St James's Buildings 79

https://bugzilla.mindrot.org/show_bug.cgi?id=2453 Bug ID: 2453 Summary: Document authentication method "none" for AuthenticationMethods Product: Portable OpenSSH Version: 7.1p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5

Hi. I can see that SSH partial success functionality was implemented very recently in the OpenSSH server. That's great news. I just tried it and I don't seem to be able to make it work with both public key authentication and password authentication through PAM. I wonder if this is a bug or something that won't be implemented for now or if this is still WIP and I should be more

https://bugzilla.mindrot.org/show_bug.cgi?id=2397 Bug ID: 2397 Summary: Match block doesn't match negated addresses Product: Portable OpenSSH Version: 6.8p1 Hardware: Other OS: Linux Status: NEW Severity: minor Priority: P5 Component: sshd Assignee: unassigned-bugs at

Hello All, The attached patch allows openssh to specify which pam service name to authenticate users against by specifying the PAMServiceName attribute in the sshd_config file. Because the parameter can be included in the Match directive sections, it allows different authentication based on the Match directive. In our case, we use it to allow different levels of authentication based on the

https://bugzilla.mindrot.org/show_bug.cgi?id=983 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED Assignee|pgsery at swcp.com |djm at mindrot.org --- Comment #58 from Damien Miller

The man 5 sshd_config fails to clarify what happens when multiple qualifying Match blocks specify the same configuration option. This patch updates the man page to do so. I tested the behaviour and described what was empirically observed. I can only assume this is the desired behaviour. This is a first attempt. If format or something else is off, let me know; I'll be happy to adjust.

https://bugzilla.mindrot.org/show_bug.cgi?id=2846 Bug ID: 2846 Summary: PermitOpen rule in sshd_config is not case insensitive Product: Portable OpenSSH Version: 7.6p1 Hardware: Other OS: Linux Status: NEW Severity: major Priority: P5 Component: sshd Assignee: unassigned-bugs

Hey, Judging from the (private) responses I?ve got, there is quite a bit of interest in the U2F feature I proposed a while ago. Therefore, I?ve taken some time to resolve the remaining issues, and I think the resulting patch (attached to this email) is in quite a good state now. I also posted the new version of the patch to https://bugzilla.mindrot.org/show_bug.cgi?id=2319 (which I?ve opened

https://bugzilla.mindrot.org/show_bug.cgi?id=2184 Bug ID: 2184 Summary: sshd_config Match block clarification Product: Portable OpenSSH Version: 6.4p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org

I'm writing a PAM module to do authentication through Signal (as in Open Whisper Systems) [1]. I would like to be able to offer (Public key AND Signal) or (Password AND Signal) for authentication. This suggests setting AuthenticationMethods to publickey,keyboard-interactive:pam password,keyboard-interactive:pam However, when PAM is enabled "password" means "show password

Hello Damien, Brian and all, thanks for the suggestions. I actually had not considered host-based authentication and looked it up. As I understand from my first quick reading, I would need to specify the clients which are allowed to use host-based auth on the server with a DNS name or an IP, which would not work for a client behind a CG NAT or in a cellular network. Or did I get this wrong?

CentOS Errata and Security Advisory 2020:2663 Moderate Upstream details at : https://access.redhat.com/errata/RHSA-2020:2663 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 17b8b7fb5bc2f60797d15288cbf7fb16b1e1679974495b7e3ffafccba9afc421 ntp-4.2.6p5-29.el7.centos.2.x86_64.rpm

On Thu, Dec 18, 2014 at 2:01 AM, Damien Miller <...> wrote: > On Wed, 17 Dec 2014, Dmt Ops wrote: > >> vi /etc/ssh/sshd_config >> ... >> - ChallengeResponseAuthentication no >> + ChallengeResponseAuthentication yes >> + KbdInteractiveAuthentication yes >>

Greetings All, I have a ssh server which allows sftp connections from the Internet while ssh connections from within the local net, here is the config: Code: Port 11111 Port 11113 Protocol 2 LogLevel DEBUG