similar to: Libvirt TLS with Short Lived Certificates

Some systems like to have a CA supply short-lived certificates to ssh clients. The basic idea is that servers enable certificate authentication, clients authenticate to the CA out of band, and the CA issues client certificates that are valid for a short enough time that users don't want to manually drop them into ~/.ssh or otherwise think about them. There are a handful of commercial

On Tue, 7 Mar 2023 at 05:26, Andy Lutomirski <luto at kernel.org> wrote: [...] > ssh_config contains a Match ... exec [command to refresh the certificate]. This sort of works, > except that it runs the command far too frequently. For example, ssh -O exit [name] refreshes > the certificate, and it should not do so. You can have the command check if the cert is expired or near

On 07/03/23, Darren Tucker (dtucker at dtucker.net) wrote: > On Tue, 7 Mar 2023 at 05:26, Andy Lutomirski <luto at kernel.org> wrote: > [...] > > ssh_config contains a Match ... exec [command to refresh the certificate]. > > This sort of works, except that it runs the command far too frequently. > > For example, ssh -O exit [name] refreshes the certificate, and it

On Tue, Mar 7, 2023, at 3:25 AM, Rory Campbell-Lange wrote: > On 07/03/23, Darren Tucker (dtucker at dtucker.net) wrote: >> On Tue, 7 Mar 2023 at 05:26, Andy Lutomirski <luto at kernel.org> wrote: >> [...] >> > ssh_config contains a Match ... exec [command to refresh the certificate]. >> > This sort of works, except that it runs the command far too

Hello, I'm receiving a lot of these since a couple of days ago: libvirtd: 16:30:10.960: error : qemudDispatchServer:1282 : Too many active clients (20), dropping connection I'm trying to figure out where all these active clients are coming from. I have a daemon running the interacts with libvirtd, but it only creates two long-lived connections (I'm very sure). What constitutes an

I have been trying to get set of libvirtd system up and running. My PKI infrastructure involves a root CA and several intermediate CAs. I am trying to get the machines to trust each other across the different intermediate CAs. This is what I have so far: Libvirtd is starting and listening on tls port 16514 I have configured client/server certs/keys and it seems to be using all of these

I`m generate TLS-certificates for my libvirtd and remote, useing http://wiki.libvirt.org/page/TLSSetup . >From console connect to remote host is success, but from virt-manager -- no: Unable to connect to libvirt. Unable to read TLS confirmation: Input/output error Verify that the 'libvirtd' daemon is running on the remote host. Libvirt URI is: qemu+tls://<remote_host>/system

Hi all, I've got a (pacemaker + drbd) cluster running VMs. When the VM is running on another node, the local storage is Secondary, meaning that it can't be read or otherwise touched. As such, virsh thinks there is no storage and constantly prints errors like: ==== Aug 14 19:25:24 mk-a02n01.digimer.ca libvirtd[1655]: 2020-08-14 23:25:24.812+0000: 1679: error : qemuOpenFileAs:3119 :

I can. I've removed every other compilation flags from clang and even used GCC, with the exact same behaviour. cheers, --renato On 29 July 2014 15:15, Evgeniy Stepanov <eugeni.stepanov at gmail.com> wrote: > OK, we can switch to SIGHUP. Could you please verify that this SIGUSR1 > behavior is not caused by MSan? > > On Tue, Jul 29, 2014 at 6:09 PM, Renato Golin

That doesn’t work too. :-( Last login: Mon Mar 19 19:18:16 on console iMac:~ andre$ mount /dev/disk0s2 on / (hfs, local, journaled) devfs on /dev (devfs, local, nobrowse) map -hosts on /net (autofs, nosuid, automounted, nobrowse) map auto_home on /home (autofs, automounted, nobrowse) /dev/disk2 on /Volumes/G-DRIVE Thunderbolt 3 (hfs, local, nodev, nosuid, journaled, noowners) iMac:~ andre$

On 29 July 2014 15:02, Evgeniy Stepanov <eugeni.stepanov at gmail.com> wrote: > You mean replacing SIGUSR1 with SIGHUP in the test case? Weird, I > don't see how they are different. So, AFAIK, they should be identical. But I put some printfs and sleeps around and it wasn't a synchronization issue. My man page says that SIGUSR1 should terminate if there isn't a handler for

After reading you guide about configuring qemu + tls (http://wiki.libvirt.org/page/TLSSetup) i face with fact, that i can't move client certificate. After all, it's useful to configure all pki hosts similar: place certs in, for example, /etc/pki/libvirt/cert.pem and use it as client certs in one case and as server cert in other case. So, the question is: how can i configure location of the

On Wed, Aug 29, 2018 at 4:55 AM, Daniel P. Berrangé <berrange@redhat.com> wrote: > On Tue, Aug 28, 2018 at 05:07:18PM -0400, David Vossel wrote: > > Hey, > > > > Over in KubeVirt we're investigating a use case where we'd like to > perform > > a live migration within a network namespace that does not provide > libvirtd > > with network access.

Why does cpanel want to remove ices files? How can I prevent this from occurring? What I get is /libexec/ld-elf.so.1: Shared object "libshout.so.3" not found, required by "ices" after cpanel does it nightly updates. Also if I do a SIGHUP to ices to update a playlist, do I just need to issue the command ices SIGHUP? What would be the correct format. Again, I apologize for

https://bugzilla.mindrot.org/show_bug.cgi?id=1692 Summary: sshd sometimes dies when sent multiple SIGHUPs in quick succession Product: Portable OpenSSH Version: 5.3p1 Platform: Other URL: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug /497781 OS/Version: Linux Status: NEW

On Wed, Sep 12, 2018 at 6:59 AM, Martin Kletzander <mkletzan@redhat.com> wrote: > On Mon, Sep 10, 2018 at 02:38:48PM -0400, David Vossel wrote: > >> On Wed, Aug 29, 2018 at 4:55 AM, Daniel P. Berrangé <berrange@redhat.com> >> wrote: >> >> On Tue, Aug 28, 2018 at 05:07:18PM -0400, David Vossel wrote: >>> > Hey, >>> > >>>

Daniel P. Berrangé <berrange@redhat.com> writes: > On Wed, Sep 18, 2019 at 12:18:32PM +0200, Milan Zamazal wrote: >> Daniel P. Berrangé <berrange@redhat.com> writes: >> > >> > On Wed, Sep 04, 2019 at 03:38:25PM +0200, Milan Zamazal wrote: >> >> Hi, I'm trying to add TLS migrations to oVirt, but I've hit a problem >> >> with

From: Simon Perreault <nomis80 at lqt.ca> > Sure, theoretically it would be possible, but how would you restart this one? > [nomis80 at poste10-153 ~]$ sudo lsof | grep libc | grep init > init 1 root mem REG 253,0 1521500 999437 /lib/tls/libc-2.3.5.so I need to verify the post-install script for the glibc RPM, but I believe it SIGHUPs the process -- and

Hey, Over in KubeVirt we're investigating a use case where we'd like to perform a live migration within a network namespace that does not provide libvirtd with network access. In this scenario we would like to perform a live migration by proxying the migration through a unix socket to a process in another network namespace that does have network access. That external process would live

Dear All: --- Summary, especially for openssh list (to test/reproduce): THANK YOU for all your help. Please extract into /home/username/nx on both host and client. cp ssh to a file named mxssh in that directory. Run (with an _n_ below) Start server on the remote host by typing ./server & Now do: ./nxssh hostname If you killall client on the remote end, it reconnects "seamlessly"