Displaying 20 results from an estimated 5000 matches similar to: "Feature request: a good way to supply short-lived certificates to openssh"
2023 Mar 07
1
Feature request: a good way to supply short-lived certificates to openssh
On Tue, Mar 7, 2023, at 3:25 AM, Rory Campbell-Lange wrote:
> On 07/03/23, Darren Tucker (dtucker at dtucker.net) wrote:
>> On Tue, 7 Mar 2023 at 05:26, Andy Lutomirski <luto at kernel.org> wrote:
>> [...]
>> > ssh_config contains a Match ... exec [command to refresh the certificate].
>> > This sort of works, except that it runs the command far too
2023 Mar 06
3
Feature request: a good way to supply short-lived certificates to openssh
On Tue, 7 Mar 2023 at 05:26, Andy Lutomirski <luto at kernel.org> wrote:
[...]
> ssh_config contains a Match ... exec [command to refresh the certificate]. This sort of works,
> except that it runs the command far too frequently. For example, ssh -O exit [name] refreshes
> the certificate, and it should not do so.
You can have the command check if the cert is expired or near
2023 Mar 07
2
Feature request: a good way to supply short-lived certificates to openssh
On 07/03/23, Darren Tucker (dtucker at dtucker.net) wrote:
> On Tue, 7 Mar 2023 at 05:26, Andy Lutomirski <luto at kernel.org> wrote:
> [...]
> > ssh_config contains a Match ... exec [command to refresh the certificate].
> > This sort of works, except that it runs the command far too frequently.
> > For example, ssh -O exit [name] refreshes the certificate, and it
2024 Jan 03
1
How to get "Enter passphrase" on command line rather than GUI pop-up?
On 2024/01/02 09:51, Chris Green wrote:
> I think I have it! I need to unset SSH_AUTH_SOCK, that's all that's
> needed. See:-
>
> chris$ ssh -i backup_id_rsa backup
> [here the pop-up appears and I cancel it]
> sign_and_send_pubkey: signing failed for RSA "backup_id_rsa" from
> agent: agent refused operation
> chris at backup's
2024 Jan 10
0
[Bug 3652] New: KnownHostsCommand should expand tokens and environment variables on first argument
https://bugzilla.mindrot.org/show_bug.cgi?id=3652
Bug ID: 3652
Summary: KnownHostsCommand should expand tokens and environment
variables on first argument
Product: Portable OpenSSH
Version: 9.6p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
2015 Jul 29
2
[PATCH] ssh: Add option to present certificates on command line
Allow users to specify certificates to be used for authentication on
the command line with the '-z' argument when running ssh. For
successful authentication, the key pair associated with the certificate
must also be presented during the ssh.
Certificates may also be specified in ssh_config as a
CertificateFile.
This option is meant the address the issue mentioned in the following
2024 Jan 02
1
How to get "Enter passphrase" on command line rather than GUI pop-up?
>
> There must be *something* in the environment that affects this because
> I'm seeing two different ways of asking for the passphrase on the same
> screen. The only difference is that one is a simple terminal window
> running on my system and the other is one where I have used ssh to
> connect to a remote system and then ssh again back to the 'home'
> system.
2018 Sep 26
1
Libvirt TLS with Short Lived Certificates
I want to use short lived certificates with libvirtd to provided TLS access
to the daemon. New certificates are generated on a daily basis and
delivered to the host. Does libvirtd re-read TLS certificates with a
reload of the service, systemctl reload libvirtd, or with a SIGHUP or is a
full restart of the daemon required?
--charlie
2016 Dec 28
2
certificates keys on pkcs11 devices
Hi,
I have not found any way to use a Certificate with ssh-agent when my Key is
stored on a pkcs11 device. I can add my key with
ssh-add -s /usr/local/lib/opensc-pkcs11.so
but
ssh-add -s /usr/local/lib/opensc-pkcs11.so ~/.ssh/mykey-cert.pub
does not add the certificate to my agent. As far as I undestand, in
ssh-add.c line 580
if (pkcs11provider != NULL) {
if (update_card(agent_fd,
2014 Mar 24
8
[Bug 2216] New: allow forwarding a different socket than SSH_AUTH_SOCK
https://bugzilla.mindrot.org/show_bug.cgi?id=2216
Bug ID: 2216
Summary: allow forwarding a different socket than SSH_AUTH_SOCK
Product: Portable OpenSSH
Version: 6.5p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs
2015 Jul 30
9
[Bug 2436] New: Add ssh option to present certificates on command line
https://bugzilla.mindrot.org/show_bug.cgi?id=2436
Bug ID: 2436
Summary: Add ssh option to present certificates on command line
Product: Portable OpenSSH
Version: 6.9p1
Hardware: All
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee:
2023 May 14
18
[Bug 3572] New: ssh-agent refused operation when using FIDO2 with -O verify-required
https://bugzilla.mindrot.org/show_bug.cgi?id=3572
Bug ID: 3572
Summary: ssh-agent refused operation when using FIDO2 with -O
verify-required
Product: Portable OpenSSH
Version: 9.3p1
Hardware: Other
OS: Linux
Status: NEW
Severity: minor
Priority: P5
Component:
2020 Sep 27
0
Announce: OpenSSH 8.4 released
OpenSSH 8.4 has just been released. It will be available from the
mirrors listed at https://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support.
Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested
2017 Feb 02
2
ssh-agent check for new fresh certificate (and key)? worthwhile doing?
Damien Miller wrote:
> On Thu, 2 Feb 2017, Adam Eijdenberg wrote:
>
>> On Thu, Feb 2, 2017 at 10:42 AM Damien Miller <djm at mindrot.org> wrote:
>>> On Thu, 2 Feb 2017, Adam Eijdenberg wrote:
>>>> I guess a case could be made for ssh-add to always set a timeout when
>>>> adding a certificate with an expiry time, but I think for now I'm
2018 Apr 10
4
Signed SSH key issue with OpenSSH6.4p1
Hi All,
Please pardon me if it is the wrong list to ask how-to etc.
I am having an issue with the Signed SSH keys. I am being asked for the
passphrase for my signed public key, even though I don't have any.
I am running CentOS7 with OpenSSH_6.4p1, OpenSSL 1.0.1e-fips 11 Feb 2013.
1) I have ca server with ca user keys (ca-user-key.pub)
2) I created user ssh rsa keys (user-id-org and
2015 Sep 26
5
[RFC][PATCH v2] Support a list of sockets on SSH_AUTH_SOCK
The idea behind this change is to add support for different "ssh-agents"
being able to run at the same time. It does not change the current
behaviour of the ssh-agent (which will set SSH_AUTH_SOCK just for
itself). Neither does it change the behaviour of SSH_AGENT_PID (which
still supports only one pid).
The new implementation will go through the list of sockets (which are
separated by a
2017 Nov 01
2
Is it good for agent forwarding to creates socket in /tmp/
Hi
After logging in to a remote server with ForwardAgent enabled, sshd on the
remote server creates a socket at /tmp/ and permission is 0755/srwxr-xr-x.
What is the reason to allow everyone to read this socket?
Also, is it better to save this socket in /home/user/.ssh/?
Best Regards
-----------------------
Tran Dung
2000 Oct 30
3
ssh-agent and ssh-add with openssh-2.2.0p1 on Redhat 7
Hi all,
i'm trying to figure out if i'm being silly or if there is a genuine problem.
Running on the notorious Redhat 7, 2.2.16-22 #1, X86.
[user at host]$ ssh-agent -s
SSH_AUTH_SOCK=/tmp/ssh-XXYFcFR6/agent.2101; export SSH_AUTH_SOCK;
SSH_AGENT_PID=2102; export SSH_AGENT_PID;
echo Agent pid 2102;
[user at host]$ echo $SSH_AUTH_SOCK
[user at host]$ echo $SSH_AGENT_PID
[user at host]$
2003 Feb 24
9
[Bug 500] show how to start-up ssh-agent by default...
http://bugzilla.mindrot.org/show_bug.cgi?id=500
------- Additional Comments From djm at mindrot.org 2003-02-24 12:43 -------
I think that:
[ -z "$SSH_AUTH_SOCK" ] && eval `ssh-agent -s`
[ -z "$SSH_AGENT_PID" ] || ssh-add -l >/dev/null 2>&1 || ssh-add
Is as effective and a lot more concise.
On the other hand, fragile heuristics like:
> export
2015 Oct 13
6
[Bug 2480] New: Support a list of sockets on SSH_AUTH_SOCK
https://bugzilla.mindrot.org/show_bug.cgi?id=2480
Bug ID: 2480
Summary: Support a list of sockets on SSH_AUTH_SOCK
Product: Portable OpenSSH
Version: 7.1p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh-agent
Assignee: unassigned-bugs