similar to: sftp and utmp

> On 03 Apr 2023, at 15:38, Fran?ois Ouellet <franco at sol.mpact.tv> wrote: > > I'm using the internal-sftp server, because it's a chrooted setup. > Not sure this can easily be done with this setup Yes, I know it's not OpenSSH, I'm just a happy user, but seriously for this use case, consider CrushFTP, or ProFTPd for the opernsource with the sftp module

Le Friday, 31 March 2023, 17:47:14 EDT John-Mark Gurney a ?crit : > hvjunk wrote this message on Thu, Mar 30, 2023 at 23:12 +0200: > > I've been battling similar issues, and the only methods I've found (with sftp) was to use > > software like pureftd or crushftp (using crushftp lately as production) that does handle these > > issues "out of the box" > >

Le Monday, 3 April 2023, 00:05:25 EDT Damien Miller a ?crit : > On Thu, 30 Mar 2023, Fran?ois Ouellet wrote: > > > Hi, > > > > We need to limit concurrent sftp logins to one per user (because of bad > > client behaviour). Is there any way to achieve this I have overlooked? > > > > It seems it could be possible with pam_limits, if sftp sessions were

On Thu, 30 Mar 2023, Fran?ois Ouellet wrote: > Hi, > > We need to limit concurrent sftp logins to one per user (because of bad > client behaviour). Is there any way to achieve this I have overlooked? > > It seems it could be possible with pam_limits, if sftp sessions were > recorded in utmp (a guess from what I found googling around). If I > configure

hvjunk wrote this message on Thu, Mar 30, 2023 at 23:12 +0200: > I've been battling similar issues, and the only methods I've found (with sftp) was to use > software like pureftd or crushftp (using crushftp lately as production) that does handle these > issues "out of the box" > Other than that, I'd expect you'll need to write your own PAM modules to track the

On Mon, Apr 3, 2023 at 12:16?AM Damien Miller <djm at mindrot.org> wrote: > > On Thu, 30 Mar 2023, Fran?ois Ouellet wrote: > > > Hi, > > > > We need to limit concurrent sftp logins to one per user (because of bad > > client behaviour). Is there any way to achieve this I have overlooked? > > > > It seems it could be possible with pam_limits, if

Hi guys, we are using samba 3.0.4 as domain member server (security=ADS) in our Active Directory Domain. In order not to compromise social peace, we use POSIX ACLs in conjunction with the hide unreadable option to hide folders/files from users. I'll show you an example to explain the problem: I'm the user "SCHARRNET+M006U122" (SCHARRNET=domain suffix). I'm connecting to

Hi, we're using the SerNet-release of samba 3.0.7 running on SLES8. Our samba server is running as domain member server (security=ADS) in our w2k domain. On monday we migrated from 3.0.4 to 3.0.7. Since then winbind is trying to relsolve usernames without the domain-prefex and fails. See below: log.winbindd: ... [2004/09/22 06:54:24, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(159)

Hi, We need to limit concurrent sftp logins to one per user (because of bad client behaviour). Is there any way to achieve this I have overlooked? It seems it could be possible with pam_limits, if sftp sessions were recorded in utmp (a guess from what I found googling around). If I configure /etc/security/limits.conf with testuser hard maxlogins 1 and connect with ssh, and try a second

Hi, we've got a worse problem with our s.3.0.4 file server. The server is configured as a domain member server and is running in security=ADS mode. We use the hide unreadable parameter in conjunction with posix ACLs to ensure, that our users only see those folders, on which they have been authorized. With s.2.2.8a everything worked fine. Yesterday we migrated to s.3.0.4 and have now the

Le Saturday, 1 April 2023, 02:06:04 EDT Philipp Marek a ?crit : > Set a max-process ulimit in /etc/security/limits.conf (using a group specification). > > For internal sftp 1, for external 2, I guess. I'v seen this suggested before and I have tried it then. It doesn't work with this particular config. I don't know why yet. It works when I don't use the internal-sftp

Hello all, Im having the latest centos that should be integrated into win 2012 active directory domain. Im having Authentication running, an AD user can login via ssh, getent and id working But Im not able to get the samba shares running with AD [sfu-erp] comment = Mandant path = /share # ; valid users = @"RZ-DOMAIN\linuxtest" @"RZ-DOMAIN\linuxtest" valid users =

Hi Duncan, > I couldn't find the solution to my problem (if it has one) in the mailing >> list or the source code. The problem is: how can I redefine a function >> that's been called already by some other function? >> > > why do you want to do this? > To implement something that is common in Lisp. Suppose I have a program that is running and can't be

https://bugzilla.mindrot.org/show_bug.cgi?id=2161 Bug ID: 2161 Summary: AuthorizedKeysCommand is not executed when defined inside Match block Product: Portable OpenSSH Version: -current Hardware: All OS: Linux Status: NEW Severity: normal Priority: P5 Component: sshd

https://bugzilla.mindrot.org/show_bug.cgi?id=2287 Bug ID: 2287 Summary: AuthorizedKeysCommandUser should have it's default documented Product: Portable OpenSSH Version: 6.2p1 Hardware: All OS: All Status: NEW Severity: trivial Priority: P5 Component:

Hi, is there a particular reason why this feature is "user" based and not "user-pubkey" based? What I mean is that it works for installation with small number of pubkeys per user. But imagine i.e. a GitHub scale - all users logging in as user "git". On each auth request all the keys from database would be fetched and feeded to OpenSSH. Now I am only asking this out

So....let''s have a look if I understood the issue: -Find_all_by is actually the same like Find(:all), however Find_all_by is much shorter and less complicated than the syntax of Find(:all) -So in my CONTROLLER it says @files = find(:all) however I don''t want to see all files displayed in my selection box, because I only want to see the foles whose mandant_id is the same like

Hi, I'm attempting to test the AuthorizedKeysCommand feature with the new port of ssh-ldap-wrapper to OpenBSD. I'm running yesterday's OpenBSD-current i386 snapshot, which includes AuthorizedKeysCommand. The port of ssh-ldap-helper (at http://old.nabble.com/-new--ssh-ldap-helper-td34667413.html) contains all the bits I need, and the individual pieces appear to work once configured:

https://bugzilla.mindrot.org/show_bug.cgi?id=3574 Bug ID: 3574 Summary: ssh ignores AuthorizedPrincipalsCommand if AuthorizedKeysCommand is also set Product: Portable OpenSSH Version: 9.3p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component:

https://bugzilla.mindrot.org/show_bug.cgi?id=2092 Bug ID: 2092 Summary: AuthorizedKeysCommand: bad ownership or modes for file Classification: Unclassified Product: Portable OpenSSH Version: 6.2p1 Hardware: amd64 OS: Linux Status: NEW Severity: minor Priority: P5 Component: sshd