similar to: [Bug 3574] New: ssh ignores AuthorizedPrincipalsCommand if AuthorizedKeysCommand is also set

Displaying 20 results from an estimated 500 matches similar to: "[Bug 3574] New: ssh ignores AuthorizedPrincipalsCommand if AuthorizedKeysCommand is also set"

2015 Nov 01
2
[Bug 2487] New: AuthorizedPrincipalsCommand should probably document whether it only applies to TrustedUserCAKeys CAs
https://bugzilla.mindrot.org/show_bug.cgi?id=2487 Bug ID: 2487 Summary: AuthorizedPrincipalsCommand should probably document whether it only applies to TrustedUserCAKeys CAs Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: enhancement
2019 May 21
2
OpenSSH Certificate Extensions
Any caveats with using AuthorizedKeysCommand in this case? From: Damien Miller<mailto:djm at mindrot.org> Sent: Monday, May 20, 2019 6:37 PM To: Nickolas Klue<mailto:nickolas.klue at thoughtspot.com> Cc: openssh-unix-dev at mindrot.org<mailto:openssh-unix-dev at mindrot.org> Subject: Re: OpenSSH Certificate Extensions On Mon, 20 May 2019, Nickolas Klue wrote: > Hello: >
2023 Aug 10
1
Announce: OpenSSH 9.4 released
OpenSSH 9.4 has just been released. It will be available from the mirrors listed at https://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested
2023 Jul 31
5
Call for testing: OpenSSH 9.4
Hi, OpenSSH 9.4 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a bugfix release. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available via git using the instructions at
2023 Aug 09
1
Call for testing: OpenSSH 9.4
Compiled on OpenIndiana using GCC 11 :; SunOS 5.11 illumos-2e79e00041 illumos Although snapshot was downloaded, it shows 9.3 version: :; ssh -V OpenSSH_9.3p1-snap20230809, OpenSSL 1.1.1v? 1 Aug 2023 Thanks and regards. On 31.07.2023 08:12, Damien Miller wrote: > Hi, > > OpenSSH 9.4 is almost ready for release, so we would appreciate testing > on as many platforms and systems as
2016 Dec 30
12
[Bug 2655] New: AuthorizedKeysCommand with large output can deadlock
https://bugzilla.mindrot.org/show_bug.cgi?id=2655 Bug ID: 2655 Summary: AuthorizedKeysCommand with large output can deadlock Product: Portable OpenSSH Version: 7.2p2 Hardware: All OS: Linux Status: NEW Severity: normal Priority: P5 Component: sshd Assignee: unassigned-bugs at
2023 Mar 17
18
[Bug 3549] New: Tracking bug for OpenSSH 9.4
https://bugzilla.mindrot.org/show_bug.cgi?id=3549 Bug ID: 3549 Summary: Tracking bug for OpenSSH 9.4 Product: Portable OpenSSH Version: -current Hardware: Other OS: Linux Status: NEW Keywords: meta Severity: normal Priority: P5 Component: Miscellaneous Assignee:
2019 Mar 07
2
Dynamically allow users with OpenSSH?
Peter and Jason, thanks for your replies on this. I was able to accomplish this with a combination of Peter's solution and setting "AuthorizedKeysFile none" as suggested in the Stack Overflow question. On Wed, Mar 6, 2019 at 2:30 PM Peter Moody <mindrot at hda3.com> wrote: > > why aren't the authorized keys/principals commands sufficient? > > $ getent group
2023 Nov 12
1
Match Principal enhancement
AFAIK everything you described here could be done using the AuthorizedKeysCommand or AuthorizedPrincipalsCommand directives. These can emit authorized_keys options (inc. permitopen) as well as the allowed keys/principals. On Sun, 12 Nov 2023, Bret Giddings wrote: > Hi OpenSSH devs, > > I?m wondering if the following has any merit and can be done securely ... > > If you could
2013 Mar 22
52
[Bug 2081] New: extend the parameters to the AuthorizedKeysCommand
https://bugzilla.mindrot.org/show_bug.cgi?id=2081 Bug ID: 2081 Summary: extend the parameters to the AuthorizedKeysCommand Classification: Unclassified Product: Portable OpenSSH Version: 6.2p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: sshd
2012 Nov 20
4
Connection info with AuthorizedKeysCommand
I see that support for AuthorizedKeysCommand has been added. The arguments supplied to the command is just the authenticating user. Can we add the SSH connection details (ie. source and destination IPs and ports) as well? This command seems to be the idea way of requiring one set of credentials from inside an organisation (say the user's own authorized_keys file) and another set from outside
2012 Nov 13
1
problem with AuthorizedKeysCommand on OpenBSD
Hi, I'm attempting to test the AuthorizedKeysCommand feature with the new port of ssh-ldap-wrapper to OpenBSD. I'm running yesterday's OpenBSD-current i386 snapshot, which includes AuthorizedKeysCommand. The port of ssh-ldap-helper (at http://old.nabble.com/-new--ssh-ldap-helper-td34667413.html) contains all the bits I need, and the individual pieces appear to work once configured:
2014 Jun 27
1
Using AuthorizedKeysCommand in unprivileged sshd mode
Hi, I have a setup in which I run sshd as unprivileged user at dedicated port to serve specific application. It is working perfectly! One tweak I had to do, since the AuthorizedKeysCommand feature requires file to be owned by root, I had to use root owned command at root owned directory, although it does not add a security value. At auth2-pubkey.c::user_key_command_allowed2(), we have the
2013 Jun 09
1
pass fingerprint to authorizedkeyscommand
Hi guys, It might be nice if AuthorizedKeysCommand would receive the fingerprint of the offered key as an argument, so that programs like gitolite could implement more refined key-based identity lookup that offers better performance than AuthorizedKeysFile's linear scan. The following patch is untested but is the basic idea: diff -ru openssh-6.2p1/auth2-pubkey.c
2014 Feb 05
1
Make SSH_ORIGINAL_COMMAND available in AuthorizedKeysCommand context
Hi Using SSH_ORIGINAL_COMMAND in AuthorizedKeys is so helpful, I'd like to know if it might be possible to access it in the AuthorizedKeysCommand context (via env ?). Is this possible ? can anybody give me advice on going into this ? If possible, I'll use this SSH_ORIGINAL_COMMAND to send client specifics information to the AuthorizedKeysCommand script. Currently, the only alternative
2014 May 30
2
AuthorizedKeysCommand run as the user
Is there any way to make the AuthorizedKeysCommand as the user which is trying to log in? Thanks. -- Yves.
2015 Mar 16
2
[Bug 2367] New: AuthorizedKeysCommand add key fingerprint as second argument
https://bugzilla.mindrot.org/show_bug.cgi?id=2367 Bug ID: 2367 Summary: AuthorizedKeysCommand add key fingerprint as second argument Product: Portable OpenSSH Version: 6.7p1 Hardware: Other OS: FreeBSD Status: NEW Severity: enhancement Priority: P5 Component: sshd
2014 Mar 20
2
patch to send incoming key to AuthorizedKeysCommand via stdin
Hi all, I'm new to the list, so please forgive me if this is duplicated effort. I have created a patch for openssh which modifies the AuthorizedKeysCommand directive so that the incoming user's public key is sent to the specified program via stdin. This provides a means to identify the connecting user based solely on their public key and not just by the username. The inspiration for
2014 Apr 14
1
AuthorizedKeysCommand size issue?
I'm running into issues with AuthorizedKeysCommand when the sum of the size of the public keys become bigger than ~ 12 KB. I created a bash script that runs #!/bin/bash curl -s --compressed http://someurl.example.com/pubkeys/$1 and am getting "error: returned status 23". CURLE_WRITE_ERROR (23): An error occurred when writing received data to a local file, or an error
2013 Apr 15
7
[Bug 2092] New: AuthorizedKeysCommand: bad ownership or modes for file
https://bugzilla.mindrot.org/show_bug.cgi?id=2092 Bug ID: 2092 Summary: AuthorizedKeysCommand: bad ownership or modes for file Classification: Unclassified Product: Portable OpenSSH Version: 6.2p1 Hardware: amd64 OS: Linux Status: NEW Severity: minor Priority: P5 Component: sshd