similar to: Non-shell accounts and scp/sftp

On 07/12/23, Philip Prindeville (philipp_subx at redfish-solutions.com) wrote: > We have a CLI that certain users get dropped into when they log in. One of the things they can go is generate certificates (actually .p12 key/certificate bundles) that they will then scp out of the box from another host. Off topic, and assuming the .p12 bundles need to be post-processed by clients for use by ssh,

On Fri, 8 Dec 2023 at 07:39, Philip Prindeville <philipp_subx at redfish-solutions.com> wrote: [...] > Problem is that if their default shell isn't sh, ash, dash, bash, zsh, etc. then things break. > Is there a workaround to allow scp/sftp to continue to work even for non-shell accounts? sftp should work regardless of the user's shell since it is invoked as a ssh subsystem

Anyone have a chance to test any of the various iPhone SIP apps? I see there are a few out there, but most of the iTunes reviews aren't sufficiently technical to be useful. Thanks.

For someone that's network-aware, but hasn't sat down and plowed through umpteen SIP-related RFC's and memorized the standards, is there a good primer on troubleshooting SIP issues? I'm seeing a lot of NOTIFY/603 messages on my network between Asterisk and my Sipura 942's, for instance... Not sure what these are... perhaps the qualify keepalives? In which case, I guess

I was wondering under what conditions Asterisk will hand off a call to another switch. I'm trying to verify that my local PSTN's Coppercom switch operates correctly... and wanted to know how to get a call REFER'd to another end-point. Thanks, -Philip

On Tue, 25 Apr 2023 at 03:36, Philip Prindeville <philipp_subx at redfish-solutions.com> wrote: > > On Apr 10, 2023, at 7:24 AM, Darren Tucker <dtucker at dtucker.net> wrote: [...] > > Since you're using 9.1, the message could be an "Invalid free", since > > there was a double-free bug in that release :-( > > Forgot to ask: does this bug manifest

I've got the following situation. I'm running Asterisk 1.4.18 on a firewall/gateway machine, with some SPA-942 (f/w 5.1.15(a)) phones behind it. I'm peering SIP with a Coppercom switch sitting behind an SBC. On outbound calls, I get 2-way voice, no worries. On inbound calls, I get one-way voice (I can hear the caller but they can't hear me). I've looked at tcpdumps of

I'm using a bunch of SPA942's, and I'm trying to provision them mostly by DHCP (and what I can't set that way, I try to provision via HTTP interface into the phone). I changed the domain in my AstLinux config from "astlinux" to redfish-solutions.com, and set that in my sip.conf file as well: context=incoming

Hi. I have a Supermicro 5018D-FN4T (Xeon D-1541 based SBC) that I use for virtualization. I?m running Centos 7.3 on it (updated), with the CentOS-QEMU-EV.repo repository as the source for virtualization packages. I run an Ubuntu 16.04-2 guest VM on it, which is ordinary enough. What?s perhaps less ordinary is that I?ve attached a Lexar Media, Inc. ?Lexar Professional Workflow CR1 CFast 2.0 USB

> On Apr 10, 2023, at 7:24 AM, Darren Tucker <dtucker at dtucker.net> wrote: > > On Mon, 10 Apr 2023 at 07:07, Peter Stuge <peter at stuge.se> wrote: >> >> Brian Candler wrote: >>>> What's odd is that the length is *always* 1231976033 (which is >>>> 0x496E7661 or "Inva" in ASCII). > > One thing that can cause this is

I'm trying to build an Asterisk rpm from the supplied asterisk.spec file. Made numerous changes to get it to work. The architecture of the system I am building on is x86_64. I'd like to build for i686 though. I added a --target i686 to the rpmbuild line in the Makefile, but it looks like it's still requiring 64bit system libraries. When I try to install the rpm on the i686 machine, it

https://bugzilla.mindrot.org/show_bug.cgi?id=1733 Summary: Enhance support for QoS (ToS) by supporting DSCP/CS and adding option Product: Portable OpenSSH Version: 5.4p1 Platform: All OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: ssh AssignedTo:

https://bugzilla.mindrot.org/show_bug.cgi?id=1856 Summary: Wrong QoS naming and obsolete defaults Product: Portable OpenSSH Version: 5.8p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Miscellaneous AssignedTo: unassigned-bugs at mindrot.org ReportedBy:

For the 3rd consecutive term, the US Senate has introduced the "Truth in caller ID Act of 2009". It was passed by the Senate (finally) in January, and has moved to the House for a vote. A lot of states have ambiguous or overly restrictive language on how caller ID may be manipulated. For instance, if you have a PBX, and a call comes in from the PSTN, which you then loop back out

I'm working on a small server written in Go to add short-lived user certificates to the forwarded agents of authorized users. https://github.com/rorycl/sshagentca This seems to work quite well for accessing sshd servers with the appropriately configured "TrustedUserCAKeys" directive. I have been in a debate about how similarly adding host certificates to forwarded agents could

https://bugzilla.mindrot.org/show_bug.cgi?id=1964 Bug #: 1964 Summary: QoS/DSCP names false translated to ToS hex value Classification: Unclassified Product: Portable OpenSSH Version: 5.9p1 Platform: amd64 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: ssh

http://bugzilla.netfilter.org/show_bug.cgi?id=795 Summary: RELATED doesn't accommodate multicast UDP solicitation resulting in unicast reply Product: netfilter/iptables Version: unspecified Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P5 Component:

On 09/04/2023 02:20, Philip Prindeville wrote: > What's odd is that the length is*always* 1231976033 (which is 0x496E7661 or "Inva" in ASCII). Could you get a tcpdump when this happens? Then maybe more of the error can be captured. I grepped for Inva in the source code. There are lots of error messages which start with this which are sent with error() or fatal() or

Sorry about taking so long to get back to you. The problem is sporadic and I've had other fires to put out first... Here's a PCAP of authentication failures: https://www.redfish-solutions.com/misc/kvm1.pcap > On Apr 9, 2023, at 1:21 AM, Brian Candler <b.candler at pobox.com> wrote: > > On 09/04/2023 02:20, Philip Prindeville wrote: >> What's odd is that the

G'day, In our infrastructure we're trying to be more diligent about switching to sk keys (and/or certs backed by sk keys.) However, there are some services like Gerrit and Jenkins which are written in java and I guess they will never support sk keys, or at least, it seems like it won't happen any time soon. For such services, typical practices at the moment include putting