similar to: Adding support for alternative .ssh/rc and .ssh/environment paths

2 February 2024 at 12:37, "Damien Miller" <djm at mindrot.org> wrote: > > No, sorry. This has been discussed extensively before, leading to the > > most uncivil discussion our bugtracker has ever seen and the only > > permanent user bans I've ever had to implement. Myself and the other > > developers have zero desire to relitigate this and no

https://bugzilla.mindrot.org/show_bug.cgi?id=2160 Bug ID: 2160 Summary: Option to disable ~/.ssh/rc in sshd_config Product: Portable OpenSSH Version: 6.2p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at

Sorry if this is a silly question, but I couldn't see how to stop this. I'm concerned with the use of ~/.ssh/rc and similar files. The problem is that if $HOME is on an NFS server then this essentially means user accounts can be compromised due to ssh activity, or a locked down account (command= restrictions) may be able to exceed it's expected access rights. We already put

Greetings, I am using OpenSSH Signed Public Key authentication for servers ssh login. All of the servers are setup with below sshd_config options: TrustedUserCAKeys /etc/ssh/ca.pub # CA Public Keys RevokedKeys /etc/ssh/revoke.pub # User Public Keys When i started working on it, for ssh authentication i had to have CA Public Key in User ~/.ssh/authorized_keys, like: cert-authority ssh-rsa

https://bugzilla.mindrot.org/show_bug.cgi?id=2713 Bug ID: 2713 Summary: Please provide a StrictModes-like setting (command line parameter) for ssh (client) Product: Portable OpenSSH Version: 7.5p1 Hardware: Other OS: Other Status: NEW Severity: enhancement Priority: P5

On Fri, 2 Feb 2024, 90 wrote: > Since I can't help but feel like my previous email is already being flat-out ignored, I would just like to reiterate: > > - I am not asking for ~/.ssh to stop being used. > - I am happy to contribute this myself with the blessing of the devs. > > All I would like is to be able to move files within ~/.ssh to their appropriate XDG paths and

All, I have 3 servers. All 3 are CentOS 5.5. All 3 have identical /etc/ssh/sshd_config files. I used ssh-keygen (with no arguments) to generate keys with no password. I then added all 3 id_rsa.pub keys to the authorized_keys file. With this set up, I should be able to ssh between all 3 boxes without needing a password. The problem is that one of the servers keeps asking for a password even with

Hi guys, I'm having a little trouble with the current semantics of the PermitUserEnv directive. I would like to be able to force certain environment variables for some of the ssh keys I'm using. It seems that apart from using the command="..." keyword in authorized_keys, there is also the possibility to specify additional variables using the environment="..." keyword.

Both ssh-copy-id and ssh create .ssh as 0700. ssh-copy-id creates .ssh/authorized_keys as 0600. Thanks: Ryan Sawhill for finding the bug. --- customize/ssh_key.ml | 4 ++-- src/guestfs.pod | 17 +++++++++++++++++ 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/customize/ssh_key.ml b/customize/ssh_key.ml index 09664bf..dd6056f 100644 --- a/customize/ssh_key.ml +++

Since I can't help but feel like my previous email is already being flat-out ignored, I would just like to reiterate: - I am not asking for ~/.ssh to stop being used. - I am happy to contribute this myself with the blessing of the devs. All I would like is to be able to move files within ~/.ssh to their appropriate XDG paths and have OpenSSH continue to find these files without me needing to

We have a system on which users are given a very restricted environment (their shell is a menu) where they should not be able to run arbitrary commands. However, because their shell is not statically linked, ld.so provides a nice clutch of holes for them to exploit. The patch below adds a new configuration option to sshd which quashes their attempts to set LD_PRELOAD etc. using ~/.ssh/environment

hello list, I am attempting to ssh via a user account setup for amanda backups from the backup server to the test backup client. AFAIK everything is setup correctly yet when I ssh as the user to the client I have to type the password. the public key is in the authorized_keys file of the client and permissions all seem correct. Here is a verbose output of the ssh session [amandabackup at

On Mac OS, in order to allow ssh using dsa keys, I would copy ~/.ssh/id_dsa.pub from my machine into ~/.ssh/authorized_keys of the target machine. I've created .ssh directories in my account home as well as in /root and copied the respective keys to authorized_keys files in each. Strangely, I can now ssh as root with no password but my own user account still prompts for a password. What

When editing ~/.ssh/authorized_keys manually, sometimes users forget to add a newline at the end of the file, causing the next ssh-copy-id call to append a new key to an existing key, invalidating both keys. This can be fixed by simply adding a newline before appending the key. Something like this change to openssh-source/openssh-6.7p1/contrib/ssh-copy-id might work: # Assuming that the remote

Michael Stone <mstone at mathom.us> writes: > On Sun, Mar 20, 2016 at 08:30:33PM +0000, Colin Watson wrote: >>How about something like: >> >> if [ "$(sed -n '${s/.*//;p}' ~/.ssh/authorized_keys | wc -l)" = 0 ]; then >> echo >> ~/.ssh/authorized_keys >> fi >> >>I feel like there must be a neater but still portable way

Hi, could somebody with checkin rights please apply the following patch to contrib/cygwin/ssh-user-config? It just appends the RSA2 and DSA keys to .ssh/authorized_keys instead of .ssh/authorized_keys2. TIA, Corinna Index: contrib/cygwin/ssh-user-config =================================================================== RCS file: /cvs/openssh_cvs/contrib/cygwin/ssh-user-config,v retrieving

I'd like to propose a couple of tweaks to ssh-copy-id: o Change the default ID_FILE from identity.pub to id_dsa.pub or perhaps {id_dsa,id_rsa,identity}.pub to cover all the bases, although the patch below deals only with id_dsa.pub - it would need some more tweaking to deal with more than one (possibly non-existent) file. o If the destination authorized_keys file already contains the

Hi folks, If I try to login on a Cygwin host via ssh, then my .ssh on a network drive is unaccessible until I login. I have to enter my password, even if my authorized_keys would allow me to login without. This is fatal, since it forces me to use an interactive session for working on a Windows host. Unusable for automatic builds and tests managed from a central machine, for example. There is no

I am having a real nightmare getting automated login with ssh to work; hoping someone can guide me. I am running Ubuntu 6.10. I have a main machine (called greywolf) which has a partition for my /home on it. I am doing backups to an extrnal usb drive attached to a Linksys NSLU2 (called slug) running UnSlung firmware. All hosts, networking, shares, firewall & such stuff is working fine.

Damien, your advice is appreciated. Damien Miller wrote: > On Fri, 12 Jan 2018, Michael Str?der wrote: >> I'm looking at sshd(8), section AUTHORIZED_KEYS FILE FORMAT and >> description for CLI arg -O in ssh-keygen(1). >> >> It seems to me that there could be a 1:1 mapping between SSH cert >> extensions and authz key options by just adding prefix