similar to: Multiple allowed signer files in `ssh-keygen -Y verify`

On Wed, 23 Apr 2025, Wiktor Kwapisiewicz via openssh-unix-dev wrote: > Hello, > > I'm currently evaluating using `ssh-keygen -Y verify` to check OS artifacts > (e.g. packages) and I noticed that the `-f allowed_signers_file` option can be > passed only once. A side remark: technically it can be passed multiple times > without a warning but the last invocation overrides all

Allow users to specify certificates to be used for authentication on the command line with the '-z' argument when running ssh. For successful authentication, the key pair associated with the certificate must also be presented during the ssh. Certificates may also be specified in ssh_config as a CertificateFile. This option is meant the address the issue mentioned in the following

On Sat, 2019-04-06 at 03:20 +1100, Damien Miller wrote: > On Fri, 5 Apr 2019, Jakub Jelen wrote: > > > There is also changed semantics of the ssh-keygen when listing keys > > from PKCS#11 modules. In the past, it was not needed to enter a PIN > > for > > this, but now. > > > > At least, it is not consistent with a comment in the function > >

On Thu, 21 Dec 2023 at 15:52, Jack Hill <jackhill at jackhill.us> wrote: [...] > /tmp/guix-build-openssh-9.6p1.drv-0/openssh-9.6p1/regress/ssh-rsa already exists. > Overwrite (y/n)? ssh-keygen for ssh-rsa failed The regression tests do this to regenerate the keys if either the keygen binary has changed: for t in ${SSH_KEYTYPES}; do # generate user key if [ ! -f

Hi Le 17/04/2020 ? 05:52, Damien Miller a ?crit?: > On Wed, 15 Apr 2020, Lo?c wrote: > >> Hello, >> >> In one recent change >> (https://anongit.mindrot.org/openssh.git/commit/?id=2b13d3934d5803703c04803ca3a93078ecb5b715), >> I noticed a regression. >> >> If ssh-keygen is given a private file without passphrase and without the >> corresponding

Thanks to everyone who has replied to my emails so far - to summarise: AIX allows setting of rlogin=false and and a su group, or a list of users that are permitted to "su" to root. ( or other functional ids ) This means with entries in /etc/ftpusers, it is possible to : 1/ Track who used root via sulog and or external logging 2/ Protect root even if the root password is compromised 3/

Hi, this series adds a basic support for Simple Streams v1.0 metadata files. This makes it possible to create a repository .conf files with [cirros] uri=http://download.cirros-cloud.net format=simplestreams to read the latest version of each CirrOS image. TODO items: - a bit more testing: listing and creating images works, so the current metadata is correct - handle revisions, so newer

Hello All. As promised, here is what I needed to do to get the regression tests to work on AIX & HPUX. It goes into a bit of detail in the hope that others might be able to get them running on their platforms. I've run these mods on AIX 4.3.3, HP-UX 11.00, Solaris 8, Redhat 7.3 and OpenBSD 3.0. The problems I encountered: * prereqs (pmake, md5sum) * bad directory owner/mode causing auth

Though I've worked with enterprise systems, I'm not familiar with FOOS backup software. Which of those recommended would allow me to backup a system while users are active on it? If it matters the system uses LVM. I'd also like to be able to avoid needing the network if possible. That is, I'd plug in a disk into a USB port and backup the system onto that... again, while

On Fri, 2019-03-29 at 12:29 +0100, Jakub Jelen wrote: > On Wed, 2019-03-27 at 22:00 +1100, Damien Miller wrote: > > Hi, > > > > OpenSSH 8.0p1 is almost ready for release, so we would appreciate > > testing > > on as many platforms and systems as possible. > > > > Snapshot releases for portable OpenSSH are available from > >

Hi, Today I fiddled around a bit with my OpenSSH public key files, and I noticed that ssh-keygen prints most non-printable characters in the comment as-is when showing the fingerprint of a key. This can lead to confusing output on the terminal when the comment contains ANSI escape characters which are interpreted by the terminal. The attached public key file serves as an example, which, when

Hi OpenSSH, I'm working on updating Guix's openssh package definition to the latest release. So far, I have only changed the version (and checksum) and left the build/test/install recipe the same. However, the test suite now fails. I could use some pointers to find out what exactly is going wrong with the failing test or how to fix it. I'm happy to provide more information about

Hello, I've noticed that `ssh-keygen -Y find-principals` warns about empty lines in the allowed signers file, even though the documentation says they should be treated as comments: $ ssh-keygen -Y find-principals -f allowed_signers.md -I wiktor at metacode.biz -n file -s rsa-key.txt.sig < rsa-key.txt allowed_signers.md:3: missing key <---- here wiktor at metacode.biz `-Y

Add private key protection information extraction to shh-keygen using -v option on top of -y option which is already parsing the private key. Technically, the passphrase isn't necessary to do this, but it is the most logical thing to do for me. Adding this to -l option is not appropriate because fingerprinting is using the .pub file when available. An other idea is to add a new option, I

Commit-ID: a311e6839f6e8e9797d0a0bd8e1222d22e10a018 Gitweb: http://git.kernel.org/?p=libs/klibc/klibc.git;a=commit;h=a311e6839f6e8e9797d0a0bd8e1222d22e10a018 Author: Martijn Dekker <martijn at inlv.org> AuthorDate: Tue, 6 Mar 2018 17:40:37 +0000 Committer: Ben Hutchings <ben at decadent.org.uk> CommitDate: Fri, 25 Jan 2019 02:57:21 +0000 [klibc] expand: 'nolog' and

Commit-ID: 8d7c846f252b7eabd7cb7d02e7b53fb5a835402e Gitweb: http://git.kernel.org/?p=libs/klibc/klibc.git;a=commit;h=8d7c846f252b7eabd7cb7d02e7b53fb5a835402e Author: Martijn Dekker <martijn at inlv.org> AuthorDate: Tue, 6 Mar 2018 17:40:37 +0000 Committer: Ben Hutchings <ben at decadent.org.uk> CommitDate: Sat, 28 Mar 2020 21:42:54 +0000 [klibc] dash: expand: 'nolog'

Hi, The main (and probably the only) use case of this PAM module is to let sudo authenticate users via their ssh-agent, therefore without having to type any password and without being tempted to use the NOPASSWD sudo option for such convenience. The principle is originally implemented by an existing module [0][1] and many pages that explain how to use it for such purpose can be found online.

Move the index and entry definitions in an own Index module, together with the (previously internal to Index_parser) print_entry debugging function. --- builder/Makefile.am | 2 + builder/builder.ml | 36 +++++++-------- builder/index.ml | 117 +++++++++++++++++++++++++++++++++++++++++++++++ builder/index.mli | 41 +++++++++++++++++ builder/index_parser.ml | 96

This patch removes the various keys and support files created during make tests. It might not be as compact as it could be, and I'd be happy to get comments on that, but it does work. diff --git a/Makefile.in b/Makefile.in index 70287f51f..0f1ef844d 100644 --- a/Makefile.in +++ b/Makefile.in @@ -296,6 +296,45 @@ clean: regressclean rm -f regress/misc/sk-dummy/*.o rm -f

Hello All, When I try to connect to the samba installed linux machine from windows I get the message "Account is not authorized to log in from this station". I have made three entries(user name and password) in the smbpasswd file. But if I log in the windows machine using these user names and passwords I get the message "Account is not authorized to log in from this station".