Displaying 20 results from an estimated 700 matches similar to: "global no-agent-forwarding"
2016 Oct 05
3
Socket forwarding with non existent remote directories
Hi openssh dev's,
I love an truly appreciate the Socket forwarding feature in OpenSSH 6.7.
i use it for forwarding the socket of GnuPG's agent
(that handles the secret stuff) to remote machines.
Usecase:
======
I am a remote worker and use gnupg agent forwarding
to connect to our company infrastructure that makes heavy use
of PGP encryption while keeping my key out of the hands of
2009 Mar 24
3
A way to log what line of authorized_keys that was used
Hi!
I'm pretty sure that this isn't currently supported, so, I'll give it a
shot and rather be rtfm-flamed instead of not trying :)
Is there any way of logging what line of authorized_keys (and what file)
that was used when a user logs in? It would be very nice to have to
improve auditing logins of accounts with multiple publickeys.
And, if there isn't - Would it be of
2015 Nov 25
6
How disable forwarding-only connections (i.e. non-shell/command non-sftp connections)? (Maybe this is a feature request!)
Hi!
I tried with all available options to disable forwarding-only
connections, by:
"AllowAgentForwarding no
AllowTcpForwarding no"
This had no effect, so what I got in effect was dummy connections.
I would like to disable this "class" of connections altogether. The
outcome will be that all authenticated connections will lead to a
command, be it /usr/libexec/sftp-server
2007 Jan 31
2
Patch to fix the 255 status code problem
Hi,
Currently using openssh-4.5p1 on Solaris 8 in conjunction with Oracle 8i
dataguard. Is there a patch available to prevent ssh returning status
code 255 for a successful execution of a remote connection/command.
Many Thanks,
Tim Mann
2011 Nov 21
3
ssh-keygen -r should support SSHFP records for ECDSA (or at least return non-zero error code on failure)
hi folks:
it looks like ssh-keygen -r can''t export SSHFP records for ECDSA keys:
0 dkg@pip:/tmp/cdtemp.oiRYAS$ ssh-keygen -f foobar -t ecdsa -q -P ''''
0 dkg@pip:/tmp/cdtemp.oiRYAS$ ssh-keygen -r foobar -f foobar.pub
export_dns_rr: unsupported algorithm
0 dkg@pip:/tmp/cdtemp.oiRYAS$
the first number in my prompt is the return code of the last command;
note that
2008 Aug 16
21
[Bug 1506] New: rationalize agent behavior on smartcard removal/reattachment
https://bugzilla.mindrot.org/show_bug.cgi?id=1506
Summary: rationalize agent behavior on smartcard
removal/reattachment
Product: Portable OpenSSH
Version: 5.1p1
Platform: Other
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Smartcard
AssignedTo:
2008 Nov 07
2
[PATCH/cygwin] Fix cygwin specific Makefile and a bug in the ssh-host-config script
Hi,
could somebody be so kind to check in the follwoing patch? It fixes
two problems:
- contrib/cygwin/Makefile:
Installs new docs and stops trying to install RFC.nroff.
- contrib/cygwin/ssh-host-config:
Fixes a condition which tries to find out if ssh or sshd processes are
still running. The old version unfortunately stumbles over user names
which contain the substring
2009 Jun 09
1
Match Statement in sshd_config
Hello Portable OpenSSH Team!
I recently read the man-page of sshd and found: The Match-Statement.
Which maybe could solve the problem i have.
(Get freeNX running on my UbuntuBox and connect to it with the
Windows-Client just using PublicKey Authentication )
But unfortunately the documentation of the Match-Statement refers to the
PATTERN section, which is non existent :-(
After a little bit of
2015 Feb 06
4
Creating users "on - the - fly"
I guess I didn't want to litter the users table either - it just seems
"wrong" to be actually adding things to the host when it is really so
transient. It feels like it should be LDAP-ish. Just ask the server
for the keys and do a one-off authentication. But I've seen even LDAP
creates the user directories.
I see that 2.6 kernels can have some 4B users, which should last me a
2006 Jul 31
20
ZFS vs. Apple XRaid
Hello all,
After setting up a Solaris 10 machine with ZFS as the new NFS server,
I''m stumped by some serious performance problems. Here are the
(admittedly long) details (also noted at
http://www.netmeister.org/blog/):
The machine in question is a dual-amd64 box with 2GB RAM and two
broadcom gigabit NICs. The OS is Solaris 10 6/06 and the filesystem
consists of a single zpool stripe
2015 Feb 06
2
Re: Creating users "on - the - fly"
On Fri 2015-02-06 14:30:13 -0500, Cary FitzHugh wrote:
> Hence - maybe a NSS User Database extension which looks for the
> public keys from a webservice (and then maybe writes them to
> /tmp/<username>.
No, i'm suggesting that when you want to look up the user, use NSS to
find the username and map it to a numeric user ID and the other
information that is typically found in
2017 Jul 10
1
[Bug 2740] New: provide a way of forwarding a Unix-domain socket to user's runtime (home) directory
https://bugzilla.mindrot.org/show_bug.cgi?id=2740
Bug ID: 2740
Summary: provide a way of forwarding a Unix-domain socket to
user's runtime (home) directory
Product: Portable OpenSSH
Version: 7.5p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
2012 Feb 22
1
[Bug 1984] New: Add Unix Domain Socket Forwarding
https://bugzilla.mindrot.org/show_bug.cgi?id=1984
Bug #: 1984
Summary: Add Unix Domain Socket Forwarding
Classification: Unclassified
Product: Portable OpenSSH
Version: 5.9p1
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P2
Component: ssh
AssignedTo:
2015 Jan 15
3
OpenSSH v6.7 & NumberOfPasswordPrompts Option ...
Yes, I have tried that option with no difference in behavior. It seems it ignores that option when provided. Just for reference, I am building it on RedHat 5. I have never had this issue on any previous version of OpenSSH. I use the default configuration with only the changes specified in the RHEL 5 STIG applied.
I appreciate the security advice. The root account was indicated simply as an
2008 Aug 13
1
Encoding SSH RSA public key
Hello,
I'm trying to build a valid public ssh v2 RSA key from a java
application but I have some problems understanding how the two numbers
(e and n) are base64 encoded into ~/.ssh/id_rsa.pub or
~/.ssh/authorized_keys2 file.
My question is what exactly is encoded into the base64 string? For
example for this public key:
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6p76zG+8aOkFZT1y4O+Y7n
2016 Feb 04
3
Unix socket support for sshd
Greetings everyone!
I would like to know if adding support for Unix socket to sshd would be a
feature that would be consider to be added upstream? (ListenAddress).
One of the main reason for this question to you all is that tor now has Unix
socket support for hidden services that is traffic of a hidden service can be
forwarded to a Unix socket (see HiddenServicePort in tor.1). The rationale
2010 Apr 19
3
[Bug 1759] New: allow display of bubblebabble fingerprint when connecting
https://bugzilla.mindrot.org/show_bug.cgi?id=1759
Summary: allow display of bubblebabble fingerprint when
connecting
Product: Portable OpenSSH
Version: -current
Platform: All
URL: http://bugs.debian.org/578422
OS/Version: Linux
Status: NEW
Severity: enhancement
Priority: P2
2017 Mar 14
2
Problem getting ssh agent forwarding to work
Hi,
I need to get agent-forwarding working.
I have:
- a local OpenSUSE 42.1 box, where my key(s) reside (ssh agent running
and working)
- a remote FreeBSD 10.3 box, where I can login with my key (works)
- from the FreeBSD box, I need to get to a CentOS 7 box (without
entering a password - does not work)
On the FreeBSD box, I can see my keys, when I type ssh-add -l
I've enabled
2015 Feb 06
2
Creating users "on - the - fly"
Hi all.
I have a situation that I wonder someone may have run into - or has a
direction I should dig / develop in.
Let's say I have a system with 1M "users". Their public keys are
stored in a database, and I can access them via a web call.
I have a few servers which should allow those users access.
Some constraints to make it non-crazy.
The users can only reverse tunnel. They
2015 May 22
4
Weak DH primes and openssh
On Fri 2015-05-22 00:06:29 -0400, Darren Tucker wrote:
> On Thu, May 21, 2015 at 11:26 PM, Matthew Vernon <matthew at debian.org> wrote:
>>
>> You will be aware of https://weakdh.org/ by now, I presume; the
>> take-home seems to be that 1024-bit DH primes might well be too weak.
>> I'm wondering what (if anything!) you propose to do about this issue,
>>