similar to: global no-agent-forwarding

Hi openssh dev's, I love an truly appreciate the Socket forwarding feature in OpenSSH 6.7. i use it for forwarding the socket of GnuPG's agent (that handles the secret stuff) to remote machines. Usecase: ====== I am a remote worker and use gnupg agent forwarding to connect to our company infrastructure that makes heavy use of PGP encryption while keeping my key out of the hands of

Hi! I'm pretty sure that this isn't currently supported, so, I'll give it a shot and rather be rtfm-flamed instead of not trying :) Is there any way of logging what line of authorized_keys (and what file) that was used when a user logs in? It would be very nice to have to improve auditing logins of accounts with multiple publickeys. And, if there isn't - Would it be of

Hi! I tried with all available options to disable forwarding-only connections, by: "AllowAgentForwarding no AllowTcpForwarding no" This had no effect, so what I got in effect was dummy connections. I would like to disable this "class" of connections altogether. The outcome will be that all authenticated connections will lead to a command, be it /usr/libexec/sftp-server

Hi, Currently using openssh-4.5p1 on Solaris 8 in conjunction with Oracle 8i dataguard. Is there a patch available to prevent ssh returning status code 255 for a successful execution of a remote connection/command. Many Thanks, Tim Mann

hi folks: it looks like ssh-keygen -r can''t export SSHFP records for ECDSA keys: 0 dkg@pip:/tmp/cdtemp.oiRYAS$ ssh-keygen -f foobar -t ecdsa -q -P '''' 0 dkg@pip:/tmp/cdtemp.oiRYAS$ ssh-keygen -r foobar -f foobar.pub export_dns_rr: unsupported algorithm 0 dkg@pip:/tmp/cdtemp.oiRYAS$ the first number in my prompt is the return code of the last command; note that

https://bugzilla.mindrot.org/show_bug.cgi?id=1506 Summary: rationalize agent behavior on smartcard removal/reattachment Product: Portable OpenSSH Version: 5.1p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Smartcard AssignedTo:

Hi, could somebody be so kind to check in the follwoing patch? It fixes two problems: - contrib/cygwin/Makefile: Installs new docs and stops trying to install RFC.nroff. - contrib/cygwin/ssh-host-config: Fixes a condition which tries to find out if ssh or sshd processes are still running. The old version unfortunately stumbles over user names which contain the substring

Hello Portable OpenSSH Team! I recently read the man-page of sshd and found: The Match-Statement. Which maybe could solve the problem i have. (Get freeNX running on my UbuntuBox and connect to it with the Windows-Client just using PublicKey Authentication ) But unfortunately the documentation of the Match-Statement refers to the PATTERN section, which is non existent :-( After a little bit of

I guess I didn't want to litter the users table either - it just seems "wrong" to be actually adding things to the host when it is really so transient. It feels like it should be LDAP-ish. Just ask the server for the keys and do a one-off authentication. But I've seen even LDAP creates the user directories. I see that 2.6 kernels can have some 4B users, which should last me a

Hello all, After setting up a Solaris 10 machine with ZFS as the new NFS server, I''m stumped by some serious performance problems. Here are the (admittedly long) details (also noted at http://www.netmeister.org/blog/): The machine in question is a dual-amd64 box with 2GB RAM and two broadcom gigabit NICs. The OS is Solaris 10 6/06 and the filesystem consists of a single zpool stripe

On Fri 2015-02-06 14:30:13 -0500, Cary FitzHugh wrote: > Hence - maybe a NSS User Database extension which looks for the > public keys from a webservice (and then maybe writes them to > /tmp/<username>. No, i'm suggesting that when you want to look up the user, use NSS to find the username and map it to a numeric user ID and the other information that is typically found in

https://bugzilla.mindrot.org/show_bug.cgi?id=2740 Bug ID: 2740 Summary: provide a way of forwarding a Unix-domain socket to user's runtime (home) directory Product: Portable OpenSSH Version: 7.5p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5

https://bugzilla.mindrot.org/show_bug.cgi?id=1984 Bug #: 1984 Summary: Add Unix Domain Socket Forwarding Classification: Unclassified Product: Portable OpenSSH Version: 5.9p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: ssh AssignedTo:

Yes, I have tried that option with no difference in behavior. It seems it ignores that option when provided. Just for reference, I am building it on RedHat 5. I have never had this issue on any previous version of OpenSSH. I use the default configuration with only the changes specified in the RHEL 5 STIG applied. I appreciate the security advice. The root account was indicated simply as an

Hello, I'm trying to build a valid public ssh v2 RSA key from a java application but I have some problems understanding how the two numbers (e and n) are base64 encoded into ~/.ssh/id_rsa.pub or ~/.ssh/authorized_keys2 file. My question is what exactly is encoded into the base64 string? For example for this public key: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6p76zG+8aOkFZT1y4O+Y7n

Greetings everyone! I would like to know if adding support for Unix socket to sshd would be a feature that would be consider to be added upstream? (ListenAddress). One of the main reason for this question to you all is that tor now has Unix socket support for hidden services that is traffic of a hidden service can be forwarded to a Unix socket (see HiddenServicePort in tor.1). The rationale

https://bugzilla.mindrot.org/show_bug.cgi?id=1759 Summary: allow display of bubblebabble fingerprint when connecting Product: Portable OpenSSH Version: -current Platform: All URL: http://bugs.debian.org/578422 OS/Version: Linux Status: NEW Severity: enhancement Priority: P2

Hi, I need to get agent-forwarding working. I have: - a local OpenSUSE 42.1 box, where my key(s) reside (ssh agent running and working) - a remote FreeBSD 10.3 box, where I can login with my key (works) - from the FreeBSD box, I need to get to a CentOS 7 box (without entering a password - does not work) On the FreeBSD box, I can see my keys, when I type ssh-add -l I've enabled

Hi all. I have a situation that I wonder someone may have run into - or has a direction I should dig / develop in. Let's say I have a system with 1M "users". Their public keys are stored in a database, and I can access them via a web call. I have a few servers which should allow those users access. Some constraints to make it non-crazy. The users can only reverse tunnel. They

On Fri 2015-05-22 00:06:29 -0400, Darren Tucker wrote: > On Thu, May 21, 2015 at 11:26 PM, Matthew Vernon <matthew at debian.org> wrote: >> >> You will be aware of https://weakdh.org/ by now, I presume; the >> take-home seems to be that 1024-bit DH primes might well be too weak. >> I'm wondering what (if anything!) you propose to do about this issue, >>