; > >
> > > como crear nuevamente directorio ssh? en debian 12 borre y
> > > quisiera restaurar
>
> (ahora me ha llegado este mensaje :-o)
>
> > Probaste reinstalar ssh?
>
> Si lo que busca es «recrear» la estructura del paquete original,
> tam
>
> > (I wonder what the string "Debian-5" may mean. The Debian 12 machine has
> > debug1: Local version string SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u2
> > So "-5" is not the Debian version.
>
> Package version in bookworm: 1:9.2p1-2+deb12u2
>
>
On 01/06/2024 16:42, Thomas Schmitt wrote:
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1
Debian-5
(I wonder what the string "Debian-5" may mean. The Debian 12 machine has
debug1: Local version string SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u
Hi,
Jeffrey Walton wrote:
> If I am not mistaken, the problem you are experiencing is due to using
> RSA/SHA-1 on the old machine.
Max Nikulin wrote:
> My reading of /usr/share/doc/openssh-client/NEWS.Debian.gz is that ssh-rsa
> means SHA1 while clients offers SHA256 for the sam
On 01/06/2024 01:52, Thomas Schmitt wrote:
debug1: Offering public key:/home/.../.ssh/id_rsa RSA SHA256:...
[...]
The Debian 12 ssh client is obviously willing to try ssh-rsa.
My reading of /usr/share/doc/openssh-client/NEWS.Debian.gz is that
ssh-rsa means SHA1 while clients offers
On Fri, May 31, 2024 at 7:08 PM Thomas Schmitt wrote:
>
> i still have network access to a Debian 8 system, to which i logged in
> from Debian 11 via ssh and a ssh-rsa key. After the upgrade to Debian 12
> ssh fails with this public key authentication.
> The probably relevant mess
Hi,
the following line in ~/.ssh/config did the trick:
PubkeyAcceptedAlgorithms +ssh-rsa
This lets ssh -v report:
debug1: Offering public key: /home/.../.ssh/id_rsa RSA SHA256:...
debug1: Server accepts key: /home/.../.ssh/id_rsa RSA SHA256:...
Authenticated to ... ([...]:22) using
On 31 May 2024 20:52 +0200, from scdbac...@gmx.net (Thomas Schmitt):
> The ssh-rsa key was generated by Debian 10. man ssh-keygen of buster
> says the default of option -b with RSA was 2048.
> (Does anybody know how to analyze a key file in regard to such
> parameters ?)
$ ssh-
Hi,
i still have network access to a Debian 8 system, to which i logged in
from Debian 11 via ssh and a ssh-rsa key. After the upgrade to Debian 12
ssh fails with this public key authentication.
The probably relevant messages from a run of ssh -vvv are:
debug1: Offering public key: /home
El 2024-05-27 a las 11:49 -0300, Jorge Abel Secreto escribió:
> Hola
>
> El lun, 27 may 2024 a la(s) 11:33 a.m., Kadir Alexis Valdés Izquierdo
> (kadir.va...@uic.cu) escribió:
> >
> > como crear nuevamente directorio ssh? en debian 12 borre y quisiera
> > restau
Hola
El lun, 27 may 2024 a la(s) 11:33 a.m., Kadir Alexis Valdés Izquierdo
(kadir.va...@uic.cu) escribió:
>
> como crear nuevamente directorio ssh? en debian 12 borre y quisiera restaurar
Probaste reinstalar ssh?
--
Jorge A Secreto
Analista de Sistemas
MP 361
como crear nuevamente directorio ssh? en debian 12 borre y quisiera restaurar
Hoi,
Ik kreeg melding dat een backup mislukt was, en ik wou kijken. Het bleek
dat ik ook niet kon inloggen via SSH.
Op een gegeven moment zag ik de melding "ssh Exceeded MaxStartups".
Machine gereboot, zelfs twee keer. Op een gegeven moment kon ik weer
inloggen.
In de logs
allan wrote on 18/04/2024 13:37:
Bug report submitted. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069236
Hi,
may I ask how you disabled IPv6 on these machines?
Regards,
Jörg.
Hi Allan,
On 18/04/24 at 12:38, allan wrote:
Have four Sid machines here and ssh -X has worked fine on all of them
for years. For the last several days I haven't been able to run
graphical applications over ssh from any of these machines.
Error says "cannot open display" an
Bug report submitted. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069236
On Thu, Apr 18, 2024 at 6:18 AM allan wrote:
>
> I just fixed it. in /etc/ssh/sshd_config I changed
>
> #AddressFamily any
>
> to
>
> AddressFamily inet
>
> Reading the host's journ
I just fixed it. in /etc/ssh/sshd_config I changed
#AddressFamily any
to
AddressFamily inet
Reading the host's journal got me pointed in the right direction.
Thank you for the suggestion :)
On Thu, Apr 18, 2024 at 6:10 AM allan wrote:
>
> > In the context of these SSH sessions,
> In the context of these SSH sessions, are those clients or servers?
Both. I've run all four machines as both host and guest when testing.
> Do the logs on the host ip.add.re.ss provide any further details?
journalctl -t sshd gives this -
Apr 18 05:29:03 server sshd[2052]: error:
On 18 Apr 2024 05:38 -0500, from wizard10...@gmail.com (allan):
> Have four Sid machines here
In the context of these SSH sessions, are those clients or servers?
> ssh -vv -Y u...@ip.add.re.ss just gives "X11 forwarding request failed
> on channel 0"
Do the logs on th
Have four Sid machines here and ssh -X has worked fine on all of them
for years. For the last several days I haven't been able to run
graphical applications over ssh from any of these machines.
Error says "cannot open display" and if I ssh into the machine
$DISPLAY is indeed blan
Hi,
On Sat, Mar 30, 2024 at 08:57:14PM +, fxkl4...@protonmail.com wrote:
> so is this a threat to us normal debian users
If you have to ask, i.e. you do not know how to check that your
Debian install is secured against extremely well known recent
exploits that have been plastered across the
On 2024-03-30, fxkl4...@protonmail.com wrote:
> so is this a threat to us normal debian users
> if so how do we fix it
Debian stable is not affected, Debian testing, unstable and
experimental must be updated.
https://lists.debian.org/debian-security-announce/2024/msg00057.html
alton wrote:
>>
>> Seems relevant since Debian adopted xz about 10 years ago.
>>
>> -- Forwarded message -
>> From: Andres Freund
>> Date: Fri, Mar 29, 2024 at 12:10 PM
>> Subject: [oss-security] backdoor in upstream xz/liblzma leading to s
eund
> Date: Fri, Mar 29, 2024 at 12:10 PM
> Subject: [oss-security] backdoor in upstream xz/liblzma leading to ssh
> server compromise
> To:
>
> Hi,
>
> After observing a few odd symptoms around liblzma (part of the xz package) on
> Debian sid installations over the l
Hello,
On Fri, Mar 29, 2024 at 01:52:18PM -0400, Jeffrey Walton wrote:
> Seems relevant since Debian adopted xz about 10 years ago.
Though we do not know how or why this developer has come to recently
put apparent exploits in it, so we can't yet draw much of a
conclusion beyond "sometimes people
On Fri, Mar 29, 2024 at 01:52:18PM -0400, Jeffrey Walton wrote:
> Seems relevant since Debian adopted xz about 10 years ago.
>
Also note that this has been addressed in Debian:
https://lists.debian.org/debian-security-announce/2024/msg00057.html
Provided here for the benefit those who are not
Well, it appears like most things in life this one was self inflicted.
郎
Yesterday I was working on another project and to verify something was
occurring the 'strace' utility was recommended. It dawned on me that
this could help me get a clue as to what was happening to the
gnome-keyring-daemon.
might have occurred the last time you updated,
> or whether you have a locally installed version of "ssh" in your PATH
> before /usr/bin/ssh, or... anything. Anything at all.
>
> When asking for help, it's best to give all of the relevant details up
> front. Start by sayin
atest" version of something
is unhelpful. This goes double when you're on a testing or unstable
system. We don't know how long ago you updated, or what mirrors you're
using, or what errors might have occurred the last time you updated,
or whether you have a locally installed version of "
t help you more on this topic.
The given information is not enough to debug, and I'd never seen any other
connection failure cases.
My advice is, even it's annoying to see a lot of verbose output on your
terminal, that you can use options "-vvv" in your ssh call, like: ssh -vvv
us
x.x port 22
>
> This sounds most likely that your SSH client (program at your local
> machine) has an outdated SSH implementation. Try to update this
> program first.
I have the latest version!!! I recall that this is a Debian/unstable
machine, which I upgrade regularly. So, everytime
Vincent Lefevre wrote:
> Since 2 years (from early 2022 to 2023-11-26), I've got recurrent
> errors like
>
> kex_exchange_identification: read: Connection reset by peer
> Connection reset by x.x.x.x port 22
This sounds most likely that your SSH client (program at your loca
Since 2 years (from early 2022 to 2023-11-26), I've got recurrent
errors like
kex_exchange_identification: read: Connection reset by peer
Connection reset by x.x.x.x port 22
or
kex_exchange_identification: Connection closed by remote host
Connection closed by x.x.x.x port 22
But yesterday, the
On Mon, Nov 13, 2023 at 11:10:17AM +0100, Vincent Lefevre wrote:
[...]
> This is what I've done for my old laptop, but the dropbear package
> is *not* needed for that! You just need the dropbear-initramfs
> package [...]
Aha -- now I know the full story. Thanks, Vincent (and all the other
smart
On 2023-11-10 15:32:53 +, fxkl4...@protonmail.com wrote:
> On Fri, 10 Nov 2023, Vincent Lefevre wrote:
>
> > On 2023-11-10 10:57:21 +0100, Michael wrote:
> >> On Thursday, 9 November 2023 19:08:25 CET, Greg Wooledge wrote:
> >>> No, this is not a normal phenomenon for bookworm upgrades. I've
On Fri, Nov 10, 2023 at 01:01:28PM -0500, Dan Ritter wrote:
> to...@tuxteam.de wrote:
[...]
> > Wait a minute: dropbear is supposed to run in the initramfs, while
> > sshd will be active afterwards, after pivot-root and all that, right?
> >
> > Then I don't quite get why they should collide at
to...@tuxteam.de wrote:
> On Fri, Nov 10, 2023 at 03:32:53PM +, fxkl4...@protonmail.com wrote:
> > On Fri, 10 Nov 2023, Vincent Lefevre wrote:
> >
> > > On 2023-11-10 10:57:21 +0100, Michael wrote:
> > >> On Thursday, 9 November 2023 19:08:25 CET, Greg Wooledge wrote:
> > >>> No, this is not
On Fri, Nov 10, 2023 at 03:32:53PM +, fxkl4...@protonmail.com wrote:
> On Fri, 10 Nov 2023, Vincent Lefevre wrote:
>
> > On 2023-11-10 10:57:21 +0100, Michael wrote:
> >> On Thursday, 9 November 2023 19:08:25 CET, Greg Wooledge wrote:
> >>> No, this is not a normal phenomenon for bookworm
On Fri 10 Nov 2023 at 15:32:53 (+), fxkl4...@protonmail.com wrote:
> On Fri, 10 Nov 2023, Vincent Lefevre wrote:
>
> > On 2023-11-10 10:57:21 +0100, Michael wrote:
> >> On Thursday, 9 November 2023 19:08:25 CET, Greg Wooledge wrote:
> >>> No, this is not a normal phenomenon for bookworm
On Fri, 10 Nov 2023, Vincent Lefevre wrote:
> On 2023-11-10 10:57:21 +0100, Michael wrote:
>> On Thursday, 9 November 2023 19:08:25 CET, Greg Wooledge wrote:
>>> No, this is not a normal phenomenon for bookworm upgrades. I've never
>>> heard of it happening to anyone before.
>>
>> i disagree. i
On 2023-11-10 10:57:21 +0100, Michael wrote:
> On Thursday, 9 November 2023 19:08:25 CET, Greg Wooledge wrote:
> > No, this is not a normal phenomenon for bookworm upgrades. I've never
> > heard of it happening to anyone before.
>
> i disagree. i had the same problem b/c i also had dropbear
On Thursday, 9 November 2023 19:08:25 CET, Greg Wooledge wrote:
No, this is not a normal phenomenon for bookworm upgrades. I've never
heard of it happening to anyone before.
i disagree. i had the same problem b/c i also had dropbear installed. for
some reason the dropbear daemon is started
lseye to bookworm with no problems
> >>> when i try ssh with -X/-Y to the bookworm machine x11 forwarding fails
> >>>
> >>> debug1: Requesting X11 forwarding with authentication spoofing.
> >>> debug1: Sending environment.
> >>> debug1: S
On Thu, 9 Nov 2023, Jeffrey Walton wrote:
> On Thu, Nov 9, 2023 at 11:43 AM Greg Wooledge wrote:
>>
>> On Thu, Nov 09, 2023 at 03:01:29PM +, fxkl4...@protonmail.com wrote:
>>> i upgraded from bullseye to bookworm with no problems
>>> when i try ssh with
On Thu, 9 Nov 2023, Greg Wooledge wrote:
> On Thu, Nov 09, 2023 at 04:59:32PM +, fxkl4...@protonmail.com wrote:
>> now it makes a bit more sense
>> sshd isn't running
>> for some reason the upgrade switched to dropbear
>> is this a new thing for bookworm
>> is there a reason i shouldn't
On Thu, Nov 9, 2023 at 11:43 AM Greg Wooledge wrote:
>
> On Thu, Nov 09, 2023 at 03:01:29PM +, fxkl4...@protonmail.com wrote:
> > i upgraded from bullseye to bookworm with no problems
> > when i try ssh with -X/-Y to the bookworm machine x11 forwarding fails
> >
&g
On Thu, Nov 09, 2023 at 04:59:32PM +, fxkl4...@protonmail.com wrote:
> now it makes a bit more sense
> sshd isn't running
> for some reason the upgrade switched to dropbear
> is this a new thing for bookworm
> is there a reason i shouldn't disable dropbear and use sshd
No, this is not a
On Thu, 9 Nov 2023, fxkl4...@protonmail.com wrote:
> On Thu, 9 Nov 2023, Greg Wooledge wrote:
>
>> On Thu, Nov 09, 2023 at 03:01:29PM +, fxkl4...@protonmail.com wrote:
>>> i upgraded from bullseye to bookworm with no problems
>>> when i try ssh with -X/
On Thu, 9 Nov 2023, Greg Wooledge wrote:
> On Thu, Nov 09, 2023 at 03:01:29PM +, fxkl4...@protonmail.com wrote:
>> i upgraded from bullseye to bookworm with no problems
>> when i try ssh with -X/-Y to the bookworm machine x11 forwarding fails
>>
>> debug1
On Thu, Nov 09, 2023 at 03:01:29PM +, fxkl4...@protonmail.com wrote:
> i upgraded from bullseye to bookworm with no problems
> when i try ssh with -X/-Y to the bookworm machine x11 forwarding fails
>
> debug1: Requesting X11 forwarding with authentication spoofing.
>
i upgraded from bullseye to bookworm with no problems
when i try ssh with -X/-Y to the bookworm machine x11 forwarding fails
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
debug1: Sending env LC_ALL = en_US.UTF-8
authenticator
combo
edit /etc/pam.d/sshd and comment out comon-auth
|# @include common-auth in /etc/ssh/sshd_config UsePAM yes ||ChallengeResponseAuthentication yes ||PasswordAuthentication no AuthenticationMethods
publickey,keyboard-interactive |
On Wed, Oct 04 2023 at 10:08:14 AM, jeremy ardley
wrote:
> I have set up a server with sshd allowing public key access. I also
> set up google authenticator in pam by putting this line at the head of
> /etc/pam.d/sshd
>
> auth required pam_google_authenticator.so
>
> If I connect to the server
I have set up a server with sshd allowing public key access. I also set
up google authenticator in pam by putting this line at the head of
/etc/pam.d/sshd
auth required pam_google_authenticator.so
If I connect to the server without a public key I get the authenticator
prompt and then
dbus.service
/run/user/1000/gcr/ssh gcr-ssh-agent.socket
gcr-ssh-agent.service
/run/user/1000/gnupg/S.dirmngr dirmngr.socket
dirmngr.service
/run/user/1000/gnupg/S.gpg-agent gpg-agent.socket
gpg-agent.service
/run/user/100
On 14/08/2023 07:30, Nate Bargmann wrote:
I have been using the GNOME keyring applet to manage the SSH public key
passwords I use as it prompts to save passwords and then lets me SSH to
other hosts without out a password prompt.
I do not know how it is arranged in Gnome, but I hope my
I now have two desktop systems running Bookworm with GNOME. The laptop
was upgraded last month and I upgraded the desktop this afternoon. I
have been using the GNOME keyring applet to manage the SSH public key
passwords I use as it prompts to save passwords and then lets me SSH to
other hosts
On Montag, 7. August 2023 16:33:26 CEST you wrote:
> On Montag, 7. August 2023 15:19:49 CEST you wrote:
> > Dear all,
> >
> > I just dist-upgraded my Raspberry Pi from buster to bookworm, and while
> >
> > ssh -Y...
> >
> > worked like a charm in before
gene heskett wrote:
> On 8/7/23 10:51, B.M. wrote:
>>> ssh -Y -C -l myUser otherHostname.local -v
>>>
> Is the @ sign between myUser and otherhostname now optional?
He uses option -l login_name, which can be used alternatively to
login_name@destination.
On 8/7/23 10:51, B.M. wrote:
On Montag, 7. August 2023 15:19:49 CEST you wrote:
Dear all,
I just dist-upgraded my Raspberry Pi from buster to bookworm, and while
ssh -Y...
worked like a charm in before the update and I could start any X11 program
over ssh, it doesn't work anymore since
On Montag, 7. August 2023 15:19:49 CEST you wrote:
> Dear all,
>
> I just dist-upgraded my Raspberry Pi from buster to bookworm, and while
>
> ssh -Y...
>
> worked like a charm in before the update and I could start any X11 program
> over ssh, it doesn't work anymore since
Hi Bernd
B.M. wrote:
I just dist-upgraded my Raspberry Pi from buster to bookworm, and while
This might very well be the reason for your problems. You should never
skip a release, bullseye in this case. Upgrading directly from
oldoldstable to stable will get you unpredictable results.
Dear all,
I just dist-upgraded my Raspberry Pi from buster to bookworm, and while
ssh -Y...
worked like a charm in before the update and I could start any X11 program
over ssh, it doesn't work anymore since then. Executing
ssh -Y -C -l myUser otherHostname.local -v
I get
...
debug1
On 1 Aug 2023 21:30 +0200, from pipat...@gmail.com (Anders Andersson):
> Does anyone know the "correct" solution to this?
Might https://wiki.debian.org/Suspend#Systemd_timeouts be useful?
--
Michael Kjörling https://michael.kjorling.se
“Remember when, on the Internet,
I just installed a plain debian 12.1 on my good old Thinkpad X200, my
first debian 12 install since I'm waiting for things to settle down
before I upgrade my other computers.
Going smooth so far and my first snag (after bug #1037304) is that it
just kicked me out of all my ssh sessions. Example
> Le 21 juil. 2023 à 10:26, Michel Verdier a écrit :
>
> Le 19 juillet 2023 RogerT a écrit :
>
>> La validation par le gouvernement n’est en rien une garantie (sgdg…).
>
> Bien sûr, mais c'est quand même un plus par rapport à rien du tout.
Ça ne vaut rien du tout. Rien.
>
>> Pour
Le 19 juillet 2023 RogerT a écrit :
> La validation par le gouvernement n’est en rien une garantie (sgdg…).
Bien sûr, mais c'est quand même un plus par rapport à rien du tout.
> Pour Keepass, tu stockes ta BD où tu veux. Le problème était la possibilité
> d’exporter en clair les pwds :
>
On 2023-07-19 09:05:05 +0200, Michel Verdier wrote:
> Le 18 juillet 2023 roger tarani a écrit :
> > Quel est le mécanisme détaillé conduisant à l'authentification de
> > l'utilisateur par l'hôte distant ?
> > (la clef privée reste sur l'hôte local ; comment la clef publique et la
> > clef
De: "elguero eric"
> À: debian-user-french@lists.debian.org
> Envoyé: Mercredi 19 Juillet 2023 18:28:24
> Objet: Re: Authentification ssh et PAM
> pour moi crypter et décrypter ne sont que des mots
> et en réalité il s'agit de deux bijections inverses
> l'une de l'autr
Le 20/07/2023 à 10:48, RogerT a écrit :
[...]
En pratique, si j’utilise une clef USB sans chiffrement ou avec chiffrement ou
carrément un HSM, PAM est-il transparent à utiliser (cad qu’il suffit de
configurer account, auth, password, session) ou faut-il trouver/développer un
composant
On retrouve Alice et Bob. Et effectivement le dernier truc sur lequel je
>> travaillais c'est de l'authentification qui crypte avec la clef privée,
>> d'où mon inversion pour ssh.
>
> Ah, c'est pas à moi que ça arriverait, ça: je ne me trompe jamais, qu'on se
> le dise ;-)
Le 19/07/23 à 16:28, elguero eric a écrit :
> pour moi crypter et décrypter ne sont que des mots
Mais les mots ont un sens ;-)
Et ici ce n'est pas le bon. En français, décrypter c'est déchiffrer un message
dont on a pas la
clé de chiffrement (et crypter n'existe pas car ça n'a pas de sens, ça
pour ssh.
Ah, c'est pas à moi que ça arriverait, ça: je ne me trompe jamais, qu'on
se le dise ;-)
D'ailleurs c'est à se demander quel phénomène occulte et maléfique est
intervenu pour corrompre et distordre mon message précédent, puisque à
le lire soigneusement ainsi que le lien qu'il cite
dia.org/wiki/Cryptographie_asym%C3%A9trique#M%C3%A9canismes_d'authentification
En français c'est mieux :)
On retrouve Alice et Bob. Et effectivement le dernier truc sur lequel je
travaillais c'est de l'authentification qui crypte avec la clef privée,
d'où mon inversion pour ssh.
andis que la clef publique permet à tout le monde de chiffrer un message.
Oui tu as raison, autant pour moi, ça fait du bien de relire les bases de
temps en temps. Voilà une description assez claire :
https://www.digitalocean.com/community/tutorials/understanding-the-ssh-encryption-and-connection-process
> Le 19 juil. 2023 à 17:58, Michel Verdier a écrit :
>
> Le 19 juillet 2023 RogerT a écrit :
>
Ou alors il faut un gestionnaire de pwd pour stocker la phrase de passe…
>>>
>>> Tout à fait, c'est à ça que sert kwallet ou gnome-agent ou keepassxc
>> Keepass[xc], etc.ne sont pas sûrs
ison, autant pour moi, ça fait du bien de relire les bases de
temps en temps. Voilà une description assez claire :
https://www.digitalocean.com/community/tutorials/understanding-the-ssh-encryption-and-connection-process
Le 19 juillet 2023 RogerT a écrit :
>>> Ou alors il faut un gestionnaire de pwd pour stocker la phrase de passe…
>>
>> Tout à fait, c'est à ça que sert kwallet ou gnome-agent ou keepassxc
> Keepass[xc], etc.ne sont pas sûrs comme la plupart des gestionnaires de pwd
> qui ont tous déjà été
Pour autant que ça s'applique ici, Wikipedia a une explication d'un
mécanisme d'autentification à clés asymétriques par l'utilisation d'un
double chiffrement avec les deux clés publiques (celles de chaque partie):
COMPLÉMENT
J’ai approfondi ma vérification.
J’étais parti sur le seul schéma habituel : chiffrer avec la clef publique et
déchiffrer avec la clef privée.
Je crois que tu voulais parler de signature numérique, où Alice (ici le client
ssh) chiffre avec sa clef privée probablement un message
t a les deux clefs.
>> Seul le client peut déchiffrer une phrase chiffrée.
>
> Non, seul le client peut chiffrer
Tous ceux qui ont la clef publique peuvent chiffrer.
Et aussi celui qui a seulement la clef privée car elle permet de générer une
clef publique (je suppose qu’on peut chif
e serveur a seulement la clef publique.
Oui, tous les serveurs qui doivent te déchiffrer (= tous ceux sur
lesquels tu dois te connecter) ont la publique
> Le client a les deux clefs.
> Seul le client peut déchiffrer une phrase chiffrée.
Non, seul le client peut chiffrer
> Comment fait l
Le 19/07/2023 à 11:26, RogerT a écrit :
Merci beaucoup pour tes pointeurs. Je vais étudier ça.
Le HSM gérera la clef ; ou plutôt il gérera la passphrase de protection
beaucoup plus courte que la clef elle-même 2048 bits.
En pratique, sais-tu si pour utiliser un HSM on DOIT s’interfacer avec
Merci beaucoup pour tes pointeurs. Je vais étudier ça.
Le HSM gérera la clef ; ou plutôt il gérera la passphrase de protection
beaucoup plus courte que la clef elle-même 2048 bits.
En pratique, sais-tu si pour utiliser un HSM on DOIT s’interfacer avec le
système via PAM ? (Je me dis que oui,
e comprends pas.
Pour chiffrer une phrase il suffit de la clef publique.
Pour déchiffrer une phrase il faut la clef privée.
Le serveur a seulement la clef publique.
Le client a les deux clefs.
Seul le client peut déchiffrer une phrase chiffrée.
Comment fait le serveur ssh pour savoir que c
je n'y connais rien mais tu peux éventuellement consulter ce qui suit:
- sur le fonctionnement général de PAM: la vieille doc de kernel.org
(The Linux-PAM System Administrators' Guide) n'est plus semble-t-il
disponible sur le site d'origine mais on la dtouve encore ailleurs:
mment dois-je procéder pour qu'elle soit utilisée par le système
sur le client il faut utiliser le paramètre -i pour utiliser le clef adhoc
ou l'indiquer dans ~/.ssh/config du client. Donc il faut monter ta clef
pour qu'elle soit accessible par le client.
> En cherchant, j'ai lu des cho
savoir si on doit utiliser PAM, et comment.
> Le 19 juil. 2023 à 00:00, ajh-valmer a écrit :
>
> Il suffit de taper 3 mots dans un moteur de recherche :
> www.digitalocean.com/community/tutorials/how-to-configure-ssh-key-based-authentication-on-a-linux-server-fr
> :-)
>
>>
Il suffit de taper 3 mots dans un moteur de recherche :
www.digitalocean.com/community/tutorials/how-to-configure-ssh-key-based-authentication-on-a-linux-server-fr
:-)
On Tuesday 18 July 2023 18:16:21 roger.tar...@free.fr wrote:
> Un utilisateur dispose d'une clef ssh privée et d'une c
Bonjour,
Un utilisateur dispose d'une clef ssh privée et d'une clef publique rangés dans
~/.ssh/ , avec des droits 600.
S'il a copié la clef publique sur un serveur distant, l'agent local saura "lier
la clef publique et la privée" pour lui donner accès à l'hôte distant sans
besoin
stema. Es raro, sí...
>
> Seguramente sea algo en la configuracion de caja, en $home/.config
> Si encuentro la solucion la posteare.
>
>> Mira ver qué sucede con ssh (esto funcionará siempre y cuando en el
>> servidor tengas un entono gráfico instalado con Mate, si no e
On Mon, 17 Jul 2023, to...@tuxteam.de wrote:
On Sun, Jul 16, 2023 at 03:21:06PM -0400, Timothy M Butterworth wrote:
Do you have TCP wrappers installed and running? Please post the output
of: `less /etc/hosts.allow` `less /etc/hosts.deny`
tcpwrappers would lead to a connection refused, not a
On Sun, Jul 16, 2023 at 03:21:06PM -0400, Timothy M Butterworth wrote:
[...]
> Do you have TCP wrappers installed and running? Please post the output
> of: `less
> /etc/hosts.allow` `less /etc/hosts.deny`
tcpwrappers would lead to a connection refused, not a timeout.
Cheers
--
t
probable,but hey) it's sshd config.
>
> Here is netstat -antp on one of the Debian 9 machines where I am currently
> logged in locally as root via ssh.
>
> Active Internet connections (servers and established)
> Proto Recv-Q Send-Q Local AddressForeign Address State
>
/SuSEfirewall2_init.service.
root@kananga ~ systemctl stop SuSEfirewall2
root@kananga ~ systemctl is-enabled SuSEfirewall2
disabled
I then recycled the machine, power off, power on, and I can now ssh into this
Debian 9 machine from Debian 11 :-) , so I have a permanent solution.
My thanks to all
Roger Price writes:
> Does the style of comment give a clue to the tool used ?
Earlier you posted a list of firewall rules like this:
iptables -L -n --line-numbers reports
Chain INPUT (policy ACCEPT)
num targetprot opt source destination
1
Roger Price wrote:
> After the restart, I tried to ssh from Debian 11 to that Debian 9 machine
>
> rprice@titan ~ ssh -v rprice@kananga
> ssh: connect to host kananga port 22: Connection timed out
>
> So it's something else? Roger
Sorry, but I didn't follow the whole thre
mick.crane (12023-07-16):
> I'd compare the public key of you at 11 to what's in the authorized_keys on
> 9.
> and what's in known_hosts.
> and what's in the sshd config file on 9 about "Listen"
> after that I dunno.
Oh, please stop. The symptoms do not point to issues with the key AT ALL
and the
On 2023-07-16 10:53, Roger Price wrote:
On Sun, 16 Jul 2023, mick.crane wrote:
did you try to ssh to the ip address?
I vaguely remember something to do with the keys where I could ssh by
number but not name.
I ssh from Debian 11 to Debian 9 :
rprice@titan ~ ssh rprice@192.168.1.13
ssh
On Sun, 16 Jul 2023, mick.crane wrote:
did you try to ssh to the ip address?
I vaguely remember something to do with the keys where I could ssh by number
but not name.
I ssh from Debian 11 to Debian 9 :
rprice@titan ~ ssh rprice@192.168.1.13
ssh: connect to host 192.168.1.13 port 22
1 - 100 of 13994 matches
Mail list logo