From mboxrd@z Thu Jan 1 00:00:00 1970 From: erik quanstrom Date: Fri, 27 Nov 2009 09:52:24 -0500 To: 9fans@9fans.net Message-ID: In-Reply-To: <> References: <> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Subject: Re: [9fans] SSH server Topicbox-Message-UUID: a42956da-ead5-11e9-9d60-3106f5b1d025 > Reading /mnt/factotum/ctl only gives you the keys you are allowed to use. > > factotum(4) says: > > The factotum owner can use any key stored by factotum. Any > key may have one or more owner attributes listing the users > who can use the key as though they were the owner. For > example, the TLS and SSH host keys on a server often have an > attribute owner=* to allow any user (and in particular, > `none') to run the TLS or SSH server-side protocol. > > Therefore the example in ssh(1) for generating a key should say: > > auth/rsagen -t 'service=sshserve owner=*' >/mnt/factotum/ctl none doesn't have access to eve's factotum, so you have to run sshserve from a trusted listen anyway. double-checking with my own ssh server, i have (keys deleted) key proto=rsa service=sshserve size=1024 ek=B !dk= n= !p= !q= !kp= !kq= !c2= so i don't think that '*' is required. however i think that running from /rc/bin/service.auth is. - erik