The message means that the host key of origin is not present in your trusted hosts file. To get around this you could try following, open a plain SSHconnection to origin and SSHwill ask you if you want to trust the remote host:
If you trust the remote host (i.e. type yes), SSHwill enter it's key to the list of known hosts.
After that, you should be able to do your push. As an alternative, you could also manually add the key of origin to .ssh/known_hosts but this requires that you adhere to the format of the known_hosts file as described in the man page of sshd (Section AUTHORIZED_KEYS FILE FORMAT)
Hi,
How we can use use plink to access unix system using Dos.
Could someone send me the commands that can be use in Batch file to call unix system using plink utility.
Thanks in advance (0 Replies)
Hi,
I'm testing out this plink script - which will be executed to shutdown multiple LPARs.
This consists from:
plink -i /path/ssh/cert/ root@host shutdown -F
plink -i /path/ssh/cert/ root@host2 shutdown -F
The commands gets executed, however it stops on one host, and does not move... (6 Replies)
Hi Plink users,
I am very new in GWAS and decided to use PLINK for this. But I am struggling with file formats.
I have one exome data with 200000 SNPs in it. But it is in .txt format. But all the necessary fields are there in different columns.
Can you please suggest me how I can create the... (5 Replies)
I recently got myself a new 2 TB drive.
However everytime I connect the drive it doesn't have a drive letter, so I have to open the diskmgmt.msc and manually reassign it (EVERY TIME I connect the Drive...)
Also the Drive appears to have no Recycle Bin.
It always prompts to instantly delete... (4 Replies)
Hi,
I have a desktop it's about seven to eight years old. It has Windows XP. When I open I.E or Firefox or Google Chrome, I get so many other popup.
I did install CClearner and spybot search & Destroy. But still I am getting lot of popup. crazy picture of girls comes on the screen.
... (8 Replies)
Hi All,
Iam a newbie to the plink and need your assistance. I have referred some posts but it doesn't helps me much.
I have two steps to do.
1. I have a config file which has a list of servers,username and password.
2. I have a shell script in windows which accepts arguments and need to... (0 Replies)
Hi there,
I am trying to understanding the difference between X11, host- based versus user-based access controls. And how vulnerability can the X11 settings be and why it is recommended to turn it off. (1 Reply)
Hello,
I am trying to fire up a GUI in my Unix server as root
and it comes out with this error MobaXterm X11 proxy: Unsupported authorisation protocol
Error: Can't open display: localhost:11.0
Is this to do with the Xauthority file as I have added this command to it xauth add... (8 Replies)
Hi all,
I would greatly appreciate some help with this. I may not even be on the right path but I think I am close.
I have a Synology NAS that I am running rsync jobs on to offload to USB3. These work fine.
I have backup software on our Windows Server 2008R2 that I have now realized can... (2 Replies)
Discussion started by: stefshuuj
2 Replies
LEARN ABOUT DEBIAN
monkeysphere
MONKEYSPHERE(7) System Frameworks MONKEYSPHERE(7)NAME
monkeysphere - ssh and TLS authentication framework using OpenPGP Web of Trust
DESCRIPTION
Monkeysphere is a framework to leverage the OpenPGP web of trust for OpenSSH and TLS key-based authentication. OpenPGP keys are tracked
via GnuPG, and added to the authorized_keys and known_hosts files used by OpenSSH for connection authentication. Monkeysphere can also be
used by a validation agent to validate TLS connections (e.g. https).
IDENTITY CERTIFIERS
Each host that uses the Monkeysphere to authenticate its remote users needs some way to determine that those users are who they claim to
be. SSH permits key-based authentication, but we want instead to bind authenticators to human-comprehensible user identities. This switch
from raw keys to User IDs makes it possible for administrators to see intuitively who has access to an account, and it also enables end
users to transition keys (and revoke compromised ones) automatically across all Monkeysphere-enabled hosts. The User IDs and certifica-
tions that the Monkeysphere relies on are found in the OpenPGP Web of Trust.
However, in order to establish this binding, each host must know whose cerifications to trust. Someone who a host trusts to certify User
Identities is called an Identity Certifier. A host must have at least one Identity Certifier in order to bind User IDs to keys. Commonly,
every ID Certifier would be trusted by the host to fully identify any User ID, but more nuanced approaches are possible as well. For exam-
ple, a given host could specify a dozen ID certifiers, but assign them all "marginal" trust. Then any given User ID would need to be cer-
tified in the OpenPGP Web of Trust by at least three of those certifiers.
It is also possible to limit the scope of trust for a given ID Certifier to a particular domain. That is, a host can be configured to
fully (or marginally) trust a particular ID Certifier only when they certify identities within, say, example.org (based on the e-mail
address in the User ID).
KEY ACCEPTABILITY
The monkeysphere commands work from a set of user IDs to determine acceptable keys for ssh and TLS authentication. OpenPGP keys are con-
sidered acceptable if the following criteria are met:
capability
The key must have the `authentication' (`a') usage flag set.
validity
The key itself must be valid, i.e. it must be well-formed, not expired, and not revoked.
certification
The relevant user ID must be signed by a trusted identity certifier.
HOST IDENTIFICATION
The OpenPGP keys for hosts have associated `service names` (OpenPGP user IDs) that are based on URI specifications for the service. Some
examples:
ssh: ssh://host.example.com[:port]
https: https://host.example.com[:port]
AUTHOR
Written by: Jameson Rollins <jrollins@finestructure.net>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>
SEE ALSO monkeysphere(1), monkeysphere-host(8), monkeysphere-authentication(8), openpgp2ssh(1), pem2openpgp(1), gpg(1),
http://tools.ietf.org/html/rfc4880, ssh(1), http://tools.ietf.org/wg/secsh/draft-ietf-secsh-scp-sftp-ssh-uri/
monkeysphere March 2010 MONKEYSPHERE(7)