Re: [opensc-devel] Announcing debugging server and asking for advice
Dear all, Thanks for donation of smartcards and emails. Finally, the server I was planning to use did not work as expected (no video output, I suspect end-of-life) so I ordered a new Supermicro server, which will arrive next week. This is also better to reduce power consumption. So please be patient, we need to wait a few days more. Kind regards, Jean-Michel smime.p7s Description: S/MIME cryptographic signature ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Announcing debugging server and asking for advice
Le mardi 29 mai 2012 à 15:38 +0200, Peter Stuge a écrit : > Doing it in sshd will probably be faster though. Per discussion with Ludovic, restricting ssh connections might not be a good thing. So I will not restrict them. Kind regards, -- Jean-Michel Pouré - Gooze - http://www.gooze.eu smime.p7s Description: S/MIME cryptographic signature ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Announcing debugging server and asking for advice
Jean-Michel Pouré - GOOZE wrote: > > You can modify sshd a little or use some PAM module which I'm sure > > can implement this policy. > > > > For sshd you can start by setting MaxSessions to 1, but there's no > > MaxAuthenticatedSessions setting. Be careful with MaxStartups, or > > it becomes very easy to deny service. > > Thanks, I will try this way. Note that MaxSessions doesn't do what you want, so if you don't want to get into the sshd code then you have to configure some PAM thing. Doing it in sshd will probably be faster though. //Peter pgpgTrzvg0Fv2.pgp Description: PGP signature ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Announcing debugging server and asking for advice
Le mardi 29 mai 2012 à 13:49 +0200, Peter Stuge a écrit : > > You can modify sshd a little or use some PAM module which I'm sure > can implement this policy. > > For sshd you can start by setting MaxSessions to 1, but there's no > MaxAuthenticatedSessions setting. Be careful with MaxStartups, or > it becomes very easy to deny service. Thanks, I will try this way. -- Jean-Michel Pouré - Gooze - http://www.gooze.eu smime.p7s Description: S/MIME cryptographic signature ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Announcing debugging server and asking for advice
Jean-Michel Pouré - GOOZE wrote: > * If possible, I would like to restrict the number of concurrent > sessions in OpenSSH an set it to one. There should be no idle session. > If someone is already connected doing debugging, OpenSSH should reject > connection. This is the most tricky part of the settings as I have NO > IDEA how to achieve this. You can modify sshd a little or use some PAM module which I'm sure can implement this policy. For sshd you can start by setting MaxSessions to 1, but there's no MaxAuthenticatedSessions setting. Be careful with MaxStartups, or it becomes very easy to deny service. //Peter pgp61BsKzbAG3.pgp Description: PGP signature ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] Announcing debugging server and asking for advice
Dear all, As part of the preparation work to reorganize and give more power to the community at large, we are happy to announce that we are setting up a debugging server for OpenSC. This is not the QA farm, as QA an automated testing tool. The aim of the debugging server is to give OpenSC main developers access to the most popular smarcards in a debugging environment. Some smartcards are hard to find or come in a developer version, for example the Starcos SPK 2.3. Others are quite expensive, I wron't comment. So IMHO it is better to do testing on a shared server. So we plan to implement the following, advice is welcome: * pcscd should be started in user mode and debug mode with output to log file, upon user connection. Users are part of pcscd group, so they should be able to access smartcards, kill and restart the daemon. * If possible, I would like to restrict the number of concurrent sessions in OpenSSH an set it to one. There should be no idle session. If someone is already connected doing debugging, OpenSSH should reject connection. This is the most tricky part of the settings as I have NO IDEA how to achieve this. * What debugging/profiling tools do you need? gbd, what else? * Anyone can ask for access, just write me jmpo...@gooze.eu. Access is free as in free beer. As usual, donations of smartcards are welcome. We now need two cards from the same vendor/type: one card for the QA farm, another for the debugging server. The first version of the debugging server will be online on Wednesday, comments are welcome. Let the force be with us! Kind regards, -- Jean-Michel Pouré - Gooze - http://www.gooze.eu smime.p7s Description: S/MIME cryptographic signature ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
