search for: _path_host_dsa_key_file

It appears somewhat inconsistent to me that parameter HostKey is configurable on the server side but fixed on the client side. On the client, always _PATH_HOST_KEY_FILE, _PATH_HOST_DSA_KEY_FILE, _PATH_HOST_RSA_KEY_FILE are used (in this order), whereas on the server, the paths can be specified by up to three HostKey options as arbitrary names in arbitrary sequence. Similarly, option GlobalKnownHostsFile is configurable for the client only but fixed as _PATH_SSH_SYSTEM_HOSTFILE for the ser...

...0:46 2003 @@ -634,11 +634,13 @@ PRIV_START; sensitive_data.keys[0] = key_load_private_type(KEY_RSA1, - _PATH_HOST_KEY_FILE, "", NULL); + _PATH_HOST_KEY_FILE, "", NULL, options.group_private_key); sensitive_data.keys[1] = key_load_private_type(KEY_DSA, - _PATH_HOST_DSA_KEY_FILE, "", NULL); + _PATH_HOST_DSA_KEY_FILE, "", NULL, + options.group_private_key); sensitive_data.keys[2] = key_load_private_type(KEY_RSA, - _PATH_HOST_RSA_KEY_FILE, "", NULL); + _PATH_HOST_RSA_KEY_FILE, "", NULL, + options.group_priva...

...openssh/ssh-keysign.c,v retrieving revision 1.43 diff -u -p -r1.43 ssh-keysign.c --- ssh-keysign.c 10 Sep 2010 01:12:09 -0000 1.43 +++ ssh-keysign.c 29 Apr 2011 01:25:55 -0000 @@ -167,6 +167,9 @@ main(int argc, char **argv) key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); + if (fcntl(key_fd[0], F_SETFD, FD_CLOEXEC) != 0 || + fcntl(key_fd[1], F_SETFD, FD_CLOEXEC) != 0) + fatal("fcntl failed"); original_real_uid = getuid(); /* XXX readconf.c needs this */ if ((pw = getpwuid(original_real_uid)) == NULL)

...EX_SHA256] = kexgex_server; kex->server = 1; TO REMOVE DSA HOST KEY IN servconf.c if (options->protocol & SSH_PROTO_2) { options->host_key_files[options->num_host_key_files++] = _PATH_HOST_RSA_KEY_FILE; options->host_key_files[options->num_host_key_files++] = _PATH_HOST_DSA_KEY_FILE; } CHANGE TO if (options->protocol & SSH_PROTO_2) { options->host_key_files[options->num_host_key_files++] = _PATH_HOST_RSA_KEY_FILE; } /etc/rc REMOVE LINES ABOUT GENERATING THE UNWANTED KEYS AT STARTUP (cant print the lines because I already deleted them.. sorry)

...openssh/ssh-keysign.c,v retrieving revision 1.43 diff -u -p -r1.43 ssh-keysign.c --- ssh-keysign.c 10 Sep 2010 01:12:09 -0000 1.43 +++ ssh-keysign.c 29 Apr 2011 01:25:55 -0000 @@ -167,6 +167,9 @@ main(int argc, char **argv) key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); + if (fcntl(key_fd[0], F_SETFD, FD_CLOEXEC) != 0 || + fcntl(key_fd[1], F_SETFD, FD_CLOEXEC) != 0) + fatal("fcntl failed"); original_real_uid = getuid(); /* XXX readconf.c needs this */ if ((pw = getpwuid(original_real_uid)) == NULL)

...key must be readable only by root, whereas ssh_config * should be world-readable. */ ! #define _PATH_SERVER_CONFIG_FILE ETCDIR "/sshd_config" ! #define _PATH_HOST_CONFIG_FILE ETCDIR "/ssh_config" ! #define _PATH_HOST_KEY_FILE ETCDIR "/ssh_host_key" ! #define _PATH_HOST_DSA_KEY_FILE ETCDIR "/ssh_host_dsa_key" ! #define _PATH_HOST_RSA_KEY_FILE ETCDIR "/ssh_host_rsa_key" #define _PATH_DH_MODULI ETCDIR "/moduli" /* Backwards compatibility */ #define _PATH_DH_PRIMES ETCDIR "/primes" --- 20,45 ---- #define _PATH_SSH_PIDDIR...

Could people please test -current? We will be making a release fairly soon. -d -- | By convention there is color, \\ Damien Miller <djm at mindrot.org> | By convention sweetness, By convention bitterness, \\ www.mindrot.org | But in reality there are atoms and space - Democritus (c. 400 BCE)

Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the

...; options->hostbased_uses_name_from_packet_only = -1; options->rsa_authentication = -1; + options->certkey_authentication = -1; options->pubkey_authentication = -1; options->kerberos_authentication = -1; options->kerberos_or_local_passwd = -1; @@ -134,6 +136,8 @@ _PATH_HOST_DSA_KEY_FILE; } } + if (options->ca_key_file == NULL) + options->ca_key_file = _PATH_CA_KEY_FILE; if (options->num_ports == 0) options->ports[options->num_ports++] = SSH_DEFAULT_PORT; if (options->listen_addrs == NULL) @@ -180,6 +184,8 @@ options->hostbased_uses_name_from_pa...