search for: ask_permission

Hi all, currently I am considering writing a patch for OpenSSH that will allow portforwarding using the control_master unix domain socket. The idea is to introduce an extra SSHMUX command, SSHMUX_COMMAND_SOCKS, which will then pass control to the normal socks functions used for dynamic forwarding. The main reason for me to write this patch are: - some more control over who gets to connect to

...9;'. The default is ``no''. Having more knobs isn't really useful, IMHO. Default lifetime is configurable via ssh-agent(1)'s -t flag, and if you want to confirm each key use you should be willing to live without this convenience feature. By the way, are there plans to replace ask_permission() (also used for other "ask" type options, e.g. ControlMaster) by something a little more user-friendly? Having to type "yes" works, but isn't exactly elegant. (Not volunteering here, I know nothing about X.) Please be gentle, but inspect thoroughly, as this is my first pa...

Hi, (I'm not subscribed to the list, so please CC me on reply.) I'd like to request adding a feature to OpenSSH: Task: ~~~~~ It is quite sometime useful to invoke a program prior to connecting to an ssh server. The most common use case will probably be port knocking. That is a small program sends certain packets to a server and the server reacts to this by unlocking the ssh port, which

...y: P5 Component: ssh-agent Assignee: unassigned-bugs at mindrot.org Reporter: ldv at altlinux.org Created attachment 2432 --> https://bugzilla.mindrot.org/attachment.cgi?id=2432&action=edit proposed fix ssh-agent sometimes forks child processes. For example, ask_permission() may fork a child process to execute an askpass program. If it fails to execute, the child process exits using fatal(), which in turn calls cleanup_exit(), and the latter calls cleanup_socket(). As result, an error in child process causes unintended UNIX-domain socket removal. The fix is to reco...

...ic int +process_mux_master_hello(struct mux_master_state *state, Channel *c, + Buffer *m, Buffer *r) +{ + u_int ver; - switch (mux_command) { - case SSHMUX_COMMAND_OPEN: - if (options.control_master == SSHCTL_MASTER_ASK || - options.control_master == SSHCTL_MASTER_AUTO_ASK) - allowed = ask_permission("Allow shared connection " - "to %s? ", host); - /* continue below */ - break; - case SSHMUX_COMMAND_TERMINATE: - if (options.control_master == SSHCTL_MASTER_ASK || - options.control_master == SSHCTL_MASTER_AUTO_ASK) - allowed = ask_permission("Terminate sha...

...tun_open(int tun, int mode) +{ struct ifreq ifr; char name[100]; int fd = -1, sock; diff -Nurd openssh-4.3p2.orig/misc.h openssh-4.3p2/misc.h --- openssh-4.3p2.orig/misc.h 2006-01-31 05:49:28.000000000 -0500 +++ openssh-4.3p2/misc.h 2006-08-25 09:01:57.000000000 -0400 @@ -55,7 +55,11 @@ int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2))); int read_keyfile_line(FILE *, const char *, char *, size_t, u_long *); -int tun_open(int, int); +#if defined(SSH_TUN_LINUX) +int tun_open(int, int, uid_t); +#else +int tun_open(int, int); +#endif /* Common definitions for ssh tun...

...file into a static buffer, discarding * lines that exceed the buffer size. Returns 0 on success, -1 on failure. */ === modified file 'misc.h' --- misc.h 2007-07-30 09:54:36 +0000 +++ misc.h 2007-08-02 12:12:51 +0000 @@ -85,6 +85,7 @@ char *read_passphrase(const char *, int); int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2))); +FILE *open_keyfile(const char *, struct passwd *, int); int read_keyfile_line(FILE *, const char *, char *, size_t, u_long *); #endif /* _MISC_H */

...return (id); } return (NULL); @@ -218,7 +266,7 @@ confirm_key(Identity *id) char *p; int ret = -1; - p = sshkey_fingerprint(id->key, fingerprint_hash, SSH_FP_DEFAULT); + p = sshkey_fingerprint(id->idkey->key, fingerprint_hash, SSH_FP_DEFAULT); if (p != NULL && ask_permission("Allow use of key %s?\nKey fingerprint %s.", id->comment, p)) @@ -256,14 +304,14 @@ process_request_identities(SocketEntry * (r = sshbuf_put_u32(msg, tab->nentries)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); TAILQ_FOREACH(id, &tab->...