search for: auth_parse_options

...ted = !quoted; } } else - options = NULL; + optionsp = NULL; /* Parse the key from the line. */ if (!auth_rsa_read_key(&cp, &bits, pk->e, pk->n)) { @@ -232,7 +231,7 @@ * If our options do not allow this key to be used, * do not send challenge. */ - if (!auth_parse_options(pw, options, file, linenum)) + if (!auth_parse_options(pw, optionsp, file, linenum)) continue; /* Perform the challenge-response dialog for this key. */ --- auth2.c.orig Mon Nov 19 16:54:10 2001 +++ auth2.c Mon Nov 19 16:55:18 2001 @@ -691,7 +691,7 @@ found = key_new(key->type);...

...ted = !quoted; } } else - options = NULL; + optionsp = NULL; /* Parse the key from the line. */ if (!auth_rsa_read_key(&cp, &bits, pk->e, pk->n)) { @@ -232,7 +232,7 @@ * If our options do not allow this key to be used, * do not send challenge. */ - if (!auth_parse_options(pw, options, file, linenum)) + if (!auth_parse_options(pw, optionsp, file, linenum)) continue; /* Perform the challenge-response dialog for this key. */ @@ -251,6 +251,15 @@ * otherwise continue searching. */ authenticated = 1; + if (options.log_fingerprint) { + Key *auth_ke...

...d/pattern key type support to a variety of functions, including key_read() and key_write(), among others - added key_match() implementation - auth-options.h - added void auth_set_key_env(Key *) prototype - auth-options.c - added auth_set_key_env() implementation - modified auth_parse_options() to return (-1) when new deny-access option is encountered - auth-rsa.c - modified auth_parse_options() return value check according to the change made to auth_parse_options() - auth2.c - modified user_key_allowed() to: - try key_match() if key_equal() fails -...

...d/pattern key type support to a variety of functions, including key_read() and key_write(), among others - added key_match() implementation - auth-options.h - added void auth_set_key_env(Key *) prototype - auth-options.c - added auth_set_key_env() implementation - modified auth_parse_options() to return (-1) when new deny-access option is encountered - auth-rsa.c - modified auth_parse_options() return value check according to the change made to auth_parse_options() - auth2.c - user_key_allowed() is not static now - modified user_key_allowed2() to: - t...

...http://www.zurich.ibm.com/~nik/ CH-8803 Rueschlikon / Switzerland P: +41-1-724-8913 F: +41-1-724-8080 -------------- next part -------------- *** auth-rsa.c.orig Tue Jun 11 17:47:42 2002 --- auth-rsa.c Thu May 8 14:43:33 2003 *************** *** 257,266 **** --- 257,270 ---- */ if (!auth_parse_options(pw, options, file, linenum)) continue; /* break out, this key is allowed */ + /* Log matching key's comment after stripping '\n'. */ + if ( strlen(cp) && ( cp[strlen(cp)-1] == '\n' ) ) + cp[strlen(cp)-1] = '\0'; + log("Authorized key ...

...irect_tcpip() ... if (! no_port_forwarding_flag) ... Basically the no_port_forwarding_flag was set to 0. Which seemed odd because I set the GatewayPorts to yes, in the sshd_config. So I look further, and it seems that the no_port_forwarding_flag only is set in one place inside sshd. That is in auth_parse_options(). Unfortunately auth_parse_options() is only called by user_dsa_key_allowed() which is in turn only called by ssh2_auth_pubkey() which due to this if statement in input_userauth_request() if (pw && strcmp(service, "ssh-connection")==0) { if (strcmp(method, "none")...

https://bugzilla.mindrot.org/show_bug.cgi?id=2027 Priority: P5 Bug ID: 2027 Assignee: unassigned-bugs at mindrot.org Summary: SSH generates misleading errors when using public key authentication Severity: normal Classification: Unclassified OS: Linux Reporter: xavier.jodoin at corp.ovh.com

..._key(&cp, &bits, pk->e, pk->n)) { debug("%.100s, line %lu: non ssh1 key syntax", file, linenum); @@ -230,11 +230,11 @@ /* We have found the desired key. */ /* * If our options do not allow this key to be used, * do not send challenge. */ - if (!auth_parse_options(pw, options, file, linenum)) + if (!auth_parse_options(pw, key_options, file, linenum)) continue; /* Perform the challenge-response dialog for this key. */ if (!auth_rsa_challenge_dialog(pk)) { /* Wrong response. */ @@ -249,10 +249,19 @@ * authentication to be rejected. * B...

https://bugzilla.mindrot.org/show_bug.cgi?id=1765 Summary: Error message if key not first in authorized_keys file Product: Portable OpenSSH Version: 5.5p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org

...pplied to all subsequent lines without options. IMNSHO this clearly shows the evil of global variables, and using extern whatever as a means of information sharing. Cheers, Han Holl --- auth-options.c.orig Fri Feb 9 14:14:51 2001 +++ auth-options.c Fri Feb 9 14:18:43 2001 @@ -57,11 +57,12 @@ auth_parse_options(struct passwd *pw, char *options, unsigned long linenum) { const char *cp; - if (!options) - return 1; /* reset options */ auth_clear_options(); + + if (!options) + return 1; while (*options && *options != ' ' && *options != '\t') { cp = "no-po...

...UD, Firewalls, Python -------------- next part -------------- diff -ur openssh-2.9p1/auth2.c openssh-2.9p1authdata/auth2.c --- openssh-2.9p1/auth2.c Wed Apr 25 06:44:15 2001 +++ openssh-2.9p1authdata/auth2.c Thu May 17 00:56:38 2001 @@ -771,6 +771,7 @@ if (key_equal(found, key) && auth_parse_options(pw, options, file, linenum) == 1) { found_key = 1; + key_matching_data(cp); debug("matching key found: file %s, line %ld", file, linenum); break; diff -ur openssh-2.9p1/key.c openssh-2.9p1authdata/key.c --- openssh-2.9p1/key.c Tue Apr 17 12:11:37 2001 +++ openssh-2.9...

...ntication options are only cleared in the monitor rather than in the privileged process. The obvious fix seems to be to clear them in both processes. This is implemented by the attached patch. This is only reproducible if the last key offered by the client is the one with the forced command, since auth_parse_options calls auth_clear_options on entry and that's called in the privileged process. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.

Hi, Sorry to post this here again, I already posted it in the users mailing list but haven't got very far. I really need to get this resolved ASAP, as it's causing a big security headache for us. If anyone can help that would be wonderful. The original thread is here: http://marc.info/?l=secure-shell&m=129562817820176&w=2 I am having a very strange problem with SSH. Essentially,

http://bugzilla.mindrot.org/show_bug.cgi?id=1172 Summary: [PATCH] Restrict public key authentication to scp access only Product: Portable OpenSSH Version: 4.3p2 Platform: All OS/Version: Linux Status: NEW Keywords: patch Severity: enhancement Priority: P2 Component: scp

Attached is a patch which adds a log= directive to authorized_keys. The text in the log="text" directive is appended to the log line, so you can easily tell which key is matched. For instance the line: log="hello world!",no-agent-forwarding,command="/bin/true",no-pty, no-user-rc,no-X11-forwarding,permitopen="127.0.0.1:7" ssh-rsa AAAAB3Nza....xcgaK9xXoU=

http://bugzilla.mindrot.org/show_bug.cgi?id=1319 Summary: ssh-keygen does not properly handle multiple keys Product: Portable OpenSSH Version: 4.5p1 Platform: Other OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh-keygen AssignedTo: bitbucket at mindrot.org