Displaying 20 results from an estimated 20 matches for "auth_rhosts2".
2001 Sep 28
2
openssh-2.9p2, auth2.c
Even with option "HostbasedUsesNameFromPacketOnly yes", the trailing
dot in chost should be stripped before auth_rhosts2() is called from
hostbased_key_allowed().
Hans Werner Strube strube at physik3.gwdg.de
Drittes Physikalisches Institut, Univ. Goettingen
Buergerstr. 42-44, D-37073 Goettingen, Germany
Suggested change:
*** auth2.c.ORI Wed Apr 25 14:44:15 2001
--- auth2.c Fri Sep 28 10:27:34 2001...
2005 Oct 06
1
Possible security problem in hostbased user authentication?
In auth2-hostbased.c, line #146
if (auth_rhosts2(pw, cuser, chost, chost) == 0)
^^^^^
shouldn't this be
if (auth_rhosts2(pw, cuser, chost, ipaddr) == 0)
^^^^^^
The code was found in 4.2.
Best regards,
Choung S.Park
2002 Aug 07
0
[Bug 382] New: Privilege Separation breaks HostbasedAuthentication
...expect entering: type 21
debug3: mm_request_receive entering
debug3: monitor_read: checking request 20
debug3: mm_answer_keyallowed entering
debug3: mm_answer_keyallowed: key_from_blob: 1245e0
debug2: userauth_hostbased: chost evereska. resolvedname evereska.wan.erac.com
ipaddr 10.49.191.9
debug2: auth_rhosts2: clientuser rjl01 hostname evereska. ipaddr evereska.
debug1: temporarily_use_uid: 503/5005 (e=0)
debug1: restore_uid
debug2: userauth_hostbased: access allowed by auth_rhosts2
debug3: check_host_in_hostfile: filename /opt/erac/etc/ssh_known_hosts
debug1: temporarily_use_uid: 503/5005 (e=0)
debug3:...
2002 May 08
1
[PATCH] Strip trailing . when using HostbasedUsesNameFromPacketOnly
...ddr %s",
chost, resolvedname, ipaddr);
+ if (((len = strlen(chost)) > 0) && chost[len - 1] == '.') {
+ debug2("stripping trailing dot from chost %s", chost);
+ chost[len - 1] = '\0';
+ }
if (options.hostbased_uses_name_from_packet_only) {
if (auth_rhosts2(pw, cuser, chost, chost) == 0)
return 0;
lookup = chost;
} else {
- if (((len = strlen(chost)) > 0) && chost[len - 1] == '.') {
- debug2("stripping trailing dot from chost %s", chost);
- chost[len - 1] = '\0';
- }
if (strcasecmp(resolvedname, c...
2001 Nov 09
2
openssh-3.0p1, auth2.c
openssh-3.0p1 still contains the bug which I already reported on Sept. 28 2001
for 2.9p2, namely, the trailing dot in chost should be stripped before calling
auth_rhosts2() even with option "HostbasedUsesNameFromPacketOnly yes".
Otherwise, the host names in /etc/hosts.equiv and .rhosts would have to be
dot-terminated. Fix: Move lines 776-779 of auth2.c upwards to after line 767.
(These line numbers also hold for 2.9.9p2.)
*** auth2.c.ORI Wed Oct 3 19:12:...
2002 Jul 18
1
[Bug 342] RhostsRSAAuthentication does not work with 3.4p1
http://bugzilla.mindrot.org/show_bug.cgi?id=342
stevesk at pobox.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
------- Additional Comments From stevesk at pobox.com 2002-07-18
2001 Jun 04
1
[PATCH]: Add check_ntsec to ownership/mode tests
...Corinna
Index: auth-rhosts.c
===================================================================
RCS file: /cvs/openssh_cvs/auth-rhosts.c,v
retrieving revision 1.17
diff -u -p -r1.17 auth-rhosts.c
--- auth-rhosts.c 2001/04/12 23:34:35 1.17
+++ auth-rhosts.c 2001/06/04 10:05:34
@@ -228,6 +228,9 @@ auth_rhosts2(struct passwd *pw, const ch
pw->pw_name, pw->pw_dir);
return 0;
}
+#ifdef HAVE_CYGWIN
+ if (check_ntsec(pw->pw_dir))
+#endif
if (options.strict_modes &&
((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
(st.st_mode & 022) != 0)) {
Index: auth...
2003 Feb 28
1
Hostbased Authentication Question
...entering: type 20
debug3: monitor_read: checking request 20
debug3: mm_answer_keyallowed entering
debug3: mm_answer_keyallowed: key_from_blob: 0x80a4e88
debug2: userauth_hostbased: chost mckinley. resolvedname mckinley ipaddr
192.168.10.1
debug2: stripping trailing dot from chost mckinley.
debug2: auth_rhosts2: clientuser root hostname mckinley ipaddr
192.168.10.1
debug1: temporarily_use_uid: 0/0 (e=0/0)
debug1: restore_uid: 0/0
debug1: temporarily_use_uid: 0/0 (e=0/0)
debug1: restore_uid: 0/0
debug3: mm_answer_keyallowed: key 0x80a4e88 is disallowed
debug3: mm_request_send entering: type 21
debug3: mm_...
2014 Mar 14
7
[Bug 2211] New: Too many hostbased authentication attempts
https://bugzilla.mindrot.org/show_bug.cgi?id=2211
Bug ID: 2211
Summary: Too many hostbased authentication attempts
Product: Portable OpenSSH
Version: 6.5p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs at
2003 Feb 05
0
openssh 3.5p1 hostbased authentication
...entering: type 20
debug3: monitor_read: checking request 20
debug3: mm_answer_keyallowed entering
debug3: mm_answer_keyallowed: key_from_blob: 0x6000000000022cd0
debug2: userauth_hostbased: chost i2-0. resolvedname i2-0 ipaddr
192.168.100.10
debug2: stripping trailing dot from chost i2-0.
debug2: auth_rhosts2: clientuser jholland hostname i2-0 ipaddr
192.168.100.10
debug1: temporarily_use_uid: 500/100 (e=0/0)
debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED
debug3: mm_request_receive_expect entering: type 21
debug3: mm_request_receive entering
debug1: restore_uid: 0/0
debug2: userauth_hostbas...
2002 Jun 25
0
getnameinfo(), PrivSep, FreeBSD 4.1.1
...f hours scratching my head about a problem on
FreeBSD 4.1.1 with OpenSSH 3.3p1.
Without privsep:
debug1: Trying rhosts with RSA host authentication for client user gert
debug3: Trying to reverse map address 195.30.1.100.
debug1: Rhosts RSA authentication: canonical host moebius2.space.net
debug2: auth_rhosts2: clientuser gert hostname moebius2.space.net ipaddr 195.30.1.100
With privsep:
debug3: mm_auth_password: user not authenticated
debug3: mm_request_receive entering
debug1: Trying rhosts with RSA host authentication for client user gert
debug3: Trying to reverse map address 195.30.1.100.
<long...
2003 Sep 13
3
Trailing dot is not removed from client hostname if HostbasedUsesNameFromPacketOnly is yes
If HostbasedUsesNameFromPacketOnly is set to yes, sshd does not remove
the trailing dot from the client supplied hostname, causing sshd to
attempt to look up "foo.example.com." (note trailing period) in
known_hosts and .shosts instead of "foo.example.com"
Trivial patch attached.
--
Carson
-------------- next part --------------
An embedded and charset-unspecified text was
2001 Jun 18
1
OpenSSH + Solaris + AFS ???
...g1: Starting up PAM with username "a2822ab"
debug3: Trying to reverse map address 129.187.10.85.
debug1: PAM setting rhost to "wsc33.lrz-muenchen.de"
debug1: Attempting authentication for a2822ab.
debug1: Trying rhosts with RSA host authentication for client user a2822ab
debug2: auth_rhosts2: clientuser a2822ab hostname wsc33.lrz-muenchen.de ipaddr 129.187.10.85
debug1: temporarily_use_uid: 10416/1052 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 10416/1052 (e=0)
debug1: restore_uid
debug1: Rhosts RSA authentication: canonical host wsc33.lrz-muenchen.de
debug3: check_host_in_h...
2002 Aug 01
0
[Bug 376] New: HostbasedAuthentication, followed snailbook but not working! :-(
...ey_allowed entering
debug3: mm_request_send entering: type 20
debug3: monitor_read: checking request 20
debug3: mm_answer_keyallowed entering
debug3: mm_answer_keyallowed: key_from_blob: 1245e0
debug2: userauth_hostbased: chost evereska. resolvedname
evereska.wan.erac.com ipaddr 10.49.191.9
debug2: auth_rhosts2: clientuser rjl01 hostname evereska. ipaddr
evereska.
debug1: temporarily_use_uid: 503/5005 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 503/5005 (e=0)
debug1: restore_uid
debug3: mm_answer_keyallowed: key 1245e0 is disallowed
debug3: mm_request_send entering: type 21
debug3: mm_request_r...
2003 Mar 21
5
[Bug 516] RhostsAuthentication failing under AIX 4.3.3
...bug2: monitor_read: 28 used once, disabling now
debug2: monitor_read: 30 used once, disabling nowdebug1: Installing crc
compensation attack detector.
debug1: Attempting authentication for root.
debug2: monitor_read: 6 used once, disabling now
Failed none for root from 9.164.18.22 port 943
debug2: auth_rhosts2: clientuser root hostname 9.164.18.22 ipaddr 9.164.18.22
debug1: temporarily_use_uid: 0/0 (e=7/204)
debug1: restore_uid: (unprivileged)
Failed rhosts for root from 9.164.18.22 port 943 ruser root
Connection closed by 9.164.18.22
debug1: Calling cleanup 0x200013b0(0x0)
The files .rhosts, .shosts a...
2002 Jul 25
0
openssh-unix-dev digest, Vol 1 #505 - 15 msgs
...ng for MONITOR_ANS_KEYALLOWED
> debug3: mm_answer_keyallowed entering
> debug3: mm_request_receive_expect entering: type 21
> debug3: mm_answer_keyallowed: key_from_blob: 0x80951d0
> debug3: mm_request_receive entering
> debug3: Trying to reverse map address 195.30.1.25.
> debug2: auth_rhosts2: clientuser gert hostname moebius.space.net ipaddr
> 195.30.1.25
> debug1: restore_uid
> debug1: restore_uid
> debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
> debug3: check_host_in_hostfile: filename /home/gert/.ssh/known_hosts
> ...
>
> Without PrivSep,...
2002 Jan 29
2
Key fingerprint logging
...sa = old_rsa;
+ key_free(k);
+ }
break;
}
/* Restore the privileged uid. */
restore_uid();
diff -u5 openssh-3.0.2p1.orig/auth.h openssh-3.0.2p1/auth.h
--- openssh-3.0.2p1.orig/auth.h Wed Jul 4 06:46:57 2001
+++ openssh-3.0.2p1/auth.h Tue Jan 29 13:45:29 2002
@@ -91,11 +91,11 @@
int
auth_rhosts2(struct passwd *, const char *, const char *, const char *);
int auth_rhosts_rsa(struct passwd *, const char *, RSA *);
int auth_password(Authctxt *, const char *);
-int auth_rsa(struct passwd *, BIGNUM *);
+int auth_rsa(struct passwd *, BIGNUM *, char *, int);
int auth_rsa...
2004 Jan 19
2
"PAM rejected by account configuration" and "fatal: monitor_read: unsupported request: 24" problem at secong sshd instance
...est 24
#Jan 19 23:31:11 mach sshd2[2918]: fatal: monitor_read: unsupported
request: 24
#Jan 19 23:31:11 mach sshd2[2918]: debug1: Calling cleanup 0x8054370(0x0)
sshd2 LOG in case of Hostbased Auth. was set on it:
#Jan 19 21:11:22 mach sshd2[21184]: debug2: userauth_hostbased: access
allowed by auth_rhosts2
#Jan 19 21:11:22 mach sshd2[21184]: debug3: check_host_in_hostfile:
#filename /etc/ssh/ssh_known_hosts
#Jan 19 21:11:22 mach sshd2[21184]: debug3: check_host_in_hostfile:
match line 6
#Jan 19 21:11:22 mach sshd2[21184]: debug2: check_key_in_hostfiles: key
ok for test1.fas.utv.skanova.net
#Jan 19...
2006 Jan 08
3
Allow --without-privsep build.
...n...
Is it worth me tidying this up and trying to make it apply properly to
the OpenBSD version? Does the openbsd version even use autocrap?
--- openssh-4.2p1/auth-rhosts.c~ 2005-07-17 08:22:45.000000000 +0100
+++ openssh-4.2p1/auth-rhosts.c 2006-01-07 18:14:32.000000000 +0000
@@ -289,7 +289,9 @@ auth_rhosts2(struct passwd *pw, const ch
auth_debug_reset();
ret = auth_rhosts2_raw(pw, client_user, hostname, ipaddr);
+#ifdef USE_PRIVSEP
if (!use_privsep)
+#endif
auth_debug_send();
return ret;
}
--- openssh-4.2p1/auth2.c~ 2005-07-17 08:26:44.000000000 +0100
+++ openssh-4.2p1/auth2.c 2006-01-07...
2015 Jan 09
5
OpenSSH_6.7p1 hostbased authentication failing on linux->linux connection. what's wrong with my config?
...Jan 9 07:37:31 server sshd[19835]: debug2: userauth_hostbased: chost client.DOMAIN.COM. resolvedname xxxx:xxx:xxxx:xxx::10 ipaddr xxxx:xxx:xxxx:xxx::10
Jan 9 07:37:31 server sshd[19835]: debug2: stripping trailing dot from chost client.DOMAIN.COM.
Jan 9 07:37:31 server sshd[19835]: debug2: auth_rhosts2: clientuser root hostname client.DOMAIN.COM ipaddr client.DOMAIN.COM
Jan 9 07:37:31 server sshd[19835]: debug1: temporarily_use_uid: 0/0 (e=0/0)
Jan 9 07:37:31 server sshd[19835]: debug1: restore_uid: 0/0
Jan 9 07:37:31 server sshd[19835]: debug1: temporarily_use_uid: 0/0 (e=0/0)
Jan 9...