Displaying 5 results from an estimated 5 matches for "auth_rhosts_rsa_key_allow".
Did you mean:
auth_rhosts_rsa_key_allowed
2003 Oct 20
1
[Bug 746] host authentication requires RSA1 keys
...rsa', which will not work for
host based authentication in /etc/ssh/ssh_known_hosts.
In monitor.c, at about line 962 the type of the key passed to key_read() is
fixed:
case MM_RSAHOSTKEY:
key->type = KEY_RSA1; /* XXX */
allowed = options.rhosts_rsa_authentication &&
auth_rhosts_rsa_key_allowed(authctxt->pw,
cuser, chost, key);
In addition, the host's IP address is required in the key definition
in /etc/ssh/ssh_known_hosts; the symbolic host name won't work.
Here's a workaround, that could be included in the documentation:
Here's a workaround for the proble...
2006 Feb 12
1
sshd double-logging
...options.hostbased_authentication &&
hostbased_key_allowed(authctxt->pw,
cuser, chost, key);
+ auth_method = "hostbased";
break;
case MM_RSAHOSTKEY:
key->type = KEY_RSA1; /* XXX */
allowed = options.rhosts_rsa_authentication &&
auth_rhosts_rsa_key_allowed(authctxt->pw,
cuser, chost, key);
+ auth_method = "rsa";
break;
default:
fatal("%s: unknown key type %d", __func__, type);
@@ -1010,6 +1014,9 @@ mm_answer_keyallowed(int sock, Buffer *m
key_blobtype = type;
hostbased_cuser = cuser;
hostbased_ch...
2003 Oct 20
12
[Bug 747] host authentication requires RSA1 keys
...rsa', which will not work for
host based authentication in /etc/ssh/ssh_known_hosts.
In monitor.c, at about line 962 the type of the key passed to key_read() is
fixed:
case MM_RSAHOSTKEY:
key->type = KEY_RSA1; /* XXX */
allowed = options.rhosts_rsa_authentication &&
auth_rhosts_rsa_key_allowed(authctxt->pw,
cuser, chost, key);
In addition, the host's IP address is required in the key definition
in /etc/ssh/ssh_known_hosts; the symbolic host name won't work.
Here's a workaround, that could be included in the documentation:
Here's a workaround for the proble...
2010 Oct 18
13
[Bug 1829] New: auth-rsa.c: move auth_key_is_revoked() call from auth_rsa_verify_response() to auth_rsa_key_allowed()
...should be no security degradation.
auth_rsa_key_allowed() is called from auth_rsa() only;
auth_rsa_verify_response() is called only from
auth_rsa_challenge_dialog(), which in turn is called
- either from auth_rsa(), right after auth_rsa_key_allowed() call,
- or from auth_rhosts_rsa(), right after auth_rhosts_rsa_key_allowed()
call, which already calls auth_key_is_revoked().
As result of this change, auth_rsa_key_allowed() will be called earlier
on the auth_rsa() path, before starting challenge-response, which is
good, and won't be called second time on the auth_rhosts_rsa() path,
which is also good.
--
Config...
2006 Nov 15
11
OpenSSH Certkey (PKI)
...adability.
+
+$OpenBSD$
Index: auth.h
===================================================================
RCS file: /cvs/src/usr.bin/ssh/auth.h,v
retrieving revision 1.58
diff -u -r1.58 auth.h
--- auth.h 18 Aug 2006 09:15:20 -0000 1.58
+++ auth.h 15 Nov 2006 14:14:32 -0000
@@ -115,6 +115,7 @@
int auth_rhosts_rsa_key_allowed(struct passwd *, char *, char *, Key *);
int hostbased_key_allowed(struct passwd *, const char *, char *, Key *);
int user_key_allowed(struct passwd *, Key *);
+int user_cert_key_allowed(struct passwd *, Key *);
#ifdef KRB5
int auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client...