search for: auth_rsa

...-- openssh-3.0.2p1.orig/auth-rsa.c Mon Aug 6 23:01:49 2001 +++ openssh-3.0.2p1/auth-rsa.c Tue Jan 29 14:26:34 2002 @@ -118,11 +118,11 @@ * 0 if the client could not be authenticated, and 1 if authentication was * successful. This may exit if there is a serious protocol violation. */ int -auth_rsa(struct passwd *pw, BIGNUM *client_n) +auth_rsa(struct passwd *pw, BIGNUM *client_n, char *info, int info_size) { char line[8192], *file; int authenticated; u_int bits; FILE *f; @@ -179,11 +179,11 @@ * found, perform a challenge-response dialog to verify that the * user really has the...

File authorized_keys is unusable for mass key storage and manipulation. I wan to store keys in something like mysql server, but It will add big unwanted dependency to package. What if we use auth_rsa.c but instead search in file send key to some script and read sigle return value if key finded and empty if not. I think it will be very customizable. -- With Best Regards, Constantine

...~ ~ diff -ru openssh-3.1p1/auth-rsa.c openssh-3.1p1-mods/auth-rsa.c - --- openssh-3.1p1/auth-rsa.c Thu May 9 12:18:25 2002 +++ openssh-3.1p1-mods/auth-rsa.c Thu May 9 12:19:54 2002 @@ -123,8 +123,11 @@ * successful. This may exit if there is a serious protocol violation. */ int - -auth_rsa(struct passwd *pw, BIGNUM *client_n) +auth_rsa(struct passwd *pw, BIGNUM *client_n, char *realname, int realnamesize) { char line[8192], *file; int authenticated; @@ -134,6 +137,8 @@ struct stat st; Key *key; char *fp; + char *comment; +...

...was looking through the RSA fingerprinting code from a few releases back, with an eye to being able to close <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=111598>. While it works fine with SSH2, the fingerprint log message goes missing with SSH1. I eventually realized that this is because auth_rsa() is called in the unprivileged child, and so can't write syslog messages. Am I right that auth_rsa()'s fingerprint logging needs to be split into a separate function which can be called through the monitor functions? If so, I will try to produce a patch. Thanks, -- Colin Watson...

...mode & 022) != 0)) { Index: auth-rsa.c =================================================================== RCS file: /cvs/openssh_cvs/auth-rsa.c,v retrieving revision 1.31 diff -u -p -r1.31 auth-rsa.c --- auth-rsa.c 2001/04/08 18:27:01 1.31 +++ auth-rsa.c 2001/06/04 10:05:34 @@ -156,6 +156,9 @@ auth_rsa(struct passwd *pw, BIGNUM *clie packet_send_debug("If your home is on an NFS volume, it may need to be world-readable."); return 0; } +#ifdef HAVE_CYGWIN + if (check_ntsec(file)) +#endif if (options.strict_modes) { int fail = 0; char buf[1024]; Index: auth2.c =============...

https://bugzilla.mindrot.org/show_bug.cgi?id=1829 Summary: auth-rsa.c: move auth_key_is_revoked() call from auth_rsa_verify_response() to auth_rsa_key_allowed() Product: Portable OpenSSH Version: 5.6p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindro...

Hi guys, and another feature request for sshd which I would classify as really useful. And I think this behaviour is currently not available (If yes, sorry, I must have missed it): > I believe that the sshd should log which RSA key was used to connect to > an account. When there are a number of keys in the authorized_keys file > it is often useful to know which one was used for each

...================== RCS file: /cvs/openssh/auth-rsa.c,v retrieving revision 1.41 diff -u -r1.41 auth-rsa.c --- auth-rsa.c 22 Jan 2002 12:16:33 -0000 1.41 +++ auth-rsa.c 23 Jan 2002 11:11:28 -0000 @@ -58,6 +58,8 @@ * our challenge; returns zero if the client gives a wrong answer. */ +static int auth_rsa_file(struct passwd *pw, BIGNUM *client_n, char *file); + int auth_rsa_challenge_dialog(RSA *pk) { @@ -122,11 +124,33 @@ * 0 if the client could not be authenticated, and 1 if authentication was * successful. This may exit if there is a serious protocol violation. */ +int +auth_rsa(struct...

Hi, SSH brute force attacks seem to enjoy increasing popularity. Call me an optimist or a misrouted kind of contributer to the community, but on our company server I actually go through the logs and report extreme cases to the providers of the originating IP's. With the increasing number of these attacks, however, I have now decided that it's better to move the SSHd to a different

...<djm at mindrot.org> > On Tue, 22 Oct 2013, Constantine wrote: > > > File authorized_keys is unusable for mass key storage and manipulation. I > > wan to store keys in something like mysql server, but It will add big > > unwanted dependency to package. What if we use auth_rsa.c but instead > > search in file send key to some script and read sigle return value if key > > finded and empty if not. I think it will be very customizable. > > You mean like AuthorizedKeysCommand in OpenSSH 6.2? > > > -- With Best Regards, Constantine

On Tue, 22 Oct 2013, Constantine wrote: > File authorized_keys is unusable for mass key storage and manipulation. I > wan to store keys in something like mysql server, but It will add big > unwanted dependency to package. What if we use auth_rsa.c but instead > search in file send key to some script and read sigle return value if key > finded and empty if not. I think it will be very customizable. You mean like AuthorizedKeysCommand in OpenSSH 6.2?

Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the