search for: authfd

I'm not on the mailing list, so I'd appreciate it if you could cc: me, though I will keep an eye on the archives. I am running openssh 2.2.0p1 on Debian GNU/Linux. I was pleased to see that 2.2.0p1 had support for DSA keys in the agent, and I have successfully used the v2 protocol to another openssh server with the agent providing authentication. I am also able to successfully connect

...completely from scratch over the past few days, so dont' have past patches to work from ... new-relay:/usr/slocal/src/openssh-1.2pre15> make gcc -g -O2 -Wall -I/usr/slocal/include -DETCDIR=\"/usr/local/etc/ssh\" -DSSH_PROGRAM=\"/usr/slocal/bin/ssh\" -DHAVE_CONFIG_H -c authfd.c -o authfd.o In file included from ssh.h:25, from authfd.c:19: rsa.h:40: parse error before `__P' rsa.h:42: parse error before `__P' rsa.h:44: parse error before `__P' rsa.h:45: parse error before `__P' make: *** [authfd.o] Error 1 Marc G. Fournier...

...ERVER=\"/usr/local/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/local/lib exec/ssh-keysign\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR= \"/var/empty\" -DSSH_RAND_HELPER=\"/usr/local/libexec/ssh-rand-helper\" -DHAVE _CONFIG_H -c authfd.c authfd.c: In function `ssh_request_reply': authfd.c:125: `write' undeclared (first use this function) authfd.c:125: (Each undeclared identifier is reported only once authfd.c:125: for each function it appears in.) authfd.c:137: warning: implicit declaration of function `read' make: **...

...t;agent failure" messages in the ssh.com world: #define SSH1_AGENT_FAILURE 5 #define SSH_AGENT_FAILURE 102 OpenSSH only checks for the first one, but the agent returns the second one. OpenSSH doesn't recognize it, and dies. Below is a proposed fix, as diffs to authfd.c and authfd.h. -- Richard Silverman slade at shore.net ================================================================================ *** authfd.h Sun Oct 8 17:45:16 2000 --- authfd.h.orig Tue Aug 22 20:46:24 2000 *************** *** 39,50 **** #define SSH2_AGENTC_REMOVE_IDENTITY 18...

...engine keys as well and means we don't need a different sshkey type for engine keys (they key off the SSHKEY_FLAG_EXT instead). James --- James Bottomley (2): sshkey: expose openssl EVP_PKEY to sshkey conversion routine. Add support for openssl engine based keys Makefile.in | 2 +- authfd.c | 44 ++++++++++++++ authfd.h | 6 ++ ssh-add.c | 36 ++++++++++++ ssh-agent.c | 74 ++++++++++++++++++++++++ ssh-engine.c | 159 +++++++++++++++++++++++++++++++++++++++++++++++++++ ssh-engine.h | 9 +++ sshkey.c | 87 ++++++++++++++++------------ sshkey.h | 5 ++ 9...

...907 The idea has been discussed a little in this e-mail thread: http://lists.mindrot.org/pipermail/openssh-unix-dev/2015-September/034381.html Signed-off-by: Fabiano Fid?ncio <fidencio at redhat.com> --- Changes since v1: - Fix a typo in the commit (SSH_AUTH_SOCKET -> SSH_AUTH_SOCK) --- authfd.c | 40 ++++++++++++++++++++++++++++------------ 1 file changed, 28 insertions(+), 12 deletions(-) diff --git a/authfd.c b/authfd.c index 12bf125..20fcba2 100644 --- a/authfd.c +++ b/authfd.c @@ -83,21 +83,12 @@ decode_reply(u_char type) return SSH_ERR_INVALID_FORMAT; } -/* Returns the numbe...

...----- Where openssl_tpm2_engine is available here: https://git.kernel.org/pub/scm/linux/kernel/git/jejb/openssl_tpm2_engin e.git/ --- James Bottomley (2): ? Add support for openssl engine based keys ? engine: add "any" engine mechanism and make it the default ?Makefile.in??|???4 +- ?authfd.c?????|??45 +++++++++++++++ ?authfd.h?????|???7 +++ ?ssh-add.c????|??41 +++++++++++-- ?ssh-agent.c??|??82 ++++++++++++++++++++++++++ ?ssh-engine.c | 185 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ?ssh-engine.h |??10 ++++ ?7 files changed, 367 insertions(+), 7 deletions(-) ?create m...

...nt.c] shorten - markus at cvs.openbsd.org 2000/08/19 12:48:11 [channels.c channels.h clientloop.c ssh.c ssh.h] support for ~. in ssh2 - deraadt at cvs.openbsd.org 2000/08/19 15:29:40 [crc32.h] proper prototype - markus at cvs.openbsd.org 2000/08/19 15:34:44 [authfd.c authfd.h key.c key.h ssh-add.1 ssh-add.c ssh-agent.1] [ssh-agent.c ssh-keygen.c sshconnect1.c sshconnect2.c Makefile] [fingerprint.c fingerprint.h] add SSH2/DSA support to the agent and some other DSA related cleanups. (note that we cannot talk to ssh.com's ssh2 agents)...

...ve specific limits on the type of keys they accept (so TPM 2.0 usually only does 2048 bits for RSA and NIST elliptic curves) so not all existing openssh keys can be converted to engine keys. Signed-off-by: James Bottomley <James.Bottomley at HansenPartnership.com> --- Makefile.in | 2 +- authfd.c | 46 ++++++++++++++++++ authfd.h | 7 +++ ssh-add.c | 41 ++++++++++++++-- ssh-agent.c | 83 ++++++++++++++++++++++++++++++++ ssh-engine.c | 154 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ssh-engine.h | 10 ++++ 7 files changed, 338 insertions(+), 5 deletions(...

...n't :) > 6. Ran "make" Using gmake, it falls over straight away on 2.5.1 (gcc-2.95.1) and 2.7 (gcc-2.95), with: gcc -O2 -fomit-frame-pointer -Wall -I/usr/local/ssl/include -DETCDIR=\"/usr/local/etc\" -DSSH_PROGRAM=\"/usr/local/bin/ssh\" -DHAVE_CONFIG_H -c authfd.c -o authfd.o In file included from ssh.h:25, from authfd.c:19: rsa.h:40: parse error before `__P' rsa.h:42: parse error before `__P' rsa.h:44: parse error before `__P' rsa.h:45: parse error before `__P' a quick: #define __P(p) p in rsa.h fixes that. Then falls...

...ok markus@ - markus at cvs.openbsd.org 2001/06/26 02:47:07 [ssh-keygen.c] allow loading a private RSA key to a cyberflex card. - markus at cvs.openbsd.org 2001/06/26 04:07:06 [ssh-agent.1 ssh-agent.c] add debug flag - markus at cvs.openbsd.org 2001/06/26 04:59:59 [authfd.c authfd.h ssh-add.c] initial support for smartcards in the agent - markus at cvs.openbsd.org 2001/06/26 05:07:43 [ssh-agent.c] update usage - markus at cvs.openbsd.org 2001/06/26 05:33:34 [ssh-agent.c] more smartcard support. - mpech at cvs.openbsd.org 2001/06/26...

...ore sense. - - Heaps of OpenBSD CVS changes merged. Full changelog: 19991119 - Merged PAM buffer overrun patch from Chip Salzenberg <chip at valinux.com> - Merged OpenBSD CVS changes - [auth-rhosts.c auth-rsa.c ssh-agent.c sshconnect.c sshd.c] more %d vs. %s in fmt-strings - [authfd.c] Integers should not be printed with %s - EGD uses a socket, not a named pipe. Duh. - Fix includes in fingerprint.c - Fix scp progress bar bug again. - Move scp from ${libdir}/ssh to ${libexecdir}/ssh at request of David Rankin <drankin at bohemians.lexington.ky.us> - Added au...

...cc: me, I'm not on the list. Thanks. -------------- next part -------------- --- openssh-2.9p2/channels.c.keepalivetunnel Wed Jun 13 12:18:05 2001 +++ openssh-2.9p2/channels.c Thu Aug 23 15:40:43 2001 @@ -61,6 +61,9 @@ #include "canohost.h" #include "key.h" #include "authfd.h" +#include "readconf.h" + +extern Options options; /* Maximum number of fake X11 displays to try. */ #define MAX_DISPLAYS 1000 @@ -765,6 +768,7 @@ int newsock, newch, nextstate; socklen_t addrlen; char *rtype; + int one = 1; if (FD_ISSET(c->sock, readset)) { de...

...re is the patch, as well as the error lines if you are curious about those. Charles ======================================================================== --- Makefile.in.orig-2.1.1p4 Tue Jul 11 07:34:34 2000 +++ Makefile.in Mon Jul 17 02:55:46 2000 @@ -36,7 +36,7 @@ LIBSSH_OBJS=atomicio.o authfd.o authfile.o aux.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o dispatch.o dsa.o fingerprint.o hmac.o hostfile.o key.o kex.o log.o match.o mpaux.o nchan.o packet.o radix.o entropy.o readpass.o rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o...

...ome extent this problem can be mitigated by increasing the listen queue in ssh-agent.c, but it only masks the problem: the client should retry a number of times, possibly forever, when the connect() fails temporarily and is likely to succeed in the future. With SSH-1.2.27's ssh this happens in authfd.c, line 372; if the connect() fails (because of ECONNREFUSED), ssh silently gives up trying to talk to the agent: sock = socket(AF_UNIX, SOCK_STREAM, 0); if (sock < 0) { error("Socket failed"); if (newauthsockdir != NULL) { unlink(authsocket);...

...mplicit declaration of function `socket' bsd-rresvport.c:88: warning: implicit declaration of function `bind' bsd-setenv.c: In function `setenv': bsd-setenv.c:125: warning: implicit declaration of function `bcopy' bsd-setproctitle.c:62: warning: `__progname' defined but not used authfd.c: In function `ssh_get_authentication_socket': authfd.c:84: warning: implicit declaration of function `socket' authfd.c:93: warning: implicit declaration of function `connect' authfile.c: In function `load_private_key': authfile.c:494: warning: unsigned int format, long unsigned in...

...uded. Same might apply to bsd-login. * rsa.h needs __P() define to work (I think this has already been reported). Diffs are - *** Makefile.in.ORIG Thu Nov 25 12:40:22 1999 --- Makefile.in Wed Dec 1 12:09:37 1999 *************** *** 34,40 **** all: $(OBJS) $(TARGETS) ! libssh.a: authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o hostfile.o match.o mpaux.o nchan.o packet.o readpass.o rsa.o tildexpand.o ttymodes.o uidswap.o xmalloc.o helper.o rc4.o bsd-mktemp.o bsd-strlcpy.o bsd-strlcat.o log.o fingerprint.o $(AR) rv...

https://bugzilla.mindrot.org/show_bug.cgi?id=3597 Bug ID: 3597 Summary: Why do we check both nsession_ids and remote_add_provider when judging whether allow remote addition of FIDO/PKCS11 provider libraries is disabled? Product: Portable OpenSSH Version: -current Hardware: Other

Hello, In order to experiment with OpenCA, I have built an RPM for redhat 7.2 of a recent OpenSSL snapshot (the binary rpm on the OpenCA was built with the different target directories and libraries. Unfortunately these recent OpenSSL snapshots seems to break all OpenSSH tarballs and RPMs that I have been able to find. None of them seem to compile successfully, even the snapshots at

Hi, It seems that some versions of ssh-agent get confused by ECDSA-SK keys. >From my OpenBSD-current laptop, I'm trying to do remote system adminstration on a machine running Debian 8 with the stock ssh package (OpenSSH_6.7p1 Debian-5+deb8u8, OpenSSL 1.0.2l 25 May 2017). I need access to a remote gitlab server to fetch files with git, using an ED25519 key in my ssh-agent. Once connected