search for: authlist

We are attempting to use openssh sftp to connect to a server that is running some version of the Axway SFTP server. After a publickey auth completes, the server resends publickey as a valid auth. This results in a loop as openssh sftp resubmits the publickey information. This seems similar to a discussion in 2014 that terminated with the thought that it might be nice if the client tracked

....4p1 and later, 'input_userauth_failure' will do the following: if (partial != 0) { logit("Authenticated with partial success."); /* reset state */ pubkey_cleanup(authctxt); pubkey_prepare(authctxt); } debug("Authentications that can continue: %s", authlist); Before 6.4p1 the 'pubkey_cleanup' and 'pubkey_prepare' invocation were missing. The undesirable behavior is introduced by 'pubkey_prepare'. When invoked here, it will modify the OpenSSH authentication context 'authctxt' so that the client code will try public key...

...} > private = key_load_private_type(KEY_UNSPEC, filename, "", NULL, &perm_ok); >- if (!perm_ok) >+ if (!perm_ok) { >+ if (private != NULL) >+ key_free(private); This code has been refactored and the leak eliminated. >@@ -1892,9 +1895,9 @@ authmethod_get(char *authlist) > xfree(name); > return current; > } >+ if (name != NULL) >+ xfree(name); This is already there. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.

...+ {"gssapi", + userauth_gssapi, + &options.gss_authentication, + NULL}, +#endif {"hostbased", userauth_hostbased, &options.hostbased_authentication, @@ -278,6 +299,7 @@ authctxt.success = 0; authctxt.method = authmethod_lookup("none"); authctxt.authlist = NULL; + authctxt.methoddata = NULL; authctxt.sensitive = sensitive; authctxt.info_req_seen = 0; if (authctxt.method == NULL) @@ -301,6 +323,10 @@ void userauth(Authctxt *authctxt, char *authlist) { + if (authctxt->methoddata) { + xfree(authctxt->methoddata); + authctxt->method...

https://bugzilla.mindrot.org/show_bug.cgi?id=2599 Bug ID: 2599 Summary: Overly verbose partial authentication Product: Portable OpenSSH Version: 7.2p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at

...ar *); static int sign_and_send_pubkey(Authctxt *, Identity *); static void pubkey_prepare(Authctxt *); static void pubkey_cleanup(Authctxt *); -static Key *load_identity_file(char *); +static Key *load_identity_file(char *, AuthenticationConnection *); static Authmethod *authmethod_get(char *authlist); static Authmethod *authmethod_lookup(const char *name); @@ -1102,7 +1102,7 @@ input_userauth_jpake_server_confirm(int type, u_int32_ static int identity_sign(Identity *id, u_char **sigp, u_int *lenp, - u_char *data, u_int datalen) + u_char *data, u_int datalen, AuthenticationConnection...