Displaying 6 results from an estimated 6 matches for "authorized_keys_command".
2013 Jun 09
1
pass fingerprint to authorizedkeyscommand
...is untested but is the basic idea:
diff -ru openssh-6.2p1/auth2-pubkey.c openssh-6.2p1-modified/auth2-pubkey.c
--- openssh-6.2p1/auth2-pubkey.c 2013-02-15 00:28:56.000000000 +0100
+++ openssh-6.2p1-modified/auth2-pubkey.c 2013-06-09 20:07:15.039975210
+0200
@@ -554,7 +554,8 @@
}
execl(options.authorized_keys_command,
- options.authorized_keys_command, user_pw->pw_name, NULL);
+ options.authorized_keys_command, user_pw->pw_name,
+ key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX), NULL);
error("AuthorizedKeysCommand %s exec failed: %s",
options.authorized_keys_command, strerror(errno...
2013 Feb 14
1
auth2-pubkey.c - change an error message
...-existing username, not about command.
--- auth2-pubkey.c 14 Nov 2012 08:04:02 -0000 1.36
+++ auth2-pubkey.c 14 Feb 2013 16:50:04 -0000
@@ -480,7 +480,7 @@
pw = getpwnam(username);
if (pw == NULL) {
error("AuthorizedKeyCommandUser \"%s\" not found: %s",
- options.authorized_keys_command, strerror(errno));
+ username, strerror(errno));
free(username);
return 0;
}
Petr
2014 Jun 27
1
Using AuthorizedKeysCommand in unprivileged sshd mode
...k I had to do, since the AuthorizedKeysCommand feature requires
file to be owned by root, I had to use root owned command at root owned
directory, although it does not add a security value.
At auth2-pubkey.c::user_key_command_allowed2(), we have the following:
if (auth_secure_path(options.authorized_keys_command, &st, NULL, 0,
errmsg, sizeof(errmsg)) != 0) {
error("Unsafe AuthorizedKeysCommand: %s", errmsg);
goto out;
}
This enforce root uid explicitly (arg#4).
Will it be acceptable to use geteuid() instead of 0, to allow unprivileged
proc...
2014 Jun 06
1
Patch: Ciphers, MACs and KexAlgorithms on Match
...=
RCS file: /cvs/src/usr.bin/ssh/servconf.h,v
retrieving revision 1.112
diff -u -p -u -r1.112 servconf.h
--- servconf.h 29 Jan 2014 06:18:35 -0000 1.112
+++ servconf.h 6 Jun 2014 08:04:06 -0000
@@ -209,6 +209,9 @@ struct connection_info {
M_CP_STROPT(authorized_principals_file); \
M_CP_STROPT(authorized_keys_command); \
M_CP_STROPT(authorized_keys_command_user); \
+ M_CP_STROPT(ciphers); \
+ M_CP_STROPT(macs); \
+ M_CP_STROPT(kex_algorithms); \
M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \
M_CP_STRARRAYOPT(allow_users, num_allow_users); \
M_CP_STRARRAYOPT(deny_users, num_deny_us...
2016 Dec 30
12
[Bug 2655] New: AuthorizedKeysCommand with large output can deadlock
...vant code is in auth2-pubkey.c, beginning
at line 1041:
if ((pid = subprocess("AuthorizedKeysCommand", pw, command,
ac, av, &f)) == 0)
goto out;
uid_swapped = 1;
temporarily_use_uid(pw);
ok = check_authkeys_file(f, options.authorized_keys_command,
key, pw);
if (exited_cleanly(pid, "AuthorizedKeysCommand", command) != 0)
goto out;
Upon finding the correct public key in the command's output, we
immediately wait() for the command to exit. However, the command may
continue to generate output; if the subse...
2013 Mar 22
52
[Bug 2081] New: extend the parameters to the AuthorizedKeysCommand
https://bugzilla.mindrot.org/show_bug.cgi?id=2081
Bug ID: 2081
Summary: extend the parameters to the AuthorizedKeysCommand
Classification: Unclassified
Product: Portable OpenSSH
Version: 6.2p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd