Displaying 20 results from an estimated 37 matches for "authorized_keys_file".
2002 Jan 23
0
[PATCH] Add multiple AuthorizedKeyFiles options
.... This may exit if there is a serious protocol violation.
*/
+int
+auth_rsa(struct passwd *pw, BIGNUM *client_n) {
+ char *file;
+ int authorized = 0;
+ int authfileno = 0;
+
+ /* no user given */
+ if (pw == NULL)
+ return 0;
+
+ /* Iterate over all authorized keys files. */
+ while ( (file = authorized_keys_file(pw, authfileno++)) != NULL) {
+ debug("trying public RSA key file %s", file);
+ authorized = auth_rsa_file(pw, client_n, file);
+ xfree(file);
+ if (authorized == 1) {
+ return 1;
+ }
+ }
+ return 0;
+}
+/* Do the hard work in authenticating the client */
int
-auth_rsa(struc...
2002 Nov 05
2
[PATCH] Add a chroot_users option to sshd
...incoming ssh users to their home directory. Note: this option
does not work if UsePrivilegeSeparation is enabled.
Patch is based on OpenSSH 3.4p1.
*** servconf.h@@\main\1 Tue Oct 1 17:25:32 2002
--- servconf.h Wed Oct 2 06:17:48 2002
***************
*** 131,136 ****
--- 131,137 ----
char *authorized_keys_file; /* File containing public keys */
char *authorized_keys_file2;
int pam_authentication_via_kbd_int;
+ int chroot_users;
} ServerOptions;
void initialize_server_options(ServerOptions *);
*** servconf.c@@\main\1 Tue Oct 1 17:25:26 2002
--- servconf.c Wed Oct 2 06:09:06 20...
2002 Jul 04
4
Chroot patch (v3.4p1)
The following is a patch I've been working on to support a "ChrootUser"
option in the sshd_config file.
I was looking for a way to offer sftp access and at the same time restict
interactive shell access. This patch is a necessary first step (IMO).
It applies clean with 'patch -l'.
Also attached is a shell script that helps to build a chrooted home dir on
a RedHat 7.2
2001 Dec 04
0
PATCH: log key fingerprint upon successful login
...: %s",
+ key_type(key),
+ key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX));
break;
}
}
--- openssh-3.0.2p1.dist/servconf.c Tue Nov 13 05:03:15 2001
+++ openssh-3.0.2p1/servconf.c Tue Dec 4 12:37:39 2001
@@ -109,6 +109,7 @@
options->client_alive_count_max = -1;
options->authorized_keys_file = NULL;
options->authorized_keys_file2 = NULL;
+ options->log_fingerprint = -1;
}
void
@@ -229,6 +230,8 @@
}
if (options->authorized_keys_file == NULL)
options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
+ if (options->log_fingerprint == -1)
+ options->log...
2002 Sep 16
2
privsep versus compression
...39;m talking about. It's not a PATCH
to be applied. ;)
diff -u -w -r openssh-3.2.3p1/servconf.c openssh/servconf.c
--- openssh-3.2.3p1/servconf.c 2002-05-15 23:37:34.000000000 +0200
+++ openssh/servconf.c 2002-09-05 06:35:15.000000000 +0200
[...]
@@ -250,9 +256,19 @@
if (options->authorized_keys_file == NULL)
options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
- /* Turn privilege separation _off_ by default */
+ /* Turn privilege separation on by default */
if (use_privsep == -1)
- use_privsep = 0;
+ use_privsep = 1;...
2002 Jan 29
2
Key fingerprint logging
...-3.0.2p1/servconf.c
--- openssh-3.0.2p1.orig/servconf.c Tue Nov 13 14:03:15 2001
+++ openssh-3.0.2p1/servconf.c Tue Jan 29 14:23:41 2002
@@ -107,10 +107,11 @@
options->reverse_mapping_check = -1;
options->client_alive_interval = -1;
options->client_alive_count_max = -1;
options->authorized_keys_file = NULL;
options->authorized_keys_file2 = NULL;
+ options->log_key_fingerprint = -1;
}
void
fill_default_server_options(ServerOptions *options)
{
@@ -227,10 +228,12 @@
else
options->authorized_keys_file2 = _PATH_SSH_USER_PERMITTED_KEYS2;
}
if (options->authorized_keys_...
2001 Nov 12
4
Please test -current
Could people please test -current? We will be making a release fairly
soon.
-d
--
| By convention there is color, \\ Damien Miller <djm at mindrot.org>
| By convention sweetness, By convention bitterness, \\ www.mindrot.org
| But in reality there are atoms and space - Democritus (c. 400 BCE)
2007 Sep 07
0
Public key reading abstraction (to allow future work)
...-----
=== modified file 'auth-rsa.c'
--- auth-rsa.c 2007-07-30 09:54:36 +0000
+++ auth-rsa.c 2007-08-02 12:17:32 +0000
@@ -173,7 +173,6 @@
u_int bits;
FILE *f;
u_long linenum = 0;
- struct stat st;
Key *key;
/* Temporarily use the user's uid. */
@@ -183,26 +182,9 @@
file = authorized_keys_file(pw);
debug("trying public RSA key file %s", file);
- /* Fail quietly if file does not exist */
- if (stat(file, &st) < 0) {
- /* Restore the privileged uid. */
- restore_uid();
- xfree(file);
- return (0);
- }
- /* Open the file containing the authorized keys. */
- f = fope...
2019 May 20
4
Authenticate against key files before AuthorizedKeysCommand
Hello,
Currently OpenSSH has a fixed order on how the key authenticates the
user: at first it tries to authenticate against TrustedUserCAKeys,
afterwards it does it against the output keys from the
AuthorizedKeysCommand and finally against the files as set in
AuthorizedKeysFile. I have an use-case where this order is not ideal.
This is because in my case the command fetches keys from the cloud
2002 Jan 27
0
IdentityFile patch
...atible and prepend the '%h/'
- */
- file = xmalloc(MAXPATHLEN);
- cp = buffer_ptr(&buffer);
- if (*cp != '/')
- snprintf(file, MAXPATHLEN, "%s/%s", pw->pw_dir, cp);
- else
- strlcpy(file, cp, MAXPATHLEN);
-
- buffer_free(&buffer);
- return file;
-}
-
char *
authorized_keys_file(struct passwd *pw)
{
diff -ur openssh-3.0.2p1/auth.h openssh-3.0.2p1I/auth.h
--- openssh-3.0.2p1/auth.h Tue Jul 3 22:46:57 2001
+++ openssh-3.0.2p1I/auth.h Sun Jan 27 12:05:14 2002
@@ -138,7 +138,6 @@
struct passwd * auth_get_user(void);
-char *expand_filename(const char *, struct passwd *);...
2002 Jan 26
7
[PATCH] Added NoDelay config option and nodelay subsystem option
...Options;
diff -ru openssh-3.0.2p1.orig/servconf.c openssh-3.0.2p1.cfgnodelay/servconf.c
--- openssh-3.0.2p1.orig/servconf.c Tue Nov 13 14:03:15 2001
+++ openssh-3.0.2p1.cfgnodelay/servconf.c Sat Jan 26 20:09:29 2002
@@ -109,6 +109,7 @@
options->client_alive_count_max = -1;
options->authorized_keys_file = NULL;
options->authorized_keys_file2 = NULL;
+ options->nodelay = -1;
}
void
@@ -229,6 +230,8 @@
}
if (options->authorized_keys_file == NULL)
options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
+ if (options->nodelay == -1)
+ options->nodelay = 0;
}...
2003 Feb 09
1
Logging of comments on keys
...emporarily use the user's uid. */
temporarily_use_uid(pw);
+ /* log public key */
+
+ extpubkey = BN_bn2hex(client_n);
+ log("Attempt RSA authentication for %s with pubkey %s", pw->pw_name, extpubkey);
+ OPENSSL_free(extpubkey);
+
/* The authorized keys. */
file = authorized_keys_file(pw);
debug("trying public RSA key file %s", file);
***************
*** 249,254 ****
--- 255,263 ----
log("Warning: %s, line %lu: keysize mismatch: "
"actual %d vs. announced %d.",
file, linenum, BN_num_bits(key->rsa->n), bits);
+
+...
2002 Jan 27
1
[PATCH] Add user-dependent IdentityFile to OpenSSH-3.0.2p1
...atible and prepend the '%h/'
- */
- file = xmalloc(MAXPATHLEN);
- cp = buffer_ptr(&buffer);
- if (*cp != '/')
- snprintf(file, MAXPATHLEN, "%s/%s", pw->pw_dir, cp);
- else
- strlcpy(file, cp, MAXPATHLEN);
-
- buffer_free(&buffer);
- return file;
-}
-
char *
authorized_keys_file(struct passwd *pw)
{
diff -ur openssh-3.0.2p1/auth.h openssh-3.0.2p1I/auth.h
--- openssh-3.0.2p1/auth.h Tue Jul 3 22:46:57 2001
+++ openssh-3.0.2p1I/auth.h Sun Jan 27 12:05:14 2002
@@ -138,7 +138,6 @@
struct passwd * auth_get_user(void);
-char *expand_filename(const char *, struct passwd *);...
2001 Aug 16
4
Idletimeout patch
While I was updating our ssh-servers, I rewrote my old patch that adds
idletimeout (just like in old ssh1) parameter to openssh. Since reapplying
the patch for all new versions of openssh is not fun at all, I would like
to have it included in the official openssh, if you consider the patch
worthy.
Unlike ClientAlive, idletimeout works for both protocol versions. It also
works together with
2003 Oct 28
2
Privilege separation
...,8 +29,10 @@
/* AF_UNSPEC or AF_INET or AF_INET6 */
extern int IPv4or6;
+#ifndef DISABLE_PRIVSEP
/* Use of privilege separation or not */
extern int use_privsep;
+#endif /* DISABLE_PRIVSEP */
/* Initializes the server options to their default values. */
@@ -101,8 +103,10 @@
options->authorized_keys_file = NULL;
options->authorized_keys_file2 = NULL;
+#ifndef DISABLE_PRIVSEP
/* Needs to be accessable in many places */
use_privsep = -1;
+#endif /* DISABLE_PRIVSEP */
}
void
@@ -225,6 +229,7 @@
if (options->authorized_keys_file == NULL)
options->authorized_keys_file = _PATH_S...
2003 Jan 18
0
[Patch] User-dependent IdentityFile
...atible and prepend the '%h/'
- */
- file = xmalloc(MAXPATHLEN);
- cp = buffer_ptr(&buffer);
- if (*cp != '/')
- snprintf(file, MAXPATHLEN, "%s/%s", pw->pw_dir, cp);
- else
- strlcpy(file, cp, MAXPATHLEN);
-
- buffer_free(&buffer);
- return file;
-}
-
char *
authorized_keys_file(struct passwd *pw)
{
diff -ru ssh/auth.h sshJ/auth.h
--- ssh/auth.h Thu Sep 26 05:38:43 2002
+++ sshJ/auth.h Sat Jan 18 16:20:41 2003
@@ -159,7 +159,6 @@
struct passwd * auth_get_user(void);
-char *expand_filename(const char *, struct passwd *);
char *authorized_keys_file(struct passwd *);...
2001 Nov 20
3
problem with AFS token forwarding
Hello,
I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1
concerning the AFS token forwarding. That means that the new versions are
not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH
releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this
problem already existed in Openssh 2.9.9p1, but I have never used this
version (I only looked at the
2006 Jan 08
3
Allow --without-privsep build.
...mm_init_compression(struct mm_master *);
+#endif /* USE_PRIVSEP */
+
#endif /* _MM_H_ */
--- openssh-4.2p1/servconf.c~ 2005-08-12 13:11:37.000000000 +0100
+++ openssh-4.2p1/servconf.c 2006-01-07 18:13:42.000000000 +0000
@@ -102,8 +102,10 @@ initialize_server_options(ServerOptions
options->authorized_keys_file2 = NULL;
options->num_accept_env = 0;
+#ifdef USE_PRIVSEP
/* Needs to be accessable in many places */
use_privsep = -1;
+#endif
}
void
@@ -230,10 +232,10 @@ fill_default_server_options(ServerOption
if (options->authorized_keys_file == NULL)
options->authorized_keys_file =...
2001 Nov 09
4
keystroke timing attack
I'm reading this fine article on O'Reilly:
http://linux.oreillynet.com/lpt/a//linux/2001/11/08/ssh_keystroke.html
<quote>
The paper concludes that the keystroke timing data observable from
today's SSH implementations reveals a dangerously significant amount of
information about user terminal sessions--enough to locate typed
passwords in the session data stream and reduce the
2012 Aug 30
1
Patch to allow glob patterns as authorized keys file names
...6 @@ user_key_allowed(struct passwd *pw, Key *key)
return success;
for (i = 0; !success && i < options.num_authkeys_files; i++) {
+ int j;
+ glob_t glob_result;
file = expand_authorized_keys(
options.authorized_keys_files[i], pw);
- success = user_key_allowed2(pw, key, file);
+ glob(file, GLOB_NOCHECK, NULL, &glob_result);
+ for (j = 0; !success && j < glob_result.gl_pathc; j++) {
+ char *f = glob_result.gl_pathv[j];
+...