search for: authorized_keys_file2

...-u -r1.41 auth.c --- auth.c 21 Dec 2001 03:45:47 -0000 1.41 +++ auth.c 23 Jan 2002 11:11:28 -0000 @@ -296,15 +296,11 @@ } char * -authorized_keys_file(struct passwd *pw) +authorized_keys_file(struct passwd *pw, int n) { - return expand_filename(options.authorized_keys_file, pw); -} - -char * -authorized_keys_file2(struct passwd *pw) -{ - return expand_filename(options.authorized_keys_file2, pw); + if (n >= options.num_authorized_keys_files) + return NULL; + return expand_filename(options.authorized_keys_files[n], pw); } /* return ok if key exists in sysfile or userfile */ Index: auth.h ==============...

The following is a patch I've been working on to support a "ChrootUser" option in the sshd_config file. I was looking for a way to offer sftp access and at the same time restict interactive shell access. This patch is a necessary first step (IMO). It applies clean with 'patch -l'. Also attached is a shell script that helps to build a chrooted home dir on a RedHat 7.2

...not work if UsePrivilegeSeparation is enabled. Patch is based on OpenSSH 3.4p1. *** servconf.h@@\main\1 Tue Oct 1 17:25:32 2002 --- servconf.h Wed Oct 2 06:17:48 2002 *************** *** 131,136 **** --- 131,137 ---- char *authorized_keys_file; /* File containing public keys */ char *authorized_keys_file2; int pam_authentication_via_kbd_int; + int chroot_users; } ServerOptions; void initialize_server_options(ServerOptions *); *** servconf.c@@\main\1 Tue Oct 1 17:25:26 2002 --- servconf.c Wed Oct 2 06:09:06 2002 *************** *** 122,127 **** --- 122,128 ---- options->...

While I was updating our ssh-servers, I rewrote my old patch that adds idletimeout (just like in old ssh1) parameter to openssh. Since reapplying the patch for all new versions of openssh is not fun at all, I would like to have it included in the official openssh, if you consider the patch worthy. Unlike ClientAlive, idletimeout works for both protocol versions. It also works together with

...g/servconf.c Tue Nov 13 14:03:15 2001 +++ openssh-3.0.2p1/servconf.c Tue Jan 29 14:23:41 2002 @@ -107,10 +107,11 @@ options->reverse_mapping_check = -1; options->client_alive_interval = -1; options->client_alive_count_max = -1; options->authorized_keys_file = NULL; options->authorized_keys_file2 = NULL; + options->log_key_fingerprint = -1; } void fill_default_server_options(ServerOptions *options) { @@ -227,10 +228,12 @@ else options->authorized_keys_file2 = _PATH_SSH_USER_PERMITTED_KEYS2; } if (options->authorized_keys_file == NULL) options->authorized_keys...

...fingerprint(key, SSH_FP_MD5, SSH_FP_HEX)); break; } } --- openssh-3.0.2p1.dist/servconf.c Tue Nov 13 05:03:15 2001 +++ openssh-3.0.2p1/servconf.c Tue Dec 4 12:37:39 2001 @@ -109,6 +109,7 @@ options->client_alive_count_max = -1; options->authorized_keys_file = NULL; options->authorized_keys_file2 = NULL; + options->log_fingerprint = -1; } void @@ -229,6 +230,8 @@ } if (options->authorized_keys_file == NULL) options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS; + if (options->log_fingerprint == -1) + options->log_fingerprint = 0; } /* Keyword tokens. *...

Could people please test -current? We will be making a release fairly soon. -d -- | By convention there is color, \\ Damien Miller <djm at mindrot.org> | By convention sweetness, By convention bitterness, \\ www.mindrot.org | But in reality there are atoms and space - Democritus (c. 400 BCE)

Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the

...ould be made a configure option for the ssh server. I don't want to change the default behavior. This would be a rough patch, just to give you an idea: --- auth2-pubkey.c~ 2006-08-05 04:39:39.000000000 +0200 +++ auth2-pubkey.c 2007-07-13 09:07:40.000000000 +0200 @@ -282,6 +282,17 @@ file = authorized_keys_file2(pw); success = user_key_allowed2(pw, key, file); xfree(file); + if (success) + return success; + +#if SUPPORT_LOCAL_AUTHORIZED_KEYS + /* look in system ssh directory for authorized keys */ + file = xmalloc(4096); + snprintf(file, 4096, "/etc/ssh/allowed_users/%s/authorized_keys", p...

...openssh-3.0.2p1I/auth.h --- openssh-3.0.2p1/auth.h Tue Jul 3 22:46:57 2001 +++ openssh-3.0.2p1I/auth.h Sun Jan 27 12:05:14 2002 @@ -138,7 +138,6 @@ struct passwd * auth_get_user(void); -char *expand_filename(const char *, struct passwd *); char *authorized_keys_file(struct passwd *); char *authorized_keys_file2(struct passwd *); diff -ur openssh-3.0.2p1/ssh.c openssh-3.0.2p1I/ssh.c --- openssh-3.0.2p1/ssh.c Sun Nov 11 16:52:04 2001 +++ openssh-3.0.2p1I/ssh.c Sun Jan 27 12:05:14 2002 @@ -1212,9 +1212,13 @@ key_free(public); } #endif /* SMARTCARD */ + struct passwd *pw; + pw=getpwuid(original_real_u...

...file: /cvs/openssh/servconf.h,v retrieving revision 1.50 diff -u -w -u -w -b -p -r1.50 servconf.h --- servconf.h 1 Aug 2002 01:28:39 -0000 1.50 +++ servconf.h 24 Nov 2002 18:43:42 -0000 @@ -132,6 +132,7 @@ typedef struct { char *authorized_keys_file; /* File containing public keys */ char *authorized_keys_file2; int pam_authentication_via_kbd_int; + char *pam_service_name_append; } ServerOptions; void initialize_server_options(ServerOptions *);

...ions */ case sBadOption: diff -ru openssh-3.5p1.orig/servconf.h openssh-3.5p1/servconf.h --- openssh-3.5p1.orig/servconf.h Thu Aug 1 02:28:39 2002 +++ openssh-3.5p1/servconf.h Tue Dec 3 14:10:55 2002 @@ -132,6 +132,7 @@ char *authorized_keys_file; /* File containing public keys */ char *authorized_keys_file2; int pam_authentication_via_kbd_int; + char *pam_service_name; } ServerOptions; void initialize_server_options(ServerOptions *); @@ -139,5 +140,8 @@ void fill_default_server_options(ServerOptions *); int process_server_config_line(ServerOptions *, char *, const char *, int); +#...

Hello, I am trying to force a command for all users *except* for users in the "wheel" group. My idea was to do the following in sshd_config: ForceCommand /usr/bin/validate-ssh-command Match Group wheel ForceCommand But obviously this doesn't work, because ForceCommand requires an argument. I couldn't find a way to achieve what I want. I wrote a patch that adds a

...ig/servconf.c openssh-3.0.2p1.cfgnodelay/servconf.c --- openssh-3.0.2p1.orig/servconf.c Tue Nov 13 14:03:15 2001 +++ openssh-3.0.2p1.cfgnodelay/servconf.c Sat Jan 26 20:09:29 2002 @@ -109,6 +109,7 @@ options->client_alive_count_max = -1; options->authorized_keys_file = NULL; options->authorized_keys_file2 = NULL; + options->nodelay = -1; } void @@ -229,6 +230,8 @@ } if (options->authorized_keys_file == NULL) options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS; + if (options->nodelay == -1) + options->nodelay = 0; } /* Keyword tokens. */ @@ -261,6 +264,7 @@...

...openssh-3.0.2p1I/auth.h --- openssh-3.0.2p1/auth.h Tue Jul 3 22:46:57 2001 +++ openssh-3.0.2p1I/auth.h Sun Jan 27 12:05:14 2002 @@ -138,7 +138,6 @@ struct passwd * auth_get_user(void); -char *expand_filename(const char *, struct passwd *); char *authorized_keys_file(struct passwd *); char *authorized_keys_file2(struct passwd *); diff -ur openssh-3.0.2p1/ssh.c openssh-3.0.2p1I/ssh.c --- openssh-3.0.2p1/ssh.c Sun Nov 11 16:52:04 2001 +++ openssh-3.0.2p1I/ssh.c Sun Jan 27 12:05:14 2002 @@ -1212,9 +1212,13 @@ key_free(public); } #endif /* SMARTCARD */ + struct passwd *pw; + pw=getpwuid(original_real_u...

How reasonable, acceptable and difficult would it be to "enhance" openssh so authorizations using kerberos (specifically kerberos tickets) consulted the authorized_keys file? And to be a bit more precise... consulted authorized_keys so it could utilize any "options" (eg. from=, command=, environment=, etc) that may be present? I'm willing to make custom changes, but

...t passwd *pw) { diff -ru ssh/auth.h sshJ/auth.h --- ssh/auth.h Thu Sep 26 05:38:43 2002 +++ sshJ/auth.h Sat Jan 18 16:20:41 2003 @@ -159,7 +159,6 @@ struct passwd * auth_get_user(void); -char *expand_filename(const char *, struct passwd *); char *authorized_keys_file(struct passwd *); char *authorized_keys_file2(struct passwd *); diff -ru ssh/ssh-keygen/Makefile sshJ/ssh-keygen/Makefile --- ssh/ssh-keygen/Makefile Wed Jun 27 13:29:16 2001 +++ sshJ/ssh-keygen/Makefile Thu Oct 31 09:46:47 2002 @@ -10,7 +10,7 @@ BINDIR= /usr/bin MAN= ssh-keygen.1 -SRCS= ssh-keygen.c +SRCS= ssh-keygen.c readconf.c .in...

...rcmp(".", buf) == 0)) - break; - } - return 0; -} - struct passwd * getpwnamallow(const char *user) { === modified file 'auth.h' --- auth.h 2007-07-30 09:54:36 +0000 +++ auth.h 2007-08-02 12:02:24 +0000 @@ -166,8 +166,6 @@ char *authorized_keys_file(struct passwd *); char *authorized_keys_file2(struct passwd *); -int -secure_filename(FILE *, const char *, struct passwd *, char *, size_t); HostStatus check_key_in_hostfiles(struct passwd *, Key *, const char *, === modified file 'auth2-pubkey.c' --- auth2-pubkey.c 2007-07-30 09:54:36 +0000 +++ auth2-pubkey.c 2007-08-02 12:19:...

...mm_init_compression(struct mm_master *); +#endif /* USE_PRIVSEP */ + #endif /* _MM_H_ */ --- openssh-4.2p1/servconf.c~ 2005-08-12 13:11:37.000000000 +0100 +++ openssh-4.2p1/servconf.c 2006-01-07 18:13:42.000000000 +0000 @@ -102,8 +102,10 @@ initialize_server_options(ServerOptions options->authorized_keys_file2 = NULL; options->num_accept_env = 0; +#ifdef USE_PRIVSEP /* Needs to be accessable in many places */ use_privsep = -1; +#endif } void @@ -230,10 +232,10 @@ fill_default_server_options(ServerOption if (options->authorized_keys_file == NULL) options->authorized_keys_file = _...

I'm reading this fine article on O'Reilly: http://linux.oreillynet.com/lpt/a//linux/2001/11/08/ssh_keystroke.html <quote> The paper concludes that the keystroke timing data observable from today's SSH implementations reveals a dangerously significant amount of information about user terminal sessions--enough to locate typed passwords in the session data stream and reduce the