search for: check_host_key

...mp;& (r = sshca_write(key, f)) == 0)) + success = 1; + else if ((r = sshkey_write(key, f) == 0)) success = 1; else error_fr(r, "sshkey_write"); diff --git a/sshconnect.c b/sshconnect.c index 7cf6b6386..72bdc7d1f 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -964,7 +964,7 @@ check_host_key(char *hostname, const struct ssh_conn_info *cinfo, HostStatus host_status = -1, ip_status = -1; struct sshkey *raw_key = NULL; char *ip = NULL, *host = NULL; - char hostline[1000], *hostp, *fp, *ra; + char hostline[1000], *hostp, *fp, *cafp, *ra; char msg[1024]; const char *type, *fail_re...

...+17,11 @@ RCSID("$OpenBSD: sshconnect.c,v 1.126 20 #include <openssl/bn.h> +#ifdef HASH_KNOWN_HOSTS +#include <openssl/sha.h> +#include "uuencode.h" +#endif + #include "ssh.h" #include "xmalloc.h" #include "rsa.h" @@ -505,6 +510,11 @@ check_host_key(char *host, struct sockad char msg[1024]; int len, host_line, ip_line; const char *host_file = NULL, *ip_file = NULL; +#ifdef HASH_KNOWN_HOSTS + unsigned char md[SHA_DIGEST_LENGTH]; + char uu[SHA_DIGEST_LENGTH*2]; +#endif + /* * Force accepting of the host key for loopbac...

...keys(struct hostkeys *, const char *, const Key *, const char *); void free_hostkeys(struct hostkeys *); HostStatus check_key_in_hostkeys(struct hostkeys *, Key *, diff --git a/sshconnect.c b/sshconnect.c index 07800a6..62306ac 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -718,13 +718,13 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, Key *raw_key = NULL; char *ip = NULL, *host = NULL; char hostline[1000], *hostp, *fp, *ra; - char msg[1024]; + char msg[2048]; const char *type; const struct hostkey_entry *host_found, *ip_found; int len, cancelled_forwarding = 0;...

http://bugzilla.mindrot.org/show_bug.cgi?id=910 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |foomzilla at fuhm.net ------- Additional Comments From djm at mindrot.org 2005-04-21 18:16 ------- *** Bug 454 has been marked as a

...1: Connecting to hilberto [::ffff:194.59.182.6] port 22. debug1: Allocated local port 904. (-> note the different address format!) Warning: This may be due to an old implementation of ssh. debug1: Received server public key (767 bits) and host key (1024 bits). (-> so far, everything fine) check_host_key: getnameinfo failed debug1: Calling cleanup 0x8062b68(0x0) *boom*. Huh? OK. So I disable IPv6, and try again: $ ssh -v -4 hilberto OpenSSH_3.0p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f debug1: Reading configuration data /usr/local/etc/ssh_config debug1: Seeding random number generator debug...

...strlen () #1 0xef4dc7e4 in _doprnt () #2 0xef4e5c88 in vsnprintf () #3 0x42bfc in do_log (level=SYSLOG_LEVEL_DEBUG1, fmt=0xb9e28 "using hostkeyalias: %s", args=0xefffe510) at log.c:385 #4 0x42574 in debug (fmt=0xb9e28 "using hostkeyalias: %s") at log.c:159 #5 0x20c04 in check_host_key (host=0x5a "", hostaddr=0xf3560, host_key=0xffaa8, readonly=0, user_hostfile=0x81 "", system_hostfile=0x69 " -v pf-i400") at sshconnect.c:561 #6 0x21634 in verify_host_key (host=0xfa790 "pf-i400", hostaddr=0xf3560, host_key=0xffaa8) at sshconnect.c:8...

http://bugzilla.mindrot.org/show_bug.cgi?id=418 dirk.meyer at dinoex.sub.org changed: What |Removed |Added ---------------------------------------------------------------------------- Component|Miscellaneous |Build system ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the

Have you seen this? https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742513 --mancha

http://bugzilla.mindrot.org/show_bug.cgi?id=580 Summary: disable kbdint if host key mismatch Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: openssh-bugs at mindrot.org ReportedBy: fcusack at

Howdy -- I have a number of servers with host keys validated by certificates. These systems are behind a load-balanced frontend, and the certificates are signed as valid for the DNS name used by that common frontend address. This works well for the primary use case of the systems; however, when wishing to address only a single unit within the pool, the certificate cannot be used to validate that

...1 :port=221 1024 35 48524..... then this line would match only when I attempted to connect to some.host.com on port 221. I could then have the firewall forward various ports to various internal hosts with different host keys without a problem. I think this would be pretty easy to implement since check_host_key in sshconnect.c seems to be a common interface and since this routine already has the sockaddr for the remote connection. Do people think this is an idea worth implementing? Does someone know of some other way to achieve my desired functionality under the existing implementation? I know I could...

.../sshconnect.c index f41960c..9f1eafa 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -71,6 +71,7 @@ char *server_version_string = NULL; Key *previous_host_key = NULL; static int matching_host_key_dns = 0; +static int dns_secure = 0; static pid_t proxy_command_pid = 0; @@ -972,13 +973,18 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, fatal("%s: sshkey_fingerprint fail", __func__); msg2[0] = '\0'; if (options.verify_host_key_dns) { - if (matching_host_key_dns) + if (!matching_host_key_dns) snprintf(msg2, sizeof(msg2), - &q...

Hi, 1. I think you should apply the attached patch to openssh-2.9p1, otherwise ssh-keyscan on linux boxes with glibc-2.1 will experience enormous timeout delays. 2. Is there a program like ssh-keyscan for the Version2 (dsa and rsa) keys?? regards Peter Breitenlohner <peb at mppmu.mpg.de> -------------- next part -------------- diff -ur openssh-2.9p1.orig/ssh-keyscan.c

On Thu, Jun 07, 2018 at 06:14:42PM -0700, PGNet Dev wrote: > On 6/7/18 6:08 PM, Darren Tucker wrote: > > Well the intent is you should be able to set CC and LD to whatever you > > want as long as they work. In this case, the OSSH_CHECK_LDFLAG_LINK > > test invokes autoconf's AC_LINK_IFELSE with uses CC not LD. I'm not > > sure what to do about it yet though. I

...H_SSH_KEY_SIGN=\"/usr/local/lib/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/local/lib/ssh-pkcs11-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sshconnect.c -o sshconnect.o sshconnect.c: In function ?check_host_key.constprop?: sshconnect.c:1047:8: warning: ?%s? directive output may be truncated writing up to 1023 bytes into a region of size between 773 and 973 [-Wformat-truncation=] "The authenticity of host '%.200s (%s)' can't be " ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~...

Hi, OpenSSH 7.9p1 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a bugfix release. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available via git using the instructions at

Hi, OpenSSH 8.1p1 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a bugfix release. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available via git using the instructions at