search for: connection_info

...The diff code list follows =============================================================================== diff -r /home/qnicmut/Projects/OpenSSH-Portable/openssh-6.0p1/auth.c src/auth.c =============================================================================== 546a547 > ConnectionInfo connection_info; 548,549c549,554 < parse_server_match_config(&options, user, < get_canonical_hostname(options.use_dns), get_remote_ipaddr()); --- > connection_info.user = user; > connection_info.host = get_canonical_hostname(options.use_dns); > connection_info.address = get_remote_ipadd...

...: servconf.h =================================================================== RCS file: /cvs/src/usr.bin/ssh/servconf.h,v retrieving revision 1.112 diff -u -p -u -r1.112 servconf.h --- servconf.h 29 Jan 2014 06:18:35 -0000 1.112 +++ servconf.h 6 Jun 2014 08:04:06 -0000 @@ -209,6 +209,9 @@ struct connection_info { M_CP_STROPT(authorized_principals_file); \ M_CP_STROPT(authorized_keys_command); \ M_CP_STROPT(authorized_keys_command_user); \ + M_CP_STROPT(ciphers); \ + M_CP_STROPT(macs); \ + M_CP_STROPT(kex_algorithms); \ M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \ M_CP_S...

Hi, Is there any way to store HostKey in hardware (and delegate the related processing)? I have been using Roumen Petrov's x509 patch for clients, which works via an OpenSSL engine, but it does not seem to support server HostKey: http://roumenpetrov.info/pipermail/ssh_x509_roumenpetrov.info/2012q4/000019.html For PKCS#11, I have found an email on this list from a year back suggesting this

...servconf.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/servconf.c b/servconf.c index 86c2979360c5..daf8f2df15a2 100644 --- a/servconf.c +++ b/servconf.c @@ -1297,7 +1297,8 @@ process_server_config_line_depth(ServerOptions *options, char *line, struct connection_info *connectinfo, int *inc_flags, int depth, struct include_list *includes) { - char *str, ***chararrayptr, **charptr, *arg, *arg2, *p, *keyword; + char *str, ***chararrayptr, **charptr, *arg, *arg2, *arg_pre, *p, *keyword; + char thishost[NI_MAXHOST], shorthost[NI_MAXHOST]; int cmdline = 0, *i...

...conf.c | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/servconf.c b/servconf.c index 5b32f0bfc8db..0bc281784b73 100644 --- a/servconf.c +++ b/servconf.c @@ -1254,9 +1254,10 @@ process_server_config_line_depth(ServerOptions *options, char *line, struct connection_info *connectinfo, int *inc_flags, int depth, struct include_list *includes) { - char *str, ***chararrayptr, **charptr, *arg, *arg2, *p, *keyword; - int cmdline = 0, *intptr, value, value2, n, port, oactive, r; - int ca_only = 0, found = 0; + char *str, ***chararrayptr, **charptr, *arg, *arg2, *ar...

This allows the localhost percent-style escapes in arguments to the Include directive. These are useful for including host-specific ssh configuration. --- readconf.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/readconf.c b/readconf.c index a2282b562df0..ad47d0e9730a 100644 --- a/readconf.c +++ b/readconf.c @@ -1030,7 +1030,8 @@

On Wed, 20 Feb 2019 at 23:54, Corinna Vinschen <vinschen at redhat.com> wrote: > The previous revert enabled case-insensitive user names again. This > patch implements the case-insensitive user and group name matching. > To allow Unicode chars, implement the matcher using wchar_t chars in > Cygwin-specific code. Keep the generic code changes as small as possible. > Cygwin:

Using these escapes, the include directive can be crafted to include differing, host-specific configuration. Ronan Pigott (2): Permit %L and %l percent escapes in ssh Include Permit %L and %l percent escapes in sshd Include readconf.c | 16 +++++++++++++--- servconf.c | 17 ++++++++++++++--- 2 files changed, 27 insertions(+), 6 deletions(-) base-commit:

Using these escapes, the include directive can be crafted to include differing, host-specific configuration. Ronan Pigott (2): Permit %L and %l percent escapes in Include Permit %L and %l percent escapes in server Include readconf.c | 16 +++++++++++++--- servconf.c | 21 ++++++++++++++++----- 2 files changed, 29 insertions(+), 8 deletions(-) base-commit:

...urn (i); + if (key == sensitive_data.host_pubkeys[i]) + return (i); } } return (-1); @@ -1344,6 +1371,9 @@ main(int ac, char **av) u_int64_t ibytes, obytes; mode_t new_umask; Key *key; + Key *pubkey; + char *pubkey_comment; + int have_agent, keytype; Authctxt *authctxt; struct connection_info *connection_info = get_connection_info(0, 0); @@ -1623,22 +1653,40 @@ main(int ac, char **av) } endpwent(); - /* load private host keys */ + /* load host keys */ sensitive_data.host_keys = xcalloc(options.num_host_key_files, sizeof(Key *)); - for (i = 0; i < options.num_host_key_...

Windows usernames are case-insensitive and almost any Unicode character is allowed in a username. The user should be able to login with her username given in any case and not be refused. However, this opens up a security problem in terms of the sshd_config Match rules. The match rules for user and group names have to operate case-insensitive as well, otherwise the user can override her settings

...+int cygwin_ug_match_pattern_list(const char *, const char *); #ifndef NO_BINARY_OPEN #define open binary_open diff --git a/servconf.c b/servconf.c index 4fa896fd4576..2365e15bca93 100644 --- a/servconf.c +++ b/servconf.c @@ -1049,11 +1049,7 @@ match_cfg_line(char **condition, int line, struct connection_info *ci) } if (ci->user == NULL) match_test_missing_fatal("User", "user"); -#ifndef HAVE_CYGWIN - if (match_pattern_list(ci->user, arg, 0) != 1) -#else - if (match_pattern_list(ci->user, arg, 1) != 1) -#endif + if (match_usergroup_pattern_list(ci->user...

https://bugzilla.mindrot.org/show_bug.cgi?id=3666 Bug ID: 3666 Summary: sshd crash Product: Portable OpenSSH Version: 8.2p1 Hardware: Other OS: Linux Status: NEW Severity: critical Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org Reporter:

Hello ! 1) I have this error logged by bdrb: undefined method `send_request'' for nil:NilClass framework/packet_master.rb:58:in `ask_worker'' backgroundrb/server/master_worker.rb:59:in `process_work'' backgroundrb/server/master_worker.rb:16:in `receive_data'' backgroundrb/framework/bin_parser.rb:29:in `call'' backgroundrb/framework/bin_parser.rb:29:in