Displaying 7 results from an estimated 7 matches for "demote_sensitive_data".
2002 Apr 18
3
privsep no user fatal message
...-------- next part --------------
Index: sshd.c
===================================================================
RCS file: /cvs/openssh/sshd.c,v
retrieving revision 1.200
diff -u -r1.200 sshd.c
--- sshd.c 2 Apr 2002 20:48:20 -0000 1.200
+++ sshd.c 18 Apr 2002 13:36:04 -0000
@@ -536,7 +536,7 @@
demote_sensitive_data();
if ((pw = getpwnam(SSH_PRIVSEP_USER)) == NULL)
- fatal("%s: no user", SSH_PRIVSEP_USER);
+ fatal("no user: %s", SSH_PRIVSEP_USER);
memset(pw->pw_passwd, 0, strlen(pw->pw_passwd));
endpwent();
2013 Mar 13
2
Time zone for chrooted internal-sftp?
Hi,
A question regarding chroot, internal-sftp, and time zones: Is it possible to get the time stamps presented by the chrooted internal-sftp to always be aligned with the system global time zone setting?
What is the reason this not done by default, that is couldn't the chrooted internal-sftp inherit the time zone information from the SSH daemon?
/John
--
John Olsson
Ericsson AB
2003 Jul 05
0
[PATCH] Replace AIX loginmsg with generic Buffer loginmsg
...3 03:46:57 -0000 1.252
+++ sshd.c 5 Jul 2003 01:57:47 -0000
@@ -201,6 +201,9 @@
int use_privsep;
struct monitor *pmonitor;
+/* message to be displayed after login */
+Buffer loginmsg;
+
/* Prototypes for various functions defined later in this file. */
void destroy_sensitive_data(void);
void demote_sensitive_data(void);
@@ -1500,6 +1503,9 @@
#endif /* AFS */
packet_set_nonblocking();
+
+ /* prepare buffers to collect authentication messages */
+ buffer_init(&loginmsg);
if (use_privsep)
if ((authctxt = privsep_preauth()) != NULL)
Index: openbsd-compat/port-aix.c
=======================...
2006 Jan 08
3
Allow --without-privsep build.
...nal handler */
+#ifdef USE_PRIVSEP
if (use_privsep && pmonitor != NULL && pmonitor->m_pid > 0)
kill(pmonitor->m_pid, SIGALRM);
-
+#endif
/* Log error and exit. */
fatal("Timeout before authentication for %s", get_remote_ipaddr());
}
@@ -536,6 +539,7 @@ demote_sensitive_data(void)
/* We do not clear ssh1_host key and cookie. XXX - Okay Niels? */
}
+#ifdef USE_PRIVSEP
static void
privsep_preauth_child(void)
{
@@ -678,6 +682,7 @@ privsep_postauth(Authctxt *authctxt)
*/
packet_set_authenticated();
}
+#endif /* USE_PRIVSEP */
static char *
list_hostkey_t...
2012 Nov 21
1
HostKey in hardware?
Hi,
Is there any way to store HostKey in hardware (and delegate the related
processing)?
I have been using Roumen Petrov's x509 patch for clients, which works via an
OpenSSL engine, but it does not seem to support server HostKey:
http://roumenpetrov.info/pipermail/ssh_x509_roumenpetrov.info/2012q4/000019.html
For PKCS#11, I have found an email on this list from a year back suggesting
this
2011 Jun 02
2
preauth privsep logging via monitor
...monitor->m_recvfd);
buffer_clear(&loginmsg);
monitor_child_postauth(pmonitor);
@@ -693,7 +693,10 @@ privsep_postauth(Authctxt *authctxt)
exit(0);
}
+ /* child */
+
close(pmonitor->m_sendfd);
+ pmonitor->m_sendfd = -1;
/* Demote the private keys to public keys. */
demote_sensitive_data();
2008 Apr 21
3
FIPS 140-2 OpenSSL(2007) patches
Hi,
I am happy to (re)send a set of patches for compiling OpenSSH 4.7p1 with
FIPS 140-2 OpenSSL.
These are based on previously reported patches by Steve Marquess
<marquess at ieee.org> and Ben Laurie <ben at algroup.co.uk>,
for ver. OpenSSH 3.8.
Note that these patches are NOT OFFICIAL, and MAY be used freely by
anyone.
Issues [partially] handled:
SSL FIPS Self test.
RC4,