search for: demote_sensitive_data

...-------- next part -------------- Index: sshd.c =================================================================== RCS file: /cvs/openssh/sshd.c,v retrieving revision 1.200 diff -u -r1.200 sshd.c --- sshd.c 2 Apr 2002 20:48:20 -0000 1.200 +++ sshd.c 18 Apr 2002 13:36:04 -0000 @@ -536,7 +536,7 @@ demote_sensitive_data(); if ((pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) - fatal("%s: no user", SSH_PRIVSEP_USER); + fatal("no user: %s", SSH_PRIVSEP_USER); memset(pw->pw_passwd, 0, strlen(pw->pw_passwd)); endpwent();

Hi, A question regarding chroot, internal-sftp, and time zones: Is it possible to get the time stamps presented by the chrooted internal-sftp to always be aligned with the system global time zone setting? What is the reason this not done by default, that is couldn't the chrooted internal-sftp inherit the time zone information from the SSH daemon? /John -- John Olsson Ericsson AB

...3 03:46:57 -0000 1.252 +++ sshd.c 5 Jul 2003 01:57:47 -0000 @@ -201,6 +201,9 @@ int use_privsep; struct monitor *pmonitor; +/* message to be displayed after login */ +Buffer loginmsg; + /* Prototypes for various functions defined later in this file. */ void destroy_sensitive_data(void); void demote_sensitive_data(void); @@ -1500,6 +1503,9 @@ #endif /* AFS */ packet_set_nonblocking(); + + /* prepare buffers to collect authentication messages */ + buffer_init(&loginmsg); if (use_privsep) if ((authctxt = privsep_preauth()) != NULL) Index: openbsd-compat/port-aix.c =======================...

...nal handler */ +#ifdef USE_PRIVSEP if (use_privsep && pmonitor != NULL && pmonitor->m_pid > 0) kill(pmonitor->m_pid, SIGALRM); - +#endif /* Log error and exit. */ fatal("Timeout before authentication for %s", get_remote_ipaddr()); } @@ -536,6 +539,7 @@ demote_sensitive_data(void) /* We do not clear ssh1_host key and cookie. XXX - Okay Niels? */ } +#ifdef USE_PRIVSEP static void privsep_preauth_child(void) { @@ -678,6 +682,7 @@ privsep_postauth(Authctxt *authctxt) */ packet_set_authenticated(); } +#endif /* USE_PRIVSEP */ static char * list_hostkey_t...

Hi, Is there any way to store HostKey in hardware (and delegate the related processing)? I have been using Roumen Petrov's x509 patch for clients, which works via an OpenSSL engine, but it does not seem to support server HostKey: http://roumenpetrov.info/pipermail/ssh_x509_roumenpetrov.info/2012q4/000019.html For PKCS#11, I have found an email on this list from a year back suggesting this

...monitor->m_recvfd); buffer_clear(&loginmsg); monitor_child_postauth(pmonitor); @@ -693,7 +693,10 @@ privsep_postauth(Authctxt *authctxt) exit(0); } + /* child */ + close(pmonitor->m_sendfd); + pmonitor->m_sendfd = -1; /* Demote the private keys to public keys. */ demote_sensitive_data();

Hi, I am happy to (re)send a set of patches for compiling OpenSSH 4.7p1 with FIPS 140-2 OpenSSL. These are based on previously reported patches by Steve Marquess <marquess at ieee.org> and Ben Laurie <ben at algroup.co.uk>, for ver. OpenSSH 3.8. Note that these patches are NOT OFFICIAL, and MAY be used freely by anyone. Issues [partially] handled: SSL FIPS Self test. RC4,