search for: do_ssh2_kex

https://bugzilla.mindrot.org/show_bug.cgi?id=1582 Summary: memory leak in do_ssh2_kex() routine (sshd.c) Product: Portable OpenSSH Version: 5.2p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy:...

Hi guys Apparently, there is small memory leak in the do_ssh2_kex() routine in sshd.c. Line 2195 in sshd.c states: myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types(); Where list_hostkey_types() returns a pointer allocated by the xstrdup call (line 735). This pointer should be freed in the calling routine do_ssh2_key(). Should I make a patch for thi...

...f failure, continue with whatever algorithm would have been negotiated if mine was not selected. My strategy for graceful failure is to remove my KEX algorithm from myproposal[KEX_DEFAULT_KEX] and to initiate a new key exchange. My question is whether it is safe (and a good idea) to simply call do_ssh2_kex (server) / ssh2_kex (client) in order to do another exchange, and whether there are any negative consequences of doing so (e.g. security or reliability). Thanks! Georgi -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signa...

...test against HEAD. I _believe_ I have found a race condition in sshd. In the v2 protocol, after a connection, the accepting process forks in privsep_preauth(). The parent executes monitor_child_preauth() to allow certain privsep requests necessary for authentication. The unprivileged child runs do_ssh2_kex() followed by do_authentication2(). I am working on a new KEX algorithm whose primary feature is performance. It is fast enough that do_authentication2() runs _before_ the monitor has a chance to permit the necessary requests (MONITOR_REQ_PWNAM in particular), and therefore authentication fail...

...signed-bugs at mindrot.org ReportedBy: godji at 300penguins.org In the v2 protocol, after a connection, the accepting process forks in privsep_preauth(). The parent executes monitor_child_preauth() to allow certain privsep requests necessary for authentication. The unprivileged child runs do_ssh2_kex() followed by do_authentication2(). If KEX is fast enough, do_authentication2() runs before the monitor has a chance to permit the necessary requests (MONITOR_REQ_PWNAM in articular), and therefore authentication fails on the server with: monitor_read: unpermitted request 6 Damien Miller propo...

...auth_debug_reset(); - if (use_privsep) + if (use_privsep) { if (privsep_preauth(authctxt) == 1) goto authenticated; + } else if (compat20) + auth_conn = ssh_get_authentication_connection(); /* perform the key exchange */ /* authenticate user and start session */ if (compat20) { do_ssh2_kex(); do_authentication2(authctxt); + if (!use_privsep && auth_conn) { + ssh_close_authentication_connection(auth_conn); + auth_conn = NULL; + } } else { do_ssh1_kex(); do_authentication(authctxt); @@ -2336,6 +2390,23 @@ do_ssh1_kex(void) packet_write_wait(); } +static vo...

...exchange_identificationsock_in=6, sock_out=6 ?after sshd_exchange_identificationsock_in=6, sock_out=6 ?after packet_set_nonblocking in buffer_init ?after buffer_init ?before use_privsep=0',use_privsep before privsep_preauth in authctxt_new in buffer_init ?authenticate user and start session ?in do_ssh2_kex ?compat_cipher_proposal ?compat_cipher_proposal ?in list_hostkey_types in buffer_init in buffer_len ?in key_ssh_name ?in KEY_RSA in buffer_append in buffer_append_space in buffer_len in buffer_append in buffer_append_space ?in key_ssh_name ?in KEY_DSA in buffer_append in buffer_append_space in buff...

Hi, I'm having a problem with ssh-keygen on Solaris 8; upon running, it produces a bus error due to a function call in OpenSSL (RC4_set_key): [...] (gdb) where #0 0x3440c in RC4_set_key () #1 0x2b890 in arc4random_stir () at /merc/tools/src/openssh-2.3.0p1/bsd-arc4random.c:65 #2 0x23ca8 in main (ac=1, av=0xffbefb94) at /merc/tools/src/openssh-2.3.0p1/ssh-keygen.c:720 I get

...nssh.com,ecdsa-sha2-nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,ssh-ed25519-cert-v01 at openssh.com,ssh-rsa-cert-v01 at openssh.com,ssh-dss-cert-v0"..., dolower=dolower at entry=0) at match.c:156 #2 0x000055555556447c in list_hostkey_types () at sshd.c:794 #3 do_ssh2_kex () at sshd.c:2327 #4 0x00005555555622c1 in main (ac=<optimized out>, av=<optimized out>) at sshd.c:2181 Problem is in list_hostkey_types() which is not checking the return value of sshkey_ssh_name() (for RSA1 returns NULL). The openssh is build --with-ssh1 (to support SSH1 in clie...

...exchange_identificationsock_in=6, sock_out=6 after sshd_exchange_identificationsock_in=6, sock_out=6 after packet_set_nonblocking in buffer_init after buffer_init before use_privsep=0',use_privsep before privsep_preauth in authctxt_new in buffer_init authenticate user and start session in do_ssh2_kex compat_cipher_proposal compat_cipher_proposal in list_hostkey_types in buffer_init in buffer_len in key_ssh_name in KEY_RSA in buffer_append in buffer_append_space in buffer_len in buffer_append in buffer_append_space in key_ssh_name in KEY_DSA in buffer_append in buffer_append_space in buff...

...sshd.c =================================================================== RCS file: /var/cvs/openssh/sshd.c,v retrieving revision 1.448 retrieving revision 1.453 diff -u -p -r1.448 -r1.453 --- sshd.c 26 Feb 2014 23:20:08 -0000 1.448 +++ sshd.c 20 Apr 2014 03:28:41 -0000 1.453 @@ -2462,6 +2438,9 @@ do_ssh2_kex(void) if (options.kex_algorithms != NULL) myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms; + myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal( + myproposal[PROPOSAL_KEX_ALGS]); + if (options.rekey_limit || options.rekey_interval) packet_set_rekey_limits((u_int32_t)options....

Hi, sifting through my system's logs, I noticed many break-in attempts by rogue ssh clients trying long lists of common passwords. For some time now I pondered different approaches to counter these, but could not come up with a solution that really satisfied me. I finally reached the conclusion that any countermeasures required support in sshd itself, and created the attached patch. If

...A256] = kexc25519_client; kex->client_version_string=client_version_string; kex->server_version_string=server_version_string; kex->verify_host_key=&verify_host_key_callback; diff --git a/sshd.c b/sshd.c index 174cc7a..56f75d9 100644 --- a/sshd.c +++ b/sshd.c @@ -2446,6 +2446,7 @@ do_ssh2_kex(void) kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; kex->kex[KEX_ECDH_SHA2] = kexecdh_server; + kex->kex[KEX_C25519_SHA256] = kexc25519_server; kex->server = 1; kex->client_version_string=client_version_string; kex->server_v...

If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |

In sshconnect.c there are two global variables for server_version_string client_version_string. These are used just in a few functions and can easily be passed as parameters. Also, there is a strange construct, where their memory is allocated to the global pointers, then copies of these pointers are assigned to the kex structure. The kex_free finally frees them via cleanup of the kex