search for: do_ssh2_kex

Displaying 15 results from an estimated 15 matches for "do_ssh2_kex".

2009 Apr 01
3
[Bug 1582] New: memory leak in do_ssh2_kex() routine (sshd.c)
https://bugzilla.mindrot.org/show_bug.cgi?id=1582 Summary: memory leak in do_ssh2_kex() routine (sshd.c) Product: Portable OpenSSH Version: 5.2p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy:...
2009 Mar 31
2
Memory leak in do_ssh2_kex()
Hi guys Apparently, there is small memory leak in the do_ssh2_kex() routine in sshd.c. Line 2195 in sshd.c states: myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types(); Where list_hostkey_types() returns a pointer allocated by the xstrdup call (line 735). This pointer should be freed in the calling routine do_ssh2_key(). Should I make a patch for thi...
2008 Jun 28
1
KEX graceful failure
...f failure, continue with whatever algorithm would have been negotiated if mine was not selected. My strategy for graceful failure is to remove my KEX algorithm from myproposal[KEX_DEFAULT_KEX] and to initiate a new key exchange. My question is whether it is safe (and a good idea) to simply call do_ssh2_kex (server) / ssh2_kex (client) in order to do another exchange, and whether there are any negative consequences of doing so (e.g. security or reliability). Thanks! Georgi -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signa...
2008 Jul 10
1
Race condition in sshd
...test against HEAD. I _believe_ I have found a race condition in sshd. In the v2 protocol, after a connection, the accepting process forks in privsep_preauth(). The parent executes monitor_child_preauth() to allow certain privsep requests necessary for authentication. The unprivileged child runs do_ssh2_kex() followed by do_authentication2(). I am working on a new KEX algorithm whose primary feature is performance. It is fast enough that do_authentication2() runs _before_ the monitor has a chance to permit the necessary requests (MONITOR_REQ_PWNAM in particular), and therefore authentication fail...
2008 Jul 12
2
[Bug 1487] New: Race condition between monitor and unprivileged child in sshd
...signed-bugs at mindrot.org ReportedBy: godji at 300penguins.org In the v2 protocol, after a connection, the accepting process forks in privsep_preauth(). The parent executes monitor_child_preauth() to allow certain privsep requests necessary for authentication. The unprivileged child runs do_ssh2_kex() followed by do_authentication2(). If KEX is fast enough, do_authentication2() runs before the monitor has a chance to permit the necessary requests (MONITOR_REQ_PWNAM in articular), and therefore authentication fails on the server with: monitor_read: unpermitted request 6 Damien Miller propo...
2013 Jun 25
1
RFC: encrypted hostkeys patch
...auth_debug_reset(); - if (use_privsep) + if (use_privsep) { if (privsep_preauth(authctxt) == 1) goto authenticated; + } else if (compat20) + auth_conn = ssh_get_authentication_connection(); /* perform the key exchange */ /* authenticate user and start session */ if (compat20) { do_ssh2_kex(); do_authentication2(authctxt); + if (!use_privsep && auth_conn) { + ssh_close_authentication_connection(auth_conn); + auth_conn = NULL; + } } else { do_ssh1_kex(); do_authentication(authctxt); @@ -2336,6 +2390,23 @@ do_ssh1_kex(void) packet_write_wait(); } +static vo...
2008 Sep 15
0
No subject
...exchange_identificationsock_in=6, sock_out=6 ?after sshd_exchange_identificationsock_in=6, sock_out=6 ?after packet_set_nonblocking in buffer_init ?after buffer_init ?before use_privsep=0',use_privsep before privsep_preauth in authctxt_new in buffer_init ?authenticate user and start session ?in do_ssh2_kex ?compat_cipher_proposal ?compat_cipher_proposal ?in list_hostkey_types in buffer_init in buffer_len ?in key_ssh_name ?in KEY_RSA in buffer_append in buffer_append_space in buffer_len in buffer_append in buffer_append_space ?in key_ssh_name ?in KEY_DSA in buffer_append in buffer_append_space in buff...
2001 Feb 08
2
OpenSSH 2.3.0p4/2.2.0p1, Solaris 8, ssh-keygen bus error
Hi, I'm having a problem with ssh-keygen on Solaris 8; upon running, it produces a bus error due to a function call in OpenSSL (RC4_set_key): [...] (gdb) where #0 0x3440c in RC4_set_key () #1 0x2b890 in arc4random_stir () at /merc/tools/src/openssh-2.3.0p1/bsd-arc4random.c:65 #2 0x23ca8 in main (ac=1, av=0xffbefb94) at /merc/tools/src/openssh-2.3.0p1/ssh-keygen.c:720 I get
2017 Mar 01
7
[Bug 2686] New: SSHD segfaults when trying to load RSA1 host keys
...nssh.com,ecdsa-sha2-nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,ssh-ed25519-cert-v01 at openssh.com,ssh-rsa-cert-v01 at openssh.com,ssh-dss-cert-v0"..., dolower=dolower at entry=0) at match.c:156 #2 0x000055555556447c in list_hostkey_types () at sshd.c:794 #3 do_ssh2_kex () at sshd.c:2327 #4 0x00005555555622c1 in main (ac=<optimized out>, av=<optimized out>) at sshd.c:2181 Problem is in list_hostkey_types() which is not checking the return value of sshkey_ssh_name() (for RSA1 returns NULL). The openssh is build --with-ssh1 (to support SSH1 in clie...
2008 Sep 18
2
SSHD_PROBLEM
...exchange_identificationsock_in=6, sock_out=6 after sshd_exchange_identificationsock_in=6, sock_out=6 after packet_set_nonblocking in buffer_init after buffer_init before use_privsep=0',use_privsep before privsep_preauth in authctxt_new in buffer_init authenticate user and start session in do_ssh2_kex compat_cipher_proposal compat_cipher_proposal in list_hostkey_types in buffer_init in buffer_len in key_ssh_name in KEY_RSA in buffer_append in buffer_append_space in buffer_len in buffer_append in buffer_append_space in key_ssh_name in KEY_DSA in buffer_append in buffer_append_space in buff...
2014 Apr 20
2
bad bignum encoding for curve25519-sha256@libssh.org
...sshd.c =================================================================== RCS file: /var/cvs/openssh/sshd.c,v retrieving revision 1.448 retrieving revision 1.453 diff -u -p -r1.448 -r1.453 --- sshd.c 26 Feb 2014 23:20:08 -0000 1.448 +++ sshd.c 20 Apr 2014 03:28:41 -0000 1.453 @@ -2462,6 +2438,9 @@ do_ssh2_kex(void) if (options.kex_algorithms != NULL) myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms; + myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal( + myproposal[PROPOSAL_KEX_ALGS]); + if (options.rekey_limit || options.rekey_interval) packet_set_rekey_limits((u_int32_t)options....
2020 Mar 11
6
[PATCH 0/1] *** SUBJECT HERE ***
Hi, sifting through my system's logs, I noticed many break-in attempts by rogue ssh clients trying long lists of common passwords. For some time now I pondered different approaches to counter these, but could not come up with a solution that really satisfied me. I finally reached the conclusion that any countermeasures required support in sshd itself, and created the attached patch. If
2013 Sep 24
9
[PATCH] curve25519-sha256@libssh.org key exchange proposal
...A256] = kexc25519_client; kex->client_version_string=client_version_string; kex->server_version_string=server_version_string; kex->verify_host_key=&verify_host_key_callback; diff --git a/sshd.c b/sshd.c index 174cc7a..56f75d9 100644 --- a/sshd.c +++ b/sshd.c @@ -2446,6 +2446,7 @@ do_ssh2_kex(void) kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; kex->kex[KEX_ECDH_SHA2] = kexecdh_server; + kex->kex[KEX_C25519_SHA256] = kexc25519_server; kex->server = 1; kex->client_version_string=client_version_string; kex->server_v...
2014 Jul 15
3
GSSAPI
If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |
2018 Dec 10
2
[PATCH] cleanup of global variables server/client_version_string in sshconnect.c
In sshconnect.c there are two global variables for server_version_string client_version_string. These are used just in a few functions and can easily be passed as parameters. Also, there is a strange construct, where their memory is allocated to the global pointers, then copies of these pointers are assigned to the kex structure. The kex_free finally frees them via cleanup of the kex