search for: fatal_f

...ost."); } else xextendf(&msg1, "", "."); - fp = sshkey_fingerprint(host_key, options.fingerprint_hash, SSH_FP_DEFAULT); ra = sshkey_fingerprint(host_key, options.fingerprint_hash, SSH_FP_RANDOMART); if (fp == NULL || ra == NULL) fatal_f("sshkey_fingerprint failed"); + if (cert) { + cafp = sshkey_fingerprint(cert->cert->signature_key, + options.fingerprint_hash, SSH_FP_DEFAULT); + if (cafp == NULL) + fatal_f("sshkey_fingerprint failed"); + xextendf(&msg1, "\n", "%s...

...check: void mm_request_receive(int sock, struct sshbuf *m) { u_char buf[4], *p = NULL; u_int msg_len; int r; debug3_f("entering"); if (atomicio(read, sock, buf, sizeof(buf)) != sizeof(buf)) { if (errno == EPIPE) cleanup_exit(255); fatal_f("read: %s", strerror(errno)); } Questions: - Is this the expected exit point of `sshd -i` ? - If so, is there a reason to return a failure exit status? Thanks! Donald -- Donald Buczek buczek at molgen.mpg.de Tel: +49 30 8413 1433

...+ long long interval_ns, fuzz_ns; + + interval_ns = interval_ms * (1000LL * 1000); + fuzz_ns = (interval_ns * interval_fuzz_pct) / 100; + /* Center fuzz around requested interval */ + if (fuzz_ns > INT_MAX) + fuzz_ns = INT_MAX; + if (fuzz_ns > interval_ns) { + /* Shouldn't happen */ + fatal_f("internal error: fuzz %u%% %lldns > interval %lldns", + interval_fuzz_pct, fuzz_ns, interval_ns); + } + interval_ns -= fuzz_ns / 2; + interval_ns += arc4random_uniform(fuzz_ns); + + tmp.tv_sec = interval_ns / (1000 * 1000 * 1000); + tmp.tv_nsec = interval_ns % (1000 * 1000 * 1000)...

...ert(key) && sshkey_cert_check_authority_now(key, 1, 0, 0, lookup, &reason)) { - error("%s", reason); - auth_debug_add("%s", reason); + if ((fp = sshkey_fingerprint(key->cert->signature_key, + options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) + fatal_f("sshkey_fingerprint fail"); + error("Refusing certificate ID \"%s\" serial=%llu signed by " + "%s CA %s: %s", key->cert->key_id, key->cert->serial, + sshkey_type(key->cert->signature_key), fp, reason); + auth_debug_add("Refu...

From: "Marco Trevisan" <marco at ubuntu.com> This serie of patches have been already submitted via [1], but i'm sending them again to the ML, to see if they can get some more traction. The patches are already part of Ubuntu openssh since 24.04, and they basically allow proper immediate instruction reporting to clients using PAM (as per RFC4256). This follows the approach

On 4/5/25 15:01, Lars Nood?n wrote: > I notice that when using log level INFO it seems sshd(8) provides very > little information about failed SSH certificate log in attempts: > > Apr? 5 14:44:41 server sshd-session[51695]: error: Certificate invalid: > not yet valid > > Apr? 5 14:45:31 server sshd-session[88953]: error: Certificate invalid: > expired > >

... and I guess your next question will be about compilation environment, so: ``` $ gcc --version gcc (Gentoo 13.2.1_p20240210 p14) 13.2.1 20240210 Copyright (C) 2023 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. ``` I'm running on gentoo. I tested that the

...list(criteria, arg, 0) == 1; + if (r == (negate ? 1 : 0)) + this_result = result = 0; + } else if (strcasecmp(attrib, "remotecommand") == 0) { + if (rcommand != NULL && sshbuf_len(rcommand) > 0) { + if ((criteria = + sshbuf_dup_string(rcommand)) == NULL) + fatal_f("dup command failed"); + } else if (options->remote_command != NULL) + criteria = xstrdup(options->remote_command); + else + criteria = xstrdup("none"); + r = match_pattern_list(criteria, arg, 0) == 1; + if (r == (negate ? 1 : 0)) + this_result = result =...

...list(criteria, arg, 0) == 1; + if (r == (negate ? 1 : 0)) + this_result = result = 0; + } else if (strcasecmp(attrib, "remotecommand") == 0) { + if (rcommand != NULL && sshbuf_len(rcommand) > 0) { + if ((criteria = + sshbuf_dup_string(rcommand)) == NULL) + fatal_f("dup command failed"); + } else if (options->remote_command != NULL) + criteria = xstrdup(options->remote_command); + else + criteria = xstrdup("none"); + r = match_pattern_list(criteria, arg, 0) == 1; + if (r == (negate ? 1 : 0)) + this_result = result =...

Hey there, I often want different behavior in my ssh client depending on whether I'm logging into an interactive session or running a remote non-interactive command. We can see at, say, https://unix.stackexchange.com/a/499562/305714 that this isn't a unique wish, and existing solutions are kind of baroque. Typical reasons to do this are to immediately go into a screen or tmux session; for