Displaying 20 results from an estimated 24 matches for "host_key_files".
2019 Aug 06
2
[PATCH v2] Remove sshkey_load_private()
...explicit_bzero(passphrase, strlen(passphrase));
free(passphrase);
fatal("Cannot load private key \"%s\": %s.",
diff --git a/sshd.c b/sshd.c
index 11571c01011..cea85de2404 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1719,8 +1719,9 @@ main(int ac, char **av)
if (options.host_key_files[i] == NULL)
continue;
- if ((r = sshkey_load_private(options.host_key_files[i], "",
- &key, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR)
+ if ((r = sshkey_load_private_type(KEY_UNSPEC,
+ options.host_key_files[i], "", &key, NULL)) != 0 &&
+ r...
2012 Nov 21
1
HostKey in hardware?
Hi,
Is there any way to store HostKey in hardware (and delegate the related
processing)?
I have been using Roumen Petrov's x509 patch for clients, which works via an
OpenSSL engine, but it does not seem to support server HostKey:
http://roumenpetrov.info/pipermail/ssh_x509_roumenpetrov.info/2012q4/000019.html
For PKCS#11, I have found an email on this list from a year back suggesting
this
2000 Dec 22
0
patch to specify DSA host key on command line
--- openssh-2.3.0p1/sshd.c Sat Oct 14 01:23:13 2000
+++ openssh-2.3.0p1.new/sshd.c Tue Dec 19 11:26:51 2000
@@ -506,7 +506,7 @@
initialize_server_options(&options);
/* Parse command-line arguments. */
- while ((opt = getopt(ac, av, "f:p:b:k:h:g:V:u:diqQ46")) != EOF) {
+ while ((opt = getopt(ac, av, "f:p:b:k:h:H:g:V:u:diqQ46")) != EOF) {
2007 Jan 08
0
How to remove group1 and group14 from OpenSSH..
...x_server;
kex->server = 1;
CHANGE TO
kex->we_need = buffer_get_int(m);
kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
kex->server = 1;
TO REMOVE DSA HOST KEY
IN servconf.c
if (options->protocol & SSH_PROTO_2) {
options->host_key_files[options->num_host_key_files++] =
_PATH_HOST_RSA_KEY_FILE;
options->host_key_files[options->num_host_key_files++] =
_PATH_HOST_DSA_KEY_FILE;
}
CHANGE TO
if (options->protocol & SSH_PROTO_2) {
options->host_key_files[options->num_host_key_files++] =
_PATH_HOST_RSA_KE...
2020 Apr 26
5
[Bug 3155] New: openssh support hostkey encrypt
...Status: NEW
Severity: security
Priority: P5
Component: ssh-keygen
Assignee: unassigned-bugs at mindrot.org
Reporter: kircherlike at outlook.com
We noticed that the sshd.c file contained such a code snippet:
...
for (i = 0; i < options.num_host_key_files; i++) {
int ll = options.host_key_file_userprovided[i] ?
SYSLOG_LEVEL_ERROR : SYSLOG_LEVEL_DEBUG1;
if (options.host_key_files[i] == NULL)
continue;
if ((r = sshkey_load_private(options.host_key_files[i],
&q...
2012 Jan 28
1
PATCH: Support for encrypted host keys
...the rexec child, but I decided I thought it was slightly nicer to decrypt the key once and pass it along rather than redoing it every time. I can send the previous version if that would be preferred though -- this key-passing version does have some resulting ugliness in its handling of options.num_host_key_files, as described in a comment in the patch.
Thanks,
Zev Weiss
--
Makefile.in | 2 +-
buffer.h | 5 ++
bufkey.c | 132 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
sshd.c | 141 ++++++++++++++++++++++++++++++++++++++++++++++++-----------
4 files changed, 253 insertions...
2013 Jun 25
1
RFC: encrypted hostkeys patch
...f (authctxt->pw->pw_uid == 0 || options.use_login) {
+ if (authctxt->pw->pw_uid == 0 || options.use_login)
#endif
+ {
/* File descriptor passing is broken or root login */
use_privsep = 0;
goto skip;
@@ -767,6 +780,8 @@ list_hostkey_types(void)
for (i = 0; i < options.num_host_key_files; i++) {
key = sensitive_data.host_keys[i];
if (key == NULL)
+ key = sensitive_data.host_pubkeys[i];
+ if (key == NULL)
continue;
switch (key->type) {
case KEY_RSA:
@@ -819,6 +834,8 @@ get_hostkey_by_type(int type, int need_private)
break;
default:
key = sensitive_da...
2008 May 07
2
Request for generic engine support
...lt_algorithms = ALL
# Load and initialize the engine
init = 1
----------------------------------
===========================================
Add to 'struct ServerOptions' in servconf.h:
--------------------------------------------
50a68,71
> int engineindex; /*engine index in host_key_files */
> char *engconffile; /*engine config information */
> char *engconfstanza; /* engine config stanza */
>
--------------------------------------------
===================
Add to servconf.c:
--------------------------------------------
74a67,69
> options->engin...
2008 Sep 15
0
No subject
...og init
after log init
before seed_rng
after seed_rng
before read_server_config
after read_server_config
?before fill_default_server_options
after fill_default_server_options
sshd version OpenSSH_3.7.1p2
before lodaing private keys
?after lodaing private keys
?after lodaing private keys
options.host_key_files[i]=/etc/ssh/ssh_host_rsa_key
?in key_load_private
?before key_load_public_rsa1
in buffer_init
in buffer_append_space
in buffer_get
leaving from buffer_get
in buffer_free
?before key_load_private_pem
?returning from key_load_private
?after key_load_private
private host key: #0 type 1 RSA
options.hos...
2008 Sep 18
2
SSHD_PROBLEM
...og init
after log init
before seed_rng
after seed_rng
before read_server_config
after read_server_config
before fill_default_server_options
after fill_default_server_options
sshd version OpenSSH_3.7.1p2
before lodaing private keys
after lodaing private keys
after lodaing private keys
options.host_key_files[i]=/etc/ssh/ssh_host_rsa_key
in key_load_private
before key_load_public_rsa1
in buffer_init
in buffer_append_space
in buffer_get
leaving from buffer_get
in buffer_free
before key_load_private_pem
returning from key_load_private
after key_load_private
private host key: #0 type 1 RSA
options.hos...
2018 Jun 08
3
vanilla build of 7.7p1 release on linux/4.17 fails with gcc8 @ "/usr/bin/ld: unrecognized option '-Wl,-z,retpolineplt'"
One difference I notice is that in your failing example you are
invoking /usr/bin/ld directly to link:
/usr/bin/ld -o ssh ssh.o readconf.o clientloop.o
sshtty.o sshconnect.o sshconnect2.o mux.o -L. -Lopenbsd-compat/
-Wl,-z,retpolineplt -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack
-fstack-protector-strong -pie -lssh -lopenbsd-compat -lutil -lz
-lcrypt -lresolv
whereas my example is
2003 Nov 27
2
Question about adding another parameter for OpenSSH
...NULL,
+ options.group_private_key);
quit = 0;
} else {
debug2("no passphrase given, try next key");
--- sshd.c.orig Thu Nov 27 16:33:07 2003
+++ sshd.c Thu Nov 27 16:35:19 2003
@@ -966,7 +966,7 @@
sensitive_data.have_ssh2_key = 0;
for (i = 0; i < options.num_host_key_files; i++) {
- key = key_load_private(options.host_key_files[i], "", NULL);
+ key = key_load_private(options.host_key_files[i], "", NULL, 0);
sensitive_data.host_keys[i] = key;
if (key == NULL) {
error("Could not load host key: %s",
--- ssh-add.c.orig Thu Nov 27...
2005 Feb 24
3
Suggestion: SSHD pseudo/fake mode. Source available.
Hi,
SSH brute force attacks seem to enjoy increasing popularity. Call me an
optimist or a misrouted kind of contributer to the community, but on our
company server I actually go through the logs and report extreme cases
to the providers of the originating IP's. With the increasing number of
these attacks, however, I have now decided that it's better to move the
SSHd to a different
2000 Dec 22
1
bug in sshd.d (destroy_sensitive_data core dumps)
...=========================
RCS file: /cvs/openssh_cvs/sshd.c,v
retrieving revision 1.101
diff -u -r1.101 sshd.c
--- sshd.c 2000/12/15 23:31:01 1.101
+++ sshd.c 2000/12/22 14:56:29
@@ -702,6 +706,7 @@
if (key == NULL) {
error("Could not load host key: %.200s: %.100s",
options.host_key_files[i], strerror(errno));
+ sensitive_data.host_keys[i] = NULL;
continue;
}
switch(key->type){
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert...
2011 Mar 02
0
sshd doesn't accept -c option
Hi,
I was testing host key signing when I came across problem with adding
certificates using command line.
Running
/usr/sbin/sshd -c certfile
returns
sshd: illegal option -- c
OpenSSH_5.8p1-hpn13v10, OpenSSL 1.0.0d 8 Feb 2011
usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-c host_cert_file]
[-f config_file] [-g login_grace_time] [-h host_key_file]
[-k
2015 Jan 30
5
[Bug 2346] New: sshd -T doesn't write all configuration options in valid format
https://bugzilla.mindrot.org/show_bug.cgi?id=2346
Bug ID: 2346
Summary: sshd -T doesn't write all configuration options in
valid format
Product: Portable OpenSSH
Version: 6.7p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component:
2020 Apr 25
2
[PATCH 1/3] Add private key protection information extraction to ssh-keygen
...? ???? passphrase, &private, &comment, NULL))) {
??? ??? ?case 0:
??? ??? ??? ?break;
??? ??? ?case SSH_ERR_KEY_WRONG_PASSPHRASE:
diff --git a/sshd.c b/sshd.c
index 6f8f11a3bdac..42c19089a225 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1789,7 +1789,7 @@ main(int ac, char **av)
??? ??? ?if (options.host_key_files[i] == NULL)
??? ??? ??? ?continue;
??? ??? ?if ((r = sshkey_load_private(options.host_key_files[i], "",
-?? ??? ???? &key, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR)
+?? ??? ???? &key, NULL, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR)
??? ??? ??? ?do_log2(ll, "Un...
2001 Nov 12
4
Please test -current
Could people please test -current? We will be making a release fairly
soon.
-d
--
| By convention there is color, \\ Damien Miller <djm at mindrot.org>
| By convention sweetness, By convention bitterness, \\ www.mindrot.org
| But in reality there are atoms and space - Democritus (c. 400 BCE)
2005 Apr 16
3
Problem with openssh-4.0p1 and tcp wrappers on RH7.2(Scyld)
I have tried to update openssh-3.1p1 of our system that uses RH7.2 (Scyld).
I is pretty much a standard Redhat 7.2 install with openssl-0.9.6b,
zlib-1.1.4 etc.
I have gotten openssh to work after some initial issues, but I still
have not been able to get openssh/sshd to work with tcp-wrappers.
I have in hosts.deny
ALL: ALL:
and in hosts.allow
ALL: localhost, 127.0.0.1, 192.168.1.
and still I
2002 Dec 18
2
patch for openssh3.5p1 - adds logging option
...el log_level_number(char *);
diff -urN openssh-3.5p1-orig/servconf.c openssh-3.5p1/servconf.c
--- openssh-3.5p1-orig/servconf.c 2002-12-18 10:10:13.000000000 -0500
+++ openssh-3.5p1/servconf.c 2002-12-18 10:20:33.000000000 -0500
@@ -64,6 +64,7 @@
options->listen_addrs = NULL;
options->num_host_key_files = 0;
options->pid_file = NULL;
+ options->log_file = NULL;
options->server_key_bits = -1;
options->login_grace_time = -1;
options->key_regeneration_time = -1;
@@ -302,6 +303,7 @@
sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
sClientAliveCountMax, sAuthorizedKeys...