search for: hostbased_key_allowed

Even with option "HostbasedUsesNameFromPacketOnly yes", the trailing dot in chost should be stripped before auth_rhosts2() is called from hostbased_key_allowed(). Hans Werner Strube strube at physik3.gwdg.de Drittes Physikalisches Institut, Univ. Goettingen Buergerstr. 42-44, D-37073 Goettingen, Germany Suggested change: *** auth2.c.ORI Wed Apr 25 14:44:15 2001 --- auth2.c Fri Sep 28 10:27:34 2001 *************** *** 801,815 **** deb...

According to the manpage: UseDNS Specifies whether sshd should look up the remote host name and check that the resolved host name for the remote IP address maps back to the very same IP address. The default is ``yes''. Thing is, while sshd *checks*, this doesn't actually control whether or not the client is allowed to connect, it seems at most to be an option that causes

..._answer_keyallowed(int sock, Buffer *m case MM_USERKEY: allowed = options.pubkey_authentication && user_key_allowed(authctxt->pw, key); + auth_method = "publickey"; break; case MM_HOSTKEY: allowed = options.hostbased_authentication && hostbased_key_allowed(authctxt->pw, cuser, chost, key); + auth_method = "hostbased"; break; case MM_RSAHOSTKEY: key->type = KEY_RSA1; /* XXX */ allowed = options.rhosts_rsa_authentication && auth_rhosts_rsa_key_allowed(authctxt->pw, cuser, chost, key);...

..._0_2p1_w_named_keys.1(w)/auth2.c Thu, 24 Jan 2002 10:52:24 -0500 @@ -76,7 +76,7 @@ /* helper */ static Authmethod *authmethod_lookup(const char *); static char *authmethods_get(void); -static int user_key_allowed(struct passwd *, Key *); +int user_key_allowed(struct passwd *, Key *); static int hostbased_key_allowed(struct passwd *, const char *, char *, Key *); /* auth */ @@ -476,7 +476,7 @@ buffer_dump(&b); #endif /* test for correct signature */ - if (user_key_allowed(authctxt->pw, key) && + if (user_key_allowed(authctxt->pw, key) > 0 && key_verify(key, s...

I looked around for a while, but couldn't find any code for requiring multiple authentication mechanisms in openssh. So I wrote an implemention. I thought at first I should change the PasswordAuthentication, PubkeyAuthentication, etc. keywords to allow no/yes/required. But there's some funky stuff in auth2.c with respect to keyboard interactive auth that would make this kind of

...-mods/auth2.c Thu May 9 12:19:55 2002 @@ -75,7 +75,7 @@ /* helper */ static Authmethod *authmethod_lookup(const char *); static char *authmethods_get(void); - -static int user_key_allowed(struct passwd *, Key *); +static int user_key_allowed(struct passwd *, Key *, char *realname); static int hostbased_key_allowed(struct passwd *, const char *, char *, Key *); /* auth */ @@ -105,6 +105,28 @@ {NULL, NULL, NULL} }; +/* VIX + * this piece is my attempt to pass the value of realname from userauth_pubkey + * to server_input_channel_req but i have no idea what is really happening + * the value gets pa...

...============================== RCS file: /cvs/src/usr.bin/ssh/auth.h,v retrieving revision 1.58 diff -u -r1.58 auth.h --- auth.h 18 Aug 2006 09:15:20 -0000 1.58 +++ auth.h 15 Nov 2006 14:14:32 -0000 @@ -115,6 +115,7 @@ int auth_rhosts_rsa_key_allowed(struct passwd *, char *, char *, Key *); int hostbased_key_allowed(struct passwd *, const char *, char *, Key *); int user_key_allowed(struct passwd *, Key *); +int user_cert_key_allowed(struct passwd *, Key *); #ifdef KRB5 int auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client, krb5_data *); Index: auth2.c ========================================...