search for: identity_files

Remove sshkey_load_private(), as this function's role is similar to sshkey_load_private_type(). --- Dependency: This change depends over recently merged change in openbsd: https://github.com/openbsd/src/commit/b0c328c8f066f6689874bef7f338179145ce58d0 Change log: v1->v2 - Remove declaration of sshkey_load_private() in authfile.h authfile.c | 38

...ration files. See readconf.h. + */ +Options options; +uid_t original_real_uid; + static void ask_filename(struct passwd *pw, const char *prompt) { @@ -103,7 +113,28 @@ break; } - snprintf(identity_file, sizeof(identity_file), "%s/%s", pw->pw_dir, name); + + if(options.num_identity_files > 0) { + char *file=NULL; + char *p=strrchr(name,'/'); + if(p) file = p+1; + + name = tilde_expand_filename(options.identity_files[0], + original_real_uid); + name = expand_filename(name,pw); + p=strrchr(name,'/'); + if(p) *p=0; + + if(file &&am...

https://bugzilla.mindrot.org/show_bug.cgi?id=2700 Bug ID: 2700 Summary: Missing PEM identity_file should be a fatal error Product: Portable OpenSSH Version: 7.2p2 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs

Add private key protection information extraction to shh-keygen using -v option on top of -y option which is already parsing the private key. Technically, the passphrase isn't necessary to do this, but it is the most logical thing to do for me. Adding this to -l option is not appropriate because fingerprinting is using the .pub file when available. An other idea is to add a new option, I

...nd should not be set by default */ /* options->user will be set in the main program if appropriate */ /* options->hostname will be set in the main program if appropriate */ --- readconf.h.orig Thu Nov 27 15:19:30 2003 +++ readconf.h Thu Nov 27 15:20:11 2003 @@ -87,6 +87,7 @@ int num_identity_files; /* Number of files for RSA/DSA identities. */ char *identity_files[SSH_MAX_IDENTITY_FILES]; Key *identity_keys[SSH_MAX_IDENTITY_FILES]; + int group_private_key; /* Local TCP/IP forward requests. */ int num_local_forwards; --- ssh.c.orig Thu Nov 27 16:31:08 2003 +++ ssh.c Thu Nov...

...) { @@ -330,12 +331,24 @@ case 'i': if (stat(optarg, &st) < 0) { - fprintf(stderr, "Warning: Identity file %s does not exist.\n", + fprintf(stderr, "Warning: RSA identity file %s does not exist.\n", optarg); break; } if (options.num_identity_files >= SSH_MAX_IDENTITY_FILES) - fatal("Too many identity files specified (max %d)", + fatal("Too many RSA identity files specified (max %d)", SSH_MAX_IDENTITY_FILES); options.identity_files[options.num_identity_files++] = + xstrdup(optarg); + break; +...

Hi, I needed to convert a public RSA key to autorized_keys format and found ssh-keygen lacking this feature. I made the option -Q publicfile to allow an conversion like ssh-keygen -Q pubrsa.pem -y The patch is produced using unified diff and made on latest release. If you like it and can make a patch for the man-page also! Regards, /Lars -------------- next part -------------- diff -u

Hi, I don't see any way to view the details of a certificate once it is generated. Having such a capability would be very handy for debugging purposes to check what constraints, principals, and validity interval are associated with a given cert. -- Iain Morgan

Hi, tmux author refuses to add -h, --help option, because OpenSSH does not have it [1]. I don't see why convenience features of tmux should depend on OpenSSH, but because I have no other choice (and got curious) I ask here - why OpenSSH doesn't provide -h or --help option? I use PuTTY as my client, which processes --help option, and for `ssh` binary I usually use Google + StackOverflow.

Hello everybody, I write an update version of ssh-copy-id script in order to support sshd non running on standard port 22. So I added another parameter to the script to allow user to specify the daemon port. I've also changed the way the command line parameter are retrieved in order to have a more "robust" way of getting them using getopts. Due to this change host name must be

...1_proof_len); + memset(x2_proof, 0, x2_proof_len); xfree(x1_proof); xfree(x2_proof); -------------- next part -------------- --- ssh.c.orig 2012-12-19 17:30:53.992528775 -0800 +++ ssh.c 2012-12-19 17:32:16.421511581 -0800 @@ -1509,8 +1509,8 @@ #endif /* PKCS11 */ n_ids = 0; - bzero(identity_files, sizeof(identity_files)); - bzero(identity_keys, sizeof(identity_keys)); + memset(identity_files, 0, sizeof(identity_files)); + memset(identity_keys, 0, sizeof(identity_keys)); #ifdef ENABLE_PKCS11 if (options.pkcs11_provider != NULL && @@ -1584,9 +1584,9 @@ memcpy(option...

At work we have a large collection of scripts to move log and config files around. These depend on commercial (F-Secure) ssh/scp, as it supports the -u option to delete the source file after (successful) copying. That is the sole reason we can't run openssh on our 150+ unix boxes. I have attached a patch below, which adds the -u option to delete the source file after copying, provided there

https://bugzilla.mindrot.org/show_bug.cgi?id=1784 Summary: ssh-keygen fails when filename of key file contains multiple slashes Product: Portable OpenSSH Version: 5.2p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: ssh-keygen AssignedTo:

A mixed bag, but all the patches make sense together! Patch 1: Fix a bug that Tingting found: https://bugzilla.redhat.com/show_bug.cgi?id=1256222 Patch 2: Revert a patch that makes no sense now that we've added virt-v2v into base RHEL. This is just included because it's a cleanup needed before applying patch 3. Patch 3: Add the ability to use SSH identities (private keys) for virt-p2v

Fix and/or document issues raised in this thread: https://www.redhat.com/archives/libguestfs/2017-February/msg00010.html Rich.

Hi. I would like to add an option [-p port] to ssh-copy-id. If this option is given then ssh-copy-id calls ssh with -p port to connect to non-standard port. The patch [1] adds this option to ssh-copy-id and documents it in ssh-copy-id(1) man page [1] http://plautrba.fedorapeople.org/openssh/718674/ssh-copy-id-p-port.patch Thanks, Petr diff --git a/contrib/ssh-copy-id

Fixes https://bugzilla.redhat.com/1256222

Hello, I had some difficulties in order to convert private keys between different implementations of SSH. So, I wrote the following patch to allow export of SSH2 RSA and DSA private keys into IETF SECSH format. Note that I also slightly revised the IETF SECSH key import code. Usage: use of the "-e" option on a private key file generates an unencrypted private key file in IETF SECSH

...I've replaced the bzero() calls with the equivalent memset() calls. The patch file is below in (diff -u) format: --- ssh.c.orig 2012-12-19 17:30:53.992528775 -0800 +++ ssh.c 2012-12-19 17:32:16.421511581 -0800 @@ -1509,8 +1509,8 @@ #endif /* PKCS11 */ n_ids = 0; - bzero(identity_files, sizeof(identity_files)); - bzero(identity_keys, sizeof(identity_keys)); + memset(identity_files, 0, sizeof(identity_files)); + memset(identity_keys, 0, sizeof(identity_keys)); #ifdef ENABLE_PKCS11 if (options.pkcs11_provider != NULL && @@ -1584,9 +1584,9 @@...

...hacked/ssh.c 2005-07-25 23:29:10.000000000 +0200 @@ -73,6 +73,10 @@ #include "monitor_fdpass.h" #include "uidswap.h" +#ifdef HAVE_LIBKEYUTIL +#include "keyutil.h" +#endif + #ifdef SMARTCARD #include "scard.h" #endif @@ -1211,15 +1215,18 @@ load_public_identity_files(void) { char *filename; - int i = 0; + int i = 0, count; Key *public; +#ifdef HAVE_LIBKEYUTIL + key_serial_t *keylist; +#endif #ifdef SMARTCARD Key **keys; if (options.smartcard_device != NULL && options.num_identity_files < SSH_MAX_IDENTITY_FILES && (keys...