search for: key_blobtype

...ssh2 even though it was using publickey authentication (and tracing via the client verifies that the publickey was used). Hostbased authentication is disabled in my config file. Figuring this was a logging bug, I went hunting in the code. In mm_answer_keyverify() is the line: auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased"; But this line occurs *after* the call to monitor_reset_key_state(), which sets key_blobtype to MM_NOKEY. Moving the auth_method assignment before the call to monitor_reset_key_state() fixed the problem. I don't think anything el...

...1 files changed, 4 insertions(+) diff -uprN openssh-4.3p2/monitor.c openssh-4.3p2-kylie/monitor.c --- openssh-4.3p2/monitor.c 2005-11-04 22:07:05.000000000 -0600 +++ openssh-4.3p2-kylie/monitor.c 2006-05-08 17:18:15.697809744 -0500 @@ -1010,6 +1010,10 @@ mm_answer_keyallowed(int sock, Buffer *m key_blobtype = type; hostbased_cuser = cuser; hostbased_chost = chost; + } else { + xfree(blob); + xfree(chost); + xfree(cuser); } debug3("%s: key %p is %s",

..._rsa_authentication && auth_rhosts_rsa_key_allowed(authctxt->pw, cuser, chost, key); + auth_method = "rsa"; break; default: fatal("%s: unknown key type %d", __func__, type); @@ -1010,6 +1014,9 @@ mm_answer_keyallowed(int sock, Buffer *m key_blobtype = type; hostbased_cuser = cuser; hostbased_chost = chost; + } else { + /* Log failed attempt */ + auth_log(authctxt, 0, auth_method, compat20 ? " ssh2" : ""); } debug3("%s: key %p is %s", @@ -1374,6 +1381,7 @@ mm_answer_rsa_keyallowed(int sock, Buffe...

...91,7 +1391,7 @@ if (!authctxt->valid) fatal("%s: authctxt not valid", __func__); - blob = buffer_get_string(m, &blen); + blob = buffer_get_binary(m, &blen); if (!monitor_allowed_key(blob, blen)) fatal("%s: bad key, not previously allowed", __func__); if (key_blobtype != MM_RSAUSERKEY && key_blobtype != MM_RSAHOSTKEY) @@ -1431,14 +1431,14 @@ if (ssh1_challenge == NULL) fatal("%s: no ssh1_challenge", __func__); - blob = buffer_get_string(m, &blen); + blob = buffer_get_binary(m, &blen); if (!monitor_allowed_key(blob, blen)) fa...

...,7 +911,7 @@ fail++; } else { p = buffer_get_string(&b, NULL); - if (strcmp("publickey", p) != 0) + if (strcmp(name, p) != 0) fail++; xfree(p); if (!buffer_get_char(&b)) @@ -992,8 +1003,11 @@ fatal("%s: bad public key blob", __func__); switch (key_blobtype) { + case MM_CERTKEY: + valid_data = monitor_valid_userblob(data, datalen, "certkey"); + break; case MM_USERKEY: - valid_data = monitor_valid_userblob(data, datalen); + valid_data = monitor_valid_userblob(data, datalen, "publickey"); break; case MM_HOSTKEY: valid_d...