search for: key_dsa_cert

On Thu, 11 Oct 2018, Adam Eijdenberg wrote: > On Thu, Oct 11, 2018 at 12:13 PM Damien Miller <djm at mindrot.org> wrote: > > Could you try this? > > > > diff --git a/sshconnect2.c b/sshconnect2.c > > index f104408..1d2906f 100644 > > --- a/sshconnect2.c > > +++ b/sshconnect2.c > > @@ -1080,7 +1080,8 @@ key_sig_algorithm(struct ssh *ssh, const

Hi, One of our users who is running an OS (I think it's the latest beta macOS 10.14.1) with ssh version "OpenSSH_7.8p1, LibreSSL 2.7.3" is unable to use our user SSH RSA certificates to authenticate to our servers (which are running "OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017"). We see this error on the client side: debug1: kex_input_ext_info:

https://bugzilla.mindrot.org/show_bug.cgi?id=1765 Summary: Error message if key not first in authorized_keys file Product: Portable OpenSSH Version: 5.5p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org

...RSA, DSA and ECDSA keys. These value can be @@ -252,7 +248,7 @@ ask_filename(struct passwd *pw, const ch char *name = NULL; if (key_type_name == NULL) - name = _PATH_SSH_CLIENT_ID_RSA; + name = _PATH_SSH_CLIENT_ID_ED25519; else { switch (sshkey_type_from_name(key_type_name)) { case KEY_DSA_CERT:

...2-cert-v01 at openssh.com", "RSA-CERT", > - "ssh-rsa-sha2-512", KEY_RSA_CERT, 0, 1, 1 }, > + "rsa-sha2-512", KEY_RSA_CERT, 0, 1, 1 }, > { "ssh-dss-cert-v01 at openssh.com", "DSA-CERT", NULL, > KEY_DSA_CERT, 0, 1, 0 }, > { "ecdsa-sha2-nistp256-cert-v01 at openssh.com", "ECDSA-CERT", NULL, Thanks for looking into. I wasn't able to get the patch to apply cleanly to the portable source for whatever reason, so I manually made the changes and got a little further. I now...

Hi, I have not found any way to use a Certificate with ssh-agent when my Key is stored on a pkcs11 device. I can add my key with ssh-add -s /usr/local/lib/opensc-pkcs11.so but ssh-add -s /usr/local/lib/opensc-pkcs11.so ~/.ssh/mykey-cert.pub does not add the certificate to my agent. As far as I undestand, in ssh-add.c line 580 if (pkcs11provider != NULL) { if (update_card(agent_fd,

...;rsa->q && k->rsa->p && + k->rsa->iqmp && + !BN_is_zero(k->rsa->d) && + !BN_is_zero(k->rsa->q) && + !BN_is_zero(k->rsa->p) && + !BN_is_zero(k->rsa->iqmp)) + return 1; + break; + case KEY_DSA: + case KEY_DSA_CERT_V00: + case KEY_DSA_CERT: + if (k->dsa && k->dsa->priv_key) + return 1; + break; + case KEY_ECDSA: + case KEY_ECDSA_CERT: + if (k->ecdsa && EC_KEY_get0_private_key(k->ecdsa)) + return 1; + break; +#endif /* WITH_OPENSSL */ + case KEY_ED25519: + case KEY_ED2551...