search for: key_equ

...when new deny-access option is encountered - auth-rsa.c - modified auth_parse_options() return value check according to the change made to auth_parse_options() - auth2.c - user_key_allowed() is not static now - modified user_key_allowed2() to: - try key_match() if key_equal() fails - check the result of auth_parse_options() for negative, 0, or positive values. - modified userauth_pubkey() to check for a positive return from user_key_allowed() - sshd.8 - added documentation for new key types and the new auth_keys option - auth-krb4.c...

...odified auth_parse_options() to return (-1) when new deny-access option is encountered - auth-rsa.c - modified auth_parse_options() return value check according to the change made to auth_parse_options() - auth2.c - modified user_key_allowed() to: - try key_match() if key_equal() fails - check the result of auth_parse_options() for negative, 0, or positive values. - modified userauth_pubkey() to check for positive return value of user_key_allowed() - sshd.8 - added documentation - gss-serv.c - modified ssh_gssapi_krb5_userok() to bu...

https://bugzilla.mindrot.org/show_bug.cgi?id=1765 Summary: Error message if key not first in authorized_keys file Product: Portable OpenSSH Version: 5.5p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org

http://bugzilla.mindrot.org/show_bug.cgi?id=684 Summary: ssh cannot access keys stored in agent Product: Portable OpenSSH Version: 3.7.1p1 Platform: UltraSparc OS/Version: Solaris Status: NEW Severity: major Priority: P2 Component: ssh AssignedTo: openssh-bugs at mindrot.org ReportedBy:

...ions: '%s'", cp); - options = cp; + optionsp = cp; for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) { if (*cp == '\\' && cp[1] == '"') cp++; /* Skip both */ @@ -720,7 +720,7 @@ } } if (key_equal(found, key) && - auth_parse_options(pw, options, file, linenum) == 1) { + auth_parse_options(pw, optionsp, file, linenum) == 1) { found_key = 1; debug("matching key found: file %s, line %lu", file, linenum); Thanks, -- Jos Backus _/ _...

...NFIG_H -c ssh-agent.c ssh-agent.c:135: illegal statement, missing `;' after `)' ssh-agent.c:162: illegal statement, missing `;' after `)' make: *** [ssh-agent.o] Error 1 The code at ssh-agent.c line 135 is: TAILQ_FOREACH(id, &tab->idlist, next) { if (key_equal(key, id->key)) return (id); } This is with the virgin 3.1p1; same error in make if I apply the patch openssh-3.1p1-adv.token.patch -- Sally ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee...

...log("Authorized key '%s' in %s", cp, file); allowed = 1; break; } /* Restore the privileged uid. */ *** auth2-pubkey.c.orig Thu Jun 6 22:27:56 2002 --- auth2-pubkey.c Thu May 8 17:08:43 2003 *************** *** 237,246 **** --- 237,253 ---- } } if (key_equal(found, key) && auth_parse_options(pw, options, file, linenum) == 1) { found_key = 1; + /* Skip remaining whitespace. */ + for (; *cp == ' ' || *cp == '\t'; cp++) + ; + /* Log matching key's comment after stripping '\n'. */ + if ( st...

I am wondering why there is no utility for copying the Key structure in SSH. I am looking for something like this: key_copy(Key* dest, const Key* source); Do we have something like above? I noticed we have key_size, key_equals etc but no key_copy Thanks, Tushar _________________________________________________________________ MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus

...- Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python -------------- next part -------------- diff -ur openssh-2.9p1/auth2.c openssh-2.9p1authdata/auth2.c --- openssh-2.9p1/auth2.c Wed Apr 25 06:44:15 2001 +++ openssh-2.9p1authdata/auth2.c Thu May 17 00:56:38 2001 @@ -771,6 +771,7 @@ if (key_equal(found, key) && auth_parse_options(pw, options, file, linenum) == 1) { found_key = 1; + key_matching_data(cp); debug("matching key found: file %s, line %ld", file, linenum); break; diff -ur openssh-2.9p1/key.c openssh-2.9p1authdata/key.c --- openssh-2...

Playing around with the [wonderful] GSS-API patches for OpenSSH [1] I noticed that there is a bit of functionality missing from OpenSSH/GSS-API, namely that authorized_keys2 has no meaning when using GSS authentication. Yes, ~/.k5login can be used to grant access to an account for applications that support Kerberos, as does OpenSSH with those GSS patches, but .k5login does not and cannot provide

https://bugzilla.mindrot.org/show_bug.cgi?id=2027 Priority: P5 Bug ID: 2027 Assignee: unassigned-bugs at mindrot.org Summary: SSH generates misleading errors when using public key authentication Severity: normal Classification: Unclassified OS: Linux Reporter: xavier.jodoin at corp.ovh.com

...ns: '%s'", cp); - options = cp; + optionsp = cp; for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) { if (*cp == '\\' && cp[1] == '"') cp++; /* Skip both */ @@ -720,10 +725,14 @@ } } if (key_equal(found, key) && - auth_parse_options(pw, options, file, linenum) == 1) { + auth_parse_options(pw, optionsp, file, linenum) == 1) { found_key = 1; debug("matching key found: file %s, line %lu", file, linenum); + if (options.log_fingerprint) + log(&qu...

...EY_UNSPEC }; + +enum digest_type { + DIGEST_TYPE_SHA1, + DIGEST_TYPE_MD5 +}; + +enum digest_representation { + DIGEST_REPRESENTATION_HEX, + DIGEST_REPRESENTATION_BUBBLEBABBLE +}; + struct Key { int type; RSA *rsa; @@ -46,6 +57,7 @@ Key *key_new_private(int type); void key_free(Key *k); int key_equal(Key *a, Key *b); +char *key_fingerprint_ex(Key *k, enum digest_type dgst_type, enum digest_representation dgst_representation); char *key_fingerprint(Key *k); char *key_type(Key *k); int key_write(Key *key, FILE *f); --- ./openssh-2.5.1/key_original.c Sun Mar 4 00:48:41 2001 +++ ./openssh-2.5...

...ip any leading + * whitespace. Ignore badly formatted lines. + */ + if (!hostfile_read_key(&cp, &kbits, found)) + continue; + + if (!hostfile_check_key(kbits, found, thishost, filename, linenum)) + continue; + + /* Check if the current key is the same as the given key. */ + if (key_equal(search_key, found)) { + /* Ok, they match. */ + debug3("find_hosts_by_key: match line %d", linenum); + cp = thishost; + while (cp < thishost + thishostlen) { + for (cp2 = cp; + *cp2 != ',' && cp2 < thishost + thishostlen; + cp2++) + ;...

...; /* @@ -299,7 +306,14 @@ load_hostkeys(struct hostkeys *hostkeys, const char *host, const char *path) continue; } } - if (!hostfile_check_key(kbits, key, host, path, linenum)) + + /* Check if the key matches if we're looking for a key. */ + if (lookup_key) { + if (!key_equal(lookup_key, key)) + continue; + } + + if (!hostfile_check_key(kbits, key, current_host, path, linenum)) continue; debug3("%s: found %skey type %s in file %s:%lu", __func__, @@ -308,7 +322,7 @@ load_hostkeys(struct hostkeys *hostkeys, const char *host, const c...

...sign its private key instead. + * If no such private key exists, return failure and continue with + * other methods of authentication. + * Else, just continue with the normal signing process. */ + if (key_is_cert(id->key)) { + for (i = 0; i < options.num_certificate_files; i++) { + if (key_equal(id->key, options.certificates[i])) { + Identity *id2; + int matched = 0; + TAILQ_FOREACH(id2, &authctxt->keys, next) { + if (sshkey_equal_public(id->key, id2->key) && + id->key->type != id2->key->type) { + id = id2; + matched = 1;...

...cation, NULL}, + {"certkey", + userauth_certkey, + &options.certkey_authentication, + NULL}, {"publickey", userauth_pubkey, &options.pubkey_authentication, @@ -472,7 +480,11 @@ */ TAILQ_FOREACH_REVERSE(id, &authctxt->keys, idlist, next) { if (key_equal(key, id->key)) { - sent = sign_and_send_pubkey(authctxt, id); + if (!strcmp(authctxt->method->name, "certkey")) { + if (id->key->cert != NULL) + sent = sign_and_send_certkey(authctxt, id); + } else + sent = sign_and_send_pubkey(authctxt, id); break;...

The following series of 10 patches is a merge of the xenfb and xenconsoled functionality into the qemu-dm code. The general approach taken is to have qemu-dm provide two machine types - one for xen paravirt, the other for fullyvirt. For compatability the later is the default. The goals overall are to kill LibVNCServer, remove alot of code duplication and/or parallel impls of the same concepts, and