search for: key_equals

This patch (to OpenSSH 3.0.2p1) adds support for using krb4, krb5 and other principal names in authorized_keys entries. It's a sort of replacement for .klogin and .k5login, but it's much more general than .k*login as it applies to any authentication mechanism where a name is associated with the ssh client and it supports name patterns and all the normal authorized_keys entry options

As you know, revoking RSA/DSA keys in an SSH environment requires editing all authorized_keys and authorized_keys2 files that reference those public keys. This is, well, difficult at best but certainly very obnoxious, particularly in a large environment. SSH key management is difficult. This patch simplifies key management wherever GSS-API/Kerberos is used and is general enough to be used with

https://bugzilla.mindrot.org/show_bug.cgi?id=1765 Summary: Error message if key not first in authorized_keys file Product: Portable OpenSSH Version: 5.5p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org

http://bugzilla.mindrot.org/show_bug.cgi?id=684 Summary: ssh cannot access keys stored in agent Product: Portable OpenSSH Version: 3.7.1p1 Platform: UltraSparc OS/Version: Solaris Status: NEW Severity: major Priority: P2 Component: ssh AssignedTo: openssh-bugs at mindrot.org ReportedBy:

These patches are against 3.0.1p1. I need them because I have a local mod which needs access to the ServerOptions struct named ``options'', hence the rename. --- auth-rsa.c.orig Mon Nov 19 16:54:01 2001 +++ auth-rsa.c Mon Nov 19 16:56:18 2001 @@ -180,8 +180,7 @@ * user really has the corresponding private key. */ while (fgets(line, sizeof(line), f)) { - char *cp; - char

http://bugzilla.mindrot.org/show_bug.cgi?id=407 Summary: Build openssh-3.1p1 fails, Mac OS X v1.2 Product: Portable OpenSSH Version: 3.1p1 Platform: PPC OS/Version: Mac OS X Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: openssh-unix-dev at mindrot.org

In order to comply with our internal security guidelines, we created a patch on top of openssh-3.6.1p2. With that patch, if sshd sets up a session based on key authentication, it logs to syslog which one of the keys in authorized_keys or authorized_keys2 is actually being used. The patch logs the key comment (typically the key owner's email address) as well as the name of the file containing

I am wondering why there is no utility for copying the Key structure in SSH. I am looking for something like this: key_copy(Key* dest, const Key* source); Do we have something like above? I noticed we have key_size, key_equals etc but no key_copy Thanks, Tushar _________________________________________________________________ MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus

Attached is a patch which sets the SSH_AUTHKEY environment variable to be the remaining data at the end of an SSH key which is used for authentication. The motivation behind this is that there are time in which it's useful to know who is on the other end of the connection. For example, if I log in as root on a box, I'd like to be able to configure vi-specific settings, while another user

Playing around with the [wonderful] GSS-API patches for OpenSSH [1] I noticed that there is a bit of functionality missing from OpenSSH/GSS-API, namely that authorized_keys2 has no meaning when using GSS authentication. Yes, ~/.k5login can be used to grant access to an account for applications that support Kerberos, as does OpenSSH with those GSS patches, but .k5login does not and cannot provide

https://bugzilla.mindrot.org/show_bug.cgi?id=2027 Priority: P5 Bug ID: 2027 Assignee: unassigned-bugs at mindrot.org Summary: SSH generates misleading errors when using public key authentication Severity: normal Classification: Unclassified OS: Linux Reporter: xavier.jodoin at corp.ovh.com

This patch is against 3.0.2p1. It produces output like the first line in the example below for both v1 and v2 logins. Logging is turned on by sticking ``LogFingerprint yes'' in sshd_conf. It would be nice if something like this would make it into OpenSSH. Dec 4 14:21:09 lizzy.bugworks.com sshd[7774]: [ID 800047 auth.info] Found matching RSA1 key:

Hi, Here is a patch that adds the possibility of displaying key fingerprints in the bubblebabble format used by ssh.com ssh implementations. I hope it makes its way into the source. --- ./openssh-2.5.1/key_original.h Sun Mar 4 00:47:55 2001 +++ ./openssh-2.5.1/key.h Sun Mar 4 00:57:57 2001 @@ -36,6 +36,17 @@ KEY_DSA, KEY_UNSPEC }; + +enum digest_type { + DIGEST_TYPE_SHA1, +

The attached patch implements a feature that would make my interaction with ssh somewhat more secure. When connecting to a host whose key is not in the known_hosts file, this patch makes ssh tell the user about any other hosts in the known_hosts file that have the same key. For example, if I have host A in my known_hosts file, and try to connect to host B which is an alias for A, ssh will tell

When connecting to a host for which there's no known hostkey, check if the relevant key has been accepted for other hostnames. This is useful when connecting to a host with a dymamic IP address or multiple names. --- auth.c | 4 ++-- hostfile.c | 42 ++++++++++++++++++++++++++++-------------- hostfile.h | 8 ++++++-- sshconnect.c | 39 +++++++++++++++++++++++++++++++++------

Allow users to specify certificates to be used for authentication on the command line with the '-z' argument when running ssh. For successful authentication, the key pair associated with the certificate must also be presented during the ssh. Certificates may also be specified in ssh_config as a CertificateFile. This option is meant the address the issue mentioned in the following

This patch against OpenBSD -current adds a simple form of PKI to OpenSSH. We'll be using it at work. See README.certkey (the first chunk of the patch) for details. Everything below is BSD licensed, sponsored by Allamanda Networks AG. Daniel --- /dev/null Wed Nov 15 15:14:20 2006 +++ README.certkey Wed Nov 15 15:13:45 2006 @@ -0,0 +1,176 @@ +OpenSSH Certkey + +INTRODUCTION + +Certkey allows

The following series of 10 patches is a merge of the xenfb and xenconsoled functionality into the qemu-dm code. The general approach taken is to have qemu-dm provide two machine types - one for xen paravirt, the other for fullyvirt. For compatability the later is the default. The goals overall are to kill LibVNCServer, remove alot of code duplication and/or parallel impls of the same concepts, and