search for: key_from_blob

...d. OpenSSH6.4p1 on a FreeBSD 7 box (I know it's old; it's being replaced this month). I can't spot anything changed in OpenSSH commit logs or git blame of the current file. I ssh into the box from a system with OpenSSH6.6p1 and three keys loaded, RSA, ECDSA and ED25519. As expected, key_from_blob and key_fingerprint complain about the ED25519 key in the agent, because they can't handle it. Not a problem. However, in this scenario, "ssh-add -l" will only produce output to stdout if stdout is a tty. "ssh-add -L" reliably produces output to stdout. "ssh-add -l&...

...eed access to a remote gitlab server to fetch files with git, using an ED25519 key in my ssh-agent. Once connected to the intermediate host, ssh-add -l doesn't see the ED25519 key anymore. It says ssh-add -l 2048 a0:80:0a:59:fe:5a:d9:f3:b1:e7:6c:57:32:8c:5c:e5 /home/matthieu/.ssh/id_rsa (RSA) key_from_blob: invalid format And my ED25519 key I use to authenticate against the gitlab server is missing. Thus tring to connect to it fails. If I remove the ECDSA-SK key from the agent before connecting to the debian host, things work again. Is this an oversight when the ECDSA-SK key type was added, or is...

...st trying to make the blasted thing work right now.) The keys don't seem to be making it to the SSH server, however. Run with debugging, I get: ... debug3: mm_request_receive entering debug3: monitor_read: checking request 20 debug3: mm_answer_keyallowed entering debug3: mm_answer_keyallowed: key_from_blob: 0x81973440 debug1: temporarily_use_uid: 32767/32767 (e=0/0) debug3: Running AuthorizedKeysCommand: "/usr/local/libexec/ssh-ldap-wrapper" as "nobody" debug1: restore_uid: 0/0 debug1: temporarily_use_uid: 32767/32767 (e=0/0) debug2: key not found user_key_command_allowed2: dup2:...

...to get this error from sshd -d -d -d debug1: userauth_hostbased: cuser root chost mckinley. pkalg ssh-dss slen 55 debug3: mm_key_allowed entering debug3: mm_request_send entering: type 20 debug3: monitor_read: checking request 20 debug3: mm_answer_keyallowed entering debug3: mm_answer_keyallowed: key_from_blob: 0x80a4e88 debug2: userauth_hostbased: chost mckinley. resolvedname mckinley ipaddr 192.168.10.1 debug2: stripping trailing dot from chost mckinley. debug2: auth_rhosts2: clientuser root hostname mckinley ipaddr 192.168.10.1 debug1: temporarily_use_uid: 0/0 (e=0/0) debug1: restore_uid: 0/0 debug1...

...strcmp(p, "ssh-dss") != 0)) { + debug("bad pkalg %s [%s]", p, names); + xfree(keys); + return 0; + } else { + debug3("pkalg ok: %s [%s]", p, names); + } + } + debug3("pkalgs ok: [%s]", names); + xfree(keys); + return 1; + } + + Key * key_from_blob(char *blob, int blen) { diff -c3 -r orig/openssh-2.5.1p1/key.h openssh-2.5.1p1/key.h *** orig/openssh-2.5.1p1/key.h Mon Jan 29 07:39:26 2001 --- openssh-2.5.1p1/key.h Sun Mar 11 22:50:23 2001 *************** *** 55,60 **** --- 55,61 ---- Key *key_generate(int type, u_int bits); Key *key_from_...

...e key info about remotea and locala being disclosed to remoteb1. Namely, failed attempts with the remotea and locala keypairs against remoteb1. ## from locala1 # client tries the first key against remoteb1 client debug1: Offering public key: .ssh/id_dsa_remotea server debug3: mm_answer_keyallowed: key_from_blob: 0x81db150 server debug3: mm_answer_keyallowed: key 0x81db150 is not allowed # client tries the second key against remoteb1 client debug1: Offering public key: .ssh/id_dsa_locala server debug3: mm_answer_keyallowed: key_from_blob: 0x81db170 server debug3: mm_answer_keyallowed: key 0x81db170 is not...

Playing around with the [wonderful] GSS-API patches for OpenSSH [1] I noticed that there is a bit of functionality missing from OpenSSH/GSS-API, namely that authorized_keys2 has no meaning when using GSS authentication. Yes, ~/.k5login can be used to grant access to an account for applications that support Kerberos, as does OpenSSH with those GSS patches, but .k5login does not and cannot provide

...+ + had_identities = 1; + comment = buf + dlen; + printf("In-kernel key %d (%s)\n", kkey, comment); + + ret = keyctl_read_alloc(kkey, (void **) &buf2); + if (ret < 1) { + fprintf(stderr, "Error in keyctl_read_alloc\n"); + goto out; + } + + key = key_from_blob(buf2, ret); + free(buf2); + if (!key) { + fprintf(stderr, "key_from_blob failed: %s\n", comment); + goto out; + } + key->flags = KEY_FLAG_KERN; + + if (do_fp) { + fp = key_fingerprint(key, SSH_FP_MD5, + SSH_FP_HEX); + printf("%d %s %s (%s)\n",...

On Sun, Mar 01, 2015 at 03:23:04AM +1100, Damien Miller wrote: > > > On Sat, 28 Feb 2015, The Doctor wrote: > > > BSD/OS issues > > > > with 1.0.2a dev > > Thanks for testing. > You are welcome. > > make tests > > > > regress/netcat.c:656: `on' undeclared (first use in this function) > > regress/netcat.c:656: (Each

...h; + debug3("key_read: key: %s", k->name); + } + k->name_type = name_type; + } else { + len = 2*strlen(cp); + blob = xmalloc(len); + n = uudecode(cp, blob, len); + if (n < 0) { + error("key_read: uudecode %s failed", cp); + return -1; + } + k = key_from_blob(blob, n); } - k = key_from_blob(blob, n); if (k == NULL) { error("key_read: key_from_blob %s failed", cp); return -1; } - xfree(blob); + if (blob != NULL) + xfree(blob); if (k->type != type) { - error("key_read: type mismatch: encoding error"); -...

...key %s", k->name_type); + } else { + len = 2*strlen(cp); + blob = xmalloc(len); + n = uudecode(cp, blob, len); + if (n < 0) { + error("key_read: uudecode %s failed", cp); + return -1; + } + debug3("key_read: reading uuencoded key %s", blob); + k = key_from_blob(blob, n); } - k = key_from_blob(blob, n); if (k == NULL) { error("key_read: key_from_blob %s failed", cp); return -1; } - xfree(blob); + if (blob != NULL) + xfree(blob); if (k->type != type) { - error("key_read: type mismatch: encoding error"); -...

...9 2003 @@ -336,7 +336,7 @@ BN_num_bits(key->rsa->n), bits); break; case 2: - blob = buffer_get_string(&auth->identities, &blen); + blob = buffer_get_binary(&auth->identities, &blen); *comment = buffer_get_string(&auth->identities, NULL); key = key_from_blob(blob, blen); xfree(blob); @@ -430,8 +430,8 @@ buffer_init(&msg); buffer_put_char(&msg, SSH2_AGENTC_SIGN_REQUEST); - buffer_put_string(&msg, blob, blen); - buffer_put_string(&msg, data, datalen); + buffer_put_binary(&msg, blob, blen); + buffer_put_binary(&msg, data,...

...debug3: mm_request_send entering: type 20 debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED debug3: mm_request_receive_expect entering: type 21 debug3: mm_request_receive entering debug3: monitor_read: checking request 20 debug3: mm_answer_keyallowed entering debug3: mm_answer_keyallowed: key_from_blob: 1245e0 debug2: userauth_hostbased: chost evereska. resolvedname evereska.wan.erac.com ipaddr 10.49.191.9 debug2: auth_rhosts2: clientuser rjl01 hostname evereska. ipaddr evereska. debug1: temporarily_use_uid: 503/5005 (e=0) debug1: restore_uid debug2: userauth_hostbased: access allowed by auth_rh...

http://bugzilla.mindrot.org/show_bug.cgi?id=333 ------- Additional Comments From stevesk at pobox.com 2002-07-04 05:41 ------- i will guess configure did not find an xauth when it was built ($PATH is irrelevant here). please verify. see $HOME/.ssh/rc example in sshd.8 which can be used as a workaround in this case. djm: autoconf-2.53 exposes a bug for xauth path detection. ------- You

...es 1 debug2: input_userauth_request: try method publickey debug1: test whether pkalg/pkblob are acceptable debug3: entering debug3: entering: type 20 debug3: : waiting for MONITOR_ANS_KEYALLOWED debug3: : checking request 20debug3: entering: type 21 debug3: entering debug3: entering debug3: : key_from_blob: 4002f8a0 debug1: temporarily_use_uid: 0/3 (e=0/3) debug1: trying public key file //.ssh/authorized_keys debug1: restore_uid: 0/3 debug1: temporarily_use_uid: 0/3 (e=0/3) debug1: trying public key file //.ssh/authorized_keys2 debug3: secure_filename: checking '/.ssh' debug3: secure_filename...

...!= NULL && (!id->confirm || confirm_key(id) == 0)) { Key *private = id->key; /* Decrypt the challenge using the private key. */ if (rsa_private_decrypt(challenge, challenge, private->rsa) <= 0) @@ -306,7 +303,7 @@ key = key_from_blob(blob, blen); if (key != NULL) { Identity *id = lookup_identity(key, 2); - if (id != NULL && ((!confirm && !id->confirm) || confirm_key(id) == 0)) + if (id != NULL && (!id->confirm || confirm_key(id) == 0))...

Hi, I wonder, how can i use openssh Public key authentification with ActivCard pkcs11 x509 certificate store and login to only my account reading/using username provided from certificate DN, or principal name,friendly name ? b111887 and e411617 is administrator on this os. I have rights to put e411617 pub keys to b111887 home folder authorized keys. And because openssh ask's me to provide

...debug3: mm_request_send entering: type 20 debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED debug3: mm_request_receive_expect entering: type 21 debug3: mm_request_receive entering debug3: monitor_read: checking request 20 debug3: mm_answer_keyallowed entering debug3: mm_answer_keyallowed: key_from_blob: 0x100f4158 debug1: temporarily_use_uid: 132690/513 (e=18/544) debug1: trying public key file /home/hayward/.ssh/authorized_keys debug1: restore_uid: (unprivileged) debug1: temporarily_use_uid: 132690/513 (e=18/544) debug1: trying public key file /home/hayward/.ssh/authorized_keys debug1: restore_u...

...==== I have a public key generated via prompt> openssl x509 -in cavanaug.x509 -pubkey -noout > cavanaug_x509.pub that I would like to have ssh-keygen convert to an openssh public key format. prompt> ssh-keygen -i -f cavanaug_x509.pub buffer_get_string_ret: bad string length 813826338 key_from_blob: can't read key type decode blob failed. prompt> cat cavanaug_x509.pub -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApy+8jp5YdUEqoNjmhg3X c+oMARMrXH5erMRh+C1DeAE/KxZd0ZXjhbDJ1NwvvIlmLJO6tmlqtbnNILgpJjna dPor6fcVsiLgHtwD5CuydAfxjQBXRCvPBqL+/M1tNMhcgR4AYzfitUP2IFhSLmg...

...debug3: mm_request_send entering: type 21 debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED debug3: mm_request_receive_expect entering: type 22 debug3: mm_request_receive entering debug3: monitor_read: checking request 21 debug3: mm_answer_keyallowed entering debug3: mm_answer_keyallowed: key_from_blob: 0x7f8a5c7aaf20 debug1: temporarily_use_uid: 0/0 (e=0/0) debug1: trying public key file /root/.ssh/authorized_keys debug3: secure_filename: checking '/root/.ssh' debug3: secure_filename: checking '/root' debug3: secure_filename: terminating check at '/root' debug3: key_read:...