search for: key_rsa

Displaying 20 results from an estimated 40 matches for "key_rsa".

2018 Oct 11
3
no mutual signature algorithm with RSA user certs client 7.8, server 7.4
...nect2.c b/sshconnect2.c index f104408..1d2906f 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1080,7 +1080,8 @@ key_sig_algorithm(struct ssh *ssh, const struct sshkey *key) * newer (SHA2) algorithms. */ if (ssh == NULL || ssh->kex->server_sig_algs == NULL || - (key->type != KEY_RSA && key->type != KEY_RSA_CERT)) { + (key->type != KEY_RSA && key->type != KEY_RSA_CERT) || + (key->type == KEY_RSA_CERT && (datafellows & SSH_BUG_SIGTYPE))) { /* Filter base key signature alg against our configuration */ return match_list(sshkey_...
2002 Jan 31
7
x509 for hostkeys.
...vate key */ + prv->x509 = PEM_read_X509(fp, NULL, NULL, (char *)passphrase); + if (prv->x509 != NULL) { + debug("PEM_read_X509"); +#ifdef DEBUG_X509 + X509_print_fp(stdout, prv->x509); + { + EVP_PKEY *pkey = X509_get_pubkey(prv->x509); + if (pkey->type == EVP_PKEY_RSA) { + debug("PEM_read_X509 -> RSA"); + } else if (pkey->type == EVP_PKEY_DSA) { + debug("PEM_read_X509 -> DSA"); + } + } +#endif + } + } fclose(fp); if (pk != NULL) EVP_PKEY_free(pk); Index: key.c ==================================================...
2001 Jun 28
1
Adding 'name' key types
Playing around with the [wonderful] GSS-API patches for OpenSSH [1] I noticed that there is a bit of functionality missing from OpenSSH/GSS-API, namely that authorized_keys2 has no meaning when using GSS authentication. Yes, ~/.k5login can be used to grant access to an account for applications that support Kerberos, as does OpenSSH with those GSS patches, but .k5login does not and cannot provide
2002 Jan 24
1
PATCH: krb4/krb5/... names/patterns in auth_keys entries
...ding Forbids TCP/IP forwarding when this key is used for authentication. Any port forward requests by the client will return an error. Index: 3_0_2p1.1/key.h --- 3_0_2p1.1/key.h Wed, 21 Nov 2001 10:38:46 -0500 +++ 3_0_2p1_w_named_keys.1(w)/key.h Thu, 24 Jan 2002 10:52:24 -0500 @@ -34,7 +34,9 @@ KEY_RSA1, KEY_RSA, KEY_DSA, - KEY_UNSPEC + KEY_UNSPEC, + KEY_NAME, + KEY_NAME_PAT }; enum fp_type { SSH_FP_SHA1, @@ -53,12 +55,15 @@ int flags; RSA *rsa; DSA *dsa; + u_char *name; + char *name_type; }; Key *key_new(int); Key *key_new_private(int); void key_free(Key *); int key_equal...
2001 Aug 15
0
[ossh patch] principal name/patterns in authorized_keys2
...ication. Any port forward requests by the client will return an error. Index: 2_9_p2.1/key.h --- 2_9_p2.1/key.h Thu, 03 May 2001 16:12:13 -0400 jd (OpenSSH/j/7_key.h 1.1 644) +++ 2_9_p2_w_named_keys.2/key.h Tue, 03 Jul 2001 13:57:30 -0400 willian (OpenSSH/j/7_key.h 1.1.1.1 644) @@ -34,7 +34,9 @@ KEY_RSA1, KEY_RSA, KEY_DSA, - KEY_UNSPEC + KEY_UNSPEC, + KEY_NAME, + KEY_NAME_PAT }; enum fp_type { SSH_FP_SHA1, @@ -48,12 +50,16 @@ int type; RSA *rsa; DSA *dsa; + u_char *name; + u_int name_len; + char *name_type; }; Key *key_new(int type); Key *key_new_private(int type); void key_fre...
2015 Jun 23
2
Call for testing: OpenSSH 6.9
...ests/hostkeys/test_iterate.c index 2eaaf06..da0e353 100644 --- a/regress/unittests/hostkeys/test_iterate.c +++ b/regress/unittests/hostkeys/test_iterate.c @@ -92,12 +92,22 @@ check(struct hostkey_foreach_line *l, void *_ctx) #ifndef WITH_SSH1 if (parse_key && (expected->l.keytype == KEY_RSA1 || - expected->no_parse_keytype == KEY_RSA1)) { + expected->no_parse_keytype == KEY_RSA1)) { expected_status = HKF_STATUS_INVALID; expected_keytype = KEY_UNSPEC; parse_key = 0; } #endif +#ifndef WITH_OPENSSL + if (expected->l.keytype == KEY_RSA || + expected->n...
2012 Jan 28
1
PATCH: Support for encrypted host keys
...OF SUCH DAMAGE. + */ + + +#include "includes.h" + +#include <sys/types.h> + +#include <openssl/bn.h> + +#include "xmalloc.h" +#include "buffer.h" +#include "log.h" +#include "key.h" +#include "rsa.h" + +static void +buffer_put_key_rsa(Buffer *buffer, const RSA *key) +{ + buffer_put_bignum(buffer, key->e); + buffer_put_bignum(buffer, key->n); + buffer_put_bignum(buffer, key->d); + buffer_put_bignum(buffer, key->iqmp); + buffer_put_bignum(buffer, key->p); + buffer_put_bignum(buffer, key->q); +} + +static void +bu...
2013 May 15
2
Support for "ssh-rsa-sha256" and "ssh-dss-sha256" ?‏
Functionality request for supporting Digital Signatures for RSA and DSS Public Key Algorithms in alignment with NIST SP800-131A. I assume this has been asked before, but I could not find in the archives. Support of "ssh-rsa-sha256" and "ssh-dss-sha256" public key algorithms for OpenSSH? I know Suite B Algorithms and x509 SSH Extension Algorithms are supported, but not a
2005 May 19
1
ssh-keygen private keys export - new feature
..._blob: key == NULL"); + return 0; + } + buffer_init(&b); + buffer_put_int(&b, SSH_COM_PRIVATE_KEY_MAGIC); + buffer_put_int(&b, 0); + + switch (key->type) { + case KEY_DSA: + buffer_put_cstring(&b, "dl-modp{sign{dsa-nist-sha1},dh{plain}}"); + break; + case KEY_RSA: + buffer_put_cstring(&b, "if-modn{sign{rsa-pkcs1-md5}}"); + break; + default: + error("do_convert_private_ssh2_to_blob: unsupported key type %d", + key->type); + buffer_free(&b); + return 0; + } + + buffer_put_cstring(&b, "none&quot...
2024 Apr 11
0
[PATCH] sshsig: check hashalg before selecting the RSA signature algorithm
...ons(-) diff --git a/sshsig.c b/sshsig.c index 470b286a3..033b43353 100644 --- a/sshsig.c +++ b/sshsig.c @@ -190,8 +190,14 @@ sshsig_wrap_sign(struct sshkey *key, const char *hashalg, } /* If using RSA keys then default to a good signature algorithm */ - if (sshkey_type_plain(key->type) == KEY_RSA) - sign_alg = RSA_SIGN_ALG; + if (sshkey_type_plain(key->type) == KEY_RSA){ + if (hashalg == NULL) + sign_alg = RSA_SIGN_ALG; + else if (strcmp(hashalg, "sha256") == 0) + sign_alg = "rsa-sha2-256"; + else if (strcmp(hashalg, "sha512") == 0) + sign_alg = &q...
2002 Apr 24
0
need help in ssh client: key exchange
...ex, host, hostaddr, client_kexinit, server_kexinit); if (key_verify(server_host_key, (u_char *)signature, slen, hash, 20) != 1){ fatal("key_verify failed for server_host_key"); exit(-109); } I see: (gdb) p key->type $1 = 1 which would mean: KEY_RSA. Can someone please let me know: why in file key.c: case KEY_RSA: return ssh_rsa_verify(key, signature, signaturelen, data, datalen); break; when would routine: ssh_rsa_verify(..) fail and why ? I am trying to do password based authentication on V2. Is it mandatory that v2...
2018 Oct 11
2
no mutual signature algorithm with RSA user certs client 7.8, server 7.4
...+++ b/sshconnect2.c > > @@ -1080,7 +1080,8 @@ key_sig_algorithm(struct ssh *ssh, const struct sshkey *key) > > * newer (SHA2) algorithms. > > */ > > if (ssh == NULL || ssh->kex->server_sig_algs == NULL || > > - (key->type != KEY_RSA && key->type != KEY_RSA_CERT)) { > > + (key->type != KEY_RSA && key->type != KEY_RSA_CERT) || > > + (key->type == KEY_RSA_CERT && (datafellows & SSH_BUG_SIGTYPE))) { > > /* Filter base key signature alg ag...
2018 Oct 11
2
no mutual signature algorithm with RSA user certs client 7.8, server 7.4
...e a bug: > > diff --git a/sshkey.c b/sshkey.c > index f7c09fb..e602987 100644 > --- a/sshkey.c > +++ b/sshkey.c > @@ -109,9 +109,9 @@ static const struct keytype keytypes[] = { > { "ssh-rsa-cert-v01 at openssh.com", "RSA-CERT", NULL, > KEY_RSA_CERT, 0, 1, 0 }, > { "rsa-sha2-256-cert-v01 at openssh.com", "RSA-CERT", > - "ssh-rsa-sha2-256", KEY_RSA_CERT, 0, 1, 1 }, > + "rsa-sha2-256", KEY_RSA_CERT, 0, 1, 1 }, > { "rsa-sha2-512-cert-v01 at openssh.c...
2012 Jul 28
1
[PATCH] ssh-keygen: support public key import/export using SubjectPublicKeyInfo
...{ FMT_RFC4716, FMT_PKCS8, - FMT_PEM + FMT_PEM, + FMT_SUBJECTINFO } convert_format = FMT_RFC4716; int print_public = 0; int print_generic = 0; @@ -330,6 +331,27 @@ do_convert_to_pem(Key *k) } static void +do_convert_to_subjectinfo(Key *k) +{ + switch (key_type_plain(k->type)) { + case KEY_RSA: + if (!PEM_write_RSA_PUBKEY(stdout, k->rsa)) + fatal("PEM_write_RSAPublicKey failed"); + break; +#if notyet /* OpenSSH 0.9.8 lacks this function */ + case KEY_DSA: + if (!PEM_write_DSA_PUBKEY(stdout, k->dsa)) + fatal("PEM_write_DSAPublicKey failed"); + break; +#en...
2005 Jul 26
1
Linux in-kernel keys support
...-r` in 1.*|2.0.*) diff -ubr -x configure openssh-4.1p1/key.c openssh-4.1p1-hacked/key.c --- openssh-4.1p1/key.c 2004-11-05 10:42:29.000000000 +0100 +++ openssh-4.1p1-hacked/key.c 2005-07-25 22:13:45.000000000 +0200 @@ -545,6 +545,9 @@ key_ssh_name(const Key *k) { switch (k->type) { + case KEY_RSA1: + return "rsa1"; + break; case KEY_RSA: return "ssh-rsa"; break; @@ -698,6 +701,7 @@ type = key_type_from_name(ktype); switch (type) { + case KEY_RSA1: case KEY_RSA: key = key_new(type); if (buffer_get_bignum2_ret(&b, key->rsa->e) == -1 || @@...
2002 Apr 24
1
Fwd: need help in ssh client: key exchange
This is debugs seen on server, whose keys are not accepted by the client: debug1: Seeding random number generator debug1: sshd version OpenSSH_2.5.2p2 debug1: load_private_key_autodetect: type 0 RSA1 debug1: read SSH2 private key done: name rsa w/o comment success 1 debug1: load_private_key_autodetect: type 1 RSA debug1: read SSH2 private key done: name dsa w/o comment success 1 debug1:
2015 May 29
16
Call for testing: OpenSSH 6.9
Hi, OpenSSH 6.9 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This release contains some substantial new features and a number of bugfixes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is
2017 Feb 16
1
Issue with ssh-keygen
On Wed, Feb 15, 2017 at 9:50 PM, Kelly Dunlop <kdunlop at guralp.com> wrote: > > > Hi, > > I am running openssh7.3p1 on an embedded Linux system and discovered this problem. > > If I run: > > ssh-keygen -t rsa1 -f testfile > > it appears to generate the key and I get the output: > > Generating public/private rsa1 key pair. >
2001 Feb 21
0
Private key files closed twice --
===== I believe that each private key file read is closed twice as load_private_key(filename, ...) fd = open(filename, ...) ... load_private_key_rsa1(fd, ...) ... load_private_key_ssh2(fd, ...) ... close(fd); Unfortunately, "load_private_key_rsa1" and "load_private_key_ssh2" also close the file. It would simplest to remove the `close()'s in the rsa2 and ssh2 routines except that the ssh2 routine converts the file d...
2003 Mar 28
0
PRIVSEP annoys me.
...ore_uid(); > return 0; > } > > if (options.strict_modes && > secure_filename(f, file, pw, line, sizeof(line)) != 0) { > fclose(f); > log("Authentication refused: %s", line); > restore_uid(); > return 0; > } > > key = key_new(KEY_RSA); > > /* > * Get the public key from the file. If ok, perform a > * challenge-response dialog to verify that the user has > * the right IC card. > */ > if( fread( n_e, 131, 1, f ) < 1 ) { > restore_uid(); > packet_send_debug("Read file %.900s error...