search for: key_rsa

...nect2.c b/sshconnect2.c index f104408..1d2906f 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1080,7 +1080,8 @@ key_sig_algorithm(struct ssh *ssh, const struct sshkey *key) * newer (SHA2) algorithms. */ if (ssh == NULL || ssh->kex->server_sig_algs == NULL || - (key->type != KEY_RSA && key->type != KEY_RSA_CERT)) { + (key->type != KEY_RSA && key->type != KEY_RSA_CERT) || + (key->type == KEY_RSA_CERT && (datafellows & SSH_BUG_SIGTYPE))) { /* Filter base key signature alg against our configuration */ return match_list(sshkey_...

...vate key */ + prv->x509 = PEM_read_X509(fp, NULL, NULL, (char *)passphrase); + if (prv->x509 != NULL) { + debug("PEM_read_X509"); +#ifdef DEBUG_X509 + X509_print_fp(stdout, prv->x509); + { + EVP_PKEY *pkey = X509_get_pubkey(prv->x509); + if (pkey->type == EVP_PKEY_RSA) { + debug("PEM_read_X509 -> RSA"); + } else if (pkey->type == EVP_PKEY_DSA) { + debug("PEM_read_X509 -> DSA"); + } + } +#endif + } + } fclose(fp); if (pk != NULL) EVP_PKEY_free(pk); Index: key.c ==================================================...

Playing around with the [wonderful] GSS-API patches for OpenSSH [1] I noticed that there is a bit of functionality missing from OpenSSH/GSS-API, namely that authorized_keys2 has no meaning when using GSS authentication. Yes, ~/.k5login can be used to grant access to an account for applications that support Kerberos, as does OpenSSH with those GSS patches, but .k5login does not and cannot provide

...ding Forbids TCP/IP forwarding when this key is used for authentication. Any port forward requests by the client will return an error. Index: 3_0_2p1.1/key.h --- 3_0_2p1.1/key.h Wed, 21 Nov 2001 10:38:46 -0500 +++ 3_0_2p1_w_named_keys.1(w)/key.h Thu, 24 Jan 2002 10:52:24 -0500 @@ -34,7 +34,9 @@ KEY_RSA1, KEY_RSA, KEY_DSA, - KEY_UNSPEC + KEY_UNSPEC, + KEY_NAME, + KEY_NAME_PAT }; enum fp_type { SSH_FP_SHA1, @@ -53,12 +55,15 @@ int flags; RSA *rsa; DSA *dsa; + u_char *name; + char *name_type; }; Key *key_new(int); Key *key_new_private(int); void key_free(Key *); int key_equal...

...ication. Any port forward requests by the client will return an error. Index: 2_9_p2.1/key.h --- 2_9_p2.1/key.h Thu, 03 May 2001 16:12:13 -0400 jd (OpenSSH/j/7_key.h 1.1 644) +++ 2_9_p2_w_named_keys.2/key.h Tue, 03 Jul 2001 13:57:30 -0400 willian (OpenSSH/j/7_key.h 1.1.1.1 644) @@ -34,7 +34,9 @@ KEY_RSA1, KEY_RSA, KEY_DSA, - KEY_UNSPEC + KEY_UNSPEC, + KEY_NAME, + KEY_NAME_PAT }; enum fp_type { SSH_FP_SHA1, @@ -48,12 +50,16 @@ int type; RSA *rsa; DSA *dsa; + u_char *name; + u_int name_len; + char *name_type; }; Key *key_new(int type); Key *key_new_private(int type); void key_fre...

...ests/hostkeys/test_iterate.c index 2eaaf06..da0e353 100644 --- a/regress/unittests/hostkeys/test_iterate.c +++ b/regress/unittests/hostkeys/test_iterate.c @@ -92,12 +92,22 @@ check(struct hostkey_foreach_line *l, void *_ctx) #ifndef WITH_SSH1 if (parse_key && (expected->l.keytype == KEY_RSA1 || - expected->no_parse_keytype == KEY_RSA1)) { + expected->no_parse_keytype == KEY_RSA1)) { expected_status = HKF_STATUS_INVALID; expected_keytype = KEY_UNSPEC; parse_key = 0; } #endif +#ifndef WITH_OPENSSL + if (expected->l.keytype == KEY_RSA || + expected->n...

...OF SUCH DAMAGE. + */ + + +#include "includes.h" + +#include <sys/types.h> + +#include <openssl/bn.h> + +#include "xmalloc.h" +#include "buffer.h" +#include "log.h" +#include "key.h" +#include "rsa.h" + +static void +buffer_put_key_rsa(Buffer *buffer, const RSA *key) +{ + buffer_put_bignum(buffer, key->e); + buffer_put_bignum(buffer, key->n); + buffer_put_bignum(buffer, key->d); + buffer_put_bignum(buffer, key->iqmp); + buffer_put_bignum(buffer, key->p); + buffer_put_bignum(buffer, key->q); +} + +static void +bu...

Functionality request for supporting Digital Signatures for RSA and DSS Public Key Algorithms in alignment with NIST SP800-131A. I assume this has been asked before, but I could not find in the archives. Support of "ssh-rsa-sha256" and "ssh-dss-sha256" public key algorithms for OpenSSH? I know Suite B Algorithms and x509 SSH Extension Algorithms are supported, but not a

..._blob: key == NULL"); + return 0; + } + buffer_init(&b); + buffer_put_int(&b, SSH_COM_PRIVATE_KEY_MAGIC); + buffer_put_int(&b, 0); + + switch (key->type) { + case KEY_DSA: + buffer_put_cstring(&b, "dl-modp{sign{dsa-nist-sha1},dh{plain}}"); + break; + case KEY_RSA: + buffer_put_cstring(&b, "if-modn{sign{rsa-pkcs1-md5}}"); + break; + default: + error("do_convert_private_ssh2_to_blob: unsupported key type %d", + key->type); + buffer_free(&b); + return 0; + } + + buffer_put_cstring(&b, "none&quot...

...ons(-) diff --git a/sshsig.c b/sshsig.c index 470b286a3..033b43353 100644 --- a/sshsig.c +++ b/sshsig.c @@ -190,8 +190,14 @@ sshsig_wrap_sign(struct sshkey *key, const char *hashalg, } /* If using RSA keys then default to a good signature algorithm */ - if (sshkey_type_plain(key->type) == KEY_RSA) - sign_alg = RSA_SIGN_ALG; + if (sshkey_type_plain(key->type) == KEY_RSA){ + if (hashalg == NULL) + sign_alg = RSA_SIGN_ALG; + else if (strcmp(hashalg, "sha256") == 0) + sign_alg = "rsa-sha2-256"; + else if (strcmp(hashalg, "sha512") == 0) + sign_alg = &q...

...ex, host, hostaddr, client_kexinit, server_kexinit); if (key_verify(server_host_key, (u_char *)signature, slen, hash, 20) != 1){ fatal("key_verify failed for server_host_key"); exit(-109); } I see: (gdb) p key->type $1 = 1 which would mean: KEY_RSA. Can someone please let me know: why in file key.c: case KEY_RSA: return ssh_rsa_verify(key, signature, signaturelen, data, datalen); break; when would routine: ssh_rsa_verify(..) fail and why ? I am trying to do password based authentication on V2. Is it mandatory that v2...

...+++ b/sshconnect2.c > > @@ -1080,7 +1080,8 @@ key_sig_algorithm(struct ssh *ssh, const struct sshkey *key) > > * newer (SHA2) algorithms. > > */ > > if (ssh == NULL || ssh->kex->server_sig_algs == NULL || > > - (key->type != KEY_RSA && key->type != KEY_RSA_CERT)) { > > + (key->type != KEY_RSA && key->type != KEY_RSA_CERT) || > > + (key->type == KEY_RSA_CERT && (datafellows & SSH_BUG_SIGTYPE))) { > > /* Filter base key signature alg ag...

...e a bug: > > diff --git a/sshkey.c b/sshkey.c > index f7c09fb..e602987 100644 > --- a/sshkey.c > +++ b/sshkey.c > @@ -109,9 +109,9 @@ static const struct keytype keytypes[] = { > { "ssh-rsa-cert-v01 at openssh.com", "RSA-CERT", NULL, > KEY_RSA_CERT, 0, 1, 0 }, > { "rsa-sha2-256-cert-v01 at openssh.com", "RSA-CERT", > - "ssh-rsa-sha2-256", KEY_RSA_CERT, 0, 1, 1 }, > + "rsa-sha2-256", KEY_RSA_CERT, 0, 1, 1 }, > { "rsa-sha2-512-cert-v01 at openssh.c...

...{ FMT_RFC4716, FMT_PKCS8, - FMT_PEM + FMT_PEM, + FMT_SUBJECTINFO } convert_format = FMT_RFC4716; int print_public = 0; int print_generic = 0; @@ -330,6 +331,27 @@ do_convert_to_pem(Key *k) } static void +do_convert_to_subjectinfo(Key *k) +{ + switch (key_type_plain(k->type)) { + case KEY_RSA: + if (!PEM_write_RSA_PUBKEY(stdout, k->rsa)) + fatal("PEM_write_RSAPublicKey failed"); + break; +#if notyet /* OpenSSH 0.9.8 lacks this function */ + case KEY_DSA: + if (!PEM_write_DSA_PUBKEY(stdout, k->dsa)) + fatal("PEM_write_DSAPublicKey failed"); + break; +#en...

...-r` in 1.*|2.0.*) diff -ubr -x configure openssh-4.1p1/key.c openssh-4.1p1-hacked/key.c --- openssh-4.1p1/key.c 2004-11-05 10:42:29.000000000 +0100 +++ openssh-4.1p1-hacked/key.c 2005-07-25 22:13:45.000000000 +0200 @@ -545,6 +545,9 @@ key_ssh_name(const Key *k) { switch (k->type) { + case KEY_RSA1: + return "rsa1"; + break; case KEY_RSA: return "ssh-rsa"; break; @@ -698,6 +701,7 @@ type = key_type_from_name(ktype); switch (type) { + case KEY_RSA1: case KEY_RSA: key = key_new(type); if (buffer_get_bignum2_ret(&b, key->rsa->e) == -1 || @@...

This is debugs seen on server, whose keys are not accepted by the client: debug1: Seeding random number generator debug1: sshd version OpenSSH_2.5.2p2 debug1: load_private_key_autodetect: type 0 RSA1 debug1: read SSH2 private key done: name rsa w/o comment success 1 debug1: load_private_key_autodetect: type 1 RSA debug1: read SSH2 private key done: name dsa w/o comment success 1 debug1:

Hi, OpenSSH 6.9 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This release contains some substantial new features and a number of bugfixes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is

On Wed, Feb 15, 2017 at 9:50 PM, Kelly Dunlop <kdunlop at guralp.com> wrote: > > > Hi, > > I am running openssh7.3p1 on an embedded Linux system and discovered this problem. > > If I run: > > ssh-keygen -t rsa1 -f testfile > > it appears to generate the key and I get the output: > > Generating public/private rsa1 key pair. >

===== I believe that each private key file read is closed twice as load_private_key(filename, ...) fd = open(filename, ...) ... load_private_key_rsa1(fd, ...) ... load_private_key_ssh2(fd, ...) ... close(fd); Unfortunately, "load_private_key_rsa1" and "load_private_key_ssh2" also close the file. It would simplest to remove the `close()'s in the rsa2 and ssh2 routines except that the ssh2 routine converts the file d...

...ore_uid(); > return 0; > } > > if (options.strict_modes && > secure_filename(f, file, pw, line, sizeof(line)) != 0) { > fclose(f); > log("Authentication refused: %s", line); > restore_uid(); > return 0; > } > > key = key_new(KEY_RSA); > > /* > * Get the public key from the file. If ok, perform a > * challenge-response dialog to verify that the user has > * the right IC card. > */ > if( fread( n_e, 131, 1, f ) < 1 ) { > restore_uid(); > packet_send_debug("Read file %.900s error...