search for: key_rsa1

..._rsa_authentication() add a keycomment pointer and a few lines to print the keycomment string if requested and the comment string exists. diff: 212a213 > char *keycomment; //BUCC: key comment string 259c260,267 < private = key_load_private_type(KEY_RSA1, authfile, "", NULL); --- > { > //BUCC, change: private = key_load_private_type(KEY_RSA1, authfile, "", NULL); > //BUCC, to: > private = key_load_private_type(KEY_RSA1, authfile, "", &keycomment); > if (options...

...ot follows a different code path. -- Iain Morgan diff --git a/ssh.c b/ssh.c index cceb36e..e32aa0a 100644 --- a/ssh.c +++ b/ssh.c @@ -1242,8 +1242,10 @@ main(int ac, char **av) sensitive_data.keys[i] = NULL; PRIV_START; +#ifdef WITH_SSH1 sensitive_data.keys[0] = key_load_private_type(KEY_RSA1, _PATH_HOST_KEY_FILE, "", NULL, NULL); +#endif #ifdef OPENSSL_HAS_ECC sensitive_data.keys[1] = key_load_private_cert(KEY_ECDSA, _PATH_HOST_ECDSA_KEY_FILE, "", NULL);

...t_key(Buffer *buffer, const Key *key) +{ + if (key->cert != NULL || key->ecdsa != NULL || key->ecdsa_nid != -1) + fatal("%s: unsupported key feature", __func__); + + buffer_put_int(buffer, key->type); + buffer_put_int(buffer, key->flags); + + switch (key->type) { + case KEY_RSA1: + case KEY_RSA: + buffer_put_key_rsa(buffer, key->rsa); + break; + case KEY_DSA: + buffer_put_key_dsa(buffer, key->dsa); + break; + default: + fatal("%s: unsupported key type (%s)", __func__, + key_type(key)); + } +} + +Key * +buffer_get_key(Buffer *buffer) +{ + Key *key;...

...ests/hostkeys/test_iterate.c index 2eaaf06..da0e353 100644 --- a/regress/unittests/hostkeys/test_iterate.c +++ b/regress/unittests/hostkeys/test_iterate.c @@ -92,12 +92,22 @@ check(struct hostkey_foreach_line *l, void *_ctx) #ifndef WITH_SSH1 if (parse_key && (expected->l.keytype == KEY_RSA1 || - expected->no_parse_keytype == KEY_RSA1)) { + expected->no_parse_keytype == KEY_RSA1)) { expected_status = HKF_STATUS_INVALID; expected_keytype = KEY_UNSPEC; parse_key = 0; } #endif +#ifndef WITH_OPENSSL + if (expected->l.keytype == KEY_RSA || + expected->no...

...*identity_keys[SSH_MAX_IDENTITY_FILES]; + int group_private_key; /* Local TCP/IP forward requests. */ int num_local_forwards; --- ssh.c.orig Thu Nov 27 16:31:08 2003 +++ ssh.c Thu Nov 27 16:30:46 2003 @@ -634,11 +634,13 @@ PRIV_START; sensitive_data.keys[0] = key_load_private_type(KEY_RSA1, - _PATH_HOST_KEY_FILE, "", NULL); + _PATH_HOST_KEY_FILE, "", NULL, options.group_private_key); sensitive_data.keys[1] = key_load_private_type(KEY_DSA, - _PATH_HOST_DSA_KEY_FILE, "", NULL); + _PATH_HOST_DSA_KEY_FILE, "", NULL, + op...

...ot;). The issue is as follows: Starting at ssh-add.c:158 in add_file(ac, filename = "~/.ssh/identity"), we call key_load_private(filename = "~/.ssh/identity", passphrase = "", commentp = &comment) key_parse_private_type(blob = <contents of ~/.ssh/identity>, KEY_RSA1, passphrase = "", commentp = &comment) key_parse_private_rsa1(blob, passphrase = "", commentp = &comment). In key_parse_private_rsa1, at authfile.c:423-424, we execute if (commentp) *commentp = buffer_get_string(blob, NULL); However, the empty passphrase is not cor...

...-r` in 1.*|2.0.*) diff -ubr -x configure openssh-4.1p1/key.c openssh-4.1p1-hacked/key.c --- openssh-4.1p1/key.c 2004-11-05 10:42:29.000000000 +0100 +++ openssh-4.1p1-hacked/key.c 2005-07-25 22:13:45.000000000 +0200 @@ -545,6 +545,9 @@ key_ssh_name(const Key *k) { switch (k->type) { + case KEY_RSA1: + return "rsa1"; + break; case KEY_RSA: return "ssh-rsa"; break; @@ -698,6 +701,7 @@ type = key_type_from_name(ktype); switch (type) { + case KEY_RSA1: case KEY_RSA: key = key_new(type); if (buffer_get_bignum2_ret(&b, key->rsa->e) == -1 || @@ -...

Hi guys, and another feature request for sshd which I would classify as really useful. And I think this behaviour is currently not available (If yes, sorry, I must have missed it): > I believe that the sshd should log which RSA key was used to connect to > an account. When there are a number of keys in the authorized_keys file > it is often useful to know which one was used for each

...the key everything is fine. If the key is not accepted, slogin will not recognize that the key was already tried from ssh-agent and will ask me again to enter the password to unlock the key (for another failure). This is due to sshconnect2.c:userauth_pubkey() where this retrial is not performed for KEY_RSA1 but for other keys. I did not dig into the functionality yet. Is there a way to "remember" which pubkeys were already tried from ssh-agent and to not try again from file (and hence ask for the passphrase)? Best regards, Lutz -- Lutz Jaenicke Lutz.Jaenicke at...

...s.", id->comment, p)) @@ -256,14 +304,14 @@ process_request_identities(SocketEntry * (r = sshbuf_put_u32(msg, tab->nentries)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); TAILQ_FOREACH(id, &tab->idlist, next) { - if (id->key->type == KEY_RSA1) { + if (id->idkey->key->type == KEY_RSA1) { #ifdef WITH_SSH1 if ((r = sshbuf_put_u32(msg, - BN_num_bits(id->key->rsa->n))) != 0 || + BN_num_bits(id->idkey->key->rsa->n))) != 0 || (r = sshbuf_put_bignum1(msg, - id->key->rsa->e))...

...ding Forbids TCP/IP forwarding when this key is used for authentication. Any port forward requests by the client will return an error. Index: 3_0_2p1.1/key.h --- 3_0_2p1.1/key.h Wed, 21 Nov 2001 10:38:46 -0500 +++ 3_0_2p1_w_named_keys.1(w)/key.h Thu, 24 Jan 2002 10:52:24 -0500 @@ -34,7 +34,9 @@ KEY_RSA1, KEY_RSA, KEY_DSA, - KEY_UNSPEC + KEY_UNSPEC, + KEY_NAME, + KEY_NAME_PAT }; enum fp_type { SSH_FP_SHA1, @@ -53,12 +55,15 @@ int flags; RSA *rsa; DSA *dsa; + u_char *name; + char *name_type; }; Key *key_new(int); Key *key_new_private(int); void key_free(Key *); int key_equal(...

On Wed, Feb 15, 2017 at 9:50 PM, Kelly Dunlop <kdunlop at guralp.com> wrote: > > > Hi, > > I am running openssh7.3p1 on an embedded Linux system and discovered this problem. > > If I run: > > ssh-keygen -t rsa1 -f testfile > > it appears to generate the key and I get the output: > > Generating public/private rsa1 key pair. >

.../.ssh/known_hosts." The key put in the user's known_hosts file is 'ssh-rsa', which will not work for host based authentication in /etc/ssh/ssh_known_hosts. In monitor.c, at about line 962 the type of the key passed to key_read() is fixed: case MM_RSAHOSTKEY: key->type = KEY_RSA1; /* XXX */ allowed = options.rhosts_rsa_authentication && auth_rhosts_rsa_key_allowed(authctxt->pw, cuser, chost, key); In addition, the host's IP address is required in the key definition in /etc/ssh/ssh_known_hosts; the symbolic host name won't work. Here...

...keygen -e -m PKCS8 -f $my_rsa_public_key Now it outputs- -----BEGIN PUBLIC KEY----- -----END PUBLIC KEY----- PEM_write_RSA_PUBKEY failed I think this is the change, line 296 of ssh-keygen.c, that was added in 6.1p1 that is the problem but I am not positive- 1.232 (djm 22-Apr-12): case KEY_RSA1: If I am reading the commit correctly (possibly not), it seems to state the opposite of what is intended- revision 1.232 date: 2012/04/22 01:07:31; author: djm; state: Exp; lines: +7 -5; - djm@cvs.openbsd.org 2012/02/29 11:21:26 [ssh-keygen.c] allow conversion of RSA1 keys to publ...

...ication. Any port forward requests by the client will return an error. Index: 2_9_p2.1/key.h --- 2_9_p2.1/key.h Thu, 03 May 2001 16:12:13 -0400 jd (OpenSSH/j/7_key.h 1.1 644) +++ 2_9_p2_w_named_keys.2/key.h Tue, 03 Jul 2001 13:57:30 -0400 willian (OpenSSH/j/7_key.h 1.1.1.1 644) @@ -34,7 +34,9 @@ KEY_RSA1, KEY_RSA, KEY_DSA, - KEY_UNSPEC + KEY_UNSPEC, + KEY_NAME, + KEY_NAME_PAT }; enum fp_type { SSH_FP_SHA1, @@ -48,12 +50,16 @@ int type; RSA *rsa; DSA *dsa; + u_char *name; + u_int name_len; + char *name_type; }; Key *key_new(int type); Key *key_new_private(int type); void key_free...

...index 4768790..f45e239 100644 --- a/sshkey.c +++ b/sshkey.c @@ -89,7 +89,9 @@ static const struct keytype keytypes[] = { { "ssh-ed25519-cert-v01 at openssh.com", "ED25519-CERT", KEY_ED25519_CERT, 0, 1 }, #ifdef WITH_OPENSSL +# ifdef WITH_SSH1 { NULL, "RSA1", KEY_RSA1, 0, 0 }, +# endif { "ssh-rsa", "RSA", KEY_RSA, 0, 0 }, { "ssh-dss", "DSA", KEY_DSA, 0, 0 }, # ifdef OPENSSL_HAS_ECC -- Darren Tucker (dtucker at zip.com.au) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement...

Hi, OpenSSH 6.9 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This release contains some substantial new features and a number of bugfixes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is

...Priority: P5 Component: ssh-keygen Assignee: unassigned-bugs at mindrot.org Reporter: vapier at gentoo.org sshkey.c:sshkey_private_to_fileblob disables support for RSA1 when SSH1 support has been disabled: switch (key->type) { #ifdef WITH_SSH1 case KEY_RSA1: return sshkey_private_rsa1_to_blob(key, blob, passphrase, comment); #endif /* WITH_SSH1 */ but ssh-keygen.c will still include RSA1: static void do_gen_all_hostkeys(struct passwd *pw) { struct { char *key_type; char *key_type_display; char *path;...

Playing around with the [wonderful] GSS-API patches for OpenSSH [1] I noticed that there is a bit of functionality missing from OpenSSH/GSS-API, namely that authorized_keys2 has no meaning when using GSS authentication. Yes, ~/.k5login can be used to grant access to an account for applications that support Kerberos, as does OpenSSH with those GSS patches, but .k5login does not and cannot provide

Suppose an SSH server has both RSA and DSA host keys for protocol 2, but I only have the DSA key, and I want to use that. I'm stuck; the OpenSSH client is hard-wired to offer both algorithms in the key exchange, and will select ssh-rsa if it's available (see myproposal.h, KEX_DEFAULT_PK_ALG). Below is a patch adding the client configuration option "PKAlgorithms" for this