search for: keydata

...0 DEBUG: keysource="passphrase,prompt" Enter passphrase for ''tank/enc'': Enter again: salt==0 salt==3731736994759854399 outkey (1081232)=b0d7586016db505e3ae4be3dc32f3f270a22f4ce17ef8d44336b4e1f4fabf14 zic_key (1081232) bash-3.2# zfs key -u tank/enc salt= 0 keyscope= 0 keydata= keysource= dataset name=tank/enc bash-3.2# zfs key -l tank/enc Enter passphrase for ''tank/enc'': salt==3731736994759854399 salt==3731736994759854399 outkey (1064848)=b0d7586016db505e3ae4be3dc32f3f270a22f4ce17ef8d44336b4e1f4fabf14 zic_key (1064848) salt= 0 keyscope= 0 keydata=b0d7...

...tp://bugzilla.mindrot.org/show_bug.cgi?id=454 ------- Additional Comments From robbat2 at gentoo.org 2004-06-11 15:34 ------- will this ever be implemented, or is it waiting for somebody to send in code for it? existing $HOME/.ssh/known_hosts file has the following format: 'host keytype keydata' where host is a either an IP or a name that resolves to the IP of the machine in question. /etc/ssh/ssh_known_hosts has the following format [according to ssh(1)]: 'host[,host]* keydata [comment]*' since we need to support IPv6 addresses, we cannot use a ':' as the address/p...

...to allow access to only one directory of an existing user (that may not login) via sftp-server and authorized_keys file using the extended syntax command="/usr/lib/openssh/sftp-server --root /data/exchange",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty ssh-rsa AAA...keydata Is something like that already possible, is there a better solution? If not, how much effort for me would it be to implement it? I've already got the ubuntu sources and looked into the code a little bit. Is the chroot syscall after opening the root directory sufficient to make it work? Nev...

% cat ext_rsa.pub| sed -r 's/.*(AAAA[^ ]+).*/\1/' | sha256sum ~/.ssh swlap1 d4bf8b06f2d9d9af7a11583a5367205ed310a84f0dee68d062e2ddca1e85c3ff - % ssh-keygen -lf ext_rsa.pub ~/.ssh swlap1 8192 SHA256:FgrfxmdjTM/j4wwRa7nVdPSUaJdqHYMJtJ6aciPl9ug swilson at swlap1 (RSA) Why do those differ and how would i generate the equivalent (mainly just curious)? I've also tried base64 and a

I've been using ssh for a while now (both fsecure and openssh), but am not an expert on security. I was wondering whether the following is secure: I create a key pair, trusted & trusted.pub I run sshd on a server (no telnet, rsh or other services). I create a user "guest", and put "trusted.pub" in my authorized file. I give away "trusted" (the private key)

...y persistent, appropriate, converted, value: 84 * keystatus is partialy persitent and partially temporary. 86 * If the on disk state is defined we return the appopriate "in memory" 131 * The userland passphrase was convered to a key using PKCS#5 PBE 143 * zic_keydata is the PIN valule Period needed at end of line 119 (to avoid run-in with line 120): 119 * The size of the keydata struct element is hardcoded at 1k 120 * this is the same as the largest PIN that the crypto framework ------------------------------------------------------------------ -- This me...

...; + ccache = get_existing_cc(env_cachename); /* Couldn't find credcache? Try to use keytab */ if (ccache == NULL && arg.username != NULL) ccache = init_cc_from_keytab(keytab_name, arg.username); @@ -959,6 +1094,7 @@ out: SAFE_FREE(arg.ip); SAFE_FREE(arg.username); SAFE_FREE(keydata); + SAFE_FREE(env_cachename); syslog(LOG_DEBUG, "Exit status %ld", rc); return rc; } -- 2.9.3

Third respin of this series. Reordered for better safety for bisecting. The environment scraping is now on by default, but can be disabled with "-E" in environments where it's not needed. Also, I've added a patch to make cifs.upcall drop capabilities before doing most of its work. This may help reduce the attack surface of the program. Jeff Layton (4): cifs.upcall: convert

Small respin of the patches that I posted a few days ago. The main difference is the reordering of the series to make it do the group and grouplist manipulation first, and then the patch that makes it grab the KRB5CCNAME from the initiating process. I think the code is sound, my main question is whether we really need the command-line switch for this. Should this just be the default mode of

Apologies for v3 series, I had some extra patches in there. This is the one that should have been sent. Relabeled as v4 for clarity. Third respin of this series. Reordered for better safety for bisecting. The environment scraping is now on by default, but can be disabled with "-E" in environments where it's not needed. Also, I've added a patch to make cifs.upcall drop