search for: load_identity_file

...sshconnect2.c 11 Jan 2010 04:46:45 -0000 1.178 +++ sshconnect2.c 11 Jan 2010 23:12:38 -0000 @@ -244,7 +244,7 @@ void userauth(Authctxt *, char *); static int sign_and_send_pubkey(Authctxt *, Identity *); static void pubkey_prepare(Authctxt *); static void pubkey_cleanup(Authctxt *); -static Key *load_identity_file(char *); +static Key *load_identity_file(char *, AuthenticationConnection *); static Authmethod *authmethod_get(char *authlist); static Authmethod *authmethod_lookup(const char *name); @@ -1102,7 +1102,7 @@ input_userauth_jpake_server_confirm(int type, u_int32_ static int identity_sign(Iden...

...private = key_load_private_type(KEY_RSA1, authfile, "", &keycomment); > if (options.display_comment_str && keycomment && *keycomment) > comment = keycomment; > } > =============== sshconnect2.c - in load_identity_file() add a comment string pointer and a few lines to print the key comment if requested and the comment string exists. diff: 603a604,605 > // added: > char *comment; 611c613,622 < private = key_load_private_type(KEY_UNSPEC, filename, "", NULL); ---...

Hello, With the introduction of SSH_ASKPASS_REQUIRE in version 8.4, I've set up a script for SSH_ASKPASS to query my local passwordstore (https://www.passwordstore.org/) vault to retrieve the password for a given key. This works for ssh-add as well as ssh (configured with AddKeysToAgent set to 'yes'). My workflow effectively transforms into entering the password for the GPG key used

...dBy: tj at castaglia.org Created an attachment (id=1767) --> (https://bugzilla.mindrot.org/attachment.cgi?id=1767) Uses access(2) to check readability of identity file before loading When using publickey authentication, the private key is loaded from an IdentityFile using ssh2connect.c's load_identity_file() function. A stat(2) is used to ensure that the file exists, and then the key is loaded. If the file exists, but the process does not have read permissions on that file, then ssh will prompt the user for a passphrase. This is particularly confusing if the private key in question is not passphra...

...gt;+ xfree(arg); > return 0; This is incorrect - arg comes from strdelim here and is a pointer somewhere inside the line being parsed. It cannot be freed itself. >--- sshconnect2.c 29 May 2011 11:42:34 -0000 1.180 >+++ sshconnect2.c 30 Dec 2011 09:27:33 -0000 >@@ -1323,8 +1323,11 @@ load_identity_file(char *filename) > return NULL; > } > private = key_load_private_type(KEY_UNSPEC, filename, "", NULL, &perm_ok); >- if (!perm_ok) >+ if (!perm_ok) { >+ if (private != NULL) >+ key_free(private); This code has been refactored and the leak eliminated. >@@...

.... I traced this problem to the method key_load_public_type(int type, const char *filename, char **commentp) in authfile.c If the file cannot be opened (in my case the "System" user was not authorized to do so) this method returns NULL without an appropriate message. The calling method load_identity_file(char *filename) in sshconnect2.c doesn not handle any error cases. So, if the key_load_public_type returns NULL, this method thinks there is a password on the keyfile, regardless what really happened. So after this I tried to set the permissions for the file to 777, which was another bad Idea ;)...

...one or more of the following messages, depending on whether I have a client key of each type: no such identity: /home/des/.ssh/id_rsa: No such file or directory no such identity: /home/des/.ssh/id_dsa: No such file or directory no such identity: /home/des/.ssh/id_ecdsa: No such file or directory load_identity_file() in sshconnect2.c prints this message if its userprovided argument is non-zero. The value comes from a struct identity which is populated in pubkey_prepare() in the same file; userprovided is set to 1 if the keyfile name comes from the client option structure. However, in this case, options.iden...

...ehave as if there was just a private key there (which is how I use it). Or let user decide if it should warn, ignore completely, or quit. > diff --git a/sshconnect2.c b/sshconnect2.c > index 1cf48a2..5a27392 100644 > --- a/sshconnect2.c > +++ b/sshconnect2.c > @@ -1243,6 +1243,14 @@ load_identity_file(Identity *id) > quit = 1; > break; > } > + if (private != NULL && id->key != NULL && > + !sshkey_equal(id->key, private)) { > + error("L...

Hello, I have a client machine and a server machine. I generated a pair of private-public rsa keys using ssh-keygen. On the client-machine, I uploaded my private key onto ~/.ssh/id_rsa On the server machine, I appended the content of the public key to .ssh/authorized_keys I can successfully connect from the client to the server with that config. However, on the client-side, if I add a

https://bugzilla.mindrot.org/show_bug.cgi?id=2737 Bug ID: 2737 Summary: function identity_sign() assume private key's pub part as same as the .pub key. Product: Portable OpenSSH Version: 7.5p1 Hardware: Other OS: Other Status: NEW Severity: enhancement Priority: P5

...k; + } + } + if (!matched) { + free(blob); + buffer_free(&b); + return 0; + } + break; + } + } + } + /* generate signature */ ret = identity_sign(id, &signature, &slen, buffer_ptr(&b), buffer_len(&b), datafellows); @@ -1189,9 +1217,11 @@ load_identity_file(char *filename, int userprovided) /* * try keys in the following order: - * 1. agent keys that are found in the config file - * 2. other agent keys - * 3. keys that are only listed in the config file + * 1. certificates listed in the config file + * 2. other input certificates + * 3. agent k...

...AG_KERN) + fprintf(stderr, "Going to use kernel key\n"); + if (id->isprivate || (id->key->flags & KEY_FLAG_EXT) || (id->key->flags & KEY_FLAG_KERN)) return (key_sign(id->key, sigp, lenp, data, datalen)); /* load the private key from the file */ if ((prv = load_identity_file(id->filename)) == NULL)

...+?? ??? ???? NULL, &key, NULL, NULL); ??? ??? ?close(key_fd[i]); ??? ??? ?if (r != 0) ??? ??? ??? ?debug("parse key %d: %s", i, ssh_err(r)); diff --git a/sshconnect2.c b/sshconnect2.c index 1a6545edf026..7947f2da6584 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1472,7 +1472,7 @@ load_identity_file(Identity *id) ??? ??? ??? ?} ??? ??? ?} ??? ??? ?switch ((r = sshkey_load_private_type(KEY_UNSPEC, id->filename, -?? ??? ???? passphrase, &private, &comment))) { +?? ??? ???? passphrase, &private, &comment, NULL))) { ??? ??? ?case 0: ??? ??? ??? ?break; ??? ??? ?case SSH_ERR_KEY_...

...userauth_kbdint(Authctxt *); @@ -224,6 +227,7 @@ void userauth(Authctxt *, char *); static int sign_and_send_pubkey(Authctxt *, Identity *); +static int sign_and_send_certkey(Authctxt *, Identity *); static void pubkey_prepare(Authctxt *); static void pubkey_cleanup(Authctxt *); static Key *load_identity_file(char *); @@ -243,6 +247,10 @@ userauth_hostbased, &options.hostbased_authentication, NULL}, + {"certkey", + userauth_certkey, + &options.certkey_authentication, + NULL}, {"publickey", userauth_pubkey, &options.pubkey_authentication, @@ -472,7 +480...