search for: mm_rsahostkey

...tically add the host key to $HOME/.ssh/known_hosts." The key put in the user's known_hosts file is 'ssh-rsa', which will not work for host based authentication in /etc/ssh/ssh_known_hosts. In monitor.c, at about line 962 the type of the key passed to key_read() is fixed: case MM_RSAHOSTKEY: key->type = KEY_RSA1; /* XXX */ allowed = options.rhosts_rsa_authentication && auth_rhosts_rsa_key_allowed(authctxt->pw, cuser, chost, key); In addition, the host's IP address is required in the key definition in /etc/ssh/ssh_known_hosts; the symbolic host na...

...key_allowed(authctxt->pw, key); + auth_method = "publickey"; break; case MM_HOSTKEY: allowed = options.hostbased_authentication && hostbased_key_allowed(authctxt->pw, cuser, chost, key); + auth_method = "hostbased"; break; case MM_RSAHOSTKEY: key->type = KEY_RSA1; /* XXX */ allowed = options.rhosts_rsa_authentication && auth_rhosts_rsa_key_allowed(authctxt->pw, cuser, chost, key); + auth_method = "rsa"; break; default: fatal("%s: unknown key type %d", __func__, type...

...tically add the host key to $HOME/.ssh/known_hosts." The key put in the user's known_hosts file is 'ssh-rsa', which will not work for host based authentication in /etc/ssh/ssh_known_hosts. In monitor.c, at about line 962 the type of the key passed to key_read() is fixed: case MM_RSAHOSTKEY: key->type = KEY_RSA1; /* XXX */ allowed = options.rhosts_rsa_authentication && auth_rhosts_rsa_key_allowed(authctxt->pw, cuser, chost, key); In addition, the host's IP address is required in the key definition in /etc/ssh/ssh_known_hosts; the symbolic host na...

...ot;%s: authctxt not valid", __func__); - blob = buffer_get_string(m, &blen); + blob = buffer_get_binary(m, &blen); if (!monitor_allowed_key(blob, blen)) fatal("%s: bad key, not previously allowed", __func__); if (key_blobtype != MM_RSAUSERKEY && key_blobtype != MM_RSAHOSTKEY) @@ -1431,14 +1431,14 @@ if (ssh1_challenge == NULL) fatal("%s: no ssh1_challenge", __func__); - blob = buffer_get_string(m, &blen); + blob = buffer_get_binary(m, &blen); if (!monitor_allowed_key(blob, blen)) fatal("%s: bad key, not previously allowed", __fun...

....h,v retrieving revision 1.20 diff -u -r1.20 monitor_wrap.h --- monitor_wrap.h 3 Aug 2006 03:34:42 -0000 1.20 +++ monitor_wrap.h 15 Nov 2006 14:14:35 -0000 @@ -31,7 +31,7 @@ extern int use_privsep; #define PRIVSEP(x) (use_privsep ? mm_##x : x) -enum mm_keytype {MM_NOKEY, MM_HOSTKEY, MM_USERKEY, MM_RSAHOSTKEY, MM_RSAUSERKEY}; +enum mm_keytype {MM_NOKEY, MM_HOSTKEY, MM_CERTKEY, MM_USERKEY, MM_RSAHOSTKEY, MM_RSAUSERKEY}; struct monitor; struct mm_master; @@ -46,6 +46,7 @@ int mm_auth_password(struct Authctxt *, char *); int mm_key_allowed(enum mm_keytype, char *, char *, Key *); int mm_user_key_all...