search for: monotime

https://bugzilla.mindrot.org/show_bug.cgi?id=3655 Bug ID: 3655 Summary: Default ObscureKeystrokeTiming makes X forwarding really slow Product: Portable OpenSSH Version: 9.6p1 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5 Component: ssh

...ssh *ssh, const char *display, (size_t)r >= sizeof(cmd)) fatal("%s: cmd too long", __func__); debug2("%s: %s", __func__, cmd); - if (x11_refuse_time == 0) { + if (timeout != 0) { now = monotime() + 1; if (UINT_MAX - timeout < now) x11_refuse_time = UINT_MAX; diff --git a/ssh_config.5 b/ssh_config.5 index 71705cab..cdc407ed 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -683,6 +683,7 @@ X11 connections received by after this time will be refuse...

https://bugzilla.mindrot.org/show_bug.cgi?id=2598 Bug ID: 2598 Summary: ssh-agent very occasionally won't remove keys or certs despite now() >= lifetime Product: Portable OpenSSH Version: 6.9p1 Hardware: amd64 OS: Mac OS X Status: NEW Severity: minor Priority: P5

I've architected this in a way that looks future proof at least to the openssl provider transition. What will happen in openssl 3.0.0 is that providers become active and will accept keys via URI. The current file mechanisms will still be available but internally it will become a file URI. To support the provider interface, openssl will have to accept keys by URI instead of file and may

...o.h> > #include <stdio.h> > #include <time.h> > int main(void) > { > struct timespec ts; > int r = clock_gettime(CLOCK_MONOTONIC, &ts); > printf("%d %d %ld\n", r, errno, (long)ts.tv_sec); > } > > We could add a runtime fallback in misc.c:monotime() but it'd be kinda ugly. > *Similar results on both systems affected ... * $ cat > test.c #include <errno.h> #include <stdio.h> #include <time.h> int main(void) { struct timespec ts; int r = clock_gettime(CLOCK_MONOTONIC, &ts); printf(&q...

...en I open up my laptop in the morning and then suspend it at the end of the working day, usually a little while before the lifetime of the identities expires. Recently, however, this hasn't worked because the agent still has the identities the following morning. I believe that this is because monotime() uses CLOCK_MONOTONIC but in recent kernels this has changed slightly. From clock_gettime(2): CLOCK_MONOTONIC Clock that cannot be set and represents monotonic time since some unspecified starting point. This clock is not affected by discontinuous jumps i...

Engine keys are private key files which are only understood by openssl external engines. ?The problem is they can't be loaded with the usual openssl methods, they have to be loaded via ENGINE_load_private_key(). ?Because they're files, they fit well into openssh pub/private file structure, so they're not very appropriately handled by the pkcs11 interface because it assumes the private

...est, &type)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + switch (type) { + case SSH_AGENT_CONSTRAIN_LIFETIME: + if ((r = sshbuf_get_u32(e->request, &seconds)) != 0) + fatal("%s: buffer error: %s", + __func__, ssh_err(r)); + death = monotime() + seconds; + break; + case SSH_AGENT_CONSTRAIN_CONFIRM: + confirm = 1; + break; + default: + error("%s: Unknown constraint type %d", __func__, type); + goto send; + } + } + if (lifetime && !death) + death = monotime() + lifetime; + + if ((r = engine_process_add(eng...

...= sshkey_sign(sign_key, &signature, &slen, data, dlen, compat)) != 0) { error("%s: sshkey_sign: %s", __func__, ssh_err(ok)); goto send; @@ -643,12 +696,38 @@ process_add_identity(SocketEntry *e, int } } - success = 1; if (lifetime && !death) death = monotime() + lifetime; + + /* handle additional certificates for an existing private key */ + if (!sshkey_is_private(k)) { + id = lookup_identity_unshadowed_key(k, version); + /* ensure we have a private key and this cert is new */ + if (id != NULL && lookup_identity(k, version) == NULL) { + Id...

..._get_proto(struct ssh *ssh, const char *display, SSH_X11_PROTO, x11_timeout_real, _PATH_DEVNULL); } - debug2("%s: %s", __func__, cmd); + debug2("%s: xauth command: %s", __func__, cmd); if (timeout != 0 && x11_refuse_time == 0) { now = monotime() + 1; @@ -492,7 +492,7 @@ server_alive_check(struct ssh *ssh) (r = sshpkt_put_cstring(ssh, "keepalive at openssh.com")) != 0 || (r = sshpkt_put_u8(ssh, 1)) != 0 || /* boolean: want reply */ (r = sshpkt_send(ssh)) != 0) - fatal("%s: %s", __func__, ssh_err(r))...

Hello! I'm hoping that Gmail won't HTML format this mail so that I'll get flamed :) Anyway, my question relates to ssh_config. The problem I find is that the Host pattern is only applied to the argument given on the command line, as outlined in the man page: "The host is the hostname argument given on the command line (i.e. the name is not converted to a canonicalized host name

Hi, OpenSSH 7.2 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This release contains many bugfixes and several new features. The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is available via Git at https://anongit.mindrot.org/openssh.git/ or via a mirror on Github at

Hi, OpenSSH 8.0p1 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available via git using the instructions at