search for: nkey

On Thu, 6 Feb 2020 at 12:46, Phil Pennock <phil.pennock at globnix.org> wrote: [...] > ssh_config(5) describes for `HostKeyAlgorithms` that: > } The list of available key types may also be obtained using "ssh -Q key" > > Running `ssh -Q key`, the output does not include these proposed > replacements. > > Only in sshd_config(5): > rsa-sha2-512-cert-v01 at

...9;s a memory allocation for sensitive_data.keys in ssh.c:848 which uses size of Key instead of Key*. This is probably harmless but seems to be wrong. --- a/ssh.c +++ b/ssh.c @@ -846,7 +846,7 @@ main(int ac, char **av) options.hostbased_authentication) { sensitive_data.nkeys = 7; sensitive_data.keys = xcalloc(sensitive_data.nkeys, - sizeof(Key)); + sizeof(Key *)); for (i = 0; i < sensitive_data.nkeys; i++) sensitive_data.keys[i] = NULL; Petr

Hi list, I have no idea if Damien Miller had the time to work on that. I have an initial patch to authenticate using PKCS#11 and ECDSA keys. This requires OpenSSL 1.0.2, prior OpenSSL versions do not expose the required interfaces to override the signature function pointer for ECDSA. The only limitation is that the OpenSSL API misses some cleanup function (finish, for instance), hence I have yet

On 2020-02-06 at 13:28 +1100, Darren Tucker wrote: > Like this. > --- a/sshd_config.5 > +++ b/sshd_config.5 The ssh_config.5 also has a copy of this and presumably needs the same change, unless I've misunderstood. -Phil

I am testing out the grid-plots, but get into a problem making a legend. I have a line plot and some points, following the model in grid.plot.and.legend() i manage to get the points correctly in the legend, but what do I do with the line? (Of cource, I can just draw a line at the right location on the plot, but I would prefer to use legend) Morten -- Morten Sickel Norwegian Radiation

...Component: sshd Assignee: unassigned-bugs at mindrot.org Reporter: loganaden at gmail.com Created attachment 2377 --> https://bugzilla.mindrot.org/attachment.cgi?id=2377&action=edit use_after_free fix blob() might be freed on subsequent loop iterations. if ((nkeys = pkcs11_add_provider(name, pin, &keys)) > 0) { buffer_put_char(&msg, SSH2_AGENT_IDENTITIES_ANSWER); buffer_put_int(&msg, nkeys); for (i = 0; i < nkeys; i++) { key_to_blob(keys[i], &blob, &blen)...

Hi, Is there any way to store HostKey in hardware (and delegate the related processing)? I have been using Roumen Petrov's x509 patch for clients, which works via an OpenSSL engine, but it does not seem to support server HostKey: http://roumenpetrov.info/pipermail/ssh_x509_roumenpetrov.info/2012q4/000019.html For PKCS#11, I have found an email on this list from a year back suggesting this

Wait a second... Action: DBGet\r\nFamily: DS\r\nKey: 0733025975\r\n\r\n In the dialplan: exten =3D> 0106024975,1,Set(DB(DS/0733025975)=3DINUSE) exten =3D> 0106024975,n,Hangup() exten =3D> 0106024976,1,Set(DB(DS/0733025975)=3DUNAVAILABLE) exten =3D> 0106024976,n,Hangup() Just a short call to my cell phone, to se if i get anything back,...

...Backtrace: =>1 0x7e16f3cf X11DRV_GetAsyncKeyState+0x4f(key=1953724755) [/home/speng/wine-1.1.9/dlls/winex11.drv/keyboard.c:1852] in winex11 (0x7befe6cc) 2 0x7eba4d91 GetAsyncKeyState+0x21(nKey=1953724755) [/home/speng/wine-1.1.9/dlls/user32/input.c:276] in user32 (0x7befe6dc) 3 0x00456347 in shadowflare (+0x56347) (0x00000000) 0x7e16f3cf X11DRV_GetAsyncKeyState+0x4f [/home/speng/wine...

Hi, The main (and probably the only) use case of this PAM module is to let sudo authenticate users via their ssh-agent, therefore without having to type any password and without being tempted to use the NOPASSWD sudo option for such convenience. The principle is originally implemented by an existing module [0][1] and many pages that explain how to use it for such purpose can be found online.

...if (packet_connection_is_on_socket()) { verbose("Authenticated to %s ([%s]:%d).", host, @@ -889,6 +890,8 @@ verbose("Authenticated to %s (via proxy).", host); } + xfree (canohost); + /* We no longer need the private host keys. Clear them now. */ if (sensitive_data.nkeys != 0) { for (i = 0; i < sensitive_data.nkeys; i++) { diff -ur openssh/sshconnect1.c openssh-sshfp/sshconnect1.c --- openssh/sshconnect1.c 2006-11-07 13:14:42.000000000 +0100 +++ openssh-sshfp/sshconnect1.c 2010-11-27 23:57:11.267747490 +0100 @@ -535,7 +535,7 @@ debug("Received server...

...PMTAG_ARCH 1022 +#define RPMTAG_URL 1020 +#define RPMTAG_SUMMARY 1004 +#define RPMTAG_DESCRIPTION 1005 static char * get_rpm_header_tag (guestfs_h *g, const unsigned char *header_start, @@ -329,7 +332,8 @@ read_package (guestfs_h *g, struct read_package_data *data = datav; struct rpm_name nkey, *entry; CLEANUP_FREE char *version = NULL, *release = NULL, - *epoch_str = NULL, *arch = NULL; + *epoch_str = NULL, *arch = NULL, *url = NULL, *summary = NULL, + *description = NULL; int32_t epoch; /* This function reads one (key, value) pair from the Packages @@ -359,6 +363,9...

...to create an filter attach with some qdisc, but i don't know the filter param's struct in the kernel. i just know the struct struct tc_u32_key { __u32 mask; __u32 val; int off; int offmask; }; struct tc_u32_sel { unsigned char flags; unsigned char offshift; unsigned char nkeys; __u16 offmask; __u16 off; short offoff; short hoff; __u32 hmask; struct tc_u32_key keys[0]; }; but i don't know how to fill it , the struct's mean? can you tell me zxl zxlchinese@china.com

....c:296: cond_false: Condition "(cp = buffer_append_space(&kdf, klen)) == NULL", taking false branch path:/c/amesh/142/src/crypto/openssh/authfile.c:299: if_end: End of if statement path:/c/amesh/142/src/crypto/openssh/authfile.c:303: cond_false: Condition "buffer_get_int_ret(&nkeys, &copy) < 0", taking false branch path:/c/amesh/142/src/crypto/openssh/authfile.c:306: if_end: End of if statement path:/c/amesh/142/src/crypto/openssh/authfile.c:307: cond_false: Condition "nkeys != 1", taking false branch path:/c/amesh/142/src/crypto/openssh/authfile.c:310:...

...+41 56 310 3649 -------------- next part -------------- --- openssh-2.9.9p2.orig/sshconnect1.c Sat Jul 14 04:17:00 2001 +++ openssh-2.9.9p2/sshconnect1.c Thu Sep 27 09:58:37 2001 @@ -1111,13 +1111,14 @@ ssh_userauth1(const char *local_user, const char *server_user, char *host, Key **keys, int nkeys) { + #ifdef KRB5 krb5_context context = NULL; krb5_auth_context auth_context = NULL; #endif int i, type; int payload_len; - + if (supported_authentications == 0) fatal("ssh_userauth1: server supports no auth methods"); @@ -1139,6 +1140,23 @@ goto success; if (typ...

For systems where the local hostname is obtained as a short name without domain, there should be a ssh_config option "DefaultDomain" as in ssh-3.x from ssh.com. For the server, there might be a corresponding option in order to strip the domain name from the remote client name (if it matches the server's DefaultDomain) for use in auth_rhost2, since netgroups usually contain short

This needs Richard's patch: https://www.redhat.com/archives/libguestfs/2018-February/msg00099.html Diff to v1: * factorized the UTF-8 conversion functions * small style fixes Cédric Bosdonnat (2): common: extract UTF-8 conversion function inspector: rpm summary and description may not be utf-8 common/utils/guestfs-utils.h | 1 + common/utils/libxml2-utils.c

https://bugzilla.mindrot.org/show_bug.cgi?id=2686 Bug ID: 2686 Summary: SSHD segfaults when trying to load RSA1 host keys Product: Portable OpenSSH Version: 7.4p1 Hardware: Other OS: Linux Status: NEW Keywords: patch Severity: enhancement Priority: P5 Component: sshd

Hello! I am glad to announce a patch for u32 to allow matches on nfmark. The patch is non intrusive (few lines). Why I did this? Because fw classifier cannot be used together with u32. For example, now, you cannot match a mark of 0x90 and a destination port of 80. I know you can do it with iptables to do the marking, but if you use Jamal actions to apply mark to policed packets, you need

..."ISO-8859-1"); + perrorf (g, "Not an UTF-8 or latin-1 string: '%s'", input); + } + + return out; +} + static int read_package (guestfs_h *g, const unsigned char *key, size_t keylen, @@ -311,7 +327,7 @@ read_package (guestfs_h *g, struct rpm_name nkey, *entry; CLEANUP_FREE char *version = NULL, *release = NULL, *epoch_str = NULL, *arch = NULL, *url = NULL, *summary = NULL, - *description = NULL; + *description = NULL, *summary_raw = NULL, *description_raw = NULL; int32_t epoch; /* This function reads one (key, value) pair f...