Displaying 17 results from an estimated 17 matches for "num_host_key_files".
2012 Nov 21
1
HostKey in hardware?
Hi,
Is there any way to store HostKey in hardware (and delegate the related
processing)?
I have been using Roumen Petrov's x509 patch for clients, which works via an
OpenSSL engine, but it does not seem to support server HostKey:
http://roumenpetrov.info/pipermail/ssh_x509_roumenpetrov.info/2012q4/000019.html
For PKCS#11, I have found an email on this list from a year back suggesting
this
2012 Jan 28
1
PATCH: Support for encrypted host keys
...to the rexec child, but I decided I thought it was slightly nicer to decrypt the key once and pass it along rather than redoing it every time. I can send the previous version if that would be preferred though -- this key-passing version does have some resulting ugliness in its handling of options.num_host_key_files, as described in a comment in the patch.
Thanks,
Zev Weiss
--
Makefile.in | 2 +-
buffer.h | 5 ++
bufkey.c | 132 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
sshd.c | 141 ++++++++++++++++++++++++++++++++++++++++++++++++-----------
4 files changed, 253 insertions...
2013 Jun 25
1
RFC: encrypted hostkeys patch
...- if (authctxt->pw->pw_uid == 0 || options.use_login) {
+ if (authctxt->pw->pw_uid == 0 || options.use_login)
#endif
+ {
/* File descriptor passing is broken or root login */
use_privsep = 0;
goto skip;
@@ -767,6 +780,8 @@ list_hostkey_types(void)
for (i = 0; i < options.num_host_key_files; i++) {
key = sensitive_data.host_keys[i];
if (key == NULL)
+ key = sensitive_data.host_pubkeys[i];
+ if (key == NULL)
continue;
switch (key->type) {
case KEY_RSA:
@@ -819,6 +834,8 @@ get_hostkey_by_type(int type, int need_private)
break;
default:
key = sensitive_da...
2008 May 07
2
Request for generic engine support
...case sEngineHostKey:
> if (options->engineindex != -1) {
> fatal("%s line %d: One engine key allowed",
> filename, linenum);
> }
> options->engineindex = options->num_host_key_files;
> intptr = &options->num_host_key_files;
> if (*intptr >= MAX_HOSTKEYS)
> fatal("%s line %d: too many keys (max %d).",
> filename, linenum, MAX_HOSTKEYS);
> charptr = &optio...
2002 Dec 18
2
patch for openssh3.5p1 - adds logging option
...gLevel log_level_number(char *);
diff -urN openssh-3.5p1-orig/servconf.c openssh-3.5p1/servconf.c
--- openssh-3.5p1-orig/servconf.c 2002-12-18 10:10:13.000000000 -0500
+++ openssh-3.5p1/servconf.c 2002-12-18 10:20:33.000000000 -0500
@@ -64,6 +64,7 @@
options->listen_addrs = NULL;
options->num_host_key_files = 0;
options->pid_file = NULL;
+ options->log_file = NULL;
options->server_key_bits = -1;
options->login_grace_time = -1;
options->key_regeneration_time = -1;
@@ -302,6 +303,7 @@
sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
sClientAliveCountMax, sAuthorizedKeys...
2012 Jan 31
1
[Bug 1974] New: Support for encrypted host keys
...to the rexec child, but I decided I thought it was slightly nicer
to decrypt the key once and pass it along rather than redoing it every
time. I can send the previous version if that would be preferred
though -- this key-passing version does have some resulting ugliness in
its handling of options.num_host_key_files, as described in a comment
in the patch.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
2015 Jan 30
5
[Bug 2346] New: sshd -T doesn't write all configuration options in valid format
https://bugzilla.mindrot.org/show_bug.cgi?id=2346
Bug ID: 2346
Summary: sshd -T doesn't write all configuration options in
valid format
Product: Portable OpenSSH
Version: 6.7p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component:
2001 Nov 12
4
Please test -current
Could people please test -current? We will be making a release fairly
soon.
-d
--
| By convention there is color, \\ Damien Miller <djm at mindrot.org>
| By convention sweetness, By convention bitterness, \\ www.mindrot.org
| But in reality there are atoms and space - Democritus (c. 400 BCE)
2017 Mar 01
7
[Bug 2686] New: SSHD segfaults when trying to load RSA1 host keys
https://bugzilla.mindrot.org/show_bug.cgi?id=2686
Bug ID: 2686
Summary: SSHD segfaults when trying to load RSA1 host keys
Product: Portable OpenSSH
Version: 7.4p1
Hardware: Other
OS: Linux
Status: NEW
Keywords: patch
Severity: enhancement
Priority: P5
Component: sshd
2020 Apr 26
5
[Bug 3155] New: openssh support hostkey encrypt
...Status: NEW
Severity: security
Priority: P5
Component: ssh-keygen
Assignee: unassigned-bugs at mindrot.org
Reporter: kircherlike at outlook.com
We noticed that the sshd.c file contained such a code snippet:
...
for (i = 0; i < options.num_host_key_files; i++) {
int ll = options.host_key_file_userprovided[i] ?
SYSLOG_LEVEL_ERROR : SYSLOG_LEVEL_DEBUG1;
if (options.host_key_files[i] == NULL)
continue;
if ((r = sshkey_load_private(options.host_key_files[i],
&q...
2003 Nov 27
2
Question about adding another parameter for OpenSSH
...ase, NULL,
+ options.group_private_key);
quit = 0;
} else {
debug2("no passphrase given, try next key");
--- sshd.c.orig Thu Nov 27 16:33:07 2003
+++ sshd.c Thu Nov 27 16:35:19 2003
@@ -966,7 +966,7 @@
sensitive_data.have_ssh2_key = 0;
for (i = 0; i < options.num_host_key_files; i++) {
- key = key_load_private(options.host_key_files[i], "", NULL);
+ key = key_load_private(options.host_key_files[i], "", NULL, 0);
sensitive_data.host_keys[i] = key;
if (key == NULL) {
error("Could not load host key: %s",
--- ssh-add.c.orig Thu Nov 27...
2001 Nov 20
3
problem with AFS token forwarding
Hello,
I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1
concerning the AFS token forwarding. That means that the new versions are
not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH
releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this
problem already existed in Openssh 2.9.9p1, but I have never used this
version (I only looked at the
2017 Jun 16
2
[PATCH] allow relative path in streamlocal forwarding
...ult_server_options(ServerOptions *options)
CLEAR_ON_NONE(options->authorized_principals_file);
CLEAR_ON_NONE(options->adm_forced_command);
CLEAR_ON_NONE(options->chroot_directory);
+ CLEAR_ON_NONE(options->fwd_opts.streamlocal_bind_root_directory);
for (i = 0; i < options->num_host_key_files; i++)
CLEAR_ON_NONE(options->host_key_files[i]);
for (i = 0; i < options->num_host_cert_files; i++)
@@ -417,6 +419,7 @@ typedef enum {
sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
sAuthenticationMethods, sHostKeyAgent, sPermitUserRC,
sStreamLocalBindMask, sStreamLocalBind...
2002 Apr 26
0
PAM keyboard-interactive
...*options)
{
- /* Portable-specific options */
- if (options->pam_authentication_via_kbd_int == -1)
- options->pam_authentication_via_kbd_int = 0;
-
- /* Standard Options */
if (options->protocol == SSH_PROTO_UNKNOWN)
options->protocol = SSH_PROTO_1|SSH_PROTO_2;
if (options->num_host_key_files == 0) {
@@ -258,9 +249,6 @@
/* Keyword tokens. */
typedef enum {
sBadOption, /* == unknown option */
- /* Portable-specific options */
- sPAMAuthenticationViaKbdInt,
- /* Standard Options */
sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
sPermitRootLogin, sLogF...
2002 Jul 02
3
New PAM kbd-int diff
...*options)
{
- /* Portable-specific options */
- if (options->pam_authentication_via_kbd_int == -1)
- options->pam_authentication_via_kbd_int = 0;
-
- /* Standard Options */
if (options->protocol == SSH_PROTO_UNKNOWN)
options->protocol = SSH_PROTO_1|SSH_PROTO_2;
if (options->num_host_key_files == 0) {
@@ -271,9 +262,6 @@
/* Keyword tokens. */
typedef enum {
sBadOption, /* == unknown option */
- /* Portable-specific options */
- sPAMAuthenticationViaKbdInt,
- /* Standard Options */
sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
sPermitRootLogin, sLogF...
2002 Jun 25
4
PAM kbd-int with privsep
...*options)
{
- /* Portable-specific options */
- if (options->pam_authentication_via_kbd_int == -1)
- options->pam_authentication_via_kbd_int = 0;
-
- /* Standard Options */
if (options->protocol == SSH_PROTO_UNKNOWN)
options->protocol = SSH_PROTO_1|SSH_PROTO_2;
if (options->num_host_key_files == 0) {
@@ -271,9 +262,6 @@
/* Keyword tokens. */
typedef enum {
sBadOption, /* == unknown option */
- /* Portable-specific options */
- sPAMAuthenticationViaKbdInt,
- /* Standard Options */
sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
sPermitRootLogin, sLogF...
2006 Nov 15
11
OpenSSH Certkey (PKI)
...==========
RCS file: /cvs/src/usr.bin/ssh/servconf.c,v
retrieving revision 1.165
diff -u -r1.165 servconf.c
--- servconf.c 14 Aug 2006 12:40:25 -0000 1.165
+++ servconf.c 15 Nov 2006 14:14:37 -0000
@@ -56,6 +56,7 @@
options->listen_addrs = NULL;
options->address_family = -1;
options->num_host_key_files = 0;
+ options->ca_key_file = NULL;
options->pid_file = NULL;
options->server_key_bits = -1;
options->login_grace_time = -1;
@@ -77,6 +78,7 @@
options->hostbased_authentication = -1;
options->hostbased_uses_name_from_packet_only = -1;
options->rsa_authentication = -...