search for: opubkeyauthentication

...../openssh-2.5.1p2/readconf.c Wed Feb 14 22:02:00 2001 --- readconf.c Wed Mar 7 00:59:44 2001 *************** *** 109,115 **** oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts, oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs, oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication, ! oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias } OpCodes; /* Textual representations of the tokens. */ --- 109,116 ---- oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts, oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs, oGlobalKnownHostsFil...

There is no /root/.ssh/authorized_keys on remote host, so I have to authenticate with password. On the remote host: # /usr/sbin/sshd -T | egrep permitroot permitrootlogin yes Attempting: $ ssh root@<remotehost> shows: Received disconnect from <remotehost> port 22:2: Too many authentication failures for root packet_write_wait: Connection to <remotehost> port 22: Broken

...balKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts, ! oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs, oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication, oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias } OpCodes; --- 108,114 ---- oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts,...

...ownHostsFile, oConnectionAttempts, oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, oTCPKeepAlive, oNumberOfPasswordPrompts, - oLogFacility, oLogLevel, oLogVerbose, oCiphers, oMacs, + oLogFacility, oLogLevel, oLogPath, oLogVerbose, oCiphers, oMacs, oPubkeyAuthentication, oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, @@ -271,6 +271,7 @@ static struct { { "numberofpasswordprompts", oNumberOfPasswordPrompts }, { "syslogfacility&...

...oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, - oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts, + oCompressionLevel, oKeepAlives, oIdle, oNumberOfPasswordPrompts, oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs, oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication, oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, @@ -178,6 +178,7 @@ { "compression", oCompression }, { "compressionlevel", oCompressionLevel }, { "keepalive", oKeepAlives }, + { "idle", oIdle }, { "numberofpasswordprompts...

...out */ LogLevel log_level; /* Level for logging. */ int port; /* Port to connect. */ --- readconf.c 2001/03/11 01:49:20 1.40 +++ readconf.c 2001/03/14 19:11:15 @@ -110,7 +110,7 @@ oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs, oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication, oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, - oPreferredAuthentications + oPreferredAuthentications,oNoopMsgFrequency } OpCodes; /* Textual representations of the tokens. */ @@ -173,6 +173,7 @@ { "numberofpasswordprompts", oNumberOfPasswordPrompts }, {...

...Feedback is welcome. Please CC me if you reply to the list as I'm not subscribed. diff -ruN a/readconf.c b/readconf.c --- a/readconf.c 2009-02-14 06:28:21.000000000 +0100 +++ b/readconf.c 2009-07-09 18:24:09.000000000 +0200 @@ -123,7 +123,7 @@ oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication, oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, - oHostKeyAlgorithms, oBindAddress, oSmartcardDevice, + oHostKeyAlgorithms, oBindAddress, oBindPort, oSmartcardDevice, oClearAllForwardings, oNoHostAuth...

...CheckHostIP, oStrictHostKeyChecking, oCompression, - oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts, + oCompressionLevel, oKeepAlives, oKeepAlivesForward, oNumberOfPasswordPrompts, oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs, oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication, oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, @@ -172,6 +172,7 @@ { "compression", oCompression }, { "compressionlevel", oCompressionLevel }, { "keepalive", oKeepAlives }, + { "keepaliveforward", oKeepAlivesForward }, { &quo...

...rekeying = (xxx_kex != NULL && !xxx_kex->done); diff -ur openssh-2.9p1/readconf.c openssh-2.9p1S/readconf.c --- openssh-2.9p1/readconf.c Tue Apr 17 12:11:37 2001 +++ openssh-2.9p1S/readconf.c Thu May 17 19:23:52 2001 @@ -111,7 +111,7 @@ oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication, oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, - oHostKeyAlgorithms + oHostKeyAlgorithms, oSleep } OpCodes; /* Textual representations of the tokens. */ @@ -177,6 +177,7 @@ { "dynamicforward...

..., how much more damage could a malicious client do if it ware presented with a password prompt? Is it worth annoying the non-malicious clients or push the admin into ticking up MaxAuthTries? > If you know that you don't want to authenticate using PK, you can > disable this method using -oPubkeyAuthentication=no option. Yes, if I know. Cheers, -- Cristian

...e %d", (rand & 0x3f) + 1); } } diff -ur openssh-2.9p2/readconf.c openssh-2.9p2.servalive/readconf.c --- openssh-2.9p2/readconf.c Tue Apr 17 20:11:37 2001 +++ openssh-2.9p2.servalive/readconf.c Wed Sep 26 10:14:25 2001 @@ -111,7 +111,7 @@ oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication, oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, - oHostKeyAlgorithms + oHostKeyAlgorithms, oBogusTrafficIntervalMax, oBogusTrafficIntervalMin } OpCodes; /* Textual representations of the tokens. */...

...ws: diff -rupN openssh-5.8p2//readconf.c openssh-5.8p2-srcport//readconf.c --- openssh-5.8p2//readconf.c 2010-11-20 04:19:38.000000000 +0000 +++ openssh-5.8p2-srcport//readconf.c 2011-07-17 20:57:52.385044096 +0100 @@ -125,7 +125,7 @@ typedef enum { oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication, oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, - oHostKeyAlgorithms, oBindAddress, oPKCS11Provider, + oHostKeyAlgorithms, oBindAddress, oBindPort, oPKCS11Provider, oClearAllForwardings, oNoHostAuthen...

...+++ readconf.c 15 Nov 2006 14:14:36 -0000 @@ -117,7 +117,8 @@ oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts, oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs, - oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication, + oGlobalKnownHostsFile2, oUserKnownHostsFile2, oCertkeyAuthentication, + oCAKeyFile, oPubkeyAuthentication, oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, oHostKeyAlgorithms, oBindAddress, oSmartcar...

.../sshd -Dddd -p 44444 -oPasswordAuthentication=yes -oChallengeResponseAuthentication=yes -opermitemptypasswords=yes debug1: PAM: establishing credentials PAM: pam_setcred(): Failure setting user credentials debug1: do_cleanup debug3: PAM: sshpam_thread_cleanup entering Client: ssh -vvv localhost -oPubkeyAuthentication=no -p 44444 -l xxxx debug1: Authentication succeeded (keyboard-interactive). Authenticated to localhost ([127.0.0.1]:44444). debug1: channel 0: new [client-session] debug3: ssh_session2_open: channel_new: 0 debug2: channel 0: send open debug1: Requesting no-more-sessions at openssh.com debug1: Ent...

In the changelog, there is an entry: 20001129 - (djm) Back out all the serverloop.c hacks. sshd will now hang again if there are background children with open fds. Does this mean that this is regarded as expected (and correct) behavior, that should not change in the future, or does it mean that this behavior is a known problem that someone will eventually fix? --Adam -- Adam McKenna

...on subdirectories: openssh-2.9p1/openbsd-compat and openssh/openbsd-compat diff -NuBw openssh-2.9p1/readconf.c openssh/readconf.c --- openssh-2.9p1/readconf.c Tue Apr 17 14:11:37 2001 +++ openssh/readconf.c Wed Jun 6 14:38:23 2001 @@ -111,7 +111,7 @@ oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication, oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, - oHostKeyAlgorithms + oHostKeyAlgorithms, oSNKFile } OpCodes; /* Textual representations of the tokens. */ @@ -177,6 +177,7 @@ { "dynamicforwa...