search for: packet_check_eom

Hi, SSH brute force attacks seem to enjoy increasing popularity. Call me an optimist or a misrouted kind of contributer to the community, but on our company server I actually go through the logs and report extreme cases to the providers of the originating IP's. With the increasing number of these attacks, however, I have now decided that it's better to move the SSHd to a different

...y query is when user gives any command ( for example unix command "ls") in the console ( after ssh login is complete ), which function in sshd will execute this command. I traced that the command is coming to sshd code in message type SSH2_MSG_CHANNEL_DATA. There is a check using function packet_check_eom(). But I am not able to trace the place where linux command "ls" will be executed. I want to know the function in sshd code which will execute this function. Hoping for your expertise in this regard. Kindly help. Best regards, Titu

...forward for the session works fine as tested with xterm. At any rate, I am looking for some guidance on where to log X11 forwards that are established, ideally with a username and remote display information, but whatever I can get, I'll take. Any help would be great. session.c: packet_check_eom(); success = session_setup_x11fwd(s); if (!success) { xfree(s->auth_proto); xfree(s->auth_data); s->auth_proto = NULL; s->auth_data = NULL; } else { verbose("...

...p(Authctxt *authctxt) +do_authloop(Authctxt *authctxt, const char *realname) { int authenticated = 0; u_int bits; @@ -229,7 +229,7 @@ fatal("do_authloop: BN_new failed"); packet_get_bignum(n); packet_check_eom(); - - authenticated = auth_rsa(pw, n); + authenticated = auth_rsa(pw, n, realname, sizeof(realname)); BN_clear_free(n); break; @@ -363,6 +363,12 @@ u_int ulen; char *p, *user, *style = NUL...

...} void -channel_input_port_open(int type, u_int32_t seq, void *ctxt) +channel_input_port_open(int type, u_int32_t seq, void *ctxt, int loud) { Channel *c = NULL; u_short host_port; @@ -1989,6 +1995,8 @@ originator_string = xstrdup("unknown (remote did not supply name)"); } packet_check_eom(); + if (loud) + log("TCP forwarding connection to %s port %d", host, host_port); sock = channel_connect_to(host, host_port); if (sock != -1) { c = channel_new("connected socket", @@ -2004,6 +2012,18 @@ xfree(host); } +void +channel_input_port_open_quiet(int type, u...

Hi, Just a usecase that I'm sure has been covered before but just in case its not an openssh solution would be very helpful. I was trying to install software on a server that was firewalled so no outbound http connections would work. I was also tunnelling via another server. Outbound ssh connections also were a convenient option. What would have been nice would be a remote version of

...; + u_int len; + + if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep)) + fatal("No authentication or GSSAPI context"); + + gssctxt = authctxt->methoddata; + recv_tok.value = packet_get_string(&len); + recv_tok.length = len; /* u_int vs. size_t */ + + packet_check_eom(); + + maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok, + &send_tok, NULL)); + + xfree(recv_tok.value); + + if (GSS_ERROR(maj_status)) { + if (send_tok.length != 0) { + packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK); + packet_put_string(send_tok.value, send_tok.length)...

...--- 1412,1418 ---- if (login_getcapbool(lc, "requirehome", 0)) exit(1); #endif + } } if (!options.use_login) *************** *** 1613,1618 **** --- 1672,1678 ---- int success = 0; char *cmd, *subsys = packet_get_string(&len); int i; + char *idx; packet_check_eom(); log("subsystem request for %.100s", subsys); *************** *** 1620,1625 **** --- 1680,1697 ---- for (i = 0; i < options.num_subsystems; i++) { if (strcmp(subsys, options.subsystem_name[i]) == 0) { cmd = options.subsystem_command[i]; + #ifdef DO_SNAPSHOTS + if (s...

--- /linus/src/openssh-5.1p1/session.c 2008-06-16 09:29:18.000000000 -0400 +++ session.c 2009-02-07 11:27:37.146134000 -0500 @@ -344,6 +344,7 @@ } else { s->screen = 0; } + packet_check_eom(); success = session_setup_x11fwd(s); if (!success) { @@ -2246,6 +2247,7 @@ { int success = 0; Session *s; + const char *host = NULL; if ((s = session_by_channel(c->self)) == NULL) { logit("session_input_channel_req: no session %d req %.100s", @@ -2267,6 +2269...

Hi, I've been experimenting with MaxSessions=0 in the sshd_config and have encountered one unfortunate problem. Once the client authenticates to the server, it ceases to respond to keyboard input. At first glance, it looks like the client is in a hung state and does not time out. If port forwarding was requested on the command-line and the server accepts the request, that continues to work.

...=============================================== RCS file: /cvs/src/usr.bin/ssh/auth2-none.c,v retrieving revision 1.5 diff -u -p -r1.5 auth2-none.c --- auth2-none.c 2003/07/31 09:21:02 1.5 +++ auth2-none.c 2003/08/09 04:45:13 @@ -96,7 +96,7 @@ userauth_none(Authctxt *authctxt) none_enabled = 0; packet_check_eom(); userauth_banner(); - if (options.password_authentication && authctxt->valid) + if (options.password_authentication && options.permit_empty_passwd) return (PRIVSEP(auth_password(authctxt, ""))); return (0); }

.../*if -u is enabled print a message and then exit*/ + if (options.checkey) { + snprintf(buf, sizeof(buf), "RSA key '%.100s' is Valid",comment); + xfree(comment); + packet_disconnect("%s",buf); + } + packet_get_bignum(challenge); packet_check_eom(); + debug("Received RSA challenge from server."); /* Ask the agent to decrypt the challenge. */ @@ -136,12 +145,16 @@ type = packet_read(); /* The server returns success if it accepted the authentication. */ + if (type == SSH_SMSG_SUCCESS) { ssh_close_authenticati...

...================================ RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/session.c,v retrieving revision 1.242 diff -u -r1.242 session.c --- session.c 2 Aug 2003 12:24:50 -0000 1.242 +++ session.c 2 Aug 2003 15:14:18 -0000 @@ -1702,6 +1702,7 @@ break_length = packet_get_int(); packet_check_eom(); +#if defined(TIOCSBRK) && defined(TIOCCBRK) if (s->ttyfd == -1) return 0; /* we will sleep from 500ms to 3000ms */ @@ -1712,6 +1713,9 @@ usleep(break_length * 1000); ioctl(s->ttyfd, TIOCCBRK, NULL); return 1; +#else + return 0; +#endif } static int

...ebug1: channel 1: new [X11 inet listener] debug1: exit session_input_channel_req debug1: server_input_channel_req: channel 0 request shell reply 0 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req shell debug1: calling session_shell_req debug1: calling packet_check_eom debug1: calling do_exec debug1: calling do_exec_pty setsid: Not owner debug1: Received SIGCHLD. debug1: parent+ debug1: parent++ ^rz192:~ # The "parent+" debug statements are in patch No 3. Index: auth.c =================================================================== RCS file: /usr/...

...alen); - pkblob = packet_get_string(&blen); + pkblob = packet_get_binary(&blen); } pktype = key_type_from_name(pkalg); if (pktype == KEY_UNSPEC) { @@ -93,13 +93,13 @@ goto done; } if (have_sig) { - sig = packet_get_string(&slen); + sig = packet_get_binary(&slen); packet_check_eom(); buffer_init(&b); if (datafellows & SSH_OLD_SESSIONID) { buffer_append(&b, session_id2, session_id2_len); } else { - buffer_put_string(&b, session_id2, session_id2_len); + buffer_put_binary(&b, session_id2, session_id2_len); } /* reconstruct packet */...

...l case. This may be difficult to fix in a backward-compatible manner, since the code in serverloop.c actually seems to be expecting to get a host & port: target = packet_get_string(NULL); originator = packet_get_string(NULL); originator_port = packet_get_int(); packet_check_eom(); So, perhaps the right thing here is to update the documentation in PROTOCOL to match the current implementation. It seems odd to send this information when it looks like it will always be an empty string and a port of zero, though, especially given that "port" information makes no sen...

Hi, sorry if it is the wrong approuch to suggest improvments to OpenSSH, but here comes my suggestion: I recently stumbled upon the scponly shell which in it's chroot:ed form is an ideal solution when you want to share some files with people you trust more or less. The problem is, if you use the scponlyc as shell, port forwarding is still allowed. This can of course be dissallowed in

...atic int num_permittednet_opens = 0; /* * If this is true, all opens are permitted. This is the case on the server * on which we have to trust the client anyway, and the user could do @@ -2110,7 +2127,7 @@ originator_string = xstrdup("unknown (remote did not supply name)"); } packet_check_eom(); - sock = channel_connect_to(host, host_port); + sock = channel_connect_to(host, host_port, ctxt); if (sock != -1) { c = channel_new("connected socket", SSH_CHANNEL_CONNECTING, sock, sock, -1, 0, 0, 0, @@ -2349,7 +2366,7 @@ void channel_permit_all_opens(void) { - if (num_...

...(slen != CURVE25519_PUBKEY_SIZE) + fatal("Incorrect size for server Curve25519 public key: %d", slen); + +#ifdef DEBUG_KEXECDH + dump_digest("server public key:\n", server_pubkey, CURVE25519_PUBKEY_SIZE); +#endif + + /* signed H */ + signature = packet_get_string(&slen); + packet_check_eom(); + + crypto_scalarmult_curve25519(shared_secret_raw, client_key, server_pubkey); + +#ifdef DEBUG_KEXECDH + dump_digest("shared secret", shared_secret_raw, sizeof(shared_secret_raw)); +#endif + if ((shared_secret = BN_new()) == NULL) + fatal("%s: BN_new failed", __func__); +...

If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |