Displaying 20 results from an estimated 86 matches for "packet_disconnect".
2007 Aug 22
0
Patch to allow checking of v1 keys on remote host.
...entity. */
debug("Trying RSA authentication via agent with '%.100s'", comment);
- xfree(comment);
+ if (!options.checkey) xfree(comment);
/* Tell the server that we are willing to authenticate using this key. */
packet_start(SSH_CMSG_AUTH_RSA);
@@ -107,9 +108,17 @@
packet_disconnect("Protocol error during RSA authentication: %d",
type);
+ /*if -u is enabled print a message and then exit*/
+ if (options.checkey) {
+ snprintf(buf, sizeof(buf), "RSA key '%.100s' is Valid",comment);
+ xfree(comment);
+...
2015 Feb 23
2
Call for testing: OpenSSH 6.8
Darren Tucker wrote:
> Question is: what to do?
> c) make packet_disconnect a real function.
I say c.
//Peter
2001 Feb 04
1
minor aix patch to auth1.c
...f (authctxt->failures++ > AUTH_FAIL_MAX) {
#ifdef WITH_AIXAUTHENTICATE
- loginfailed(user,get_canonical_hostname(),"ssh");
+
loginfailed(authctxt->user,get_canonical_hostname(),"ssh");
#endif /* WITH_AIXAUTHENTICATE */
packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
}
2000 May 15
1
AIX authenticate patches
...hat authentication is needed. */
@@ -408,8 +406,12 @@
client_user = NULL;
}
- if (attempt > AUTH_FAIL_MAX)
+ if (attempt > AUTH_FAIL_MAX) {
+#ifdef WITH_AIXAUTHENTICATE
+ loginfailed(pw->pw_name,get_canonical_hostname(),"ssh");
+#endif /* WITH_AIXAUTHENTICATE */
packet_disconnect(AUTH_FAIL_MSG, pw->pw_name);
+ }
/* Send a message indicating that the authentication attempt failed. */
packet_start(SSH_SMSG_FAILURE);
@@ -430,7 +432,7 @@
unsigned int ulen;
char *user;
#ifdef WITH_AIXAUTHENTICATE
- char *loginmsg;
+ extern char *aixloginmsg;
#endif /* WITH_AIXA...
2001 May 11
1
Problems with OpenSSH2.9p1 on Linux/Sparc
...ew Fri May 11 16:07:29 2001
***************
*** 2623,2629 ****
snprintf(channel_forwarded_auth_socket_name, MAX_SOCKET_NAME,
"%s/agent.%d",
channel_forwarded_auth_socket_dir, (int) getpid());
! if (atexit(cleanup_socket) < 0) {
int saved = errno;
cleanup_socket();
packet_disconnect("socket: %.100s", strerror(saved));
--- 2623,2633 ----
snprintf(channel_forwarded_auth_socket_name, MAX_SOCKET_NAME,
"%s/agent.%d",
channel_forwarded_auth_socket_dir, (int) getpid());
! /* This is bad...on_exit requires 2 parameters, whereas
! at_exit only takes on...
2001 Dec 26
3
auth*.c
Folks,
During testing, we found a couple of issues with openssh3.0.2p1:
1. In userauth_finish() in auth2.c (as well as in do_authloop in auth1.c),
the foll. check:
if (authctxt->failures++ > AUTH_FAIL_MAX)
is never satisfied and thus packet_disconnect() never gets called. I
suspect the code just drops out of the dispatch_run function list instead.
This should be an == instead of >. While looking at the debug output
when deliberately entering wrong passwords, I noticed one try for none,
three for password, and then three for keyboard-interacti...
2001 Feb 08
1
ssh1 keyexchange problem ?
Hi,
Has anybody produced diffs for openssh-2.3.0p1 for the rsa keyexchange
problem that Core-SDI described ? ( I noticed that fix is already
in openbsd tree ).
-Jarno
--
Jarno Huuskonen - System Administrator | Jarno.Huuskonen at uku.fi
University of Kuopio - Computer Center | Work: +358 17 162822
PO BOX 1627, 70211 Kuopio, Finland | Mobile: +358 40 5388169
2000 Jan 07
2
possible clue on tcp forwarding problems
When I encounter the problem with TCP port forwarding locking up, I'll
see this on the client window (if I haven't invoked ssh with -q):
chan_shutdown_read failed for #1/fd6: Transport endpoint is not connected
chan_shutdown_read failed for #1/fd6: Transport endpoint is not connected
This is with Blowfish encryption. I have to kill and restart the client
when this happens.
Phil
1999 Dec 07
1
Serious Bug Report: OpenSSH
...51,24 +1551,41 @@
get_remote_port(),
user);
-#ifdef HAVE_LIBPAM
- do_pam_account_and_session(pw->pw_name, client_user);
+#ifndef HAVE_LIBPAM
+ if (authenticated)
+ return;
- /* Clean up */
- if (client_user != NULL)
- xfree(client_user);
+ if (attempt > AUTH_FAIL_MAX)
+ packet_disconnect(AUTH_FAIL_MSG, pw->pw_name);
+#else /* HAVE_LIBPAM */
+ if (authenticated) {
+ do_pam_account_and_session(pw->pw_name, client_user);
- if (password != NULL) {
- memset(password, 0, strlen(password));
- xfree(password);
- }
-#endif /* HAVE_LIBPAM */
+ /* Clean up */
+ if (client...
2008 Jul 09
2
loginmsg bug
Cf. http://seclists.org/fulldisclosure/2008/Jul/0090.html
This Mrdkaaa character claims to have exploited this, but does not say
how.
The issue is that if do_pam_account() fails, do_authloop() will call
packet_disconnect() with loginmsg as the format string (classic
printf(foo) instead of printf("%s", foo) bug).
The stuff that do_authloop() appends to loginmsg is harmless (the user
name is safe, since at this point we know the account exists). The
question is, what does loginmsg contain before do_authlo...
2001 Jun 26
1
OpenSSH 2.9p2 with PAMAuthenticationViaKbdInt
...----- next part --------------
--- auth2-pam.c.orig Wed Jun 27 09:43:43 2001
+++ auth2-pam.c Wed Jun 27 09:44:54 2001
@@ -137,8 +137,8 @@
if (authctxt == NULL)
fatal("input_userauth_info_response_pam: no authentication context");
- if (authctxt->attempt++ >= AUTH_FAIL_MAX)
- packet_disconnect("too many failed userauth_requests");
+ if (authctxt->failures >= AUTH_FAIL_MAX)
+ packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
nresp = packet_get_int(); /* Number of responses. */
debug("got %d responses", nresp);
2001 Jun 05
1
OpenSSH tmp cleanup
Hi,
I noticed that Markus has fixed the temporary file cleanup problems in
OpenSSH cvs. What files need patching for this ? I only noticed
changes in: session.c, channels.h and channels.c.
-Jarno
--
Jarno Huuskonen <Jarno.Huuskonen at uku.fi>
2001 Aug 16
4
Idletimeout patch
...is
+ * not set */
+ if (max_time_seconds>0) {
+ tv.tv_sec=max_time_seconds;
+ tv.tv_usec=0;
+ tvp=&tv;
+ } else
+ tvp = NULL;
+ } else {
tv.tv_sec = max_time_milliseconds / 1000;
tv.tv_usec = 1000 * (max_time_milliseconds % 1000);
tvp = &tv;
@@ -301,7 +329,22 @@
packet_disconnect(
"No open channels after timeout!");
}
- }
+ }
+
+ if (options.idletimeout>0) {
+ /* Reset idletimeout if something happened.
+ * NOTE: events events happening while there is
+ * active client_alive_timeouts are ignored. This way
+ * client_alive messages won't re...
2002 Mar 29
1
Two patches for OpenSSH 3.1p1 (fwd)
...verloop.c Fri Feb 8 12:07:17 2002
--- openssh-3.1p1-peter/serverloop.c Mon Mar 18 22:01:02 2002
***************
*** 673,679 ****
/* We no longer want our SIGCHLD handler to be called. */
mysignal(SIGCHLD, SIG_DFL);
! wait_pid = waitpid(-1, &wait_status, 0);
if (wait_pid == -1)
packet_disconnect("wait: %.100s", strerror(errno));
else if (wait_pid != pid)
--- 673,681 ----
/* We no longer want our SIGCHLD handler to be called. */
mysignal(SIGCHLD, SIG_DFL);
! while ((wait_pid = waitpid(-1, &wait_status, 0)) < 0 && errno == EINTR)
! ;
!
if (wait...
2002 Feb 12
1
openssh + pam errors (fwd)
...---
http://www.monkey.org/~dugsong/
--- old/session.c Sat Dec 1 18:37:08 2001
+++ session.c Tue Feb 12 00:03:37 2002
@@ -437,7 +437,6 @@
session_proctitle(s);
#if defined(USE_PAM)
- do_pam_session(s->pw->pw_name, NULL);
do_pam_setcred(1);
if (is_pam_password_change_required())
packet_disconnect("Password change required but no "
@@ -494,6 +493,9 @@
#endif /* USE_PIPES */
/* Do processing for the child (exec command etc). */
+#if defined(USE_PAM)
+ do_pam_session(s->pw->pw_name, NULL);
+#endif /* USE_PAM */
do_child(s, command);
/* NOTREACHED */
}
@@ -555,7 +5...
2001 Jun 09
2
[PATCH] Make "-L" local ports bind to "127.0.0.1" in openssh-2.9p1
...teway_ports ? AI_PASSIVE : 0;
hints.ai_socktype = SOCK_STREAM;
snprintf(strport, sizeof strport, "%d", listen_port);
- if (getaddrinfo(NULL, strport, &hints, &aitop) != 0)
+ if (getaddrinfo(gateway_ports ? NULL : "127.0.0.1", strport, &hints, &aitop) != 0)
packet_disconnect("getaddrinfo: fatal error");
for (ai = aitop; ai; ai = ai->ai_next) {
2002 Mar 21
0
[Bug 178] New: Content of /etc/nologin isn't shown to users, fix triggers probably AIX bug
...1.1.1.7
diff -c -r1.1.1.7 session.c
*** session.c 2002/03/08 07:55:51 1.1.1.7
--- session.c 2002/03/19 15:17:52
***************
*** 572,590 ****
--- 572,594 ----
if (is_winnt)
cygwin_set_impersonation_token(INVALID_HANDLE_VALUE);
#endif
+ debug("parent+");
if (pid < 0)
packet_disconnect("fork failed: %.100s", strerror(errno));
s->pid = pid;
+ debug("parent++");
/* Parent. Close the slave side of the pseudo tty. */
close(ttyfd);
+ debug("parent+++");
/*
* Create another descriptor of the pty master side for use as the
* st...
2000 Nov 30
1
Problem and Patch: Multiple keys in ssh.com V2 agent
...fatal("input_userauth_request: no authctxt");
- if (authctxt->attempt++ >= AUTH_FAIL_MAX) {
-#ifdef WITH_AIXAUTHENTICATE
- loginfailed(authctxt->user?authctxt->user:"NOUSER",
- get_canonical_hostname(), "ssh");
-#endif /* WITH_AIXAUTHENTICATE */
- packet_disconnect("too many failed userauth_requests");
- }
-
user = packet_get_string(NULL);
service = packet_get_string(NULL);
method = packet_get_string(NULL);
debug("userauth-request for user %s service %s method %s", user, service, method);
- debug("attempt #%d", authctxt-&...
2000 Aug 15
0
Experimental -R support patch for openssh client
...packet_read(&payload_len); /* Expect reply from server */
+ switch (type) {
+ case SSH2_MSG_REQUEST_SUCCESS:
+ success = 1;
+ break;
+ case SSH2_MSG_REQUEST_FAILURE:
+ log("Warning: Server doesn't do port forwarding.");
+ break;
+ default:
+ /* Unknown packet */
+ packet_disconnect("Protocol error for port forward request: received packet type %d.", type);
+ }
+
+ }
+ else {
+ /* Protocol 1 */
packet_start(SSH_CMSG_PORT_FORWARD_REQUEST);
packet_put_int(listen_port);
packet_put_cstring(host_to_connect);
packet_put_int(port_to_connect);
packet_send()...
2000 Jan 19
3
AIX openssh patches
...urns only if
***************
*** 1142,1148 ****
/* Check if the user is logging in as root and root logins are disallowed. */
if (pw->pw_uid == 0 && !options.permit_root_login) {
! if (forced_command)
log("Root login accepted for forced command.");
else
packet_disconnect("ROOT LOGIN REFUSED FROM %.200s",
--- 1155,1161 ----
/* Check if the user is logging in as root and root logins are disallowed. */
if (pw->pw_uid == 0 && !options.permit_root_login) {
! if (forced_command)
log("Root login accepted for forced command."...