search for: packet_don

...e, I found this little routine in session.c (it appears to be identical to the same routine in the OpenBSD source, so it's not a porting issue): int session_subsystem_req(Session *s) { unsigned int len; int success = 0; char *subsys = packet_get_string(&len); packet_done(); log("subsystem request for %s", subsys); xfree(subsys); return success; } To my eyes, this looks like a planned no-op. Markus Friedl earlier reported that, as of late April, sftp was still on the to-do list. What about the future (or lack thereof) of an OpenSSH...

...ginal_command = NULL; + } + } + + /* administrative, login(1)-like work */ void do_login(Session *s, const char *command) *************** *** 1288,1300 **** int session_shell_req(Session *s) { - /* if forced_command == NULL, the shell is execed */ - char *shell = forced_command; packet_done(); ! if (s->ttyfd == -1) ! do_exec_no_pty(s, shell); ! else ! do_exec_pty(s, shell); return 1; } --- 1308,1315 ---- int session_shell_req(Session *s) { packet_done(); ! do_exec(s, NULL); return 1; } *************** *** 1304,1320 **** u_int len; char *comman...

I'm reading this fine article on O'Reilly: http://linux.oreillynet.com/lpt/a//linux/2001/11/08/ssh_keystroke.html <quote> The paper concludes that the keystroke timing data observable from today's SSH implementations reveals a dangerously significant amount of information about user terminal sessions--enough to locate typed passwords in the session data stream and reduce the

...7:13 -0000 @@ -341,7 +341,7 @@ userauth_none(Authctxt *authctxt) return(0); #ifdef HAVE_CYGWIN - if (check_nt_auth(1, authctxt->pw->pw_uid) == 0) + if (check_nt_auth(1, authctxt->pw) == 0) return(0); #endif #ifdef USE_PAM @@ -367,7 +367,7 @@ userauth_passwd(Authctxt *authctxt) packet_done(); if (authctxt->valid && #ifdef HAVE_CYGWIN - check_nt_auth(1, authctxt->pw->pw_uid) && + check_nt_auth(1, authctxt->pw) && #endif #ifdef USE_PAM auth_pam_password(authctxt->pw, password) == 1) @@ -404,7 +404,7 @@ userauth_kbdint(Authctxt *au...

...HUP); + SIG(ILL); + SIG(INT); + SIG(KILL); + SIG(PIPE); + SIG(QUIT); + SIG(SEGV); + SIG(TERM); + SIG(USR1); + SIG(USR2); + return -1; +} + +static int +session_signal_req(Session *s) +{ + char *signame; + int sig; + + signame = packet_get_string(NULL); + sig = name2sig(signame); + xfree(signame); + packet_done(); + + if (sig >= 0 && s->pid > 0) { + debug("session_signal_req: killpg(%d, %d)", + s->pid, sig); + if (killpg(s->pid, sig) < 0) + error("session_signal_req: killpg(%d, %d): %s", + s->pid, sig, strerror(errno)); + } + return 0; +} +...

...l 11 09:31:38 2000 +++ openssh-2.1.1p4-hein/auth2.c Sun Aug 27 17:39:22 2000 @@ -102,6 +102,9 @@ #ifdef SKEY options.skey_authentication = 0; #endif +#ifdef PAM_TIS + options.tis_authentication = 0; +#endif #ifdef KRB4 options.kerberos_authentication = 0; #endif @@ -257,7 +260,7 @@ packet_done(); #ifdef USE_PAM - return auth_pam_password(pw, ""); + return auth_pam_password(pw, "", SSH_CMSG_AUTH_PASSWORD); #elif defined(HAVE_OSF_SIA) return(sia_validate_user(NULL, saved_argc, saved_argv, get_canonical_hostname(), pw->pw_name, NULL, 0, NULL, @@ -284,7 +28...

...fdef HAVE_CYGWIN - if (check_nt_auth(1, authctxt->pw->pw_uid) == 0) - return(0); -#endif #ifdef USE_PAM return auth_pam_password(authctxt->pw, ""); #elif defined(HAVE_OSF_SIA) @@ -380,9 +376,6 @@ userauth_passwd(Authctxt *authctxt) password = packet_get_string(&len); packet_done(); if (authctxt->valid && -#ifdef HAVE_CYGWIN - check_nt_auth(1, authctxt->pw->pw_uid) && -#endif #ifdef USE_PAM auth_pam_password(authctxt->pw, password) == 1) #elif defined(HAVE_OSF_SIA) @@ -418,10 +411,6 @@ userauth_kbdint(Authctxt *authctxt) #endif xfr...

...SF_SIA -# include <sia.h> -# include <siad.h> -#endif - /* import */ extern ServerOptions options; extern unsigned char *session_id2; @@ -249,19 +244,12 @@ int ssh2_auth_none(struct passwd *pw) { -#ifdef HAVE_OSF_SIA - extern int saved_argc; - extern char **saved_argv; -#endif - packet_done(); #ifdef USE_PAM return auth_pam_password(pw, ""); #elif defined(HAVE_OSF_SIA) - return(sia_validate_user(NULL, saved_argc, saved_argv, - get_canonical_hostname(), pw->pw_name, NULL, 0, NULL, - "") == SIASUCCESS); + return auth_sia_password(pw->pw_name, "&...

I'm not a ssh expert and I don't know if the log is good or bad, but I too am running OpenSHH under OpenServer. I find that after I connect, the return key has no effect unless I first type: stty sane <Ctrl>j If you've hit <ENTER> before that you must first press <Ctrl>j a couple of times to clean out the buffer. After I type the above command, everything

...i; + + debug("ssh2 server tries to open forwarded-tcpip channel."); + + /* Get rest of the packet */ + connected_address = packet_get_string(&connected_len); + connected_port = packet_get_int(); + client_address = packet_get_string(&client_len); + client_port = packet_get_int(); + packet_done(); + + /* Check if we have requested this remote forwarding */ + for (i = 0; i<num_permitted_opens; i++) { + if ( permitted_opens[i].listen_port == connected_port ) { + break; + } + } + + /* We haven't requested the connection to be forwarded ! */ + if ( i >= num_permitted_opens ) {...

Hi, I noticed that Markus has fixed the temporary file cleanup problems in OpenSSH cvs. What files need patching for this ? I only noticed changes in: session.c, channels.h and channels.c. -Jarno -- Jarno Huuskonen <Jarno.Huuskonen at uku.fi>

...nt_wait_until_can_do_something(&readset, + &writeset, &max_fd2, &nalloc, rekeying); if (quit_pending) break; @@ -1222,6 +1310,21 @@ exit_status = packet_get_int(); packet_done(); } + /* + * Begin SD Mod: + * check to see if request from server is to turn off steno. + * If so, turn it off if neccessary. + */ + else if (strcmp(rtype, "no_steno") == 0) { + debug("received request not use use steno&q...

...1) { authenticated = 1; + + if (options.log_key_fingerprint == 1) + snprintf(info,info_size," fp %s",key_fingerprint(key,SSH_FP_MD5,SSH_FP_HEX)); + } buffer_clear(&b); xfree(sig); } else { debug("test whether pkalg/pkblob are acceptable"); packet_done(); diff -u5 openssh-3.0.2p1.orig/servconf.c openssh-3.0.2p1/servconf.c --- openssh-3.0.2p1.orig/servconf.c Tue Nov 13 14:03:15 2001 +++ openssh-3.0.2p1/servconf.c Tue Jan 29 14:23:41 2002 @@ -107,10 +107,11 @@ options->reverse_mapping_check = -1; options->client_alive_interval = -1; op...

...HUP); + SIG(ILL); + SIG(INT); + SIG(KILL); + SIG(PIPE); + SIG(QUIT); + SIG(SEGV); + SIG(TERM); + SIG(USR1); + SIG(USR2); + return -1; +} + +static int +session_signal_req(Session *s) +{ + char *signame; + int sig; + + signame = packet_get_string(NULL); + sig = name2sig(signame); + xfree(signame); + packet_done(); + + if (sig >= 0 && s->pid > 0) { + debug("session_signal_req: killpg(%d, %d)", + s->pid, sig); + if (killpg(s->pid, sig) < 0) + error("session_signal_req: killpg(%d, %d): %s", + s->pid, sig, strerror(errno)); + } + return 0; +} +...

Hello, In response to the timing analysis attacks presented by Dawn Song et. al. in her paper http://paris.cs.berkeley.edu/~dawnsong/ssh-timing.html we at Silicon Defense developed a patch for openssh to avoid such measures. Timing Analysis Evasion changes were developed by C. Jason Coit and Roel Jonkman of Silicon Defense. These changes cause SSH to send packets unless request not to,

...+ + debug("ssh2 server tries to open forwarded-tcpip channel."); + + /* Get rest of the packet */ + listen_address = packet_get_string(&connected_len); + listen_port = packet_get_int(); + originator_address = packet_get_string(&client_len); + originator_port = packet_get_int(); + packet_done(); + + /* Check if we have requested this remote forwarding + * Note: this is not fool proof, because we don't ask the server to + * acknowledge our remote forward request. + */ + for (i = 0; i<num_permitted_opens; i++) { + if ( permitted_opens[i].listen_port == listen_port ) { + bre...

...+ + debug("ssh2 server tries to open forwarded-tcpip channel."); + + /* Get rest of the packet */ + listen_address = packet_get_string(&connected_len); + listen_port = packet_get_int(); + originator_address = packet_get_string(&client_len); + originator_port = packet_get_int(); + packet_done(); + + /* Check if we have requested this remote forwarding + * Note: this is not fool proof, because we don't ask the server to + * acknowledge our remote forward request. + */ + for (i = 0; i<num_permitted_opens; i++) { + if ( permitted_opens[i].listen_port == listen_port ) { + bre...