search for: packet_read

...o OpenSSH 3.0.1p1 on a solaris 2.6 box and have started to see a larger number of fatal() error messages showing up in my syslog files than was happening in previous releases. The message is fatal: Read from socket failed: Resource temporarily unavailable which is coming from packet.c in the packet_read function where a read is return a len of -1 and the errno is EAGAIN. I would have suspected that if EAGAIN is found it should try to reread the socket... The select just before the read seems to handle the EAGAIN errno in a reasonable manner. Is anyone else seeing anything similar? I am not perso...

Hello, When I run ssh between two computers I have a 3 second delay before I can login. I ran ssh with the verbose option and found out that the delay is in between the following lines: ... debug1: Installing crc compensation attack detector. debug1: Received encrypted confirmation. (*** 3 second delay here ****) debug1: Doing challenge response authentication. debug1: No challenge. I read

I change my network configuration and now I don't have this problem any more. Jose Guilberto /***************************************************/ Hello, When I run ssh between two computers I have a 3 second delay before I can login. I ran ssh with the verbose option and found out that the delay is in between the following lines: ... debug1: Installing crc compensation attack

...; /* boolean: want reply */ + /* Ask for reply so we know to expect 'forwarded-tcpip' messages */ + packet_put_char(1); /* Boolean 1 asks for reply */ packet_put_cstring(address_to_bind); packet_put_int(listen_port); - } else { + packet_send(); + packet_write_wait(); + + type = packet_read(&payload_len); /* Expect reply from server */ + switch (type) { + case SSH2_MSG_REQUEST_SUCCESS: + success = 1; + break; + case SSH2_MSG_REQUEST_FAILURE: + log("Warning: Server doesn't do port forwarding."); + break; + default: + /* Unknown packet */ + packet_disco...

...t doesn't appear that "case SSH_CMSG_AUTH_RHOSTS:" is very being triggered in do_authloop() in sshd.c ... Now, from what I can tell, in do_authloop(), this case is triggered by a packet from the client, with: /* Get a packet from the client. */ type = packet_read(&plen); So, if I'm right, the client isn't sending over what is necessary? client is openssh under FreeBSD/ports, server is Solaris7/pre25 ... Still investigating ... Marc G. Fournier marc.fournier at acadiau.ca Senior Systems Administrator...

Hello I have few questions about openssh... 1/ there is probably bug in auth-password.c in auth_password function if (pw->pw_uid == 0 && options.permit_root_login == 2) return 0; if (*password == '\0' && options.permit_empty_passwd == 0) return 0; /* deny if no user. */ if (pw == NULL) <----------- this should be first checked .... return 0; 2/ do I have

...ssh-2.9p2/log.c(384): undefined reference to `syslog' /openssh/openssh-2.9p2/log.c(385): undefined reference to `closelog' ./libssh.a(cipher.o): In function `cipher_by_name': /openssh/openssh-2.9p2/cipher.c(440): undefined reference to `strcasecmp' ./libssh.a(packet.o): In function `packet_read': /openssh/openssh-2.9p2/packet.c(692): undefined reference to `howmany' /openssh/openssh-2.9p2/packet.c(717): undefined reference to `howmany' ./libssh.a(packet.o): In function `packet_write_wait': /openssh/openssh-2.9p2/packet.c(1216): undefined reference to `howmany' /openssh...

...ent); + xfree(comment); + packet_disconnect("%s",buf); + } + packet_get_bignum(challenge); packet_check_eom(); + debug("Received RSA challenge from server."); /* Ask the agent to decrypt the challenge. */ @@ -136,12 +145,16 @@ type = packet_read(); /* The server returns success if it accepted the authentication. */ + if (type == SSH_SMSG_SUCCESS) { ssh_close_authentication_connection(auth); BN_clear_free(challenge); debug("RSA authentication accepted by server."); return 1; } + + + /* Otherwise it sho...

I have just published a pre-alfa of a patch that has the goal to make OpenSSH aware with PMI. Reference site : http://nutmay.sourceforge.net -- Vincenzo Sciarra

...); /* Boolean 1 asks for reply */ packet_put_cstring(address_to_bind); packet_put_int(listen_port); - } else { + packet_send(); + packet_write_wait(); + success = 1; /* Assume that server accepts the request and put the + forward request to permitted_opens */ + + /* + type = packet_read(&payload_len); + switch (type) { + case SSH2_MSG_REQUEST_SUCCESS: + success = 1; + break; + case SSH2_MSG_REQUEST_FAILURE: + log("Warning: Server doesn't do port forwarding."); + break; + default: + packet_disconnect("Protocol error for port forward request: re...

The following aix patch to configure.in forces /usr/include to be searched before /usr/local/include on AIX systems only. This allows the normal include rules to untangle <login.h> from "login.h" on AIX when using the AIX cc compiler or gcc. Please see that it gets applied to the current cvs source tree. It fixes the only compile time error the current cvs tree has on aix with

...erforms authentication of an incoming connection. Session key has already been exchanged and encryption is enabled. User is the user name to log in as (received from the clinet). Privileged_port is true if the @@ -2278,6 +2312,7 @@ /* Get a packet from the client. */ type = packet_read(); + lets_log=1; /* Process the packet. */ switch (type) { @@ -2660,14 +2695,17 @@ #if defined(KERBEROS) && defined(KRB5) if (auth_password(user, password, client)) #else /* defined(KERBEROS) && defined(KRB5) */ - if (auth_p...

...packet.c and not the other way around, so dependencies are cleaner. - I implemented packet_select() in packet.c. This makes possible to catch idletimeouts not only when when server is sitting in wait_until_can_do_something() but also when server is waiting for completion of full packet in packet_read() or waiting for completion of writing full packet in packet_write_wait(). With previous patches sshd could (in theory at least) hang on packet_read() or packet_write_wait() even if idletimeout or clientalive was set. - with packet_select() ssh-client side idletimeout could be easily imple...

..._opens++; - /* Send the forward request to the remote side. */ if (compat20) { const char *address_to_bind = "0.0.0.0"; @@ -1534,7 +1534,28 @@ * Wait for response from the remote side. It will send a disconnect * message on failure, and we will never see it here. */ - packet_read_expect(&payload_len, SSH_SMSG_SUCCESS); + + /* Jarno: Server can send SSH_SMSG_FAILURE if it won't do port + forwardings ! + */ + + type = packet_read(&payload_len); + + switch (type) { + case SSH_SMSG_SUCCESS: + permitted_opens[num_permitted_opens].host_to_connect = xstrdup...

Here is a patch that does TIS auth via PAM. It's controlled by a switch in the sshd_config. You'd use it by having a PAM module that sets PAM_PROMPT_ECHO_ON. eg, you could use it with pam_skey or pam_smxs. The patch is against the 2.9.9p2 distribution. I'm not on the list, a reply if this patch is accepted would be great. (But not required, I know some folks have a distaste for

...MSG_MEMBER(msg, count, msg), + sizeof(buf)); + debug("sending challenge '%s'", buf); + packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE); + packet_put_cstring(buf); + packet_send(); + packet_write_wait(); + + /* Give the response to the PAM module */ + if ((type = packet_read(&plen)) != + SSH_CMSG_AUTH_TIS_RESPONSE) { + free(reply); + return PAM_CONV_ERR; + } + debug("rcvd SSH_CMSG_AUTH_TIS_RESPONSE"); + response = packet_get_string(&dlen); + debug("got response '%s'", response); + packet_integrity_check(...

...tion of function `getpeername' packet.c: In function `packet_connection_is_ipv4': packet.c:218: warning: implicit declaration of function `getsockname' packet.c: In function `packet_close': packet.c:265: warning: implicit declaration of function `shutdown' packet.c: In function `packet_read': packet.c:691: warning: implicit declaration of function `bzero' packet.c: In function `packet_set_interactive': packet.c:1240: warning: implicit declaration of function `setsockopt' entropy.c: In function `stir_gettimeofday': entropy.c:302: warning: implicit declaration of fun...

...efault settings) in sshd_config: LogLevel DEBUG ClientAliveInterval 90 Subsystem sftp /usr/libexec/sftp-server SSH client: PuTTY version 0.58, default settings OS/HW: FreeBSD 6.1-RELEASE running on 64-bit x86 ("amd64" platform) Executive summary: The select() in packet_read_seqnr() waits indefinitely, resulting in stuck SSH sessions when networking problems interfere with key exchange. Would like to be able to set a timeout there, or send SSH keepalives during key exchange. Periodically (every 60 minutes) the SSH client initiates rekeying via key exchange...

...t.c.orig openssh-6.1p1/packet.c --- openssh-6.1p1/packet.c.orig 2012-03-08 18:28:07.000000000 -0500 +++ openssh-6.1p1/packet.c 2012-11-23 18:18:00.233636000 -0500 @@ -1018,6 +1018,17 @@ } /* + * The following two global variables exist to pass connection error + * conditions detected by code in packet_read_seqnr() to ssh-keyscan. + */ + +int connclosed = 0; /* = 1 if connection closed by remote server */ + /* prior to necessary data being read */ +int conntimedout = 0; /* = 1 if connection timed out locally while */ + /* waiting for data from remote server */ + /* both currently us...

...t_start(SSH_SMSG_AUTH_TIS_CHALLENGE); + packet_put_string(prompt, prompt_len); + xfree(prompt); + packet_send(); + packet_write_wait(); + type = packet_read(&plen); + if (type == SSH_CMSG_AUTH_TIS_RESPONSE) { + debug("rcvd SSH_CMSG_AUTH_TIS_RESPONSE in PAM"); + pampasswd = packet_get_string(&dlen); +...