search for: packet_start

...child continues serving connections. */ /* fake EOF on stdin */ if (compat20) { buffer_append(&stdin_buffer, "\004", 1); } else if (!stdin_eof) { /* * Sending SSH_CMSG_EOF alone does not always appear * to be enough. So we try to send an EOF character * first. */ packet_start(SSH_CMSG_STDIN_DATA); packet_put_string("\004", 1); packet_send(); /* Close stdin. */ stdin_eof = 1; if (buffer_len(&stdin_buffer) == 0) { packet_start(SSH_CMSG_EOF); packet_send(); } } if (detach) { /* * There should be a chan_wont_read()/chan_wont_write()...

.... + */ + newch = channel_new( (c->type == SSH2_CHANNEL_PORT_LISTENER) ? + "forwarded-tcpip" : "direct-tcpip", SSH_CHANNEL_OPENING, newsock, newsock, -1, c->local_window_max, c->local_maxpacket, 0, xstrdup(buf)); if (compat20) { packet_start(SSH2_MSG_CHANNEL_OPEN); - packet_put_cstring("direct-tcpip"); + if (c->type == SSH2_CHANNEL_PORT_LISTENER) + packet_put_cstring("forwarded-tcpip"); + else + packet_put_cstring("direct-tcpip"); packet_put_int(newch); packet_put_int(c->local_win...

...> AUTH_FAIL_MAX) { +#ifdef WITH_AIXAUTHENTICATE + loginfailed(pw->pw_name,get_canonical_hostname(),"ssh"); +#endif /* WITH_AIXAUTHENTICATE */ packet_disconnect(AUTH_FAIL_MSG, pw->pw_name); + } /* Send a message indicating that the authentication attempt failed. */ packet_start(SSH_SMSG_FAILURE); @@ -430,7 +432,7 @@ unsigned int ulen; char *user; #ifdef WITH_AIXAUTHENTICATE - char *loginmsg; + extern char *aixloginmsg; #endif /* WITH_AIXAUTHENTICATE */ /* Get the name of the user that we wish to log in as. */ @@ -501,7 +503,9 @@ /* The user has been authenti...

I looked around for a while, but couldn't find any code for requiring multiple authentication mechanisms in openssh. So I wrote an implemention. I thought at first I should change the PasswordAuthentication, PubkeyAuthentication, etc. keywords to allow no/yes/required. But there's some funky stuff in auth2.c with respect to keyboard interactive auth that would make this kind of

...inues serving connections. */ + /* fake EOF on stdin */ + if (compat20) { + buffer_append(&stdin_buffer, "\004", 1); + } else if (!stdin_eof) { + /* + * Sending SSH_CMSG_EOF alone does not always appear + * to be enough. So we try to send an EOF character + * first. + */ + packet_start(SSH_CMSG_STDIN_DATA); + packet_put_string("\004", 1); + packet_send(); + /* Close stdin. */ + stdin_eof = 1; + if (buffer_len(&stdin_buffer) == 0) { + packet_start(SSH_CMSG_EOF); + packet_send(); + } + } + + if (detach) { + chan_read_failed(c); + chan_write_failed(c); + c...

...0 @@ -228,16 +228,7 @@ userauth_finish(Authctxt *authctxt, int if (authctxt->postponed) return; - /* XXX todo: check if multiple auth methods are needed */ - if (authenticated == 1) { - /* turn off userauth */ - dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &dispatch_protocol_ignore); - packet_start(SSH2_MSG_USERAUTH_SUCCESS); - packet_send(); - packet_write_wait(); - /* now we can break out */ - authctxt->success = 1; - } else { + if (!authenticated) { if (authctxt->failures++ > AUTH_FAIL_MAX) { packet_disconnect(AUTH_FAIL_MSG, authctxt->user); } @@ -252,6 +243,32 @@...

...ct); - permitted_opens[num_permitted_opens].port_to_connect = port_to_connect; - permitted_opens[num_permitted_opens].listen_port = listen_port; - num_permitted_opens++; - /* Send the forward request to the remote side. */ if (compat20) { const char *address_to_bind = "0.0.0.0"; packet_start(SSH2_MSG_GLOBAL_REQUEST); packet_put_cstring("tcpip-forward"); - packet_put_char(0); /* boolean: want reply */ + /* Ask for reply so we know to expect 'forwarded-tcpip' messages */ + packet_put_char(1); /* Boolean 1 asks for reply */ packet_put_cstring(address_to_bind);...

...omments: * In 2001 the code in packet.c was not organized like it is now with wrapper functions calling ssh1/ssh2 versions. I think I put calls to idletimeout_check() in the right places but I could have missed one or added too much. * For the writing case, I added an idletimeout_check() in packet_start instead of in the packet_send, assuming that packet_send will be called soon after packet_start. * If this patch is combined with the ControlPersist patch, it should be possible request that ssh only performs the timeout when ssh is daemonized as a master. This could be done by making ControlPe...

Hi: My ssh server ( In ssh2 ) want to send messages to client ( putty ). But I can't find way to do this. I write below code : packet_start( I_DONT_KNOW_WHICH_ID_TO_BE_USED ); <- ??? packet_put_cstring( "Some messages..." ); packet_send( ); packet_write_wait( ); In packet_start( ), Which ID must be used? Or there is the other way?

Hi All, I am trying to decode the message received from openssh client 3.1.0 Following is the third message which I received. length = 0000 008c padding length = 06 messagetype = 1e (SSH2_MSG_KEX_DH_GEX_REQUEST_OLD) padding = b8 218e c680 and the next four byte should have the n which is 0000 0080 which is less than 1024. 0000 008c 061e 0000 0080 2a19 a9e4 05fb aee2 b107 4fa9 f0c1 83d3 3bf0

I'd like a feature whereby ssh puts itself in the background after the first successful X11 (or other port) forwarding. The reason for this is simple: error handling. If the application fails to open the X display and exits, then the client can still exit with the application's exit code. But if the application opens the X display successfully, then it can just display any errors by

...sponse = ssh_askpass(askpass, + "Permission denied, please try again:"); + else + response = ssh_askpass(askpass, buf); + } else { + if (i != 0) + error("Permission denied, please try again."); + response = read_passphrase("Response: ", 0); + } packet_start(SSH_CMSG_AUTH_TIS_RESPONSE); packet_put_string(response, strlen(response)); memset(response, 0, strlen(response)); @@ -657,14 +687,31 @@ { int type, i, payload_len; char *password; + int interactive = isatty(STDIN_FILENO); + char *askpass = NULL; debug("Doing password authentica...

...cpip", + newch = channel_new((c->type == SSH2_CHANNEL_PORT_LISTENER) ? + "forwarded-tcpip" : "direct-tcpip", SSH_CHANNEL_OPENING, newsock, newsock, -1, c->local_window_max, c->local_maxpacket, 0, xstrdup(buf), 1); if (compat20) { packet_start(SSH2_MSG_CHANNEL_OPEN); - packet_put_cstring("direct-tcpip"); + if (c->type == SSH2_CHANNEL_PORT_LISTENER) + packet_put_cstring("forwarded-tcpip"); + else + packet_put_cstring("direct-tcpip"); packet_put_int(newch); packet_put_int(c->local_win...

...t;break;". code: retval = 0; /*XXXX*/ sshkey_free(k); if (retval != 0) break; XXXX here probably means fix in future, but the last two lines seem to be functionless * clientloop.c:2087:dead_error_line ? Execution cannot reach this expression "81" inside statement "packet_start((success ? 81 ...". I hope that it makes sense. -- Petr Lautrbach

...err_buffer, buf, strlen(buf)); quit_pending = 1; - } + + } + break; + + case 0: + /* Send a keepalive packet (not SSH_MSG_IGNORE as this crashes + * some servers...). + */ + packet_start(SSH_MSG_NONE); + packet_send(); + break; + + default: + break; + } } void

...0) { /* This is the parent. */ + /* The parent just exits. */ + exit(0); + } + + /* fake EOF on stdin for SSHv1 */ + if (!compat20 && !stdin_eof) { + /* + * Sending SSH_CMSG_EOF alone does not always appear + * to be enough. So we try to send an EOF character + * first. + */ + packet_start(SSH_CMSG_STDIN_DATA); + packet_put_string("\004", 1); + packet_send(); + /* Close stdin. */ + stdin_eof = 1; + if (buffer_len(&stdin_buffer) == 0) { + packet_start(SSH_CMSG_EOF); + packet_send(); + } + } + + if (!compat20) + return; + + c = channel_lookup(session_ident); +...

...&present); + } while (mechs > 0 && !present); + + gss_release_oid_set(&ms, &supported); + + if (!present) { + xfree(doid); + return (0); + } + + if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &oid)))) + return (0); + + authctxt->methoddata=(void *)ctxt; + + packet_start(SSH2_MSG_USERAUTH_GSSAPI_RESPONSE); + + /* Return OID in same format as we received it*/ + packet_put_string(doid, len); + + packet_send(); + xfree(doid); + + dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token); + dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_err...

...1,7 +130,7 @@ /* if client wants mutual auth */ problem = krb5_mk_rep(authctxt->krb5_ctx, authctxt->krb5_auth_ctx, - &reply); + reply); if (problem) goto err; @@ -144,19 +143,16 @@ krb5_unparse_name(authctxt->krb5_ctx, authctxt->krb5_user, client); - packet_start(SSH_SMSG_AUTH_KERBEROS_RESPONSE); - packet_put_string((char *) reply.data, reply.length); - packet_send(); - packet_write_wait(); - ret = 1; err: if (server) krb5_free_principal(authctxt->krb5_ctx, server); if (ticket) krb5_free_ticket(authctxt->krb5_ctx, ticket); - if (reply.le...

...a. */ - if (select(max_fd + 1, readset, writeset, NULL, NULL) < 0) { + if( trans_inter > 0 ) { + struct timeval timeout; + timeout.tv_sec = trans_inter; + timeout.tv_usec = 0; + select_return = select(max_fd + 1, readset, writeset, NULL, &timeout); + if(select_return == 0) { + packet_start(SSH_MSG_NONE); + packet_send(); + } + } else + select_return = select(max_fd + 1, readset, writeset, NULL, NULL); + + if( select_return < 0 ) { char buf[100]; /* Some systems fail to clear these automatically. */ FD_ZERO(readset); @@ -863,7 +882,7 @@ * Wait until we have somethi...

Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the