Displaying 20 results from an estimated 161 matches for "pkalg".
2001 Mar 11
0
patch to allow client to select rsa/dss
Here is a quick patch against openssh-2.5.1p1 to add a new config
option (pkalg) for the ssh client allowing the selection of which
public keys are obtained/verified.
--cut-here-
diff -c3 -r orig/openssh-2.5.1p1/key.c openssh-2.5.1p1/key.c
*** orig/openssh-2.5.1p1/key.c Mon Feb 5 18:16:28 2001
--- openssh-2.5.1p1/key.c Sun Mar 11 23:10:10 2001
***************
*** 534,539 ***...
2017 Jan 26
4
Server accepts key: pkalg rsa-sha2-512 vs ssh-rsa
Hi,
I'm doing some test with a pkcs11 token that can only sign short messages.
When connecting to one server, that reports pkalg rsa-sha2-512 blen
151, it fails to sign the pubkey because it is 83 bytes long. (sshd:
OpenSSH_7.3p1)
A older server that reports pkalg ssh-rsa blen 151, works perfectly as
the pubkey signature required is only 35 bytes long. (sshd:
OpenSSH_6.7p1)
I am not sure where does this pkalg fit in the pr...
2023 Apr 06
2
[Bug 3559] New: Mini memory leak and needless(?) const/static qualifier.
...chmidt at emtec.com
in sshconnect2.c in function ssh_kex2() the function
kex_default_pk_alg() is called.
This function is from readconf.c and has the following prototype:
const char *kex_default_pk_alg(void);
The function looks like this:
const char *
kex_default_pk_alg(void)
{
static char *pkalgs;
if (pkalgs == NULL) {
char *all_key;
all_key = sshkey_alg_list(0, 0, 1, ',');
pkalgs = match_filter_allowlist(KEX_DEFAULT_PK_ALG, all_key);
free(all_key);
}
return pkalgs;
}
It internally buffers the result for match_filter_allowlist() in a...
2001 Mar 07
1
patch to select pkalg
...2, but I
only have the DSA key, and I want to use that. I'm stuck; the OpenSSH client
is hard-wired to offer both algorithms in the key exchange, and will select
ssh-rsa if it's available (see myproposal.h, KEX_DEFAULT_PK_ALG).
Below is a patch adding the client configuration option "PKAlgorithms" for
this purpose. It doesn't validate the supplied list; I'm not sure if that's
really necessary or desirable.
This situation raises a couple of questions. The first is about the protocol,
which forces the client to commit to a choice of host key algorithm before it
sees...
2011 Nov 03
1
Help with CA Certificates for user authentication?
...rsa':
...and, correspondingly on the server:
debug1: KEX done
debug1: userauth-request for user test service ssh-connection method none
debug1: attempt 0 failures 0
debug1: userauth-request for user test service ssh-connection method publickey
debug1: attempt 1 failures 0
debug1: test whether pkalg/pkblob are acceptable
debug1: temporarily_use_uid: 63203/54000 (e=0/0)
debug1: trying public key file /etc/sshtest/authorized_keys
debug1: fd 5 clearing O_NONBLOCK
debug1: restore_uid: 0/0
debug1: temporarily_use_uid: 63203/54000 (e=0/0)
debug1: trying public key file /etc/sshtest/authorized_keys
d...
2024 Feb 07
3
[Bug 3665] New: publickey RSA signature unverified: error in libcrypto to RHEL9 sshd (with LEGACY crypto policy enabled)
.../scp to RHEL9):
note that it makes rsa-sha2-512 references
2024 Feb 2 13:33:27 RHEL9 [authpriv.debug] sshd: debug2:
userauth_pubkey: valid user USERREDACTED querying public key
rsa-sha2-512 PUBLICKEYREDACTED [preauth]
2024 Feb 2 13:33:27 RHEL9 [authpriv.debug] sshd: debug1:
userauth_pubkey: test pkalg rsa-sha2-512 pkblob RSA
SHA256:RSASIGNATUREREDACTED [preauth]
2024 Feb 2 13:33:27 RHEL9 [authpriv.debug] sshd: debug1:
/home/USERREDACTED/.ssh/authorized_keys:33: matching key found: RSA
SHA256:RSASIGNATUREREDACTED
2024 Feb 2 13:33:27 RHEL9 [authpriv.info] sshd: Accepted key RSA
SHA256:RSASIGNATU...
2000 Nov 30
1
Problem and Patch: Multiple keys in ssh.com V2 agent
...XXXXXX service ssh-connection method none
debug1: attempt #1
debug1: Starting up PAM with username "XXXXXX"
Failed none for XXXXXX from XXX.XXX.XXX.XXX port 34257 ssh2
debug1: userauth-request for user XXXXXX service ssh-connection method publickey
debug1: attempt #2
debug1: test whether pkalg/pkblob are acceptable
Failed publickey for XXXXXX from XXX.XXX.XXX.XXX port 34257 ssh2
debug1: userauth-request for user XXXXXX service ssh-connection method publickey
debug1: attempt #3
debug1: test whether pkalg/pkblob are acceptable
Failed publickey for XXXXXX from XXX.XXX.XXX.XXX port 34257 ssh...
2001 Jun 26
1
OpenSSH 2.9p2 with PAMAuthenticationViaKbdInt
...host"
debug2: input_userauth_request: try method none
Failed none for matthewm from 127.0.0.1 port 2911 ssh2
debug1: userauth-request for user matthewm service ssh-connection method
publickey
debug1: attempt 1 failures 1
debug2: input_userauth_request: try method publickey
debug1: test whether pkalg/pkblob are acceptable
debug1: temporarily_use_uid: 500/500 (e=0)
debug1: restore_uid
debug2: userauth_pubkey: authenticated 0 pkalg ssh-dss
Failed publickey for matthewm from 127.0.0.1 port 2911 ssh2
debug1: userauth-request for user matthewm service ssh-connection method
publickey
debug1: attempt...
2003 Oct 08
4
OS/390 openssh
...ee(blob);
} else {
buffer_free(&msg);
diff -bur openssh-3.7.1p2.orig/auth2-hostbased.c openssh-3.7.1p2/auth2-hostbased.c
--- openssh-3.7.1p2.orig/auth2-hostbased.c Sat Jun 28 04:38:02 2003
+++ openssh-3.7.1p2/auth2-hostbased.c Tue Oct 7 08:21:59 2003
@@ -60,10 +60,10 @@
return 0;
}
pkalg = packet_get_string(&alen);
- pkblob = packet_get_string(&blen);
+ pkblob = packet_get_binary(&blen);
chost = packet_get_string(NULL);
cuser = packet_get_string(NULL);
- sig = packet_get_string(&slen);
+ sig = packet_get_binary(&slen);
debug("userauth_hostbased: cus...
2003 Jul 09
3
OpenSSH 3.6.1p2 ON SCO 3.2v4.2 + STRICTMODES -->yes
...as root using when strictmode is set to yes.
output of debug:
Failed none for root from 192.168.1.1 port 1199 ssh2
debug1: userauth-request for user root service ssh-connection method
publickey
debug1: attempt 1 failures 1
debug2: input_userauth_request: try method publickey
debug1: test whether pkalg/pkblob are acceptable
debug1: trying public key file //.ssh/authorized_keys
debug3: secure_filename: checking '/.ssh'
debug3: secure_filename: checking ''
Authentication refused: bad ownership or modes for directory
debug1: trying public key file //.ssh/authorized_keys2
debug3: secu...
2001 May 23
1
[PATCH]: Drop the use of `check_nt_auth'.
..._kbdint(Authctxt *authctxt)
#endif
xfree(lang);
xfree(devs);
-#ifdef HAVE_CYGWIN
- if (check_nt_auth(0, authctxt->pw->pw_uid) == 0)
- return(0);
-#endif
return authenticated;
}
@@ -524,10 +513,6 @@ userauth_pubkey(Authctxt *authctxt)
debug2("userauth_pubkey: authenticated %d pkalg %s", authenticated, pkalg);
xfree(pkalg);
xfree(pkblob);
-#ifdef HAVE_CYGWIN
- if (check_nt_auth(0, authctxt->pw->pw_uid) == 0)
- return(0);
-#endif
return authenticated;
}
Index: openbsd-compat/bsd-cygwin_util.c
=================================================================...
2001 Dec 19
0
public key authentication failure
...02. From reading sshd -ddd and ssh -v I can't
figure out what goes wrong. Could somebody interpret the attached
typescripts for me, please?
Here's the relevant part from the server log and I don't understand it:
debug2: input_userauth_request: try method publickey
debug1: test whether pkalg/pkblob are acceptable
debug1: temporarily_use_uid: 1005/1005 (e=0)
debug1: restore_uid
debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa
Failed publickey for incomingmail from cl.ie.nt.ip port 29365 ssh2
Another thing that puzzles me is why does it start asking for s/key
authentication? I don...
2002 Jul 01
3
3.4p1: 'buffer_append_space: alloc 10506240 not supported'
...lures 0
Failed none for quinot from 10.10.0.172 port 35503 ssh2
Failed none for quinot from 10.10.0.172 port 35503 ssh2
debug1: userauth-request for user quinot service ssh-connection method
hostbased
debug1: attempt 1 failures 1
debug1: userauth_hostbased: cuser quinot chost vienna.int.domain.com.
pkalg s
sh-dss slen 55
debug1: temporarily_use_uid: 529/101 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 529/101 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 529/101 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 529/101 (e=0)
debug1: restore_uid
Failed hostbased for quinot fr...
2001 Feb 20
3
ssh-agent and id_dsa
Hi!
I am distributing 2.5.1p1 for production use on my system by now and prepare
switching to protocol 2 as default protocol.
I just noted, that ssh-agent can be used for protocol 1 and 2, but the
keys kept in ssh-agent are not compared against keys in .ssh.
Example: I have a DSA key in id_dsa which I load into ssh-agent on login.
When connecting to an account accepting the key everything is
2016 Mar 10
10
[Bug 2550] New: ssh can't use an in-memory-only certificate
...4e5e8c1bed5f58c841b1b8, just having
the cert on the user's agent process worked as expected. After that
commit, the user needs both the private and the cert (also with the
private key) loaded together to work.
if I try to use just the cert after this commit, I see:
debug1: Server accepts key: pkalg ssh-rsa-cert-v01 at openssh.com blen
2769
debug2: input_userauth_pk_ok: fp
SHA256:XiFOO+XzZ0m/aWzkQLgxVFI2HJV3abWpNyuIhcEYKuc
debug3: sign_and_send_pubkey: RSA-CERT
SHA256:XiFOO+XzZ0m/aWzkQLgxVFI2HJV3abWpNyuIhcEYKuc
debug1: sign_and_send_pubkey: no private key for certificate "[Valid
until Fri...
2018 Sep 14
2
sftp fails when run from cron
...a-stn14l
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug1: Offering public key: RSA
SHA256:B1iu57Rkn5emB//MUP4YEipr4oRRmqZeBHMQWf0U+Mk /home/xxx/.ssh/jumpline
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug2: input_userauth_pk_ok: fp
SHA256:B1iu57Rkn5emB//MUP4YEipr4oRRmqZeBHMQWf0U+Mk
debug1: Authentication succeeded (publickey).
Authenticated to sohnen-moe.com ([216.222.193.110]:1022).
** blah blah blah ***
---[ end ]---
---[ failed login ]---
debug2: set_newkeys: mode 0
debu...
2012 Nov 01
2
sftp authentication failure only as cronjob
...ebug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /home/lars/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: Authentication succeeded (publickey).
...
When the same script is run from the crontab the trace is identical
except that the authentication fails:
OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying option...
2002 Jul 25
0
scp hangs
...ce ssh-connection method
none
debug1: attempt 0 failures 0
Failed none for root from 192.168.1.5 port 1743 ssh2
Failed none for root from 192.168.1.5 port 1743 ssh2
debug1: userauth-request for user root service ssh-connection method
publickey
debug1: attempt 1 failures 1
debug1: test whether pkalg/pkblob are acceptable
debug1: temporarily_use_uid: 0/0 (e=0)
debug1: trying public key file /root/.ssh/authorized_keys
debug1: restore_uid
debug1: temporarily_use_uid: 0/0 (e=0)
debug1: trying public key file /root/.ssh/authorized_keys2
debug1: restore_uid
Failed publickey for root from 192....
2001 May 25
4
Upgraded to 2.9p1 with no luck..
...ickey
debug3: remaining preferred: password,keyboard-interactive
debug3: authmethod_is_enabled publickey
debug1: next auth method to try is publickey
debug1: try pubkey: /users/clad/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey 4001df30 hint 1
debug2: input_userauth_pk_ok: fp
0f:95:05:08:b7:47:eb:dd:37:ae:71:c1:5a:24:4b:20
debug3: sign_and_send_pubkey
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key '/users/clad/.ssh/id_rsa'...
2002 Feb 20
1
Is there a way to tell the sshd to ignore the security check on t he user's home permissions?
...ons?
debug3: secure_filename: checking '/ftpdata/pxdata/pold/data/.ssh'
debug3: secure_filename: checking '/ftpdata/pxdata/pold/data'
Authentication refused: bad ownership or modes for directory
/ftpdata/pxdata/fold/data
debug1: restore_uid
debug2: userauth_pubkey: authenticated 0 pkalg ssh-dss
Failed publickey for bold from 3.72.144.164 port 1201 ssh2
Authentication refused: bad ownership or modes for directory