search for: pkalgs

...P))) { + if ((strcmp(p, "ssh-rsa") != 0) && + (strcmp(p, "ssh-dss") != 0)) { + debug("bad pkalg %s [%s]", p, names); + xfree(keys); + return 0; + } else { + debug3("pkalg ok: %s [%s]", p, names); + } + } + debug3("pkalgs ok: [%s]", names); + xfree(keys); + return 1; + } + + Key * key_from_blob(char *blob, int blen) { diff -c3 -r orig/openssh-2.5.1p1/key.h openssh-2.5.1p1/key.h *** orig/openssh-2.5.1p1/key.h Mon Jan 29 07:39:26 2001 --- openssh-2.5.1p1/key.h Sun Mar 11 22:50:23 2001 *************** **...

Hi, I'm doing some test with a pkcs11 token that can only sign short messages. When connecting to one server, that reports pkalg rsa-sha2-512 blen 151, it fails to sign the pubkey because it is 83 bytes long. (sshd: OpenSSH_7.3p1) A older server that reports pkalg ssh-rsa blen 151, works perfectly as the pubkey signature required is only 35 bytes long. (sshd: OpenSSH_6.7p1) I am not sure

...chmidt at emtec.com in sshconnect2.c in function ssh_kex2() the function kex_default_pk_alg() is called. This function is from readconf.c and has the following prototype: const char *kex_default_pk_alg(void); The function looks like this: const char * kex_default_pk_alg(void) { static char *pkalgs; if (pkalgs == NULL) { char *all_key; all_key = sshkey_alg_list(0, 0, 1, ','); pkalgs = match_filter_allowlist(KEX_DEFAULT_PK_ALG, all_key); free(all_key); } return pkalgs; } It internally buffers the result for match_filter_allowlist() in a s...

Suppose an SSH server has both RSA and DSA host keys for protocol 2, but I only have the DSA key, and I want to use that. I'm stuck; the OpenSSH client is hard-wired to offer both algorithms in the key exchange, and will select ssh-rsa if it's available (see myproposal.h, KEX_DEFAULT_PK_ALG). Below is a patch adding the client configuration option "PKAlgorithms" for this

As background, I read: http://therowes.net/~greg/2011/03/23/ssh-trusted-ca-key/ http://www.ibm.com/developerworks/aix/library/au-sshsecurity/ http://bryanhinton.com/blog/openssh-security http://www.linuxhowtos.org/manpages/5/sshd_config.htm

https://bugzilla.mindrot.org/show_bug.cgi?id=3665 Bug ID: 3665 Summary: publickey RSA signature unverified: error in libcrypto to RHEL9 sshd (with LEGACY crypto policy enabled) Product: Portable OpenSSH Version: 8.7p1 Hardware: ix86 OS: Linux Status: NEW Severity: major

Hello! I recently discoverd a problem with ssh.com's ssh-agent2 and OpenSSH: If I have more than one key in my agent, then the agent tries to authenticicate me with every one of them at the OpenSSH server; but none of them is a valid key for that server. The Problem is that the Server increments the authctxt->attempt at every of that tries. So even if you want to login with a password at

When using PAM to do password authenticaion the attempt/failure counter appears to be getting confused. This is using a rh62 system with the openssh-2.9p2-1 rpms... On the client side... [matthewm at toadhall (7) matthewm]$ grep Auth /etc/ssh/ssh_config RhostsAuthentication no RhostsRSAAuthentication no HostbasedAuthentication no RSAAuthentication no PubkeyAuthentication yes

Hello Steve, Hello OpenSSH-portable developers, I am building OpenSSH for our (EBCDIC-based) BS2000 mainframe operating system, and I noticed you do the same for OS/390. Because my initial ssh port was based on IBM's OSS port (ssh-1.2.2 or some such), I thought it was fair enough to help with a little co-operation; we might come up with a unified EBCDIC patch which could be contributed to

Greetings, I have compiled OpenSSH-3.6.1p2 on SCO 3.2v4.2 and the following problem occurs: I am unable to login as root using when strictmode is set to yes. output of debug: Failed none for root from 192.168.1.1 port 1199 ssh2 debug1: userauth-request for user root service ssh-connection method publickey debug1: attempt 1 failures 1 debug2: input_userauth_request: try method publickey debug1:

Hi, the following patch removes some of the Cygwin specific code from OpenSSH. Since Cygwin is able to change the user context on NT/W2K even without a password since the new Cygwin version 1.3.2, there's no need anymore to allow changing the user context only if the sshd user is the same user as the one which logs in or when a password is given. For that reason the whole function

Hello, I am attempting to make public key authentication to work between OpenSSH 3.0.2 client on OpenBSD and SSH-1.99-OpenSSH_2.9 FreeBSD localisations 20011202. From reading sshd -ddd and ssh -v I can't figure out what goes wrong. Could somebody interpret the attached typescripts for me, please? Here's the relevant part from the server log and I don't understand it: debug2:

I have been trying to install 3.4p1 on a number of machines. Servers on ia64 Linux, i386 Linux and SPARC Solaris are all working like charms. On the other hand, I am having trouble at least with HPUX 11, DEC OSF 5.1 and Unixware: on all those systems, sshd bails out after authentication with an error in buffer_append_space. Here is the output of sshd -d on the UnixWare machine (uname -a:

Hi! I am distributing 2.5.1p1 for production use on my system by now and prepare switching to protocol 2 as default protocol. I just noted, that ssh-agent can be used for protocol 1 and 2, but the keys kept in ssh-agent are not compared against keys in .ssh. Example: I have a DSA key in id_dsa which I load into ssh-agent on login. When connecting to an account accepting the key everything is

https://bugzilla.mindrot.org/show_bug.cgi?id=2550 Bug ID: 2550 Summary: ssh can't use an in-memory-only certificate Product: Portable OpenSSH Version: 7.2p1 Hardware: amd64 OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at

sftp OpenSSH_7.6p1, OpenSSL 1.1.0h-fips 27 Mar 2018 linux 4.12.14-lp150.12.16-default x86_64 I created bash script to download database files once a week. It uses sftp as the agent. The script runs correctly when started from a command line. It fails when run from cron. Authentication with the remote server is set to use a private/public key and does not require an explicit password. Why

Hi all, I have a problem using sftp which I cannot get solved even after searching all over the web, so maybe one of you has a useful hint: I want to run a simple script that puts a file on a server using sftp. Keys are setup correctly, everything works fine if I run the script from within a terminal. When I run the same script from the crontab (my personal crontab as user) the script runs fine

Hello, When running scp (from openssh-3.4p1) on our linux systems we are experiencing hangs after authentication. According to the debug messages, authentication succeeds but the file itself is not transferred. Openssh is built using OpenSSL 0.9.6d. The command scp foo 192.168.1.111:/tmp will hang until the connection times out. Below are the client and server side logs. An strace of the

Howdy, After upgrading to 2.9 (OpenSSH_2.9p1, SSH protocols 1.5/2.0, OpenSSL 0x0090600f) I'm unable to ssh between two systems any more (the two that I've upgraded). I've recompiled from the original source several times, each time with no errors, regenerated host keys, regenerated client keys (using rsa), etc., to no avail. Below are some relevant snippets of debugging output

Is there a way to tell the sshd to ignore the security check on the user's home permissions? debug3: secure_filename: checking '/ftpdata/pxdata/pold/data/.ssh' debug3: secure_filename: checking '/ftpdata/pxdata/pold/data' Authentication refused: bad ownership or modes for directory /ftpdata/pxdata/fold/data debug1: restore_uid debug2: userauth_pubkey: authenticated 0 pkalg