search for: pubkey_cleanup

https://bugzilla.mindrot.org/show_bug.cgi?id=2642 Bug ID: 2642 Summary: [sshconnect2] publickey authentication only properly works if used first: pubkey_prepare doesn't work after pubkey_cleanup Product: Portable OpenSSH Version: 7.3p1 Hardware: amd64 OS: Linux Status: NEW Severity: normal Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org Reporter: git at lerya.ne...

...artial success Boolean from the incoming message and will store it into a variable called 'partial'. Then, in 6.4p1 and later, 'input_userauth_failure' will do the following: if (partial != 0) { logit("Authenticated with partial success."); /* reset state */ pubkey_cleanup(authctxt); pubkey_prepare(authctxt); } debug("Authentications that can continue: %s", authlist); Before 6.4p1 the 'pubkey_cleanup' and 'pubkey_prepare' invocation were missing. The undesirable behavior is introduced by 'pubkey_prepare'. When invoked here,...

.../* reset state */ pubkey_reset(authctxt); } @@ -1168,6 +1175,7 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id) packet_put_raw(buffer_ptr(&b), buffer_len(&b)); buffer_free(&b); packet_send(); + authctxt->sent_signed_id = id; return 1; } @@ -1422,6 +1430,7 @@ pubkey_cleanup(Authctxt *authctxt) free(id->filename); free(id); } + authctxt->sent_signed_id = NULL; } static void @@ -1430,7 +1439,10 @@ pubkey_reset(Authctxt *authctxt) Identity *id; TAILQ_FOREACH(id, &authctxt->keys, next) - id->tried = 0; + if (id->tried != IDENTITY_SUC...

We are attempting to use openssh sftp to connect to a server that is running some version of the Axway SFTP server. After a publickey auth completes, the server resends publickey as a valid auth. This results in a loop as openssh sftp resubmits the publickey information. This seems similar to a discussion in 2014 that terminated with the thought that it might be nice if the client tracked

...{ ... ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &input_userauth_ext_info); ssh_dispatch_set(ssh, SSH2_MSG_SERVICE_ACCEPT, &input_userauth_service_accept); ssh_dispatch_run(ssh, DISPATCH_BLOCK, &authctxt.success, &authctxt); /* loop until success */ pubkey_cleanup(&authctxt); ssh_dispatch_range(ssh, SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL); debug("Authentication succeeded (%s).", authctxt.method->name); } Is the only place where the dispatch for that packet is set. However in kex.c: int kex_input_ext_info(int typ...

...on 1.178 diff -u -N -p sshconnect2.c --- sshconnect2.c 11 Jan 2010 04:46:45 -0000 1.178 +++ sshconnect2.c 11 Jan 2010 23:12:38 -0000 @@ -244,7 +244,7 @@ void userauth(Authctxt *, char *); static int sign_and_send_pubkey(Authctxt *, Identity *); static void pubkey_prepare(Authctxt *); static void pubkey_cleanup(Authctxt *); -static Key *load_identity_file(char *); +static Key *load_identity_file(char *, AuthenticationConnection *); static Authmethod *authmethod_get(char *authlist); static Authmethod *authmethod_lookup(const char *name); @@ -1102,7 +1102,7 @@ input_userauth_jpake_server_confirm(int typ...

https://bugzilla.mindrot.org/show_bug.cgi?id=2594 Bug ID: 2594 Summary: Tracking bug for OpenSSH 7.4 release Product: Portable OpenSSH Version: -current Hardware: Other OS: All Status: NEW Keywords: meta Severity: normal Priority: P1 Component: Miscellaneous

Thanks for your suggestion! It seems to have gone a little further this time, but isn't accepting the key and is failing back on password-based auth. We're double-checking that the public key was correctly configured with the account, and also trying a DSA key to see if it behaves differently. Is there anything you'd suggest we look at or try at this point, and thank you very much

...); int userauth_passwd(Authctxt *); int userauth_kbdint(Authctxt *); @@ -224,6 +227,7 @@ void userauth(Authctxt *, char *); static int sign_and_send_pubkey(Authctxt *, Identity *); +static int sign_and_send_certkey(Authctxt *, Identity *); static void pubkey_prepare(Authctxt *); static void pubkey_cleanup(Authctxt *); static Key *load_identity_file(char *); @@ -243,6 +247,10 @@ userauth_hostbased, &options.hostbased_authentication, NULL}, + {"certkey", + userauth_certkey, + &options.certkey_authentication, + NULL}, {"publickey", userauth_pubkey, &...