search for: rhosts_rsa_authentication

...disallowed. diff -c openssh-2.1.1p4.orig/servconf.c openssh-2.1.1p4/servconf.c *** openssh-2.1.1p4.orig/servconf.c Sat Jul 15 05:14:17 2000 --- openssh-2.1.1p4/servconf.c Fri Aug 4 10:49:16 2000 *************** *** 52,57 **** --- 52,58 ---- options->rhosts_authentication = -1; options->rhosts_rsa_authentication = -1; options->rsa_authentication = -1; + options->rsa_host_other_authentication = -1; options->dsa_authentication = -1; #ifdef KRB4 options->kerberos_authentication = -1; *************** *** 130,135 **** --- 131,138 ---- options->rhosts_rsa_authentication = 0; if...

...hy this is happening... In sshd.c, auth_mask is set to "supported authentication methods": /* Declare supported authentication types. */ auth_mask = 0; if (options.rhosts_authentication) auth_mask |= 1 << SSH_AUTH_RHOSTS; if (options.rhosts_rsa_authentication) auth_mask |= 1 << SSH_AUTH_RHOSTS_RSA; if (options.rsa_authentication) auth_mask |= 1 << SSH_AUTH_RSA; Now, in servconf.c, options.rhosts_authentication is set to 0 if IgnoreRhosts is no: case sIgnoreRhosts: intptr = &options->...

Hello all, It seems that RhostsAuthentication does not work on non-default port no matter what when connecting from OpenSSH (2.1.1, 2.2.0 tried) either with protocol 1 or protocol 2 (shouldn't work either..). _However_ when connecting with SSH.COM Ltd's ssh, RhostsAuthentication works just fine! Checking the port number of ssh client you can see that OpenSSH doesn't assign

Could people please test -current? We will be making a release fairly soon. -d -- | By convention there is color, \\ Damien Miller <djm at mindrot.org> | By convention sweetness, By convention bitterness, \\ www.mindrot.org | But in reality there are atoms and space - Democritus (c. 400 BCE)

...the user's known_hosts file is 'ssh-rsa', which will not work for host based authentication in /etc/ssh/ssh_known_hosts. In monitor.c, at about line 962 the type of the key passed to key_read() is fixed: case MM_RSAHOSTKEY: key->type = KEY_RSA1; /* XXX */ allowed = options.rhosts_rsa_authentication && auth_rhosts_rsa_key_allowed(authctxt->pw, cuser, chost, key); In addition, the host's IP address is required in the key definition in /etc/ssh/ssh_known_hosts; the symbolic host name won't work. Here's a workaround, that could be included in the documentat...

Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the

...break; case MM_HOSTKEY: allowed = options.hostbased_authentication && hostbased_key_allowed(authctxt->pw, cuser, chost, key); + auth_method = "hostbased"; break; case MM_RSAHOSTKEY: key->type = KEY_RSA1; /* XXX */ allowed = options.rhosts_rsa_authentication && auth_rhosts_rsa_key_allowed(authctxt->pw, cuser, chost, key); + auth_method = "rsa"; break; default: fatal("%s: unknown key type %d", __func__, type); @@ -1010,6 +1014,9 @@ mm_answer_keyallowed(int sock, Buffer *m key_blobtype = type...

...h-2.1.0p3/ssh.c Mon May 29 20:44:54 2000 +++ openssh-2.1.0p3-new/ssh.c Mon Jun 5 19:12:59 2000 @@ -578,6 +578,7 @@ ok = ssh_connect(host, &hostaddr, options.port, options.connection_attempts, + options.connection_timeout, !options.rhosts_authentication && !options.rhosts_rsa_authentication, original_real_uid, diff -Naur openssh-2.1.0p3/ssh.h openssh-2.1.0p3-new/ssh.h --- openssh-2.1.0p3/ssh.h Wed May 17 05:34:24 2000 +++ openssh-2.1.0p3-new/ssh.h Mon Jun 5 19:13:55 2000 @@ -323,13 +323,14 @@ * is 0, the default port will be used. If anonymous is zero, a privileged * port w...

...the user's known_hosts file is 'ssh-rsa', which will not work for host based authentication in /etc/ssh/ssh_known_hosts. In monitor.c, at about line 962 the type of the key passed to key_read() is fixed: case MM_RSAHOSTKEY: key->type = KEY_RSA1; /* XXX */ allowed = options.rhosts_rsa_authentication && auth_rhosts_rsa_key_allowed(authctxt->pw, cuser, chost, key); In addition, the host's IP address is required in the key definition in /etc/ssh/ssh_known_hosts; the symbolic host name won't work. Here's a workaround, that could be included in the documentat...

...3:19:58 2000 +++ openssh-2.3.0p1-new/ssh.c Tue Nov 14 07:59:56 2000 @@ -620,7 +620,7 @@ */ ok = ssh_connect(host, &hostaddr, options.port, - options.connection_attempts, + options.connection_attempts, options.retry_delay, !options.rhosts_authentication && !options.rhosts_rsa_authentication, original_real_uid, diff -u --recursive openssh-2.3.0p1/ssh.h openssh-2.3.0p1-new/ssh.h --- openssh-2.3.0p1/ssh.h Sat Oct 14 01:23:12 2000 +++ openssh-2.3.0p1-new/ssh.h Tue Nov 14 07:51:15 2000 @@ -321,11 +321,12 @@ * privileges if anonymous is false. Connection_attempts specifies the * ma...

...1) Index: readconf.h =================================================================== RCS file: /cvs/src/usr.bin/ssh/readconf.h,v retrieving revision 1.71 diff -u -r1.71 readconf.h --- readconf.h 3 Aug 2006 03:34:42 -0000 1.71 +++ readconf.h 15 Nov 2006 14:14:36 -0000 @@ -39,6 +39,8 @@ int rhosts_rsa_authentication; /* Try rhosts with RSA * authentication. */ int rsa_authentication; /* Try RSA authentication. */ + int certkey_authentication; /* Try ssh2 certkey authentication. */ + char *ca_key_file; /* File containing CA key. */ int pubkey_authentication; /* Try ssh2 pubkey authent...