search for: server_version_str

In sshconnect.c there are two global variables for server_version_string client_version_string. These are used just in a few functions and can easily be passed as parameters. Also, there is a strange construct, where their memory is allocated to the global pointers, then copies of these pointers are assigned to the kex structure. The kex_free finally frees the...

...e "cipher.h" +#include "kex.h" +#include "log.h" + +#include <nacl/crypto_scalarmult_curve25519.h> +#define CURVE25519_PUBKEY_SIZE crypto_scalarmult_curve25519_BYTES + +void +kex_c25519_hash( + const EVP_MD *evp_md, + char *client_version_string, + char *server_version_string, + char *ckexinit, int ckexinitlen, + char *skexinit, int skexinitlen, + u_char *serverhostkeyblob, int sbloblen, + const unsigned char client_dh_pub[CURVE25519_PUBKEY_SIZE], + const unsigned char server_dh_pub[CURVE25519_PUBKEY_SIZE], + const BIGNUM *shared_secret, + u_char...

...or there could be set_remote_ipaddr() in canonhost.c for that. --- a/sshconnect.c +++ b/sshconnect.c @@ -62,6 +62,7 @@ #include "monitor_fdpass.h" #include "ssh2.h" #include "version.h" +#include "canohost.h" char *client_version_string = NULL; char *server_version_string = NULL; @@ -171,6 +172,8 @@ ssh_proxy_fdpass_connect(const char *host, u_short port, /* Set the connection file descriptors. */ packet_set_connection(sock, sock); + debug("Connected to %.200s [%.100s] port %d.", + host, get_remote_ipaddr(), get_remote_...

...); +#ifdef CHARSET_EBCDIC + __etoa(buf); +#endif if (atomicio(vwrite, connection_out, buf, strlen(buf)) != strlen(buf)) fatal("write: %.100s", strerror(errno)); +#ifdef CHARSET_EBCDIC + __atoe(buf); +#endif client_version_string = xstrdup(buf); chop(client_version_string); chop(server_version_string); @@ -955,6 +964,11 @@ char *server_user, *local_user; local_user = xstrdup(pw->pw_name); +#if #system(bs2000) + /* Convert the UPPERCASE USER into all lowercase to ease connectivity with unix. */ + /* IMO that is legitimate, as BS2000's user names are case insensitive */ + strlower...

If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |

...ions.connection_timeout > 0) { + signal(SIGALRM, grace_alarm_handler); + alarm(options.connection_timeout); + } + /* Read other side\'s version identification. */ for (;;) { for (i = 0; i < sizeof(buf) - 1; i++) { *************** *** 466,471 **** --- 482,494 ---- } server_version_string = xstrdup(buf); + /* Clear the alarm */ + if (options.connection_timeout > 0) { + alarm(0); + signal(SIGALRM,SIG_DFL); + } + + /* * Check that the versions match. In future this might accept * several versions and set appropriate flags to handle them. ___________...

...cal/src/security/openssh/cvs/openssh_cvs/sshconnect.c,v retrieving revision 1.130 diff -u -p -r1.130 sshconnect.c --- sshconnect.c 26 May 2005 02:23:44 -0000 1.130 +++ sshconnect.c 9 Jun 2005 07:55:14 -0000 @@ -514,6 +514,11 @@ ssh_exchange_identification(void) chop(client_version_string); chop(server_version_string); debug("Local version string %.100s", client_version_string); + + if (datafellows & SSH_BUG_BIGV1PACKET) { + debug("Found big SSHv1 packet bug, limiting packet size"); + packet_set_maxsize(4 * 1024); + } } /* defaults to 'no' */ -- Darren Tucker (dtucke...

...hconnect2.c Wed Aug 29 14:59:19 2012 *************** *** 77,82 **** --- 77,88 ---- #include "ssh-gss.h" #endif + #include <openssl/sha.h> + #ifdef OPENSSL_FIPS + #include <openssl/fips.h> + #endif + + /* import */ extern char *client_version_string; extern char *server_version_string; *************** *** 591,597 **** key->type, pktype); goto done; } ! fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); debug2("input_userauth_pk_ok: fp %s", fp); xfree(fp); --- 604,611 ---- key->type, pktype); goto done; } ! fp = key_fing...

...; i++) { if (i) buffer_append(&command, " ", 1); --- sshconnect2.c_orig Mon Apr 22 16:18:50 2002 +++ sshconnect2.c Mon Apr 22 16:18:58 2002 @@ -57,6 +57,7 @@ /* import */ extern char *client_version_string; extern char *server_version_string; +extern int supress_banner; extern Options options; /* @@ -320,7 +321,10 @@ debug3("input_userauth_banner"); msg = packet_get_string(NULL); lang = packet_get_string(NULL); - fprintf(stderr, "%s", msg); + if (supress_banner == 1) +...

...but we don't. (-donna also has the disadvantage of being slower, but were > quibbling over single-digit milliseconds here so IMO it doesn't matter at > all.) > > +void > +kex_c25519_hash( > + const EVP_MD *evp_md, > + char *client_version_string, > + char *server_version_string, > + char *ckexinit, int ckexinitlen, > + char *skexinit, int skexinitlen, > + u_char *serverhostkeyblob, int sbloblen, > + const unsigned char client_dh_pub[CURVE25519_PUBKEY_SIZE], > + const unsigned char server_dh_pub[CURVE25519_PUBKEY_SIZE], > + const BIGN...

...05eac098e462838 Author: Philip Homburg <philip at f-src.phicoh.com> Date: Mon Jun 22 12:52:45 2015 +0200 Better diagnostic when DNSSEC validation fails. diff --git a/sshconnect.c b/sshconnect.c index f41960c..9f1eafa 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -71,6 +71,7 @@ char *server_version_string = NULL; Key *previous_host_key = NULL; static int matching_host_key_dns = 0; +static int dns_secure = 0; static pid_t proxy_command_pid = 0; @@ -972,13 +973,18 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, fatal("%s: sshkey_fingerprint fail",...

...tion_timeout, original_effective_uid != 0 || !options.use_privileged_port, pw, options.proxy_command); --- openssh-3.0.1p1/sshconnect.c.ORIG Sat Nov 17 22:49:09 2001 +++ openssh-3.0.1p1/sshconnect.c Sat Nov 17 23:02:27 2001 @@ -35,6 +35,8 @@ char *client_version_string = NULL; char *server_version_string = NULL; +static jmp_buf jmpenv; + extern Options options; extern char *__progname; @@ -221,6 +223,43 @@ return sock; } +/* for alarm() */ +static void +timeout_sigh(int dummy) +{ + errno = ETIMEDOUT; + longjmp(jmpenv, !0); +} + +int +timeout_connect(int sockfd, const struct sockaddr *...

Hi, I am happy to (re)send a set of patches for compiling OpenSSH 4.7p1 with FIPS 140-2 OpenSSL. These are based on previously reported patches by Steve Marquess <marquess at ieee.org> and Ben Laurie <ben at algroup.co.uk>, for ver. OpenSSH 3.8. Note that these patches are NOT OFFICIAL, and MAY be used freely by anyone. Issues [partially] handled: SSL FIPS Self test. RC4,

...+#include <openssl/objects.h> #include <ctype.h> #include <errno.h> #include <netdb.h> @@ -48,6 +49,7 @@ #include "misc.h" #include "dns.h" #include "version.h" +#include "authfile.h" char *client_version_string = NULL; char *server_version_string = NULL; @@ -884,6 +886,19 @@ { struct stat st; int flags = 0; + + if (options.certkey_authentication && host_key->cert != NULL) { + Key *ca_key; + int verified; + + ca_key = key_load_public(options.ca_key_file, NULL); + if (ca_key != NULL) { + verified = cert_verify(host_ke...

...t timeout_ logit("Server version \"%.100s\" uses unsafe RSA signature " "scheme; disabling use of RSA keys", remote_version); if (!client_banner_sent) - send_client_banner(connection_out, minor1); + send_client_banner(connection_out, minor1, host); chop(server_version_string); } @@ -1286,7 +1287,7 @@ ssh_login(Sensitive *sensitive, const ch lowercase(host); /* Exchange protocol version identification strings with the server. */ - ssh_exchange_identification(timeout_ms); + ssh_exchange_identification(timeout_ms, host); /* Put the connection into non-bloc...

...onnection_attempts, options.connection_timeout, original_effective_uid != 0 || !options.use_privileged_port, pw, options.proxy_command); --- sshconnect.c.OK Wed Oct 10 07:07:45 2001 +++ sshconnect.c Sat Jan 26 21:44:35 2002 @@ -35,6 +35,8 @@ char *client_version_string = NULL; char *server_version_string = NULL; +static jmp_buf jmpenv; + extern Options options; extern char *__progname; @@ -221,6 +223,43 @@ return sock; } +/* for alarm() */ +static void +timeout_sigh(int dummy) +{ + errno = ETIMEDOUT; + longjmp(jmpenv, !0); +} + +int +timeout_connect(int sockfd, const struct sockaddr *...

...788b 100644 --- a/sshd.c +++ b/sshd.c @@ -106,6 +106,7 @@ #include "canohost.h" #include "hostfile.h" #include "auth.h" +#include "authfd.h" #include "misc.h" #include "msg.h" #include "dispatch.h" @@ -194,6 +195,9 @@ char *server_version_string = NULL; /* for rekeying XXX fixme */ Kex *xxx_kex; +/* Daemon's agent connection */ +AuthenticationConnection *auth_conn = NULL; + /* * Any really sensitive data in the application is contained in this * structure. The idea is that this structure could be locked into memory so @@ -2...

...connect2.c 10 Aug 2003 14:06:59 -0000 1.1.1.2 +++ sshconnect2.c 10 Aug 2003 14:25:01 -0000 1.10 @@ -52,6 +52,10 @@ #include "msg.h" #include "pathnames.h" +#ifdef GSSAPI +#include "ssh-gss.h" +#endif + /* import */ extern char *client_version_string; extern char *server_version_string; @@ -173,6 +177,8 @@ Sensitive *sensitive; /* kbd-interactive */ int info_req_seen; + /* generic */ + void *methoddata; }; struct Authmethod { char *name; /* string to compare against server's list */ @@ -196,6 +202,15 @@ int userauth_hostbased(Authctxt *); int userauth_kerberos...