search for: session_id2

Yo All! I have been playing with SSH 2.2.0 from www.ssh.com. I can not connect to openssh 2.2.1p1 using Ver 2 protocol from ssh Ver 2.2.0. Ver 1 works fine. See below for the debug output from both ends If I force hmac-md5 (-m hmac-md5) from the sender it works! The other 3 choices fail: hmac-sha1; hmac-md5-96; and none. I have no problem connecting to this openssh host (hobbes) from

...rom_name(pkalg); if (pktype == KEY_UNSPEC) { @@ -93,13 +93,13 @@ goto done; } if (have_sig) { - sig = packet_get_string(&slen); + sig = packet_get_binary(&slen); packet_check_eom(); buffer_init(&b); if (datafellows & SSH_OLD_SESSIONID) { buffer_append(&b, session_id2, session_id2_len); } else { - buffer_put_string(&b, session_id2, session_id2_len); + buffer_put_binary(&b, session_id2, session_id2_len); } /* reconstruct packet */ buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); @@ -115,7 +115,7 @@ buffer_put_char(&b, have_sig);...

...: --- auth2.c.orig Mon Apr 22 14:29:54 2002 +++ auth2.c Mon Apr 22 14:31:19 2002 @@ -52,6 +52,10 @@ #include "match.h" #include "monitor_wrap.h" +#ifdef _CRAY +#include <ia.h> +#endif /* _CRAY */ + /* import */ extern ServerOptions options; extern u_char *session_id2; @@ -247,6 +251,13 @@ authenticated = 0; #endif /* USE_PAM */ +#ifdef _CRAY + if (authenticated && cray_access_denied(authctxt->user)) { + authenticated = 0; + fatal("Access denied for user %s.",authctxt->user); + }...

...3 07:43:16 1.1 +++ auth2.c 2001/02/13 22:00:06 @@ -56,6 +56,11 @@ #include "uidswap.h" #include "auth-options.h" +#ifdef HAVE_BSD_AUTH_H +# include <login_cap.h> +# include <bsd_auth.h> +#endif + /* import */ extern ServerOptions options; extern unsigned char *session_id2; @@ -209,7 +214,19 @@ /* setup auth context */ struct passwd *pw = NULL; setproctitle("%s", user); +#ifdef HAVE_BSD_AUTH_H + { + /* user may contain requested auth type */ + char *p; + if ((p = strchr(user, ':')) != NULL) + *p = '\0'; + pw = getpwnam(u...

...4 2000 +++ openssh-2.2.0p1/auth2.c Sat Oct 14 19:32:47 2000 @@ -56,11 +56,6 @@ #include "uidswap.h" #include "auth-options.h" -#ifdef HAVE_OSF_SIA -# include <sia.h> -# include <siad.h> -#endif - /* import */ extern ServerOptions options; extern unsigned char *session_id2; @@ -249,19 +244,12 @@ int ssh2_auth_none(struct passwd *pw) { -#ifdef HAVE_OSF_SIA - extern int saved_argc; - extern char **saved_argv; -#endif - packet_done(); #ifdef USE_PAM return auth_pam_password(pw, ""); #elif defined(HAVE_OSF_SIA) - return(sia_validate_user(NULL, saved_...

...+ if (key_to_blob(id->key, &blob, &bloblen) == 0) { + /* we cannot handle this key */ + debug3("sign_and_send_certkey: cannot handle key"); + return 0; + } + /* data to be signed */ + buffer_init(&b); + if (datafellows & SSH_OLD_SESSIONID) { + buffer_append(&b, session_id2, session_id2_len); + skip = session_id2_len; + } else { + buffer_put_string(&b, session_id2, session_id2_len); + skip = buffer_len(&b); + } + buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); + buffer_put_cstring(&b, authctxt->server_user); + buffer_put_cstring(&b, + dat...

...17:52 1.1.1.1 --- auth2.c 2000/10/06 20:49:19 *************** *** 61,66 **** --- 61,71 ---- # include <siad.h> #endif + #ifdef HAVE_BSD_AUTH + # include <login_cap.h> + # include <bsd_auth.h> + #endif + /* import */ extern ServerOptions options; extern unsigned char *session_id2; *************** *** 262,268 **** return(sia_validate_user(NULL, saved_argc, saved_argv, get_canonical_hostname(), pw->pw_name, NULL, 0, NULL, "") == SIASUCCESS); ! #else /* !HAVE_OSF_SIA && !USE_PAM */ return auth_password(pw, ""); #endif /* USE_PAM...

...d.h" #ifdef GSSAPI static Gssctxt *gsscontext = NULL; @@ -686,6 +687,8 @@ mm_answer_moduli(int sock, Buffer *m) return (0); } +extern AuthenticationConnection *auth_conn; + int mm_answer_sign(int sock, Buffer *m) { @@ -714,10 +717,16 @@ mm_answer_sign(int sock, Buffer *m) memcpy(session_id2, p, session_id2_len); } - if ((key = get_hostkey_by_index(keyid)) == NULL) + if ((key = get_hostkey_by_index(keyid)) != NULL) { + if (key_sign(key, &signature, &siglen, p, datlen) < 0) + fatal("%s: key_sign failed", __func__); + } else if ((key = get_hostkey_public_by_in...

...t, and I have not tested in. Thanks, -- Tomo. -------------- next part -------------- diff -ru openssh.orig/auth2.c openssh/auth2.c --- openssh.orig/auth2.c Wed Dec 6 20:11:25 2000 +++ openssh/auth2.c Sat Feb 10 00:06:24 2001 @@ -60,6 +60,7 @@ extern ServerOptions options; extern unsigned char *session_id2; extern int session_id2_len; +extern int user_authenticated_as_root; /* Jarno: from channels.c */ static Authctxt *x_authctxt = NULL; static int one = 1; @@ -282,6 +283,13 @@ /* Log before sending the reply */ userauth_log(authctxt, authenticated, method); userauth_reply(authctxt, authe...

In sshconnect.c there are two global variables for server_version_string client_version_string. These are used just in a few functions and can easily be passed as parameters. Also, there is a strange construct, where their memory is allocated to the global pointers, then copies of these pointers are assigned to the kex structure. The kex_free finally frees them via cleanup of the kex

...69 -------------- next part -------------- diff -u -r openssh-2.1.1p4/auth2.c openssh-2.1.1p4-jhchanges/auth2.c --- openssh-2.1.1p4/auth2.c Tue Jul 11 10:31:38 2000 +++ openssh-2.1.1p4-jhchanges/auth2.c Tue Aug 22 19:43:09 2000 @@ -65,6 +65,7 @@ extern ServerOptions options; extern unsigned char *session_id2; extern int session_id2_len; +extern int user_authenticated_as_root; /* Jarno: From channels.c */ /* protocol */ @@ -239,6 +240,14 @@ packet_put_char(0); /* XXX partial success, unused */ packet_send(); packet_write_wait(); + } + + /* Jarno: Set the user_authenticated_as_root fla...

If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |

...; packet_put_string((char *) reply.data, reply.length); Index: 3_0_2p1_w_gss.1/gss-serv.c --- 3_0_2p1_w_gss.1/gss-serv.c Thu, 10 Jan 2002 15:57:24 -0500 +++ 3_0_2p1_w_gss_w_named_keys.14(w)/gss-serv.c Fri, 18 Jan 2002 12:24:41 -0500 @@ -48,6 +48,7 @@ extern ServerOptions options; extern u_char *session_id2; extern int session_id2_len; +int user_key_allowed(struct passwd *, Key *); typedef struct ssh_gssapi_cred_cache { @@ -98,24 +99,39 @@ ssh_gssapi_krb5_userok(char *name) { krb5_principal princ; int retval; + char *by; + Key k; if (ssh_gssapi_krb5_init() == 0) return 0; - + + k.t...

...--- auth2.c 10 Aug 2003 14:06:43 -0000 1.1.1.2 +++ auth2.c 10 Aug 2003 14:25:01 -0000 1.5 @@ -36,6 +36,10 @@ #include "pathnames.h" #include "monitor_wrap.h" +#ifdef GSSAPI +#include "ssh-gss.h" +#endif + /* import */ extern ServerOptions options; extern u_char *session_id2; @@ -53,10 +57,16 @@ #ifdef KRB5 extern Authmethod method_kerberos; #endif +#ifdef GSSAPI +extern Authmethod method_gssapi; +#endif Authmethod *authmethods[] = { &method_none, &method_pubkey, +#ifdef GSSAPI + &method_gssapi, +#endif &method_passwd, &method_kbdint,...