search for: session_id2_len

Yo All! I have been playing with SSH 2.2.0 from www.ssh.com. I can not connect to openssh 2.2.1p1 using Ver 2 protocol from ssh Ver 2.2.0. Ver 1 works fine. See below for the debug output from both ends If I force hmac-md5 (-m hmac-md5) from the sender it works! The other 3 choices fail: hmac-sha1; hmac-md5-96; and none. I have no problem connecting to this openssh host (hobbes) from

...g); if (pktype == KEY_UNSPEC) { @@ -93,13 +93,13 @@ goto done; } if (have_sig) { - sig = packet_get_string(&slen); + sig = packet_get_binary(&slen); packet_check_eom(); buffer_init(&b); if (datafellows & SSH_OLD_SESSIONID) { buffer_append(&b, session_id2, session_id2_len); } else { - buffer_put_string(&b, session_id2, session_id2_len); + buffer_put_binary(&b, session_id2, session_id2_len); } /* reconstruct packet */ buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); @@ -115,7 +115,7 @@ buffer_put_char(&b, have_sig); buffer_put_c...

...while ((opt = getopt(ac, av, "dqpclRxXyb:f:P:N:C:")) != EOF) { switch (opt) { diff -Nur openssh-2.2.0p1-/sshd.c openssh-2.2.0p1/sshd.c --- openssh-2.2.0p1-/sshd.c Tue Aug 29 02:05:50 2000 +++ openssh-2.2.0p1/sshd.c Sun Oct 29 16:44:50 2000 @@ -140,7 +140,7 @@ int session_id2_len = 0; /* record remote hostname or ip */ -unsigned int utmp_len = MAXHOSTNAMELEN; +unsigned int utmp_len = 256; /* bigger than LI_HOSTSIZE makes no sense */ /* Prototypes for various functions defined later in this file. */ void do_ssh1_kex(); -- Debian Developer and Quality Assur...

...================= --- sshd.c (revision 182719) +++ sshd.c (working copy) @@ -72,6 +72,7 @@ #include <stdlib.h> #include <string.h> #include <unistd.h> +#include <utmp.h> #include <openssl/dh.h> #include <openssl/bn.h> @@ -238,7 +239,7 @@ u_int session_id2_len = 0; /* record remote hostname or ip */ -u_int utmp_len = MAXHOSTNAMELEN; +u_int utmp_len = UT_HOSTSIZE; /* options.max_startup sized array of fd ints */ int *startup_pipes = NULL; DES -- Dag-Erling Sm?rgrav - des at des.no

..._blob(id->key, &blob, &bloblen) == 0) { + /* we cannot handle this key */ + debug3("sign_and_send_certkey: cannot handle key"); + return 0; + } + /* data to be signed */ + buffer_init(&b); + if (datafellows & SSH_OLD_SESSIONID) { + buffer_append(&b, session_id2, session_id2_len); + skip = session_id2_len; + } else { + buffer_put_string(&b, session_id2, session_id2_len); + skip = buffer_len(&b); + } + buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); + buffer_put_cstring(&b, authctxt->server_user); + buffer_put_cstring(&b, + datafellows & SS...

...e(n); break; case SSH_CMSG_AUTH_PASSWORD: if (!options.password_authentication) { diff -u5 openssh-3.0.2p1.orig/auth2.c openssh-3.0.2p1/auth2.c --- openssh-3.0.2p1.orig/auth2.c Tue Nov 13 13:46:19 2001 +++ openssh-3.0.2p1/auth2.c Tue Jan 29 15:21:58 2002 @@ -58,10 +58,14 @@ extern int session_id2_len; static Authctxt *x_authctxt = NULL; static int one = 1; +static char real_info[1024] = " ssh2"; +static char *info = real_info + 5; +static int info_size = sizeof(real_info)-5; + typedef struct Authmethod Authmethod; struct Authmethod { char *name; int (*userauth)(Authctxt *a...

...eof(hostname)) < 0) { + if (!(hostname = xgethostname())) { perror("gethostname"); exit(1); } diff -urN openssh-3.1p1.old/sshd.c openssh-3.1p1/sshd.c --- openssh-3.1p1.old/sshd.c Mon Mar 4 20:31:30 2002 +++ openssh-3.1p1/sshd.c Tue Apr 9 14:09:55 2002 @@ -183,7 +183,7 @@ int session_id2_len = 0; /* record remote hostname or ip */ -u_int utmp_len = MAXHOSTNAMELEN; +u_int utmp_len = 0; /* options.max_startup sized array of fd ints */ int *startup_pipes = NULL; @@ -603,6 +603,13 @@ /* Save argv. */ saved_argc = ac; saved_argv = av; + + /* find max hostname length */ +#ifdef...

If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |

...def GSSAPI static Gssctxt *gsscontext = NULL; @@ -686,6 +687,8 @@ mm_answer_moduli(int sock, Buffer *m) return (0); } +extern AuthenticationConnection *auth_conn; + int mm_answer_sign(int sock, Buffer *m) { @@ -714,10 +717,16 @@ mm_answer_sign(int sock, Buffer *m) memcpy(session_id2, p, session_id2_len); } - if ((key = get_hostkey_by_index(keyid)) == NULL) + if ((key = get_hostkey_by_index(keyid)) != NULL) { + if (key_sign(key, &signature, &siglen, p, datlen) < 0) + fatal("%s: key_sign failed", __func__); + } else if ((key = get_hostkey_public_by_index(keyid)) != NULL...

...in. Thanks, -- Tomo. -------------- next part -------------- diff -ru openssh.orig/auth2.c openssh/auth2.c --- openssh.orig/auth2.c Wed Dec 6 20:11:25 2000 +++ openssh/auth2.c Sat Feb 10 00:06:24 2001 @@ -60,6 +60,7 @@ extern ServerOptions options; extern unsigned char *session_id2; extern int session_id2_len; +extern int user_authenticated_as_root; /* Jarno: from channels.c */ static Authctxt *x_authctxt = NULL; static int one = 1; @@ -282,6 +283,13 @@ /* Log before sending the reply */ userauth_log(authctxt, authenticated, method); userauth_reply(authctxt, authenticated); + + if (authentica...

In sshconnect.c there are two global variables for server_version_string client_version_string. These are used just in a few functions and can easily be passed as parameters. Also, there is a strange construct, where their memory is allocated to the global pointers, then copies of these pointers are assigned to the kex structure. The kex_free finally frees them via cleanup of the kex

...rt -------------- diff -u -r openssh-2.1.1p4/auth2.c openssh-2.1.1p4-jhchanges/auth2.c --- openssh-2.1.1p4/auth2.c Tue Jul 11 10:31:38 2000 +++ openssh-2.1.1p4-jhchanges/auth2.c Tue Aug 22 19:43:09 2000 @@ -65,6 +65,7 @@ extern ServerOptions options; extern unsigned char *session_id2; extern int session_id2_len; +extern int user_authenticated_as_root; /* Jarno: From channels.c */ /* protocol */ @@ -239,6 +240,14 @@ packet_put_char(0); /* XXX partial success, unused */ packet_send(); packet_write_wait(); + } + + /* Jarno: Set the user_authenticated_as_root flag */ + if ( authenticated &am...

...ar *) reply.data, reply.length); Index: 3_0_2p1_w_gss.1/gss-serv.c --- 3_0_2p1_w_gss.1/gss-serv.c Thu, 10 Jan 2002 15:57:24 -0500 +++ 3_0_2p1_w_gss_w_named_keys.14(w)/gss-serv.c Fri, 18 Jan 2002 12:24:41 -0500 @@ -48,6 +48,7 @@ extern ServerOptions options; extern u_char *session_id2; extern int session_id2_len; +int user_key_allowed(struct passwd *, Key *); typedef struct ssh_gssapi_cred_cache { @@ -98,24 +99,39 @@ ssh_gssapi_krb5_userok(char *name) { krb5_principal princ; int retval; + char *by; + Key k; if (ssh_gssapi_krb5_init() == 0) return 0; - + + k.type = KEY_NAME; + k.name = gs...