search for: shostkeyfile

Hi, Is there any way to store HostKey in hardware (and delegate the related processing)? I have been using Roumen Petrov's x509 patch for clients, which works via an OpenSSL engine, but it does not seem to support server HostKey: http://roumenpetrov.info/pipermail/ssh_x509_roumenpetrov.info/2012q4/000019.html For PKCS#11, I have found an email on this list from a year back suggesting this

https://bugzilla.mindrot.org/show_bug.cgi?id=2346 Bug ID: 2346 Summary: sshd -T doesn't write all configuration options in valid format Product: Portable OpenSSH Version: 6.7p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component:

...protocol == SSH_PROTO_UNKNOWN) @@ -275,7 +282,7 @@ fill_default_server_options(ServerOption typedef enum { sBadOption, /* == unknown option */ /* Portable-specific options */ - sPAMAuthenticationViaKbdInt, + sPAMAuthenticationViaKbdInt, sPAMServiceNameAppend, /* Standard Options */ sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, sPermitRootLogin, sLogFacility, sLogLevel, @@ -312,6 +319,7 @@ static struct { } keywords[] = { /* Portable-specific options */ { "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt }, + { "PAMServiceNameAppend&quot...

...tions->pam_service_name = SSHD_PAM_SERVICE; /* Standard Options */ if (options->protocol == SSH_PROTO_UNKNOWN) @@ -276,6 +281,7 @@ sBadOption, /* == unknown option */ /* Portable-specific options */ sPAMAuthenticationViaKbdInt, + sPAMServiceName, /* Standard Options */ sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, sPermitRootLogin, sLogFacility, sLogLevel, @@ -312,6 +318,7 @@ } keywords[] = { /* Portable-specific options */ { "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt }, + { "PAMServiceName", sPAMServiceName },...

...KNOWN) options->protocol = SSH_PROTO_1|SSH_PROTO_2; if (options->num_host_key_files == 0) { @@ -258,9 +249,6 @@ /* Keyword tokens. */ typedef enum { sBadOption, /* == unknown option */ - /* Portable-specific options */ - sPAMAuthenticationViaKbdInt, - /* Standard Options */ sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, sPermitRootLogin, sLogFacility, sLogLevel, sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication, @@ -294,9 +282,6 @@ const char *name; ServerOpCodes opcode; } keywords[] = { - /* Portable-specific options */ - { "P...

Could people please test -current? We will be making a release fairly soon. -d -- | By convention there is color, \\ Damien Miller <djm at mindrot.org> | By convention sweetness, By convention bitterness, \\ www.mindrot.org | But in reality there are atoms and space - Democritus (c. 400 BCE)

...KNOWN) options->protocol = SSH_PROTO_1|SSH_PROTO_2; if (options->num_host_key_files == 0) { @@ -271,9 +262,6 @@ /* Keyword tokens. */ typedef enum { sBadOption, /* == unknown option */ - /* Portable-specific options */ - sPAMAuthenticationViaKbdInt, - /* Standard Options */ sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, sPermitRootLogin, sLogFacility, sLogLevel, sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication, @@ -307,9 +295,6 @@ const char *name; ServerOpCodes opcode; } keywords[] = { - /* Portable-specific options */ - { "P...

...t than -1) and comparison of the return dup() return value should be >=0 instead of >0 -- 0 is also valid FD. 3. process_server_config_line: sAuthorizedPrincipalsFile option handles intptr, without any possible label (therefore always null), which is dead code (probably copy-paste error from sHostKeyFile) 4. box variable for sandbox context is not freed in the child process after calling ssh_sandbox_child(), which makes it memory leak. 5. server_accept_loop() allocates fdset variable, but does not free it in the end. These are the most obvious problems and it would be nice to have them addressed...

...KNOWN) options->protocol = SSH_PROTO_1|SSH_PROTO_2; if (options->num_host_key_files == 0) { @@ -271,9 +262,6 @@ /* Keyword tokens. */ typedef enum { sBadOption, /* == unknown option */ - /* Portable-specific options */ - sPAMAuthenticationViaKbdInt, - /* Standard Options */ sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, sPermitRootLogin, sLogFacility, sLogLevel, sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication, @@ -307,9 +295,6 @@ const char *name; ServerOpCodes opcode; } keywords[] = { - /* Portable-specific options */ - { "P...

...tions->rsa_authentication = 1; + if (options->rsa_host_other_authentication == -1) + options->rsa_host_other_authentication = 0; if (options->dsa_authentication == -1) options->dsa_authentication = 1; #ifdef KRB4 *************** *** 170,175 **** --- 173,179 ---- sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, sPermitRootLogin, sLogFacility, sLogLevel, sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication, + sRSAHostOtherAuthentication, #ifdef KRB4 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, #...

Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the

...stbasedUsesNameFromPacketOnly, sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, @@ -282,6 +288,7 @@ u_int flags; } keywords[] = { { "port", sPort, SSHCFG_GLOBAL }, + { "cakeyfile", sCAKeyFile, SSHCFG_GLOBAL }, { "hostkey", sHostKeyFile, SSHCFG_GLOBAL }, { "hostdsakey", sHostKeyFile, SSHCFG_GLOBAL }, /* alias */ { "pidfile", sPidFile, SSHCFG_GLOBAL }, @@ -296,6 +303,7 @@ { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_GLOBAL }, { "hostbasedusesnamefrompacketonly", sHos...