search for: smartcard_device

...def SMARTCARD { "smartcarddevice", oSmartcardDevice }, #else @@ -608,6 +609,10 @@ charptr = &options->bind_address; goto parse_string; + case oBindPort: + charptr = &options->bind_port; + goto parse_string; + case oSmartcardDevice: charptr = &options->smartcard_device; goto parse_string; @@ -1046,6 +1051,7 @@ options->log_level = SYSLOG_LEVEL_NOT_SET; options->preferred_authentications = NULL; options->bind_address = NULL; + options->bind_port = NULL; options->smartcard_device = NULL; options->enable_ssh_keysign = - 1; options-&g...

For systems where the local hostname is obtained as a short name without domain, there should be a ssh_config option "DefaultDomain" as in ssh-3.x from ssh.com. For the server, there might be a corresponding option in order to strip the domain name from the remote client name (if it matches the server's DefaultDomain) for use in auth_rhost2, since netgroups usually contain short

...DS_PER_DIRECTION]; int clear_forwardings; int no_host_authentication_for_localhost; + int time_out; } Options; --- readconf.c Tue Jul 9 10:06:40 2002 +++ ../openssh-3.5p1.modlwc/readconf.c Wed Oct 30 09:32:51 2002 @@ -793,6 +793,7 @@ options->bind_address = NULL; options->smartcard_device = NULL; options->no_host_authentication_for_localhost = - 1; + options->time_out = 0; } /* --- ssh.c Wed Sep 18 22:05:04 2002 +++ ../openssh-3.5p1.modlwc/ssh.c Wed Oct 30 09:47:44 2002 @@ -275,7 +275,7 @@ again: while ((opt = getopt(ac, av, - "1246ab:c:e:fgi:kl:m:no:p:qstv...

...openssh-3.7.1p2-serverlieswarning/readconf.h --- openssh-3.7.1p2/readconf.h 2003-09-02 08:58:22.000000000 -0400 +++ openssh-3.7.1p2-serverlieswarning/readconf.h 2003-11-04 02:19:21.000000000 -0500 @@ -82,6 +82,7 @@ char *bind_address; /* local socket address for connection to sshd */ char *smartcard_device; /* Smartcard reader device */ int verify_host_key_dns; /* Verify host key using DNS */ + int server_lies_warning; /* display warning about server lying */ int num_identity_files; /* Number of files for RSA/DSA identities. */ char *identity_files[SSH_MAX_IDENTITY_FILES]; diff -Nur op...

...; +#endif + #ifdef SMARTCARD #include "scard.h" #endif @@ -1211,15 +1215,18 @@ load_public_identity_files(void) { char *filename; - int i = 0; + int i = 0, count; Key *public; +#ifdef HAVE_LIBKEYUTIL + key_serial_t *keylist; +#endif #ifdef SMARTCARD Key **keys; if (options.smartcard_device != NULL && options.num_identity_files < SSH_MAX_IDENTITY_FILES && (keys = sc_get_keys(options.smartcard_device, NULL)) != NULL ) { - int count = 0; + count = 0; for (i = 0; keys[i] != NULL; i++) { count++; memmove(&options.identity_files[1], &opti...

...9,10 @@ intptr = &options->connection_attempts; goto parse_int; + case oSleep: + intptr = &options->sleep; + goto parse_int; + case oCipher: intptr = &options->cipher; arg = strdelim(&s); @@ -799,6 +804,7 @@ options->bind_address = NULL; options->smartcard_device = NULL; options->no_host_authentication_for_localhost = - 1; + options->sleep = -1; } /* diff -ur openssh-3.0.2p1/readconf.h openssh-3.0.2p1S/readconf.h --- openssh-3.0.2p1/readconf.h Wed Oct 3 11:39:39 2001 +++ openssh-3.0.2p1S/readconf.h Sat Jan 19 14:49:50 2002 @@ -102,6 +102,7 @@...

...attempts; goto parse_int; + case oSleep: + intptr = &options->sleep; + goto parse_int; + case oCipher: intptr = &options->cipher; arg = strdelim(&s); @@ -793,6 +798,7 @@ options->preferred_authentications = NULL; options->bind_address = NULL; options->smartcard_device = NULL; + options->sleep = -1; } /* diff -u openssh-2.9.9p2/readconf.h openssh-2.9.9p2J/readconf.h --- openssh-2.9.9p2/readconf.h Wed Sep 19 18:57:56 2001 +++ openssh-2.9.9p2J/readconf.h Thu Sep 27 22:01:07 2001 @@ -101,6 +101,7 @@ int num_remote_forwards; Forward remote_forwards[SS...

Heya, Most of the windows ssh clients (putty, securecrt) have anti-idle features. They offer either a null packet or protocol no-op or user defined string to be sent over every x seconds. Is this possible or planned with the OpenSSH client? Our draconian firewall admins have started timing out ssh sessions. Yes I'm aware I could hack up a port forwarding dumb traffic process, but was

I'd like a feature whereby ssh puts itself in the background after the first successful X11 (or other port) forwarding. The reason for this is simple: error handling. If the application fails to open the X display and exits, then the client can still exit with the application's exit code. But if the application opens the X display successfully, then it can just display any errors by

...&options->hash_known_hosts; + goto parse_flag; +#endif + case oStrictHostKeyChecking: intptr = &options->strict_host_key_checking; arg = strdelim(&s); @@ -793,6 +805,9 @@ initialize_options(Options * options) options->bind_address = NULL; options->smartcard_device = NULL; options->no_host_authentication_for_localhost = - 1; +#ifdef HASH_KNOWN_HOSTS + options->hash_known_hosts = -1; +#endif } /* @@ -907,6 +922,10 @@ fill_default_options(Options * options) clear_forwardings(options); if (options->no_host_authentication_for_localhost...

..."hostkeyalias", oHostKeyAlias }, + { "opencommand", oOpenCommand }, + { "closecommand", oCloseCommand }, { "proxycommand", oProxyCommand }, { "port", oPort }, { "cipher", oCipher }, @@ -537,10 +540,21 @@ charptr = &options->smartcard_device; goto parse_string; + case oOpenCommand: + case oCloseCommand: case oProxyCommand: if (s == NULL) fatal("%.200s line %d: Missing argument.", filename, linenum); - charptr = &options->proxy_command; + switch (opcode) { + case oOpenCommand: + charptr = &options...

...9,10 @@ intptr = &options->connection_attempts; goto parse_int; + case oSleep: + intptr = &options->sleep; + goto parse_int; + case oCipher: intptr = &options->cipher; arg = strdelim(&s); @@ -799,6 +804,7 @@ options->bind_address = NULL; options->smartcard_device = NULL; options->no_host_authentication_for_localhost = - 1; + options->sleep = -1; } /* diff -ur openssh-3.0p1/readconf.h openssh-3.0p1J/readconf.h --- openssh-3.0p1/readconf.h Wed Oct 3 11:39:39 2001 +++ openssh-3.0p1J/readconf.h Tue Nov 13 16:10:26 2001 @@ -102,6 +102,7 @@ Forward...

...} }; @@ -678,6 +680,10 @@ *intptr = value; break; + case oNoDelay: + intptr = &options->nodelay; + goto parse_flag; + default: fatal("process_config_line: Unimplemented opcode %d", opcode); } @@ -799,6 +805,7 @@ options->bind_address = NULL; options->smartcard_device = NULL; options->no_host_authentication_for_localhost = - 1; + options->nodelay = -1; } /* @@ -919,6 +926,8 @@ clear_forwardings(options); if (options->no_host_authentication_for_localhost == - 1) options->no_host_authentication_for_localhost = 0; + if (options->nodelay...

I'm reading this fine article on O'Reilly: http://linux.oreillynet.com/lpt/a//linux/2001/11/08/ssh_keystroke.html <quote> The paper concludes that the keystroke timing data observable from today's SSH implementations reveals a dangerously significant amount of information about user terminal sessions--enough to locate typed passwords in the session data stream and reduce the

...The last change was committed on 10/3/2001. + *************************************************************************** */ #include "includes.h" @@ -793,6 +819,12 @@ options->preferred_authentications = NULL; options->bind_address = NULL; options->smartcard_device = NULL; + /* + * SD Mod: Initialize option to use steno timing manipulation. + * By default, timing analysis evasion is used. The -S flag + * must be used to turn off this feature. + */ + options->use_steno_timing_manipulation = 1; } /* --- readconf....

Hello, In response to the timing analysis attacks presented by Dawn Song et. al. in her paper http://paris.cs.berkeley.edu/~dawnsong/ssh-timing.html we at Silicon Defense developed a patch for openssh to avoid such measures. Timing Analysis Evasion changes were developed by C. Jason Coit and Roel Jonkman of Silicon Defense. These changes cause SSH to send packets unless request not to,