search for: ssh1_host_key

Hi, Has anybody produced diffs for openssh-2.3.0p1 for the rsa keyexchange problem that Core-SDI described ? ( I noticed that fix is already in openbsd tree ). -Jarno -- Jarno Huuskonen - System Administrator | Jarno.Huuskonen at uku.fi University of Kuopio - Computer Center | Work: +358 17 162822 PO BOX 1627, 70211 Kuopio, Finland | Mobile: +358 40 5388169

...his may be due to an old implementation of ssh."); --- sshd.c.O Thu Jul 5 10:49:10 2001 +++ sshd.c Thu Jul 5 10:49:27 2001 @@ -1217,7 +1217,12 @@ packet_put_bignum(sensitive_data.server_key->rsa->n); /* Store our public host RSA key. */ - packet_put_int(BN_num_bits(sensitive_data.ssh1_host_key->rsa->n)); + len = BN_num_bits(sensitive_data.ssh1_host_key->rsa->n); + if ((datafellows & SSH_BUG_SERVERLIESSIZE) && (len & 1)) { + /* old ssh client expects even number for host key */ + len += 1; + } + packet_put_int(len); packet_put_bignum(sensitive_data.ss...

...)); + + num_rexec_recvd_host_keys = num_host_keys; + + for (i = 0; i < num_host_keys; i++) { + hk = buffer_get_key(&m); + debug("%s: received %s host key", __func__, key_type(hk)); + sensitive_data.host_keys[i] = hk; + switch (hk->type) { + case KEY_RSA1: + sensitive_data.ssh1_host_key = hk; + sensitive_data.have_ssh1_key = 1; + break; + case KEY_RSA: + case KEY_DSA: + sensitive_data.have_ssh2_key = 1; + break; + default: + fatal("%s: unsupported host key type", __func__); + } + } + buffer_free(&m); debug3("%s: done", __func__); @@ -130...

Hi, Is there any way to store HostKey in hardware (and delegate the related processing)? I have been using Roumen Petrov's x509 patch for clients, which works via an OpenSSL engine, but it does not seem to support server HostKey: http://roumenpetrov.info/pipermail/ssh_x509_roumenpetrov.info/2012q4/000019.html For PKCS#11, I have found an email on this list from a year back suggesting this

Could everyone please test the latest snapshots as we will be making a new release soon. If you have any patches you would like us to consider, please resend them to the list ASAP. -d -- | Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's | http://www.mindrot.org / distributed filesystem'' - Dan Geer

...ent connection */ +AuthenticationConnection *auth_conn = NULL; + /* * Any really sensitive data in the application is contained in this * structure. The idea is that this structure could be locked into memory so @@ -206,6 +210,7 @@ struct { Key *server_key; /* ephemeral server key */ Key *ssh1_host_key; /* ssh1 host key */ Key **host_keys; /* all private host keys */ + Key **host_pubkeys; /* all public host keys */ Key **host_certificates; /* all public host certificates */ int have_ssh1_key; int have_ssh2_key; @@ -652,11 +657,18 @@ privsep_preauth(Authctxt *authctxt) } else if (pid...

We've run into an interesting dilemma regarding last log information and ssh 4.2p1. In 3.8, we didn't see this problem, but now has cropped up in 4.2. When a user logs in, sshd seems to call 'last' to get the last log information. 'last' then opens the /var/log/wtmp file and processes the information. On some systems, this file can be quite large, and we're seeing