Displaying 9 results from an estimated 9 matches for "ssh2_msg_userauth_pk_ok".
2012 Jan 20
2
Regarding Pubkey Enumeration
HD Moore from MetaSploit has noted that, given a pubkey (and not the
corresponding private key, as might be found in authorized_keys), he can
determine if he'd be able to log into an account.
It's a small thing, but he's using it for very interesting
recon/deanonymization. He'll be releasing a paper shortly, not overplaying
the characteristic, but certainly showing it can be used
2015 Jun 18
7
[Bug 2415] New: Public key failures are not counted and therefore not logged into syslog
https://bugzilla.mindrot.org/show_bug.cgi?id=2415
Bug ID: 2415
Summary: Public key failures are not counted and therefore not
logged into syslog
Product: Portable OpenSSH
Version: 6.8p1
Hardware: Other
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component:
2001 Mar 22
9
Portable OpenSSH-2.5.2p2
...d SSH protocol 2 cipher is AES with hmac-md5. AES offers
much faster throughput in a well scrutinised cipher.
Bugfixes:
stderr handling fixes in SSH protocol 2.
Improved interoperability.
Client:
The client no longer asks for the the passphrase if the key
will not be accepted by the server (SSH2_MSG_USERAUTH_PK_OK)
Miscellaneous:
scp should now work for files > 2GB
ssh-keygen can now generate fingerprints in the "bubble babble"
format for exchanging fingerprints with SSH.COM's SSH protocol 2
implementation.
Portable version:
Better support for the PRNGd[1] entropy collection daemon....
2001 Mar 22
9
Portable OpenSSH-2.5.2p2
...d SSH protocol 2 cipher is AES with hmac-md5. AES offers
much faster throughput in a well scrutinised cipher.
Bugfixes:
stderr handling fixes in SSH protocol 2.
Improved interoperability.
Client:
The client no longer asks for the the passphrase if the key
will not be accepted by the server (SSH2_MSG_USERAUTH_PK_OK)
Miscellaneous:
scp should now work for files > 2GB
ssh-keygen can now generate fingerprints in the "bubble babble"
format for exchanging fingerprints with SSH.COM's SSH protocol 2
implementation.
Portable version:
Better support for the PRNGd[1] entropy collection daemon....
2002 Jan 24
1
PATCH: krb4/krb5/... names/patterns in auth_keys entries
...er_len(&b)) == 1)
authenticated = 1;
buffer_clear(&b);
@@ -493,7 +493,7 @@
* if a user is not allowed to login. is this an
* issue? -markus
*/
- if (user_key_allowed(authctxt->pw, key)) {
+ if (user_key_allowed(authctxt->pw, key) > 0) {
packet_start(SSH2_MSG_USERAUTH_PK_OK);
packet_put_string(pkalg, alen);
packet_put_string(pkblob, blen);
@@ -719,24 +719,31 @@
continue;
}
}
- if (key_equal(found, key) &&
- auth_parse_options(pw, options, file, linenum) == 1) {
- found_key = 1;
- debug("matching key found: file %s, line %lu...
2001 Aug 15
0
[ossh patch] principal name/patterns in authorized_keys2
...er_len(&b)) == 1)
authenticated = 1;
buffer_clear(&b);
@@ -508,7 +508,7 @@
* if a user is not allowed to login. is this an
* issue? -markus
*/
- if (user_key_allowed(authctxt->pw, key)) {
+ if (user_key_allowed(authctxt->pw, key) > 0) {
packet_start(SSH2_MSG_USERAUTH_PK_OK);
packet_put_string(pkalg, alen);
packet_put_string(pkblob, blen);
@@ -768,19 +768,36 @@
continue;
}
}
- if (key_equal(found, key) &&
- auth_parse_options(pw, options, file, linenum) == 1) {
- found_key = 1;
- debug("matching key found: file %s, line %ld...
2002 May 09
0
functions : server_input_channel_req userauth_pubkey
...16,7 @@
* if a user is not allowed to login. is this an
* issue? -markus
*/
- - if (user_key_allowed(authctxt->pw, key)) {
+ if (user_key_allowed(authctxt->pw, key, realname)) {
packet_start(SSH2_MSG_USERAUTH_PK_OK);
packet_put_string(pkalg, alen);
packet_put_string(pkblob, blen);
@@ -505,6 +537,10 @@
if (check_nt_auth(0, authctxt->pw) == 0)
return(0);
#endif
+ sshid(realname, 1, tempreal);
+ debug("******************...
2006 Nov 15
11
OpenSSH Certkey (PKI)
...{
Buffer b;
@@ -936,6 +1035,31 @@
}
static int
+send_certkey_test(Authctxt *authctxt, Identity *id)
+{
+ u_char *blob;
+ u_int bloblen, have_sig = 0;
+
+ if (key_to_blob(id->key, &blob, &bloblen) == 0)
+ return 0;
+ /* register callback for USERAUTH_PK_OK message */
+ dispatch_set(SSH2_MSG_USERAUTH_PK_OK, &input_userauth_pk_ok);
+
+ packet_start(SSH2_MSG_USERAUTH_REQUEST);
+ packet_put_cstring(authctxt->server_user);
+ packet_put_cstring(authctxt->service);
+ packet_put_cstring(authctxt->method->name);
+ packet_put_char(have_sig);
+ if (!(datafellows & SSH_BUG_PKAUTH))
+ packet...
2003 Oct 08
4
OS/390 openssh
...char(&b, have_sig);
buffer_put_cstring(&b, pkalg);
}
- buffer_put_string(&b, pkblob, blen);
+ buffer_put_binary(&b, pkblob, blen);
#ifdef DEBUG_PK
buffer_dump(&b);
#endif
@@ -142,7 +142,7 @@
if (PRIVSEP(user_key_allowed(authctxt->pw, key))) {
packet_start(SSH2_MSG_USERAUTH_PK_OK);
packet_put_string(pkalg, alen);
- packet_put_string(pkblob, blen);
+ packet_put_binary(pkblob, blen);
packet_send();
packet_write_wait();
authctxt->postponed = 1;
diff -bur openssh-3.7.1p2.orig/bufaux.c openssh-3.7.1p2/bufaux.c
--- openssh-3.7.1p2.orig/bufaux.c Wed May 14 0...