search for: ssh_agent_success

On 04/04/18 21:56, Damien Miller wrote: > > I don't follow - clients always have to know that the last message sent > was, otherwise they wouldn't be able to disambiguate the shared > SSH_AGENT_SUCCESS / SSH_AGENT_FAILURE. The format of that message doesn't change though -- it's always a single byte (so you don't need that information in the function that actually parses the message). With this proposal that is no longer the case. I mean, maybe it's a pointless concern and things...

Hi, I've been reading the RFC draft for the OpenSSH agent protocol and trying to understand the extension mechanism. It seems like a client, after sending an extension message, will have to then interpret any following success (0x6) message differently according to the extension request just sent. The example with the "query" extension returning a success message with extra data

I've architected this in a way that looks future proof at least to the openssl provider transition. What will happen in openssl 3.0.0 is that providers become active and will accept keys via URI. The current file mechanisms will still be available but internally it will become a file URI. To support the provider interface, openssl will have to accept keys by URI instead of file and may

...ey."); } else if (type != SSH2_AGENT_SIGN_RESPONSE) { fatal("Bad authentication response: %d", type); *************** *** 513,519 **** { switch (type) { case SSH_AGENT_FAILURE: - case SSH_COM_AGENT_FAILURE: log("SSH_AGENT_FAILURE"); return 0; case SSH_AGENT_SUCCESS: --- 513,518 ----

...ine, NULL, lifetime, confirm, maxsign); + if (ret == SSH_ERR_KEY_WRONG_PASSPHRASE) { + pin = read_passphrase("Enter engine key passphrase:", RP_ALLOW_STDIN); + if (!pin) + return -1; + ret = ssh_add_engine_key(agent_fd, file, engine, pin, lifetime, confirm, maxsign); + } + if (ret != SSH_AGENT_SUCCESS) { + fprintf(stderr, "failed to add engine key: %s\n", ssh_err(ret)); + } else { + fprintf(stderr, "Engine Identity added: %s\n", file); + } + if (pin) + free (pin); + return ret; +} + static int delete_file(int agent_fd, const char *filename, int key_only, int qflag) { @@...

Engine keys are private key files which are only understood by openssl external engines. ?The problem is they can't be loaded with the usual openssl methods, they have to be loaded via ENGINE_load_private_key(). ?Because they're files, they fit well into openssh pub/private file structure, so they're not very appropriately handled by the pkcs11 interface because it assumes the private