search for: ssh_cipher_non

...ect("Protocol error: got %d in response to SSH_CMSG_USER", type); +#ifdef AFS + /* Try Kerberos v4 TGT passing if the server supports it. */ + if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT)) && + options.kerberos_tgt_passing) { + if (options.cipher == SSH_CIPHER_NONE) + log("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!"); + send_krb4_tgt(); + } + /* Try AFS token passing if the server supports it. */ + + if ((supported_authentications & (1 << SSH_PASS_AFS_TOKEN)) && + options.afs_token_passing &am...

While rototilling packet.c, I did some looking at cipher_encrypt in cipher.c. It ends up that for SSH_CIPHER_NONE in cipher_encrypt, it uses memcpy. However, it also appears that dest and src can be equal in cipher_encrypt. On most sane libc implementations, memcpy == memmove. However, ANSI C makes no such guarantee, and some implementations out there are bound to try to optimize memcpy eventually. Therefor...

...supports protocol 1: # ssh -1 -o "cipher none" remotehost <No valid SSH1 cipher, using 3des instead> As per the code in sshconnect1.c, it has to alert the user about "none" cipher usage. try_challenge_response_authentication() { .... if (options.cipher == SSH_CIPHER_NONE) logit("WARNING: Encryption is disabled! " "Response will be transmitted in clear text."); } try_password_authentication() { ... if (options.cipher == SSH_CIPHER_NONE) logit("WARNING: Encryption i...

...RIX 5.3 with the native IDO cc: --- cipher.c.orig 2004-10-17 12:04:10.000000000 +0200 +++ cipher.c 2004-10-17 13:43:22.000000000 +0200 @@ -76,15 +76,15 @@ u_int key_len; const EVP_CIPHER *(*evptype)(void); } ciphers[] = { - { "none", SSH_CIPHER_NONE, 8, 0, EVP_enc_null }, - { "des", SSH_CIPHER_DES, 8, 8, EVP_des_cbc }, + { "none", SSH_CIPHER_NONE, 8, 0, (const EVP_CIPHER *(*)(void)) EVP_enc_null }, + { "des", SSH_CIPHER_DES, 8, 8, (const EVP_CIP...

Could people please test -current? We will be making a release fairly soon. -d -- | By convention there is color, \\ Damien Miller <djm at mindrot.org> | By convention sweetness, By convention bitterness, \\ www.mindrot.org | But in reality there are atoms and space - Democritus (c. 400 BCE)

Could everyone please test the latest snapshots as we will be making a new release soon. If you have any patches you would like us to consider, please resend them to the list ASAP. -d -- | Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's | http://www.mindrot.org / distributed filesystem'' - Dan Geer

...e, the referenced type of the pointer value "EVP_enc_null" is "function () returning pointer to struct evp_cipher_st", which is not compatible with "function () returning pointer to const struct evp_cipher_st". (ptrmismatch) { "none", SSH_CIPHER_NONE, 8, 0, EVP_enc_null }, -------------------------------------------------------^ cc: Warning: cipher.c, line 66: In the initializer for ciphers[1].evptype, the referenced type of the pointer value "EVP_des_cbc" is "function () returning pointer to struct evp_cipher_st", which...

Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the

...", comment); @@ -602,6 +612,9 @@ int payload_len; unsigned int clen; char *challenge, *response; + int interactive = isatty(STDIN_FILENO); + char *askpass = NULL; + char buf[300]; debug("Doing skey authentication."); @@ -625,13 +638,30 @@ if (options.cipher == SSH_CIPHER_NONE) log("WARNING: Encryption is disabled! " "Reponse will be transmitted in clear text."); - fprintf(stderr, "%s\n", challenge); + if (!interactive && getenv("DISPLAY")) { + if (getenv(SSH_ASKPASS_ENV)) + askpass = getenv(SSH_ASKPASS_ENV);...

...2.1pre25/cipher.c --- openssh-1.2.1pre25.orig/cipher.c Tue Dec 14 23:34:31 1999 +++ openssh-1.2.1pre25/cipher.c Fri Jan 14 14:37:16 2000 @@ -148,6 +148,7 @@ unsigned int mask = 0; mask |= 1 << SSH_CIPHER_3DES; /* Mandatory */ mask |= 1 << SSH_CIPHER_BLOWFISH; + mask |= 1 << SSH_CIPHER_NONE; return mask; } diff -ur openssh-1.2.1pre25.orig/ssh.c openssh-1.2.1pre25/ssh.c --- openssh-1.2.1pre25.orig/ssh.c Wed Dec 29 00:17:09 1999 +++ openssh-1.2.1pre25/ssh.c Fri Jan 14 14:40:50 2000 @@ -106,7 +106,8 @@ fprintf(stderr, " -c cipher Select encryption algorithm: "...

Here is a patch that does TIS auth via PAM. It's controlled by a switch in the sshd_config. You'd use it by having a PAM module that sets PAM_PROMPT_ECHO_ON. eg, you could use it with pam_skey or pam_smxs. The patch is against the 2.9.9p2 distribution. I'm not on the list, a reply if this patch is accepted would be great. (But not required, I know some folks have a distaste for

...*/ int use_login; /* If true, login(1) is used */ diff -uNr openssh-3.0.2p1.orig/sshconnect1.c openssh-3.0.2p1/sshconnect1.c --- openssh-3.0.2p1.orig/sshconnect1.c Tue Oct 9 22:03:12 2001 +++ openssh-3.0.2p1/sshconnect1.c Fri Feb 15 02:15:05 2002 @@ -849,7 +849,7 @@ if (options.cipher == SSH_CIPHER_NONE) log("WARNING: Encryption is disabled! " "Reponse will be transmitted in clear text."); - response = read_passphrase(prompt, 0); + response = read_passphrase(prompt, RP_ECHO); if (strcmp(response, "") == 0) { xfree(response); break; diff -uNr...

http://bugzilla.mindrot.org/show_bug.cgi?id=138 mouring at eviladmin.org changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |vjo at dulug.duke.edu ------- Additional Comments From mouring at eviladmin.org 2002-03-08 04:49 ------- *** Bug 139 has been

...+ #endif sizeof(*hostaddr)) >= 0) { /* Successful connection. */ restore_uid(); *************** *** 916,922 **** debug("No challenge for skey authentication."); return 0; } ! challenge = packet_get_string(&payload_len); if (options.cipher == SSH_CIPHER_NONE) log("WARNING: Encryption is disabled! " "Reponse will be transmitted in clear text."); --- 949,955 ---- debug("No challenge for skey authentication."); return 0; } ! challenge = packet_get_string((unsigned int *)&payload_len); if (optio...

http://bugzilla.mindrot.org/show_bug.cgi?id=877 Summary: ssh 3.8.1p1 client cannot disable encryption with "-c none" Product: Portable OpenSSH Version: 3.8.1p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo:

...include "fips.h" /* compatibility with old or broken OpenSSL versions */ #include "openbsd-compat/openssl-compat.h" @@ -64,30 +65,31 @@ u_int key_len; u_int discard_len; const EVP_CIPHER *(*evptype)(void); + u_int fips_allowed; } ciphers[] = { - { "none", SSH_CIPHER_NONE, 8, 0, 0, EVP_enc_null }, - { "des", SSH_CIPHER_DES, 8, 8, 0, EVP_des_cbc }, - { "3des", SSH_CIPHER_3DES, 8, 16, 0, evp_ssh1_3des }, - { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, 0, evp_ssh1_bf }, - - { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, EVP_des_ede3_c...

I'm reading this fine article on O'Reilly: http://linux.oreillynet.com/lpt/a//linux/2001/11/08/ssh_keystroke.html <quote> The paper concludes that the keystroke timing data observable from today's SSH implementations reveals a dangerously significant amount of information about user terminal sessions--enough to locate typed passwords in the session data stream and reduce the