Displaying 17 results from an estimated 17 matches for "ssh_cipher_none".
2001 Oct 02
2
AFS and tokenforwarding
...ect("Protocol error: got %d in response to SSH_CMSG_USER", type);
+#ifdef AFS
+ /* Try Kerberos v4 TGT passing if the server supports it. */
+ if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT)) &&
+ options.kerberos_tgt_passing) {
+ if (options.cipher == SSH_CIPHER_NONE)
+ log("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!");
+ send_krb4_tgt();
+ }
+ /* Try AFS token passing if the server supports it. */
+
+ if ((supported_authentications & (1 << SSH_PASS_AFS_TOKEN)) &&
+ options.afs_token_passing &...
2000 Jan 19
1
Potentially serious (but rare) issue with buffer.c and cipher.c
While rototilling packet.c, I did some looking at cipher_encrypt in
cipher.c. It ends up that for SSH_CIPHER_NONE in cipher_encrypt, it
uses memcpy. However, it also appears that dest and src can be equal
in cipher_encrypt.
On most sane libc implementations, memcpy == memmove. However, ANSI C
makes no such guarantee, and some implementations out there are bound
to try to optimize memcpy eventually.
Therefore...
2007 Jan 05
1
No warning message is displayed for "none" cipher
...supports protocol 1:
# ssh -1 -o "cipher none" remotehost
<No valid SSH1 cipher, using 3des instead>
As per the code in sshconnect1.c, it has to alert the user about "none" cipher usage.
try_challenge_response_authentication() {
....
if (options.cipher == SSH_CIPHER_NONE)
logit("WARNING: Encryption is disabled! "
"Response will be transmitted in clear text.");
}
try_password_authentication() {
...
if (options.cipher == SSH_CIPHER_NONE)
logit("WARNING: Encryption is...
2004 Oct 17
0
OpenSSH 3.9.1 fix for IRIX 5.3 cc
...RIX 5.3 with the native IDO cc:
--- cipher.c.orig 2004-10-17 12:04:10.000000000 +0200
+++ cipher.c 2004-10-17 13:43:22.000000000 +0200
@@ -76,15 +76,15 @@
u_int key_len;
const EVP_CIPHER *(*evptype)(void);
} ciphers[] = {
- { "none", SSH_CIPHER_NONE, 8, 0, EVP_enc_null },
- { "des", SSH_CIPHER_DES, 8, 8, EVP_des_cbc },
+ { "none", SSH_CIPHER_NONE, 8, 0, (const EVP_CIPHER *(*)(void)) EVP_enc_null },
+ { "des", SSH_CIPHER_DES, 8, 8, (const EVP_CIPH...
2001 Nov 12
4
Please test -current
Could people please test -current? We will be making a release fairly
soon.
-d
--
| By convention there is color, \\ Damien Miller <djm at mindrot.org>
| By convention sweetness, By convention bitterness, \\ www.mindrot.org
| But in reality there are atoms and space - Democritus (c. 400 BCE)
2001 Oct 12
17
Please test snapshots for 3.0 release
Could everyone please test the latest snapshots as we will be making a
new release soon.
If you have any patches you would like us to consider, please resend
them to the list ASAP.
-d
--
| Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's
| http://www.mindrot.org / distributed filesystem'' - Dan Geer
2002 Jul 25
1
[Bug 371] New: OpenSSH fails to build on Alpha True64 in cipher.c
...e, the
referenced type of the pointer value "EVP_enc_null" is "function () returning
pointer to struct evp_cipher_st", which is not compatible with "function ()
returning pointer to const struct evp_cipher_st". (ptrmismatch)
{ "none", SSH_CIPHER_NONE, 8, 0, EVP_enc_null },
-------------------------------------------------------^
cc: Warning: cipher.c, line 66: In the initializer for ciphers[1].evptype, the
referenced type of the pointer value "EVP_des_cbc" is "function () returning
pointer to struct evp_cipher_st", which i...
2001 Nov 20
3
problem with AFS token forwarding
Hello,
I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1
concerning the AFS token forwarding. That means that the new versions are
not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH
releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this
problem already existed in Openssh 2.9.9p1, but I have never used this
version (I only looked at the
2000 Sep 09
0
2.2.0p1 PATCH: ssh/scp/slogin will invoke ssh-askpass
...",
comment);
@@ -602,6 +612,9 @@
int payload_len;
unsigned int clen;
char *challenge, *response;
+ int interactive = isatty(STDIN_FILENO);
+ char *askpass = NULL;
+ char buf[300];
debug("Doing skey authentication.");
@@ -625,13 +638,30 @@
if (options.cipher == SSH_CIPHER_NONE)
log("WARNING: Encryption is disabled! "
"Reponse will be transmitted in clear text.");
- fprintf(stderr, "%s\n", challenge);
+ if (!interactive && getenv("DISPLAY")) {
+ if (getenv(SSH_ASKPASS_ENV))
+ askpass = getenv(SSH_ASKPASS_ENV);
+...
2000 Jan 14
2
The cipher 'none' in OpenSSH
...2.1pre25/cipher.c
--- openssh-1.2.1pre25.orig/cipher.c Tue Dec 14 23:34:31 1999
+++ openssh-1.2.1pre25/cipher.c Fri Jan 14 14:37:16 2000
@@ -148,6 +148,7 @@
unsigned int mask = 0;
mask |= 1 << SSH_CIPHER_3DES; /* Mandatory */
mask |= 1 << SSH_CIPHER_BLOWFISH;
+ mask |= 1 << SSH_CIPHER_NONE;
return mask;
}
diff -ur openssh-1.2.1pre25.orig/ssh.c openssh-1.2.1pre25/ssh.c
--- openssh-1.2.1pre25.orig/ssh.c Wed Dec 29 00:17:09 1999
+++ openssh-1.2.1pre25/ssh.c Fri Jan 14 14:40:50 2000
@@ -106,7 +106,8 @@
fprintf(stderr, " -c cipher Select encryption algorithm: "
&...
2001 Oct 09
1
TISviaPAM patch
Here is a patch that does TIS auth via PAM. It's controlled by a switch
in the sshd_config. You'd use it by having a PAM module that sets
PAM_PROMPT_ECHO_ON. eg, you could use it with pam_skey or pam_smxs.
The patch is against the 2.9.9p2 distribution.
I'm not on the list, a reply if this patch is accepted would be great.
(But not required, I know some folks have a distaste for
2002 Feb 15
0
[Bug 118] New: Implement TIS (protocol 1) via PAM
...*/
int use_login; /* If true, login(1) is used */
diff -uNr openssh-3.0.2p1.orig/sshconnect1.c openssh-3.0.2p1/sshconnect1.c
--- openssh-3.0.2p1.orig/sshconnect1.c Tue Oct 9 22:03:12 2001
+++ openssh-3.0.2p1/sshconnect1.c Fri Feb 15 02:15:05 2002
@@ -849,7 +849,7 @@
if (options.cipher == SSH_CIPHER_NONE)
log("WARNING: Encryption is disabled! "
"Reponse will be transmitted in clear text.");
- response = read_passphrase(prompt, 0);
+ response = read_passphrase(prompt, RP_ECHO);
if (strcmp(response, "") == 0) {
xfree(response);
break;
diff -uNr o...
2002 Mar 07
20
[Bug 138] Incorrect OpenSSL version requirment?
http://bugzilla.mindrot.org/show_bug.cgi?id=138
mouring at eviladmin.org changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |vjo at dulug.duke.edu
------- Additional Comments From mouring at eviladmin.org 2002-03-08 04:49 -------
*** Bug 139 has been
2000 Jan 19
3
AIX openssh patches
...+ #endif
sizeof(*hostaddr)) >= 0) {
/* Successful connection. */
restore_uid();
***************
*** 916,922 ****
debug("No challenge for skey authentication.");
return 0;
}
! challenge = packet_get_string(&payload_len);
if (options.cipher == SSH_CIPHER_NONE)
log("WARNING: Encryption is disabled! "
"Reponse will be transmitted in clear text.");
--- 949,955 ----
debug("No challenge for skey authentication.");
return 0;
}
! challenge = packet_get_string((unsigned int *)&payload_len);
if (option...
2004 Jun 05
50
[Bug 877] ssh 3.8.1p1 client cannot disable encryption with "-c none"
http://bugzilla.mindrot.org/show_bug.cgi?id=877
Summary: ssh 3.8.1p1 client cannot disable encryption with "-c
none"
Product: Portable OpenSSH
Version: 3.8.1p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: ssh
AssignedTo:
2008 Apr 21
3
FIPS 140-2 OpenSSL(2007) patches
...include "fips.h"
/* compatibility with old or broken OpenSSL versions */
#include "openbsd-compat/openssl-compat.h"
@@ -64,30 +65,31 @@
u_int key_len;
u_int discard_len;
const EVP_CIPHER *(*evptype)(void);
+ u_int fips_allowed;
} ciphers[] = {
- { "none", SSH_CIPHER_NONE, 8, 0, 0, EVP_enc_null },
- { "des", SSH_CIPHER_DES, 8, 8, 0, EVP_des_cbc },
- { "3des", SSH_CIPHER_3DES, 8, 16, 0, evp_ssh1_3des },
- { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, 0, evp_ssh1_bf },
-
- { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, EVP_des_ede3_cb...
2001 Nov 09
4
keystroke timing attack
I'm reading this fine article on O'Reilly:
http://linux.oreillynet.com/lpt/a//linux/2001/11/08/ssh_keystroke.html
<quote>
The paper concludes that the keystroke timing data observable from
today's SSH implementations reveals a dangerously significant amount of
information about user terminal sessions--enough to locate typed
passwords in the session data stream and reduce the