search for: ssh_get_authentication_socket

...ged, 28 insertions(+), 12 deletions(-) diff --git a/authfd.c b/authfd.c index 12bf125..20fcba2 100644 --- a/authfd.c +++ b/authfd.c @@ -83,21 +83,12 @@ decode_reply(u_char type) return SSH_ERR_INVALID_FORMAT; } -/* Returns the number of the authentication fd, or -1 if there is none. */ -int -ssh_get_authentication_socket(int *fdp) +static int +get_authentication_socket(const char *authsocket, int *fdp) { - const char *authsocket; int sock, oerrno; struct sockaddr_un sunaddr; - if (fdp != NULL) - *fdp = -1; - - authsocket = getenv(SSH_AUTHSOCKET_ENV_NAME); - if (!authsocket) - return SSH_ERR_AGENT_NOT_PRESE...

...sockdir); xfree(newauthsockdir); } xfree(authsocketdir); return -1; } We fixed SSH-1.2.27 by wrapping this part of the code in a while-loop (looping if errno == ECONNREFUSED), and this appears to work well, solving our immediate problem. In OpenSSH, it looks like ssh_get_authentication_socket() in authfd.c could easily be made to act in a similar fashion. It would be great if OpenSSH would handle this situation more gracefully as well. Thanks, -- Jos Backus _/ _/_/_/ "Modularity is not a hack." _/ _/ _/ --...

...Tue Jan 2 16:42:51 2001 @@ -843,7 +843,7 @@ } } /* Tell the packet module whether this is an interactive session. */ - packet_set_interactive(interactive, options.keepalives); + packet_set_interactive(interactive); /* Clear agent forwarding if we don\'t have an agent. */ authfd = ssh_get_authentication_socket(); --- sv0/sshconnect.c Fri Sep 22 23:15:57 2000 +++ sshconnect.c Tue Jan 2 16:40:45 2001 @@ -304,6 +304,15 @@ linger.l_linger = 5; setsockopt(sock, SOL_SOCKET, SO_LINGER, (void *) &linger, sizeof(linger)); + if (options.keepalives) { + static const int on = 1; + + /* Set keepalives if...

...function `socket' bsd-rresvport.c:88: warning: implicit declaration of function `bind' bsd-setenv.c: In function `setenv': bsd-setenv.c:125: warning: implicit declaration of function `bcopy' bsd-setproctitle.c:62: warning: `__progname' defined but not used authfd.c: In function `ssh_get_authentication_socket': authfd.c:84: warning: implicit declaration of function `socket' authfd.c:93: warning: implicit declaration of function `connect' authfile.c: In function `load_private_key': authfile.c:494: warning: unsigned int format, long unsigned int arg (arg 2) canohost.c: In function `get_rem...

Hi, I have not found any way to use a Certificate with ssh-agent when my Key is stored on a pkcs11 device. I can add my key with ssh-add -s /usr/local/lib/opensc-pkcs11.so but ssh-add -s /usr/local/lib/opensc-pkcs11.so ~/.ssh/mykey-cert.pub does not add the certificate to my agent. As far as I undestand, in ssh-add.c line 580 if (pkcs11provider != NULL) { if (update_card(agent_fd,

...)) + continue; + id = xcalloc(1, sizeof(*id)); + id->key = key; + id->filename = xstrdup(options.certificate_files[i]); + id->userprovided = options.certificate_file_userprovided[i]; + TAILQ_INSERT_TAIL(preferred, id, next); + } /* list of keys supported by the agent */ if ((r = ssh_get_authentication_socket(&agent_fd)) != 0) { if (r != SSH_ERR_AGENT_NOT_PRESENT) -- 1.9.1

...acket: type 21 debug2: set_newkeys: mode 1 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug3: receive packet: type 21 debug2: set_newkeys: mode 0 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS received debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory debug2: key: /home/mrkiko/.ssh/id_rsa ((nil)) debug2: key: /home/mrkiko/.ssh/id_dsa ((nil)) debug2: key: /home/mrkiko/.ssh/id_ecdsa ((nil)) debug2: key: /home/mrkiko/.ssh/id_ed25519 ((nil)) debug3: send packet: type 5 debug3: receive packet: type 6 debug2: service_accept:...

Hi, The main (and probably the only) use case of this PAM module is to let sudo authenticate users via their ssh-agent, therefore without having to type any password and without being tempted to use the NOPASSWD sudo option for such convenience. The principle is originally implemented by an existing module [0][1] and many pages that explain how to use it for such purpose can be found online.