Displaying 15 results from an estimated 15 matches for "ssh_gssapi_storecreds".
2004 Aug 23
8
[Bug 918] ssh_gssapi_storecreds called to late to be usable by PAM in sesion.c
http://bugzilla.mindrot.org/show_bug.cgi?id=918
Summary: ssh_gssapi_storecreds called to late to be usable by PAM
in sesion.c
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: PAM support
Assi...
2009 May 23
2
Memory leak caused by forwarded GSSAPI credential store
...memory allocation problem not related to OpenSSH, I found a memory leak in OpenSSH when storing forwarded GSSAPI credentials resulting in a growing process segment for each connection that uses GSSAPI credentials forwarding. What happens is the following:
In the privileged parent, we are calling ssh_gssapi_storecreds() which itself calls ssh_gssapi_krb5_storecreds(). ssh_gssapi_krb5_storecreds() makes some memory allocations in order to save the credentials store for the gssapi client.
+167 client->store.filename = xstrdup(krb5_cc_get_name(krb_context, ccache));
+168 client->store....
2004 Aug 12
14
Pending OpenSSH release, call for testing.
Hi All.
OpenSSH is getting ready for a release soon, so we are asking for all
interested parties to test a snapshot.
Changes include:
* sshd will now re-exec itself for each new connection (the "-e" option
is required when running sshd in debug mode).
* PAM password authentication has been (re)added.
* Interface improvements to sftp(1)
* Many bug fixes and improvements, for
2009 May 23
7
[Bug 1601] New: Memory leak caused by forwarded GSSAPI credential store
...PI memory allocation problem not related to
OpenSSH, I found a memory leak in OpenSSH when storing forwarded GSSAPI
credentials resulting in a growing process segment for each connection
that uses GSSAPI credentials forwarding. What happens is the following:
In the privileged parent, we are calling ssh_gssapi_storecreds() which
itself calls ssh_gssapi_krb5_storecreds(). ssh_gssapi_krb5_storecreds()
makes some memory allocations in order to save the credentials store
for the gssapi client.
+167 client->store.filename =
xstrdup(krb5_cc_get_name(krb_context, ccache));
+168 client->store.e...
2008 Dec 02
0
SSHD does not cleanup kerberos ticket while root logins
...4.3p2. When root logins with his
kerberos ticket and then logout, his ticket remains on the machine. I
found in source (sshd.c) in privsep_postauth function, that if root
logins then use_privsep is set to 0 and call of function
do_setusercontext is skipped. But the function do_setusercontext calls
ssh_gssapi_storecreds where structure client->store.filename is filled
with the filename of kerberos ticket. So then if
ssh_gssapi_cleanup_creds is called it does nothing because
gssapi_client.store.filename is empty.
We are using also pam_krb5, but with option minimal_uid=200, so the root
login is not affected.
My...
2003 Aug 22
1
GSSAPI patch sync from OpenBSD to Portable
Hi All.
Markus has commited the long-awaited GSSAPI patch to OpenBSD's ssh.
There are patches. The first [1] is a straightforward port of the
OpenBSD code to Portable.
The second [2] contains the parts I've stolen from Simon Wilkinson's
portable GSSAPI patch in an attempt to make it build. It is incomplete
and doesn't currently work.
The PAM support is not there and
2005 Feb 09
14
[Bug 914] [RELENG] Bugs planned to be fixed for OpenSSH 4.0
http://bugzilla.mindrot.org/show_bug.cgi?id=914
dtucker at zip.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
Summary|[RELENG] Bugs planned to be |[RELENG] Bugs planned to be
|fixed *after* 3.9
2003 Aug 10
9
updated gssapi diff
...h_gssapi_cleanup_creds(void *ignored)
+{
+ if (gssapi_client.store.filename != NULL) {
+ /* Unlink probably isn't sufficient */
+ debug("removing gssapi cred file\"%s\"", gssapi_client.store.filename);
+ unlink(gssapi_client.store.filename);
+ }
+}
+
+/* As user */
+void
+ssh_gssapi_storecreds(void)
+{
+ if (gssapi_client.mech && gssapi_client.mech->storecreds) {
+ (*gssapi_client.mech->storecreds)(&gssapi_client);
+ if (options.gss_cleanup_creds)
+ fatal_add_cleanup(ssh_gssapi_cleanup_creds, NULL);
+ } else
+ debug("ssh_gssapi_storecreds: Not a GSSAPI mechani...
2015 Jul 24
3
Cisco vs. 6.9
...nticated [preauth]
debug3: mm_request_send entering: type 26 [preauth]
debug3: mm_send_keystate: Finished sending state [preauth]
debug1: monitor_read_log: child log fd closed
debug3: mm_share_sync: Share sync
debug3: mm_share_sync: Share sync end
debug1: temporarily_use_uid: 934/55 (e=0/0)
debug1: ssh_gssapi_storecreds: Not a GSSAPI mechanism
debug1: restore_uid: 0/0
User child is on pid 7678
debug1: permanently_set_uid: 934/55
debug3: monitor_apply_keystate: packet_set_state
debug2: set_newkeys: mode 0
debug2: set_newkeys: mode 1
debug1: ssh_packet_set_postauth: called
debug3: ssh_packet_set_state: done
debug3:...
2015 Jul 23
3
Cisco vs. 6.9
After upgrading a Linux system from OpenSSH 6.7 to 6.9, Cisco
switches/routers can no longer scp config files to/from the system. The
last debug entry before the Cisco device closes the connection is "debug1:
server_input_channel_open: confirm session". The next line is "Connection
closed by x.x.x.x". Anyone else seen this or know of a fix? The Cisco
device gives
2016 May 11
23
[Bug 2568] New: ssh fails to authenticate using RSA keys when agent does not support sha256/512 signatures
https://bugzilla.mindrot.org/show_bug.cgi?id=2568
Bug ID: 2568
Summary: ssh fails to authenticate using RSA keys when agent
does not support sha256/512 signatures
Product: Portable OpenSSH
Version: -current
Hardware: Other
URL: https://github.com/connectbot/connectbot/issues/397
OS: Linux
2009 Jun 05
2
ssh trouble checklist
...keys_from_blob: 0x7f2a280233f0(122)
debug2: mac_setup: found hmac-md5
debug3: mm_get_keystate: Getting compression state
debug3: mm_get_keystate: Getting Network I/O buffers
debug3: mm_share_sync: Share sync
debug3: mm_share_sync: Share sync end
debug1: temporarily_use_uid: 1008/999 (e=0/0)
debug1: ssh_gssapi_storecreds: Not a GSSAPI mechanism
debug1: restore_uid: 0/0
debug1: SELinux support enabled
debug3: ssh_selinux_setup_pam_variables: setting execution context
debug1: PAM: establishing credentials
debug3: PAM: opening session
debug3: PAM: sshpam_store_conv called with 1 messages
PAM: pam_open_session(): Authe...
2009 Feb 06
3
Hung connection over Juniper Tunnel
...mm_newkeys_from_blob: 0x7f8a5c7ba4e0(122)
debug2: mac_init: found hmac-md5
debug3: mm_get_keystate: Getting compression state
debug3: mm_get_keystate: Getting Network I/O buffers
debug3: mm_share_sync: Share sync
debug3: mm_share_sync: Share sync end
debug1: temporarily_use_uid: 0/0 (e=0/0)
debug1: ssh_gssapi_storecreds: Not a GSSAPI mechanism
debug1: restore_uid: 0/0
debug1: PAM: establishing credentials
debug3: PAM: opening session
debug2: set_newkeys: mode 0
debug2: set_newkeys: mode 1
debug1: Entering interactive session for SSH2.
debug2: fd 5 setting O_NONBLOCK
debug2: fd 6 setting O_NONBLOCK
debug1: server_i...
2023 Jun 30
1
Subsystem sftp invoked even though forced command created
On 30/06/2023 09:56, Damien Miller wrote:
> It's very hard to figure out what is happening here without a debug log.
>
> You can get one by stopping the listening sshd and running it manually
> in debug mode, e.g. "/usr/sbin/sshd -ddd"
Or starting one in debug mode on a different port, e.g. "-p99 -ddd"
2014 Jul 15
3
GSSAPI
If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches?
---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |