search for: ssh_smsg_success

Hi ! I hacked together a couple of patches for Openssh 2.1.1p4 port forwarding. It is a one patch file that does the following two things: First: If the server is configured not to allow port forwardings it sends SSH_SMSG_FAILURE (protocol 1) while openssh client expects SSH_SMSG_SUCCESS. When the client gets the failure it exists with protocol error message. This patch will accept both failure and success messages. Second: I added a new configuration option to sshd_config: PortForwarding that can be used to disable port forwarding on the server (It does nothing to the client). T...

...- /* - * Wait for response from the remote side. It will send a disconnect - * message on failure, and we will never see it here. + + /* Jarno: Server can send SSH_SMSG_FAILURE if it won't do port + * forwardings. Read the server reply. */ - packet_read_expect(&payload_len, SSH_SMSG_SUCCESS); + type = packet_read(&payload_len); /* Expect reply from server */ + switch (type) { + case SSH_SMSG_SUCCESS: + success = 1; + break; + case SSH_SMSG_FAILURE: + log("Warning: Server doesn't do port forwarding."); + break; + default: + /* Unknown packet */ + pack...

I set sshd to deny root login. But I still get a password prompt! So if I get the password right, I get one error message: Received disconnect: ROOT LOGIN REFUSED FROM example.com while if I simply put in a wrong password three times I get Permission denied. If this means I set it up wrong please mail me directly - I'm not subscribed to the list. Otherwise please fix this. -- The

...+ if (len == sizeof(struct ClearToken)) { p += sizeof(len); memcpy(&ct, p, len); p += len; @@ -848,6 +848,7 @@ debug("AFS token for cell %s rejected.", server_cell); else if (type != SSH_SMSG_SUCCESS) packet_disconnect("Protocol error on AFS tokenresponse: %d", type); + } } } ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

...enting SSH ver1 client for my school work and testing it with OpenSSH servers. Unfortunately I cannot execute commands after succesful login without allocate pty. My client send SSH_CMSG_EXEC_SHELL packet on server, but dont receive any answer. According RFC defined SSH1, server should send SSH_SMSG_SUCCESS or SSH_SMSG_FAILURE message. So I tried send SSH_CMSG_EXEC_CMD with command, but after executing command server send EXIT_STATUS message. I dont understand why, because RFC document define EXEC_CMD message this way: "Starts executing the given command, and enters interactive session mo...

...n, p, sizeof(len)); - if (len != sizeof(struct ClearToken)) - break; + if (len == sizeof(struct ClearToken)) { p += sizeof(len); memcpy(&ct, p, len); p += len; @@ -848,6 +848,7 @@ debug("AFS token for cell %s rejected.", server_cell); else if (type != SSH_SMSG_SUCCESS) packet_disconnect("Protocol error on AFS token response: %d", type); + } } }

...ket_get_bignum(challenge); packet_check_eom(); + debug("Received RSA challenge from server."); /* Ask the agent to decrypt the challenge. */ @@ -136,12 +145,16 @@ type = packet_read(); /* The server returns success if it accepted the authentication. */ + if (type == SSH_SMSG_SUCCESS) { ssh_close_authentication_connection(auth); BN_clear_free(challenge); debug("RSA authentication accepted by server."); return 1; } + + + /* Otherwise it should return failure. */ if (type != SSH_SMSG_FAILURE) packet_disconnect("Protocol error waiting RS...

.../* - * Wait for response from the remote side. It will send a disconnect - * message on failure, and we will never see it here. + /* Jarno: Server can send SSH_SMSG_FAILURE if it won't do port + * forwardings. Read the server reply. */ - packet_read_expect(&payload_len, SSH_SMSG_SUCCESS); + type = packet_read(&payload_len); + switch (type) { + case SSH_SMSG_SUCCESS: + success = 1; + break; + case SSH_SMSG_FAILURE: + log("Warning: Server doesn't do port forwarding."); + break; + default: + /* Unknown packet */ + packet_disconnect("Protocol er...

...get_canonical_hostname(),"ssh",&loginmsg); + /* We don't have a pty yet, so just label the line as "ssh" */ + if (loginsuccess(user,get_canonical_hostname(),"ssh",&aixloginmsg) < 0) + aixloginmsg = NULL; #endif /* WITH_AIXAUTHENTICATE */ packet_start(SSH_SMSG_SUCCESS); packet_send(); --- auth2.c.orig Thu May 11 14:31:01 2000 +++ auth2.c Thu May 11 15:16:21 2000 @@ -154,9 +154,9 @@ int authenticated = 0; char *raw, *user, *service, *method, *authmsg = NULL; struct passwd *pw; - - if (++attempt == AUTH_FAIL_MAX) - packet_disconnect("too many failed...

...8,13 @@ } if (pw == NULL) fatal("internal error, authentication successfull for user '%.100s'", user); + +#ifdef HAVE_BSD_AUTH_H + if (bsduser != NULL) { + xfree(bsduser); + bsduser = NULL; + } +#endif /* The user has been authenticated and accepted. */ packet_start(SSH_SMSG_SUCCESS); Index: auth2.c --- auth2.c 2001/02/13 07:43:16 1.1 +++ auth2.c 2001/02/13 22:00:06 @@ -56,6 +56,11 @@ #include "uidswap.h" #include "auth-options.h" +#ifdef HAVE_BSD_AUTH_H +# include <login_cap.h> +# include <bsd_auth.h> +#endif + /* import */ extern ServerO...

...- /* - * Wait for response from the remote side. It will send a disconnect - * message on failure, and we will never see it here. + + /* Jarno: Server can send SSH_SMSG_FAILURE if it won't do port + * forwardings. Read the server reply. */ - packet_read_expect(&payload_len, SSH_SMSG_SUCCESS); + type = packet_read(&payload_len); /* Expect reply from server */ + switch (type) { + case SSH_SMSG_SUCCESS: + success = 1; + break; + case SSH_SMSG_FAILURE: + log("Warning: Server doesn't do port forwarding."); + break; + default: + /* Unknown packet */ + pack...

Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the

...n 0; - if ((challenge = BN_new()) == NULL) fatal("try_agent_authentication: BN_new failed"); /* Loop through identities served by the agent. */ @@ -134,7 +128,6 @@ try_agent_authentication(void) /* The server returns success if it accepted the authentication. */ if (type == SSH_SMSG_SUCCESS) { - ssh_close_authentication_connection(auth); BN_clear_free(challenge); debug("RSA authentication accepted by server."); return 1; @@ -144,7 +137,6 @@ try_agent_authentication(void) packet_disconnect("Protocol error waiting RSA auth response: %d", typ...

...nnect("Sorry, you are not allowed to connect."); + } +#endif /* LOGIN_CAP */ + + if (pw->pw_uid == 0) + log("ROOT LOGIN as '%.100s' from %.100s", + pw->pw_name, get_canonical_hostname()); + /* The user has been authenticated and accepted. */ packet_start(SSH_SMSG_SUCCESS); packet_send(); @@ -2086,6 +2125,11 @@ login_cap_t *lc; char *fname; #endif /* LOGIN_CAP */ +#ifdef __FreeBSD__ +#define DEFAULT_WARN (2L * 7L * 86400L) /* Two weeks */ + struct timeval tv; + time_t warntime = DEFAULT_WARN; +#endif /* __FreeBSD__ */ /* Get remote host name. */ hostn...

...the user has been authenticated or the connection is * closed, do_authloop() returns only if authentication is successful */ - - do_authloop(authctxt); + do_authloop(authctxt, realname); /* The user has been authenticated and accepted. */ packet_start(SSH_SMSG_SUCCESS); @@ -419,5 +425,5 @@ packet_write_wait(); /* Perform session preparation. */ - - do_authenticated(authctxt); + do_authenticated(authctxt, realname); } diff -ru openssh-3.1p1/auth2.c openssh-3.1p1-mods/auth2.c - --- openssh-3.1p1/auth2.c Thu May 9 12:18:26 200...

...ractive(interactive); /* Request authentication agent forwarding if appropriate. */ check_agent_present(); +#ifdef WITH_AGENTFWD if (options.forward_agent) { debug("Requesting authentication agent forwarding."); auth_request_forwarding(); @@ -962,6 +971,7 @@ if (type != SSH_SMSG_SUCCESS) log("Warning: Remote host denied authentication agent forwarding."); } +#endif /* Initiate port forwardings. */ ssh_init_forwarding(); @@ -1043,6 +1053,7 @@ interactive = 1; /* XXX wait for reply */ } +#ifdef WITH_X11FWD if (options.forward_x11 && gete...

...LOGIN REFUSED FROM %.200s", *************** *** 1149,1154 **** --- 1162,1170 ---- get_canonical_hostname()); } /* The user has been authenticated and accepted. */ + #ifdef _AIX + loginsuccess(user,get_canonical_hostname(),"ssh",&loginmsg); + #endif packet_start(SSH_SMSG_SUCCESS); packet_send(); packet_write_wait(); *************** *** 1178,1183 **** --- 1194,1200 ---- int type = 0; void (*authlog) (const char *fmt,...) = verbose; + /* Indicate that authentication is needed. */ packet_start(SSH_SMSG_FAILURE); packet_send(); *************** *** 1261...