search for: ssh_userauth2

...P2 Component: ssh AssignedTo: unassigned-bugs at mindrot.org ReportedBy: THanson at CardinalPeak.com Source file sshconnect2.c contains the definition of structure AuthctxtV2. Field "success" in this structure is declared as type "int". In function ssh_userauth2(), authctxt.success is passed to dispatch_run() as the second argument. dispatch_run() is declared in dispatch.c with a second parameter of type sig_atomic_t. On some OS's (i.e. VxWorks) "sig_atomic_t" is declared as "unsigned char". Where the system is also big-endian,...

...login(Sensitive *sensitive, const char *orighost, /* key exchange */ /* authenticate user */ debug("Authenticating to %s:%d as '%s'", host, port, server_user); - ssh_kex2(host, hostaddr, port); + ssh_kex2(host, hostaddr, port, client_version_string, server_version_string); ssh_userauth2(local_user, server_user, host, sensitive); + free(client_version_string); + free(server_version_string); free(local_user); + free(host); } void diff --git a/sshconnect.h b/sshconnect.h index 890d857..d6de9fe 100644 --- a/sshconnect.h +++ b/sshconnect.h @@ -40,7 +40,7 @@ void ssh_kill_proxy_c...

The variable local_user was allocated by xstrdup and is not freed or pointed to in this branch. This patch adds the xfree. This entire set of patches passed the regression tests on my system. Bug found by Coverity. Signed-off-by: Kylene Hall <kjhall at us.ibm.com> --- sshconnect.c | 1 + 1 files changed, 1 insertion(+) diff -uprN openssh-4.3p2/sshconnect.c

...uct sockaddr *hostaddr, struct passwd *pw, int timeout_ms, + const char *canohost) { char *host, *cp; char *server_user, *local_user; @@ -1131,7 +1140,7 @@ /* key exchange */ /* authenticate user */ if (compat20) { - ssh_kex2(host, hostaddr); + ssh_kex2(host, hostaddr, canohost); ssh_userauth2(local_user, server_user, host, sensitive); } else { ssh_kex(host, hostaddr); diff -ur openssh/sshconnect.h openssh-sshfp/sshconnect.h --- openssh/sshconnect.h 2010-10-07 13:07:33.000000000 +0200 +++ openssh-sshfp/sshconnect.h 2010-11-28 10:34:37.941783851 +0100 @@ -33,18 +33,19 @@ int ssh_...

...naries are used, first is old 3.8p1 ssh client (which works) and second is new 4.5p1 ssh client (which isn't working) but trying to login from the same host (hostA) to the same remote host (hostB) For both versions you can see the "SSH2_MSG_SERVICE_ACCEPT received" debug message from ssh_userauth2(), but only the 3.8p1 version will show the debug message "debug2("key: %s (%p)", id->filename, id->key)" from pubkey_prepare(). I've tried this both with an identyFile directive (as shown in example) as well as just having the id_dsa file being discovered from $HOME...

...4 cipher_crypt (61f94, 774a8, 74490, 10, f0, 7b528) + 34 000338a4 packet_read_poll_seqnr (ffbfe474, 62000, 62000, 620f0,61800, 62400) + 258 00033f94 packet_read_seqnr (0, 6, ffbfe510, 628a8, f0, 3c) + 40 00038bbc dispatch_run (0, ffbfe524, ffbfe510, ffbfe4f0, 624ac, ff) +1c 00025988 ssh_userauth2 (64568, 65250, 72e08, 628a8, 1, 0) + 52c 00021a20 ssh_login (72e08, 4, 45400, 14, 45400, a) + 3a4 000196b4 main (62b14, 647e4, 42a60, 42a58, 42800, 62800) + 8a4 00017e48 _start (0, 0, 0, 0, 0, 0) + 5 Around the coredump, many "Bad packet length" errors can be seen in /v...

https://bugzilla.mindrot.org/show_bug.cgi?id=2642 Bug ID: 2642 Summary: [sshconnect2] publickey authentication only properly works if used first: pubkey_prepare doesn't work after pubkey_cleanup Product: Portable OpenSSH Version: 7.3p1 Hardware: amd64 OS: Linux Status:

On Fri, Feb 23, 2018 at 05:01:00PM +1100, Darren Tucker wrote: > You could try this patch which defers resetting the "tried" flag on the > pubkeys until the list of authentication methods changes. I don't have > a server with this behaviour so I'm not sure if it helps (and I'm not > sure it's the right thing to do anyway). I think this is a better way to

Thanks for your suggestion! It seems to have gone a little further this time, but isn't accepting the key and is failing back on password-based auth. We're double-checking that the public key was correctly configured with the account, and also trying a DSA key to see if it behaves differently. Is there anything you'd suggest we look at or try at this point, and thank you very much

..., it is related to the SSH_EXT_INFO packet that is send by the server every time it is sending an SSH_NEWKEYS packet, hence after every rekeying. I reproduced it on my system with OpenSSH 7.3p1 and manually rekeying with escape R http://pastebin.com/Xk0dF0mc on the client side: sshconnect2.c: void ssh_userauth2(const char *local_user, const char *server_user, char *host, Sensitive *sensitive) { ... ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &input_userauth_ext_info); ssh_dispatch_set(ssh, SSH2_MSG_SERVICE_ACCEPT, &input_userauth_service_accept); ssh_dispatch_run(ssh, DISP...