search for: sshconnect2

...> > userauth_pubkey: unsupported public key algorithm: > > rsa-sha2-512-cert-v01 at openssh.com [preauth] > > Could you sent me a debug trace from the client for this? We shouldn't > send this algorithm name unless the server supports it. Could you try this? diff --git a/sshconnect2.c b/sshconnect2.c index f104408..1d2906f 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1080,7 +1080,8 @@ key_sig_algorithm(struct ssh *ssh, const struct sshkey *key) * newer (SHA2) algorithms. */ if (ssh == NULL || ssh->kex->server_sig_algs == NULL || - (key->type != KEY_R...

Hi, When following the install instructions in README, I get the following build error: cc -O2 -DKRB5 -I/usr/include/kerberosV -DGSSAPI -I/usr/src/usr.bin/ssh/ssh/.. -c /usr/src/usr.bin/ssh/ssh/../sshconnect2.c /usr/src/usr.bin/ssh/ssh/../sshconnect2.c: In function `input_userauth_pk_ok': /usr/src/usr.bin/ssh/ssh/../sshconnect2.c:460: dereferencing pointer to incomplete type /usr/src/usr.bin/ssh/ssh/../sshconnect2.c:460: structure has no member named `idlist' *** Error code 1 Stop in /usr/src/u...

Hello! I have been reading through the OpenSSH 4.0p code. There exist two globals called "Authctxt". One is defined in sshconnect2.c (type 1) and the other in auth.h (type 2). Both are structs with different members. Nevertheless, they are used seemingly interchangeably, e.g.: In line 302 of sshconnect2.c the function "userauth_none" is called: userauth_none(&authctxt); The referred authctxt is of type 1. sshc...

https://bugzilla.mindrot.org/show_bug.cgi?id=2642 Bug ID: 2642 Summary: [sshconnect2] publickey authentication only properly works if used first: pubkey_prepare doesn't work after pubkey_cleanup Product: Portable OpenSSH Version: 7.3p1 Hardware: amd64 OS: Linux Status: NEW...

...ion: SunOS Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: dean.r.smart at mail.sprint.com When using scp|ssh in nohup|cron|batch in a non interactive mode, sshconnect1.c and sshconnect2.c do not have the ability to call read_passphrase in such a manner to cause ssh-askpass to be utilized as documented in the man pages. The calls are as follows for the released code: # grep 'read_passphrase(' sshconnect[12].c-original sshconnect1.c-original: passphrase = read_passphrase...

Hello all, is there any recent information on programming on how to add a new authentication method into OpenSSH / OpenSSL ?! Is there any other way, to add a new authentication method into openssh (one-time passwords), apart from adding the functions into sshconnect.c and sshconnect2.c Particularly I'm interested in information on "struct Authctxt" in sshconnect2 and sshuserauth2. Thank You very much in advance. Greetings, N. Linde PS: Please CC to me directly, since I'm not subscribed to the list. -- ------------------------------------------------------...

We are attempting to use openssh sftp to connect to a server that is running some version of the Axway SFTP server. After a publickey auth completes, the server resends publickey as a valid auth. This results in a loop as openssh sftp resubmits the publickey information. This seems similar to a discussion in 2014 that terminated with the thought that it might be nice if the client tracked

https://bugzilla.mindrot.org/show_bug.cgi?id=3356 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org --- Comment #1 from Damien Miller <djm at mindrot.org> --- Created attachment 3725 -->

The patch to enable FIPS mode for openssh 6.0p1 missed two instances of the ssh client trying to use MD5. It causes pubkey-based authentication to fail in FIPS mode. I have copied the missing changes from auth2-pubkey.c into sshconnect2.c. Here is a patch: diff -cr openssh-6.0p1/sshconnect2.c openssh-6.0p1-patched/sshconnect2.c *** openssh-6.0p1/sshconnect2.c Sun May 29 07:42:34 2011 --- openssh-6.0p1-patched/sshconnect2.c Wed Aug 29 14:59:19 2012 *************** *** 77,82 **** --- 77,88 ---- #include "ssh-gss.h"...

...pat.h 22 Jun 2004 22:22:40 -0000 @@ -55,6 +55,7 @@ #define SSH_BUG_EXTEOF 0x00200000 #define SSH_BUG_PROBE 0x00400000 #define SSH_BUG_FIRSTKEX 0x00800000 +#define SSH_BUG_PWDCHGREQ 0x01000000 void enable_compat13(void); void enable_compat20(void); Index: sshconnect2.c =================================================================== RCS file: /cvs/openssh/sshconnect2.c,v retrieving revision 1.127 diff -d -u -r1.127 sshconnect2.c --- sshconnect2.c 15 Jun 2004 00:30:09 -0000 1.127 +++ sshconnect2.c 22 Jun 2004 22:22:43 -0000 @@ -767,11 +767,13...

...39;ve patched my local OpenSSH (currently 2.9p2, but the same patch applies to 3.0.2) to allow the cipher 'none' for both SSH1 and SSH2 connections. With SSH1, there is already code to print a warning that any password you enter will be sent in plain text. However the userauth_passwd() in sshconnect2.c does not have any such warning. I would like to discourage the users from sending plain-text passwords across the wire, even if the rest of the session is unencrypted. I can't work out how to do this, how to let userauth_passwd() take different actions depending on what encryption is being...

On Thu, 11 Oct 2018, Adam Eijdenberg wrote: > On Thu, Oct 11, 2018 at 12:13 PM Damien Miller <djm at mindrot.org> wrote: > > Could you try this? > > > > diff --git a/sshconnect2.c b/sshconnect2.c > > index f104408..1d2906f 100644 > > --- a/sshconnect2.c > > +++ b/sshconnect2.c > > @@ -1080,7 +1080,8 @@ key_sig_algorithm(struct ssh *ssh, const struct sshkey *key) > > * newer (SHA2) algorithms. > > */ > > if...

...;m not > sure it's the right thing to do anyway). I think this is a better way to handle it: keep track of the signatures sent and mark the successful one to not be used again. This seems to behave as expected against a server hacked up to behave more or less as you describe. diff --git a/sshconnect2.c b/sshconnect2.c index 8138e46..3f475d9 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -246,6 +246,7 @@ typedef struct cauthmethod Authmethod; typedef struct identity Identity; typedef struct idlist Idlist; +#define IDENTITY_SUCCESSFUL 0x1000 struct identity { TAILQ_ENTRY(identity) next;...

...-0000 @@ -43,6 +43,7 @@ #define SSH_BUG_IGNOREMSG 0x00000100 #define SSH_BUG_PKOK 0x00000200 #define SSH_BUG_PASSWORDPAD 0x00000400 +#define SSH_BUG_PWDCHGREQ 0x00000402 #define SSH_BUG_SCANNER 0x00000800 #define SSH_BUG_BIGENDIANAES 0x00001000 #define SSH_BUG_RSASIGMD5 0x00002000 Index: sshconnect2.c =================================================================== RCS file: /cvs/openssh/sshconnect2.c,v retrieving revision 1.127 diff -d -u -r1.127 sshconnect2.c --- sshconnect2.c 15 Jun 2004 00:30:09 -0000 1.127 +++ sshconnect2.c 17 Jun 2004 22:02:55 -0000 @@ -767,11 +767,13 @@ "...

http://bugzilla.mindrot.org/show_bug.cgi?id=684 Summary: ssh cannot access keys stored in agent Product: Portable OpenSSH Version: 3.7.1p1 Platform: UltraSparc OS/Version: Solaris Status: NEW Severity: major Priority: P2 Component: ssh AssignedTo: openssh-bugs at mindrot.org ReportedBy:

On Thu, Oct 11, 2018 at 10:41 AM Damien Miller <djm at mindrot.org> wrote: > On Wed, 10 Oct 2018, Adam Eijdenberg wrote: > > We see this error on the client side: > > > > debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512> > > ... > > debug1: Offering public key: RSA-CERT SHA256:xxx /path/to/key > > debug1: send_pubkey_test: no

...rivate key being used, it will still work, right? If that is the case I too think it should handle non-matching key pairs better. i.e. ignore behave as if there was just a private key there (which is how I use it). Or let user decide if it should warn, ignore completely, or quit. > diff --git a/sshconnect2.c b/sshconnect2.c > index 1cf48a2..5a27392 100644 > --- a/sshconnect2.c > +++ b/sshconnect2.c > @@ -1243,6 +1243,14 @@ load_identity_file(Identity *id) > quit = 1; > break; > } > + if (private != N...

...s in order of preference. */ + char *pkalg; /* SSH2 PK_ALG list to use */ int protocol; /* Protocol in order of preference. */ char *hostname; /* Real host to connect. */ char *host_key_alias; /* hostname alias for .ssh/known_hosts */ diff -c3 -r orig/openssh-2.5.1p1/sshconnect2.c openssh-2.5.1p1/sshconnect2.c *** orig/openssh-2.5.1p1/sshconnect2.c Fri Feb 16 01:34:57 2001 --- openssh-2.5.1p1/sshconnect2.c Sun Mar 11 23:15:37 2001 *************** *** 94,99 **** --- 94,104 ---- myproposal[PROPOSAL_MAC_ALGS_CTOS] = myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;...

...removed, so this patch does: - ip = xstrdup(ntop); + ip = put_host_port(ntop, options.port); 2) Applies cleanly against openssh 4.3p2 (the addition of some code to misc.h caused the patch to fail, and file location offsets are a bit different). 3) The modifications to sshconnect2.c were removed, they appeared to be there for debugging only. The relavent section from patch 980 was: -- sshconnect2.c 31 Aug 2005 09:46:27 -0000 1.131 +++ sshconnect2.c 3 Oct 2005 02:25:14 -0000 @@ -1303,6 +1303,8 @@ userauth_hostbased(Authctxt *authctxt) u_int blen, s...

Hello, I have a client machine and a server machine. I generated a pair of private-public rsa keys using ssh-keygen. On the client-machine, I uploaded my private key onto ~/.ssh/id_rsa On the server machine, I appended the content of the public key to .ssh/authorized_keys I can successfully connect from the client to the server with that config. However, on the client-side, if I add a