search for: ssherr

...when -L > or -R are used via the ~C escape or the streamlocal-forward at openssh.com > request. > Message-Id: <aea6cdc1d1b42d07 at courtesan.com> > > Perhaps we just need a non-fatal version of tilde_expand_filename(). Yeah, we should refactor it into a version that returns a ssherr.h code and (perhaps) leave the existing tilde_expand_filename() as a wrapper. -d

https://bugzilla.mindrot.org/show_bug.cgi?id=2508 Bug ID: 2508 Summary: Wanting OpenSSL error messages in ssherr() for SSH_ERR_LIBCRYPTO_ERROR Product: Portable OpenSSH Version: 7.1p1 Hardware: Sparc OS: Solaris Status: NEW Severity: enhancement Priority: P5 Component: Miscellaneous Assignee:...

...github.com/openssh/openssh-portable/blob/05f2b141cfcc60c7cdedf9450d2b9d390c19eaad/channels.c#L2143 debug2("channel %d: read failed rfd %d maxlen %zu: %s", c->self, c->rfd, maxlen, ssh_err(r)); However, I can't find then the 'Connection reset by peer' string in 'ssherr.c': https://github.com/openssh/openssh-portable/blob/master/ssherr.c Where does the string 'Connection reset by peer' come from? I'm running locally OpenSSH 9.8p1, and remotely OpenSSH 8.7p1. My ~/.ssh/config contains: Match host target.gbdcs.net ProxyJump localproxy...

...017 at 02:22:10AM -0500, Zev Weiss wrote: > test_kex: regress/unittests/kex/test_kex.c:91 test #1 "sshkey_generate" > ASSERT_INT_EQ(sshkey_generate(keytype, bits, &private), 0) failed: > sshkey_generate(keytype, bits, &private) = -56 That error code is: $ grep -- -56 ssherr.h #define SSH_ERR_KEY_LENGTH -56 Unfortunately there's lots of places in that code that can return that. I have seen that on one Cygwin system (OpenSSL 1.0.2k) here so I added the below code to try to narrow it down. On mine it gave: test_kex: dsa_generate_private_key bits 2048 expected 1...

https://bugzilla.mindrot.org/show_bug.cgi?id=2737 Bug ID: 2737 Summary: function identity_sign() assume private key's pub part as same as the .pub key. Product: Portable OpenSSH Version: 7.5p1 Hardware: Other OS: Other Status: NEW Severity: enhancement Priority: P5

Good news/Bad News The test race in RHEL 3.4 seems to be gone ... but another ec.h failure ... Using http://www.mindrot.org/openssh_snap/openssh-SNAP-20140827.tar.gz OS Build_Target CC OpenSSL BUILD TEST ============== =========================== ================ ============= ====== ================= *RHEL 3.4 i386-redhat-linux gcc

On 8 June 2018 at 11:21, PGNet Dev <pgnet.dev at gmail.com> wrote: > fyi > > add'l -- and looks unrelated -- issue > /usr/include/pthread.h:251:12: note: previous declaration of ?pthread_join? was here > extern int pthread_join (pthread_t __th, void **__thread_return); What included pthread.h? That's explicitly not supported by sshd: $ grep THREAD

--- channels.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/channels.c b/channels.c index a84b487..396e192 100644 --- a/channels.c +++ b/channels.c @@ -3014,10 +3014,14 @@ channel_setup_fwd_listener_streamlocal(int type, struct Forward *fwd, debug3("%s: type %d path %s", __func__, type, fwd->listen_path); + /* Expand home directory if necessary */ +

...h> #include <openssl/rand.h> #include <openssl/rsa.h> +#include "openbsd-compat/openssl-compat.h" #endif #include "xmalloc.h" diff --git a/ssh_api.c b/ssh_api.c index c84b4e71..e727c0d6 100644 --- a/ssh_api.c +++ b/ssh_api.c @@ -29,6 +29,8 @@ #include "ssherr.h" #include "sshbuf.h" +#include "openbsd-compat/openssl-compat.h" + #include <string.h> int _ssh_exchange_banner(struct ssh *); -- 2.19.1

https://bugzilla.mindrot.org/show_bug.cgi?id=2507 Bug ID: 2507 Summary: missing or misleading error messages Product: Portable OpenSSH Version: 7.1p1 Hardware: Sparc OS: Solaris Status: NEW Severity: normal Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org

...key.c b/sshkey.c index 24023d0..0c9032b 100644 --- a/sshkey.c +++ b/sshkey.c @@ -39,7 +39,9 @@ #include <errno.h> #include <stdio.h> #include <string.h> -#include <util.h> +#ifdef HAVE_UTIL_H +# include <util.h> +#endif #include "ssh2.h" #include "ssherr.h" -- 2.0.1

Hello, I've updated sources but forgot to recreate configure so I've ended without #define HAVE_EVP_RIPEMD160 1 and ssh client ended with: OpenSSH_6.7p1, OpenSSL 1.0.1h-fips 5 Jun 2014 debug1: Reading configuration data ssh.config main: mux digest failed The problem was that ssh_digest_by_alg() couldn't verify alg with an index bigger than 1 since the line with SSH_DIGEST_RIPEMD160

Engine keys are private key files which are only understood by openssl external engines. ?The problem is they can't be loaded with the usual openssl methods, they have to be loaded via ENGINE_load_private_key(). ?Because they're files, they fit well into openssh pub/private file structure, so they're not very appropriately handled by the pkcs11 interface because it assumes the private

...ys ] || mkdir -p `pwd`/regress/unittests/hostkeys [ -d `pwd`/regress/unittests/kex ] || mkdir -p `pwd`/regress/unittests/kex [ -f `pwd`/regress/Makefile ] || ln -s `cd . && pwd`/regress/Makefile `pwd`/regress/Makefile (cd openbsd-compat && make) /usr/bin/ar rv libssh.a ssh_api.o ssherr.o sshbuf.o sshkey.o sshbuf-getput-basic.o sshbuf-misc.o sshbuf-getput-crypto.o krl.o bitmap.o authfd.o authfile.o bufaux.o bufbn.o bufec.o buffer.o canohost.o channels.o cipher.o cipher-aes.o cipher-aesctr.o cipher-bf1.o cipher-ctr.o cipher-3des1.o cleanup.o compat.o crc32.o deattack.o f...

OpenSSL 1.1.0 has deprecated this function. --- configure.ac | 1 + openbsd-compat/openssl-compat.c | 2 ++ openbsd-compat/openssl-compat.h | 4 ++++ 3 files changed, 7 insertions(+) diff --git a/configure.ac b/configure.ac index 3f7fe2cd..db2aade8 100644 --- a/configure.ac +++ b/configure.ac @@ -2710,6 +2710,7 @@ if test "x$openssl" = "xyes" ; then ])

...if (update_card(agent_fd, !deleting, pkcs11provider, - qflag) == -1) + qflag) == -1) ret = 1; goto done; } diff --git a/ssh-agent.c b/ssh-agent.c index 5c9a9de60..4997b50e4 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -89,9 +89,14 @@ #include "msg.h" #include "ssherr.h" #include "pathnames.h" +#include "authfile.h" #include "ssh-pkcs11.h" #include "sk-api.h" +#ifdef USE_OPENSSL_ENGINE +#include "ssh-engine.h" +#endif + #ifndef DEFAULT_PROVIDER_WHITELIST # define DEFAULT_PROVIDER_WHITELIST "/usr/...

Hi, The main (and probably the only) use case of this PAM module is to let sudo authenticate users via their ssh-agent, therefore without having to type any password and without being tempted to use the NOPASSWD sudo option for such convenience. The principle is originally implemented by an existing module [0][1] and many pages that explain how to use it for such purpose can be found online.

...crypto.c 22 Aug 2014 07:30:38 -0000 > @@ -24,7 +24,9 @@ > #include <string.h> > > #include <openssl/bn.h> > -#include <openssl/ec.h> > +#ifdef OPENSSL_HAS_ECC > +# include <openssl/ec.h> > +#endif /* OPENSSL_HAS_ECC */ > > #include "ssherr.h" > #include "sshbuf.h" > -- # include <stddisclaimer.h> /* Kevin Brott <Kevin.Brott at gmail.com> */

...----- readconf.c | 8 +- servconf.c | 14 +-- ssh.c | 4 +- 9 files changed, 300 insertions(+), 46 deletions(-) diff --git a/cipher.c b/cipher.c index 02aea4089ff91..1634bb4019c86 100644 --- a/cipher.c +++ b/cipher.c @@ -48,6 +48,7 @@ #include "sshbuf.h" #include "ssherr.h" #include "digest.h" +#include "kex.h" #include "openbsd-compat/openssl-compat.h" @@ -142,12 +143,33 @@ cipher_alg_list(char sep, int auth_only) const char * compression_alg_list(int compression) { -#ifdef WITH_ZLIB - return compression ? "zlib at...

I've architected this in a way that looks future proof at least to the openssl provider transition. What will happen in openssl 3.0.0 is that providers become active and will accept keys via URI. The current file mechanisms will still be available but internally it will become a file URI. To support the provider interface, openssl will have to accept keys by URI instead of file and may