search for: sshkey

Hullo, I am attempting to use collections in order to distribute ssh keys across (soon) many hosts but I am hitting some trouble (the recipe I am using is at the end of this email). Namely it looks like sshkeys resources are not marked as exported in the sqlite db. I.e. if I do: sqlite3 clientconfigs.sqlite3 SQLite version 3.3.5 Enter ".help" for instructions sqlite> select * from resources where exported = ''t''; I get nothing. But if I manually set all sshkey resources...

..."/usr/local/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/local/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/local/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sshkey.c -o sshkey.o sshkey.c: In function ?sshkey_size?: sshkey.c:274:28: error: dereferencing pointer to incomplete type ?RSA {aka struct rsa_st}? return BN_num_bits(k->rsa->n); ^~ sshkey.c:277:28: error: dereferencing pointer to incomplete type ?DSA {aka struct dsa_...

...????????????????????? |?? 3 +- ?regress/keygen-private-information.sh |? 81 +++++++++++++++++++++ ?ssh-keygen.c????????????????????????? |? 44 +++++++---- ?ssh-keysign.c???????????????????????? |?? 2 +- ?sshconnect2.c???????????????????????? |?? 2 +- ?sshd.c??????????????????????????????? |?? 2 +- ?sshkey.c????????????????????????????? | 101 +++++++++++++++++++++++--- ?sshkey.h????????????????????????????? |? 14 +++- ?10 files changed, 234 insertions(+), 38 deletions(-) ?create mode 100644 regress/keygen-private-information.sh diff --git a/authfile.c b/authfile.c index 35ccf576c2b5..6c79369ebfc1 10...

I am attempting to remove an old ssh host key from /etc/ssh/ssh_known_hosts. In my manifest, I have the following: # add keys @@sshkey { $hostname: ensure => present, type => "rsa", key => $sshrsakey, } # remove key @@sshkey { "foohost": ensure => absent, type => "rsa", } Sshkey <<| |>> But I get this error on puppet agents: root@harper~> puppet...

Hello all, How are you using the sshkey type? Are you using it to list hosts and keys in a class that nodes include in order to manage /etc/ssh/ssh_known_hosts or something else? How does any of this relate to the sshrsakey and sshdsakey facts on the host? I read some stuff about this on the Virtual Resources page but it''s too v...

....c openssh.cert_shadow/ssh-add.c --- openssh-6.9p1/ssh-add.c 2015-07-01 04:35:31.000000000 +0200 +++ openssh.cert_shadow/ssh-add.c 2015-07-26 15:58:06.513151180 +0200 @@ -180,6 +180,49 @@ delete_all(int agent_fd) } static int +add_certificate_only(int agent_fd, const char *filename) +{ + struct sshkey *cert = NULL; + char *comment = NULL; + int r, ret = -1; + + /* Load certificate */ + if ((r = sshkey_load_public(filename, &cert, &comment)) != 0) { + if (r != SSH_ERR_SYSTEM_ERROR || errno != ENOENT) + error("Failed to load certificate \"%s\": %s", + filename,...

...ntinue; #endif +#ifndef WITH_OPENSSL + if (expected[i].l.keytype == KEY_RSA || + expected[i].l.keytype == KEY_DSA) + continue; #ifndef OPENSSL_HAS_ECC if (expected[i].l.keytype == KEY_ECDSA) continue; -#endif +#endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ ASSERT_INT_EQ(sshkey_load_public( test_data_file(expected[i].key_file), &expected[i].l.key, NULL), 0); diff --git a/regress/unittests/kex/test_kex.c b/regress/unittests/kex/test_kex.c index c61e2bd..cf35f09 100644 --- a/regress/unittests/kex/test_kex.c +++ b/regress/unittests/kex/test_kex.c @@ -141,13...

Hello, I want to use exported resources (namely sshkey) and with the following code, each node gets his own ssh key written into /etc/ssh/ssh_known_hosts, but not the others ones. This is with puppet 0.24.7 on redhat. node ''node1'' { @@sshkey { "node1": type => rsa, key => $sshrsakey } Sshkey <<| |&...

Remove sshkey_load_private(), as this function's role is similar to sshkey_load_private_type(). --- Dependency: This change depends over recently merged change in openbsd: https://github.com/openbsd/src/commit/b0c328c8f066f6689874bef7f338179145ce58d0 Change log: v1->v2 - Remove declaration of sshke...

...ich will survive is the transmission of keys to the agent by URI. The way the patch is structured is to first make public an internal API to convert EVP_PKEY to sslkey. All openssl keys need this type of conversion so it's useful for engine keys as well and means we don't need a different sshkey type for engine keys (they key off the SSHKEY_FLAG_EXT instead). James --- James Bottomley (2): sshkey: expose openssl EVP_PKEY to sshkey conversion routine. Add support for openssl engine based keys Makefile.in | 2 +- authfd.c | 44 ++++++++++++++ authfd.h | 6 ++ ssh-add.c...

...//docs.puppetlabs.com/guides/exported_resources.html and I had this test class (code is from another post). class ssh_known_hosts{ case $sshrsakey { '''': { alert("No sshrsakey found for $fqdn") } default: { @@sshkey { $fqdn: ensure => present, host_aliases => [$hostname, $ipaddress], key => $sshrsakey, type => rsa, } } } Sshke...

Is the host_aliases parameter to sshkey new in 0.25? Jun 1 15:28:48 s_sys@ext3.fr.xxx.com puppetd[20358]: Could not retrieve catalog: Invalid parameter ''host_aliases'' for type ''Sshkey'' at /etc/puppet/manifests/nodes/fr.twofish.com/ext3.pp:19 on node ext3.fr.xxx.com Jun 1 15:28:48 s_sys@ext3.fr.xxx.c...

...OpenSSH Version: 8.2p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org Reporter: cunixc at gmail.com build openssh-8.2 sshkey.c:4625:27: error: dereferencing pointer to incomplete type BIO_read(bio, keybuf, bio->num_write); bio->num_write //Not found struct BIO cc -g -O0 -D_FORTIFY_SOURCE=2 -DDEBUG_KEXECDH -fno-builtin-memset -I. -I. -I/build/store/ssl//include -I/build/store/ssl/include -I/build/store/zlib/incl...

Hello... Is this a bug or by design? I''m using exported resources to generate /etc/ssh/ssh_known_hosts. I changed the example from the docs to this: @@sshkey { "$fqdn,$hostname,$ipaddress": type => rsa, key => $sshrsakey, } so that I would get one line per host in the ssh_know_hosts file. What happened was that on each run several (all?) keys exported would be re-added. At one point I counted 34 duplicate entries....

Hi, I''m new to Puppet. And I''m trying out an ssh module: https://github.com/saz/puppet-ssh. It collects ssh keys like this: class ssh::knownhosts { Sshkey <<| |>> { ensure => present, } notify{"knownhosts class: $fqdn $hostname $ipaddress ":} } I can see it echoes the host key of the host the puppet agent runs on. But the /etc/ssh/ssh_known_hosts file isn''t actually written - I can add an sshke...

Good news/Bad News The test race in RHEL 3.4 seems to be gone ... but another ec.h failure ... Using http://www.mindrot.org/openssh_snap/openssh-SNAP-20140827.tar.gz OS Build_Target CC OpenSSL BUILD TEST ============== =========================== ================ ============= ====== ================= *RHEL 3.4 i386-redhat-linux gcc

...at mindrot.org> wrote: > > Could you try this? > > > > diff --git a/sshconnect2.c b/sshconnect2.c > > index f104408..1d2906f 100644 > > --- a/sshconnect2.c > > +++ b/sshconnect2.c > > @@ -1080,7 +1080,8 @@ key_sig_algorithm(struct ssh *ssh, const struct sshkey *key) > > * newer (SHA2) algorithms. > > */ > > if (ssh == NULL || ssh->kex->server_sig_algs == NULL || > > - (key->type != KEY_RSA && key->type != KEY_RSA_CERT)) { > > + (key->type != KEY_RSA &&a...

On Wed, 17 Feb 2016, Hisashi T Fujinaka wrote: > > I need to make these error messages more user-friendly :( > > > > -24 is SSH_ERR_SYSTEM_ERROR, so it's likely failing to find/load the > > key for some reason. I'll make a patch to improve the error message, > > but in the meantime you could probably figure out the exact failure > > using

On Wed, Feb 17, 2016 at 3:51 AM, Hisashi T Fujinaka <htodd at twofifty.com> wrote: > Sorry, I haven't been paying too much attention here, but I'm having > repeated failures when I tried this morning. > > NetBSD-current: > test_sshkey: ..................................[1] Segmentation fault > (core dumped) ${V} /home/htodd... > *** Error code 139 did it produce a core dump? if so, could you feed it to gdb and get a backtrace? > NetBSD-7: > test_hostkeys: > regress/unittests/hostkeys/test_iterate.c:163 test #...

...-sha2-256 and rsa-sha2-512 are no longer offered so all is downgraded to rsa-sha. A fix applied at current master could be: diff --git a/kex.c b/kex.c index a30dabe..13bb9aa 100644 --- a/kex.c +++ b/kex.c @@ -348,7 +348,7 @@ kex_send_ext_info(struct ssh *ssh) int r; char *algs; - if ((algs = sshkey_alg_list(0, 1, ',')) == NULL) + if ((algs = sshkey_alg_list(0, 1, 1, ',')) == NULL) return SSH_ERR_ALLOC_FAIL; if ((r = sshpkt_start(ssh, SSH2_MSG_EXT_INFO)) != 0 || (r = sshpkt_put_u32(ssh, 1)) != 0 || diff --git a/ssh.c b/ssh.c index ee0b16d..edef335 100644 --- a/ssh.c ++...