Displaying 20 results from an estimated 171 matches for "sshkey".
2007 Aug 08
6
Exporting collections/sshkeys
Hullo,
I am attempting to use collections in order to distribute ssh keys
across (soon) many hosts but I am hitting some trouble (the recipe I am
using is at the end of this email). Namely it looks like sshkeys
resources are not marked as exported in the sqlite db. I.e. if I do:
sqlite3 clientconfigs.sqlite3
SQLite version 3.3.5
Enter ".help" for instructions
sqlite> select * from resources where exported = ''t'';
I get nothing. But if I manually set all sshkey resources...
2017 Feb 03
2
compilation errors on master
..."/usr/local/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/local/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/local/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sshkey.c -o sshkey.o
sshkey.c: In function ?sshkey_size?:
sshkey.c:274:28: error: dereferencing pointer to incomplete type ?RSA {aka struct rsa_st}?
return BN_num_bits(k->rsa->n);
^~
sshkey.c:277:28: error: dereferencing pointer to incomplete type ?DSA {aka struct dsa_...
2020 Apr 25
2
[PATCH 1/3] Add private key protection information extraction to ssh-keygen
...????????????????????? |?? 3 +-
?regress/keygen-private-information.sh |? 81 +++++++++++++++++++++
?ssh-keygen.c????????????????????????? |? 44 +++++++----
?ssh-keysign.c???????????????????????? |?? 2 +-
?sshconnect2.c???????????????????????? |?? 2 +-
?sshd.c??????????????????????????????? |?? 2 +-
?sshkey.c????????????????????????????? | 101 +++++++++++++++++++++++---
?sshkey.h????????????????????????????? |? 14 +++-
?10 files changed, 234 insertions(+), 38 deletions(-)
?create mode 100644 regress/keygen-private-information.sh
diff --git a/authfile.c b/authfile.c
index 35ccf576c2b5..6c79369ebfc1 10...
2012 Aug 09
4
Error 400 on Server: Another local or imported resource exists with the type and title Sshkey
I am attempting to remove an old ssh host key from
/etc/ssh/ssh_known_hosts. In my manifest, I have the following:
# add keys
@@sshkey { $hostname:
ensure => present,
type => "rsa",
key => $sshrsakey,
}
# remove key
@@sshkey { "foohost":
ensure => absent,
type => "rsa",
}
Sshkey <<| |>>
But I get this error on puppet agents:
root@harper~> puppet...
2007 Apr 04
5
sshkey
Hello all,
How are you using the sshkey type? Are you using it to list hosts and keys in a class that nodes include in order to manage /etc/ssh/ssh_known_hosts or something else? How does any of this relate to the sshrsakey and sshdsakey facts on the host? I read some stuff about this on the Virtual Resources page but it''s too v...
2024 Oct 14
2
[RFC] Preferentially TOFU certificate authorities rather than host keys
...o a new key and
certificate signed with the same (hopefully offline) CA key with zero
impact on users. Ideally they'd also be able to push a signed revocation
statement that would invalidate the old certificate.
hostfile.c | 9 +++++++--
sshconnect.c | 30 +++++++++++++++++++++++-------
sshkey.c | 6 ++++++
sshkey.h | 1 +
4 files changed, 37 insertions(+), 9 deletions(-)
diff --git a/hostfile.c b/hostfile.c
index c5669c703..462ed8357 100644
--- a/hostfile.c
+++ b/hostfile.c
@@ -437,12 +437,15 @@ static int
write_host_entry(FILE *f, const char *host, const char *ip,
cons...
2015 Jul 26
2
[PATCH] ssh-agent: Add support to load additional certificates
....c openssh.cert_shadow/ssh-add.c
--- openssh-6.9p1/ssh-add.c 2015-07-01 04:35:31.000000000 +0200
+++ openssh.cert_shadow/ssh-add.c 2015-07-26 15:58:06.513151180 +0200
@@ -180,6 +180,49 @@ delete_all(int agent_fd)
}
static int
+add_certificate_only(int agent_fd, const char *filename)
+{
+ struct sshkey *cert = NULL;
+ char *comment = NULL;
+ int r, ret = -1;
+
+ /* Load certificate */
+ if ((r = sshkey_load_public(filename, &cert, &comment)) != 0) {
+ if (r != SSH_ERR_SYSTEM_ERROR || errno != ENOENT)
+ error("Failed to load certificate \"%s\": %s",
+ filename,...
2015 Jun 23
2
Call for testing: OpenSSH 6.9
...ntinue;
#endif
+#ifndef WITH_OPENSSL
+ if (expected[i].l.keytype == KEY_RSA ||
+ expected[i].l.keytype == KEY_DSA)
+ continue;
#ifndef OPENSSL_HAS_ECC
if (expected[i].l.keytype == KEY_ECDSA)
continue;
-#endif
+#endif /* OPENSSL_HAS_ECC */
+#endif /* WITH_OPENSSL */
ASSERT_INT_EQ(sshkey_load_public(
test_data_file(expected[i].key_file), &expected[i].l.key,
NULL), 0);
diff --git a/regress/unittests/kex/test_kex.c b/regress/unittests/kex/test_kex.c
index c61e2bd..cf35f09 100644
--- a/regress/unittests/kex/test_kex.c
+++ b/regress/unittests/kex/test_kex.c
@@ -141,13...
2009 Mar 11
2
trouble diagnosing exported resources
Hello,
I want to use exported resources (namely sshkey) and with the following
code, each node gets his own ssh key written into /etc/ssh/ssh_known_hosts,
but not the others ones. This is with puppet 0.24.7 on redhat.
node ''node1'' {
@@sshkey { "node1":
type => rsa,
key => $sshrsakey
}
Sshkey <<| |&...
2019 Aug 06
2
[PATCH v2] Remove sshkey_load_private()
Remove sshkey_load_private(), as this function's role
is similar to sshkey_load_private_type().
---
Dependency:
This change depends over recently merged change in openbsd:
https://github.com/openbsd/src/commit/b0c328c8f066f6689874bef7f338179145ce58d0
Change log:
v1->v2
- Remove declaration of sshke...
2020 Jun 09
3
[PATCH v2 0/2] Add openssl engine keys with provider upgrade path
...ich will survive is the transmission of keys to the agent by
URI.
The way the patch is structured is to first make public an internal
API to convert EVP_PKEY to sslkey. All openssl keys need this type of
conversion so it's useful for engine keys as well and means we don't
need a different sshkey type for engine keys (they key off the
SSHKEY_FLAG_EXT instead).
James
---
James Bottomley (2):
sshkey: expose openssl EVP_PKEY to sshkey conversion routine.
Add support for openssl engine based keys
Makefile.in | 2 +-
authfd.c | 44 ++++++++++++++
authfd.h | 6 ++
ssh-add.c...
2012 Jul 11
3
where is ssh_known_hosts file generated by sshkey ?
...//docs.puppetlabs.com/guides/exported_resources.html and I had this
test class (code is from another post).
class ssh_known_hosts{
case $sshrsakey {
'''': { alert("No sshrsakey found for $fqdn") }
default: {
@@sshkey { $fqdn:
ensure => present,
host_aliases => [$hostname, $ipaddress],
key => $sshrsakey,
type => rsa,
}
}
}
Sshke...
2010 Jun 01
2
Is sshkey host_aliases new in 0.25?
Is the host_aliases parameter to sshkey new in 0.25?
Jun 1 15:28:48 s_sys@ext3.fr.xxx.com puppetd[20358]: Could not
retrieve catalog: Invalid parameter ''host_aliases'' for type ''Sshkey''
at /etc/puppet/manifests/nodes/fr.twofish.com/ext3.pp:19 on node
ext3.fr.xxx.com
Jun 1 15:28:48 s_sys@ext3.fr.xxx.c...
2020 Jul 14
7
[Bug 3192] New: openssh-8.2 & openssl-1.1.1d error: dereferencing pointer to incomplete type Not found struct BIO , bio->num_write
...OpenSSH
Version: 8.2p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: cunixc at gmail.com
build openssh-8.2
sshkey.c:4625:27: error: dereferencing pointer to incomplete type
BIO_read(bio, keybuf, bio->num_write);
bio->num_write //Not found struct BIO
cc -g -O0 -D_FORTIFY_SOURCE=2 -DDEBUG_KEXECDH -fno-builtin-memset
-I. -I. -I/build/store/ssl//include -I/build/store/ssl/include
-I/build/store/zlib/incl...
2010 Nov 15
2
bug with using exported resources?
Hello...
Is this a bug or by design?
I''m using exported resources to generate /etc/ssh/ssh_known_hosts. I
changed the example from the docs to this:
@@sshkey {
"$fqdn,$hostname,$ipaddress": type => rsa,
key => $sshrsakey,
}
so that I would get one line per host in the ssh_know_hosts file. What
happened was that on each run several (all?) keys exported would be
re-added. At one point I counted 34 duplicate entries....
2012 Aug 29
4
troubleshooting resource collection
Hi,
I''m new to Puppet. And I''m trying out an ssh module:
https://github.com/saz/puppet-ssh.
It collects ssh keys like this:
class ssh::knownhosts {
Sshkey <<| |>> {
ensure => present,
}
notify{"knownhosts class: $fqdn $hostname $ipaddress ":}
}
I can see it echoes the host key of the host the puppet agent runs on. But
the /etc/ssh/ssh_known_hosts file isn''t actually written - I can add an
sshke...
2014 Aug 26
1
Call for testing: OpenSSH 6.7
Good news/Bad News
The test race in RHEL 3.4 seems to be gone ... but another ec.h failure ...
Using http://www.mindrot.org/openssh_snap/openssh-SNAP-20140827.tar.gz
OS Build_Target CC
OpenSSL BUILD TEST
============== =========================== ================
============= ====== =================
*RHEL 3.4 i386-redhat-linux gcc
2018 Oct 11
2
no mutual signature algorithm with RSA user certs client 7.8, server 7.4
...at mindrot.org> wrote:
> > Could you try this?
> >
> > diff --git a/sshconnect2.c b/sshconnect2.c
> > index f104408..1d2906f 100644
> > --- a/sshconnect2.c
> > +++ b/sshconnect2.c
> > @@ -1080,7 +1080,8 @@ key_sig_algorithm(struct ssh *ssh, const struct sshkey *key)
> > * newer (SHA2) algorithms.
> > */
> > if (ssh == NULL || ssh->kex->server_sig_algs == NULL ||
> > - (key->type != KEY_RSA && key->type != KEY_RSA_CERT)) {
> > + (key->type != KEY_RSA &&a...
2016 Feb 17
2
Call for testing: OpenSSH 7.2
On Wed, 17 Feb 2016, Hisashi T Fujinaka wrote:
> > I need to make these error messages more user-friendly :(
> >
> > -24 is SSH_ERR_SYSTEM_ERROR, so it's likely failing to find/load the
> > key for some reason. I'll make a patch to improve the error message,
> > but in the meantime you could probably figure out the exact failure
> > using
2016 Feb 17
4
Call for testing: OpenSSH 7.2
On Wed, Feb 17, 2016 at 3:51 AM, Hisashi T Fujinaka <htodd at twofifty.com> wrote:
> Sorry, I haven't been paying too much attention here, but I'm having
> repeated failures when I tried this morning.
>
> NetBSD-current:
> test_sshkey: ..................................[1] Segmentation fault
> (core dumped) ${V} /home/htodd...
> *** Error code 139
did it produce a core dump? if so, could you feed it to gdb and get a
backtrace?
> NetBSD-7:
> test_hostkeys:
> regress/unittests/hostkeys/test_iterate.c:163 test #...