Displaying 6 results from an estimated 6 matches for "sshkey_is_cert".
2017 Mar 01
7
[Bug 2686] New: SSHD segfaults when trying to load RSA1 host keys
https://bugzilla.mindrot.org/show_bug.cgi?id=2686
Bug ID: 2686
Summary: SSHD segfaults when trying to load RSA1 host keys
Product: Portable OpenSSH
Version: 7.4p1
Hardware: Other
OS: Linux
Status: NEW
Keywords: patch
Severity: enhancement
Priority: P5
Component: sshd
2015 Jul 26
2
[PATCH] ssh-agent: Add support to load additional certificates
...+ int r, ret = -1;
+
+ /* Load certificate */
+ if ((r = sshkey_load_public(filename, &cert, &comment)) != 0) {
+ if (r != SSH_ERR_SYSTEM_ERROR || errno != ENOENT)
+ error("Failed to load certificate \"%s\": %s",
+ filename, ssh_err(r));
+ goto out;
+ }
+ if (!sshkey_is_cert(cert)) {
+ error("Not a certificate: %s", filename);
+ goto out;
+ }
+
+ /* Add empty private key fields for serialization */
+ if ((r = sshkey_add_private(cert)) != 0)
+ goto out;
+
+ if ((r = ssh_add_identity_constrained(agent_fd, cert, comment,
+ lifetime, confirm)) != 0)...
2024 Oct 14
2
[RFC] Preferentially TOFU certificate authorities rather than host keys
...diff --git a/hostfile.c b/hostfile.c
index c5669c703..462ed8357 100644
--- a/hostfile.c
+++ b/hostfile.c
@@ -437,12 +437,15 @@ static int
write_host_entry(FILE *f, const char *host, const char *ip,
const struct sshkey *key, int store_hash)
{
- int r, success = 0;
+ int r, success = 0, cert = sshkey_is_cert(key);
char *hashed_host = NULL, *lhost;
lhost = xstrdup(host);
lowercase(lhost);
+ if (cert)
+ fprintf(f, "%s ", CA_MARKER);
+
if (store_hash) {
if ((hashed_host = host_hash(lhost, NULL, 0)) == NULL) {
error_f("host_hash failed");
@@ -457,7 +460,9 @@ write_ho...
2018 Sep 06
4
Some wishes regarding revoked keys
Hello.
I am trying to play through the following test scenario about
certificate revocation on Ubuntu 18.04, which has OpenSSH of this version:
OpenSSH_7.6p1 Ubuntu-4, OpenSSL 1.0.2n? 7 Dec 2017
1. A CA key is created
ssh-keygen -t ed25519 -f ca
2. The CA public key is added to ~/.ssh/authorized_keys on some server:
cert-authority ssh-ed25519 AAAA...e ca at yoga
3. A user key is created on a
2016 Nov 21
11
[Bug 2642] New: [sshconnect2] publickey authentication only properly works if used first: pubkey_prepare doesn't work after pubkey_cleanup
https://bugzilla.mindrot.org/show_bug.cgi?id=2642
Bug ID: 2642
Summary: [sshconnect2] publickey authentication only properly
works if used first: pubkey_prepare doesn't work after
pubkey_cleanup
Product: Portable OpenSSH
Version: 7.3p1
Hardware: amd64
OS: Linux
Status:
2018 Mar 22
16
Call for testing: OpenSSH 7.7
Hi,
OpenSSH 7.7p1 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This is a bugfix release.
Snapshot releases for portable OpenSSH are available from
http://www.mindrot.org/openssh_snap/
The OpenBSD version is available in CVS HEAD:
http://www.openbsd.org/anoncvs.html
Portable OpenSSH is also available via git using the
instructions at