search for: sshkey_is_cert

Displaying 6 results from an estimated 6 matches for "sshkey_is_cert".

2017 Mar 01
7
[Bug 2686] New: SSHD segfaults when trying to load RSA1 host keys
https://bugzilla.mindrot.org/show_bug.cgi?id=2686 Bug ID: 2686 Summary: SSHD segfaults when trying to load RSA1 host keys Product: Portable OpenSSH Version: 7.4p1 Hardware: Other OS: Linux Status: NEW Keywords: patch Severity: enhancement Priority: P5 Component: sshd
2015 Jul 26
2
[PATCH] ssh-agent: Add support to load additional certificates
...+ int r, ret = -1; + + /* Load certificate */ + if ((r = sshkey_load_public(filename, &cert, &comment)) != 0) { + if (r != SSH_ERR_SYSTEM_ERROR || errno != ENOENT) + error("Failed to load certificate \"%s\": %s", + filename, ssh_err(r)); + goto out; + } + if (!sshkey_is_cert(cert)) { + error("Not a certificate: %s", filename); + goto out; + } + + /* Add empty private key fields for serialization */ + if ((r = sshkey_add_private(cert)) != 0) + goto out; + + if ((r = ssh_add_identity_constrained(agent_fd, cert, comment, + lifetime, confirm)) != 0)...
2024 Oct 14
2
[RFC] Preferentially TOFU certificate authorities rather than host keys
...diff --git a/hostfile.c b/hostfile.c index c5669c703..462ed8357 100644 --- a/hostfile.c +++ b/hostfile.c @@ -437,12 +437,15 @@ static int write_host_entry(FILE *f, const char *host, const char *ip, const struct sshkey *key, int store_hash) { - int r, success = 0; + int r, success = 0, cert = sshkey_is_cert(key); char *hashed_host = NULL, *lhost; lhost = xstrdup(host); lowercase(lhost); + if (cert) + fprintf(f, "%s ", CA_MARKER); + if (store_hash) { if ((hashed_host = host_hash(lhost, NULL, 0)) == NULL) { error_f("host_hash failed"); @@ -457,7 +460,9 @@ write_ho...
2018 Sep 06
4
Some wishes regarding revoked keys
Hello. I am trying to play through the following test scenario about certificate revocation on Ubuntu 18.04, which has OpenSSH of this version: OpenSSH_7.6p1 Ubuntu-4, OpenSSL 1.0.2n? 7 Dec 2017 1. A CA key is created ssh-keygen -t ed25519 -f ca 2. The CA public key is added to ~/.ssh/authorized_keys on some server: cert-authority ssh-ed25519 AAAA...e ca at yoga 3. A user key is created on a
2016 Nov 21
11
[Bug 2642] New: [sshconnect2] publickey authentication only properly works if used first: pubkey_prepare doesn't work after pubkey_cleanup
https://bugzilla.mindrot.org/show_bug.cgi?id=2642 Bug ID: 2642 Summary: [sshconnect2] publickey authentication only properly works if used first: pubkey_prepare doesn't work after pubkey_cleanup Product: Portable OpenSSH Version: 7.3p1 Hardware: amd64 OS: Linux Status:
2018 Mar 22
16
Call for testing: OpenSSH 7.7
Hi, OpenSSH 7.7p1 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a bugfix release. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available via git using the instructions at