search for: sshkey_verify

...ieve this bug applies to all versions of OpenSSH, although the majority of my effort has been devoted to (and all of my code snippets come from) openssl-portable. The bug is that an offset is incorrectly treated as a length [2]: /* Check signature over entire KRL up to this point */ > if ((r = sshkey_verify(key, blob, blen, > sshbuf_ptr(buf), sshbuf_len(buf) - sig_off, 0)) != 0) > goto out; "sshbuf_len(buf) - sig_off" should read "sig_off". The result of this bug is that the number of unparsed bytes after our current parse cursor, rather than the number of parse...

............................................................................................... 100 tests ok test_sshkey: ........................................................................................ regress/unittests/sshkey/test_fuzz.c:86 test #89 "fuzz Ed25519 sig" ASSERT_INT_EQ(sshkey_verify(k, sig, l, c, sizeof(c), 0), 0) failed: sshkey_verify(k, sig, l, c, sizeof(c), 0) = -21 0 = 0 Failed during fuzz: FUZZ_1_BIT_FLIP case 1 of 664 (bit: 1) fuzz context 80c56b0 len = 83 0000: 01 00 00 0b 73 73 68 2d 65 64 32 35 35 31 39 00 ....ssh-ed25519. 0016: 00 00 40 ae f5 f8 c2 dc d3...

...y authentication without 1) the key algorithm being of a permitted type 2) knowing at least the signature of a pubkey in authorized_keys etc However, certificates are verified before such checks: userauth_pubkey() -> sshkey_from_blob() -> sshkey_from_blob_internal() -> cert_parse() -> sshkey_verify(key->cert->signature_key) -> ssh_rsa_verify() (or others, depending on cert type) -> openssh_RSA_verify() -> RSA_public_decrypt() The signature algorithm *is* subsequently checked, but of course RSA_public_decrypt has already been called by that point. Outside of CVE-2024-3094, wh...

Hi, The main (and probably the only) use case of this PAM module is to let sudo authenticate users via their ssh-agent, therefore without having to type any password and without being tempted to use the NOPASSWD sudo option for such convenience. The principle is originally implemented by an existing module [0][1] and many pages that explain how to use it for such purpose can be found online.