search for: user_key_allowed

Displaying 20 results from an estimated 25 matches for "user_key_allowed".

2002 Oct 15
1
ssh output
.../root/.ssh/authorized_keys debug3: secure_filename: checking '/root/.ssh' debug3: secure_filename: checking '/root' debug3: secure_filename: terminating check at '/root' debug2: key_type_from_name: unknown key type '-----BEGIN' debug3: key_read: no key found debug2: user_key_allowed: check options: '-----BEGIN RSA PRIVATE KEY----- ' debug2: key_type_from_name: unknown key type 'RSA' debug3: key_read: no key found debug2: user_key_allowed: advance: 'RSA PRIVATE KEY----- ' debug3: key_read: no space debug2: user_key_allowed: check options: 'MIICWgIBAA...
2002 Jan 24
1
PATCH: krb4/krb5/... names/patterns in auth_keys entries
...ions.c - added auth_set_key_env() implementation - modified auth_parse_options() to return (-1) when new deny-access option is encountered - auth-rsa.c - modified auth_parse_options() return value check according to the change made to auth_parse_options() - auth2.c - user_key_allowed() is not static now - modified user_key_allowed2() to: - try key_match() if key_equal() fails - check the result of auth_parse_options() for negative, 0, or positive values. - modified userauth_pubkey() to check for a positive return from user_key_allowed() -...
2002 Aug 08
0
Bugzilla bug entry #342
...acceptable debug1: temporarily_use_uid: 0/1 (e=0) debug1: trying public key file //.ssh/authorized_keys debug1: trying public key file //.ssh/authorized_keys debug2: key_type_from_name: unknown key type 'from="remotehost.company.com",command="/usr/local/sbin/rdi std' debug2: user_key_allowed: check options: 'from="remotehost.company.com",command="/usr/local/sbin/rdistd -S",no-port-forwarding,no-pty 1024 35 118666268659798484966286942768944312049369367774475796933061557373 5184611555265728566411312811406856737929757975480139103308242922399077936668236290647466407...
2019 May 20
4
Authenticate against key files before AuthorizedKeysCommand
Hello, Currently OpenSSH has a fixed order on how the key authenticates the user: at first it tries to authenticate against TrustedUserCAKeys, afterwards it does it against the output keys from the AuthorizedKeysCommand and finally against the files as set in AuthorizedKeysFile. I have an use-case where this order is not ideal. This is because in my case the command fetches keys from the cloud
2006 Feb 22
2
Kerberos and authorizied_keys
How reasonable, acceptable and difficult would it be to "enhance" openssh so authorizations using kerberos (specifically kerberos tickets) consulted the authorized_keys file? And to be a bit more precise... consulted authorized_keys so it could utilize any "options" (eg. from=, command=, environment=, etc) that may be present? I'm willing to make custom changes, but
2002 May 09
0
functions : server_input_channel_req userauth_pubkey
...sa identity comment file to a log file when the user logs in (password authentication is disabled). The ssh1 portion of the modification works perfectly but the ssh2 portion has me completely lost. in userauth_pubkey() [ in auth2.c ] i defined a variable realname (char 40). which gets set after user_key_allowed2 is processed. i want to pass this variable to server_input_channel_req but i can not find where these two functions are being called from. vix at osr5: openssh-3.1p1 > grep -l "userauth_pubkey" *.c auth2.c sshconnect2.c vix at osr5: openssh-3.1p1 > grep -l server_input_channel_re...
2001 Aug 15
0
[ossh patch] principal name/patterns in authorized_keys2
...- added auth_set_key_env() implementation - modified auth_parse_options() to return (-1) when new deny-access option is encountered - auth-rsa.c - modified auth_parse_options() return value check according to the change made to auth_parse_options() - auth2.c - modified user_key_allowed() to: - try key_match() if key_equal() fails - check the result of auth_parse_options() for negative, 0, or positive values. - modified userauth_pubkey() to check for positive return value of user_key_allowed() - sshd.8 - added documentation - gss-serv.c...
2001 Jun 04
1
[PATCH]: Add check_ntsec to ownership/mode tests
...) { int fail = 0; char buf[1024]; Index: auth2.c =================================================================== RCS file: /cvs/openssh_cvs/auth2.c,v retrieving revision 1.59 diff -u -p -r1.59 auth2.c --- auth2.c 2001/04/25 12:44:15 1.59 +++ auth2.c 2001/06/04 10:05:35 @@ -696,6 +696,9 @@ user_key_allowed(struct passwd *pw, Key restore_uid(); return 0; } +#ifdef HAVE_CYGWIN + if (check_ntsec(file)) +#endif if (options.strict_modes) { int fail = 0; char buf[1024]; -- Corinna Vinschen Cygwin Developer Red Hat, Inc. mailto:vinschen at redhat.com
2015 Nov 17
4
[Bug 2496] New: sshd hangs when using AuthorizedKeysCommand
...ation: Match User git AuthorizedKeysCommand /usr/local/sbin/ssh-lookup-key-git Relevant server debug output: debug3: subprocess: AuthorizedKeysCommand command "/usr/local/sbin/ssh-lookup-key-git git" running as sshkeys debug3: subprocess: AuthorizedKeysCommand pid 86183 debug2: user_key_allowed: check options: 'command="/usr/local/git/bin/gitolite-shell tom at torchbox.com",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-dss AAAAB3NzaC1kc3MAAACBALtPYyEOw+gvvWvW45iTR7SAkdH8FIML+4SBFPeXBp4ntT0JaRrkaTwm2C2PkZUaOShvFHCcTc7muNBMB/qmLYuWAcbCeKoxv08RMruGheGp6BB/...
2017 Mar 04
6
[Bug 2688] New: Long log messages to stderr missing newlines
...to long log message), then the snprintf() simply copies fmtbuf and ignores the "\r\n". This was observed when testing certificate-based logins at LogLevel DEBUG3. For example, 3 logs messages appear on one line like this (with ... replacing long OpenSSH certificate public key): debug2: user_key_allowed: check options: 'ssh-rsa-cert-v01 at openssh.com AAAA...debug2: user_key_allowed: advance: 'AAAA...debug2: key not found Notice multiple debug2 messages all on the same line. Each log line should with with a newline character. Suggested Fix Since the intent is to append "\r\n"...
2016 Sep 15
2
[Bug 2615] New: LoginGraceTime bypass (DoS)
...mportant (user's home dir has been moved to another server, but the directory was never unmounted, so NFS client was still trying to access the old server, where nfs/server service has already been disabled.) The monitor processes are blocked in open(), called from auth_openfile(), called from user_key_allowed(): core 'core.sshd.699975' of 699975: /usr/lib/ssh/sshd -R 00007ff5c3658fbe __systemcall6 () + 1e 00007ff5c3622d4a __open () + 1a 00007ff5c363dbee open () + 12e 000000000045a20d auth_openfile () + 3d 0000000000465ccc user_key_allowed () + 3fc 0000...
2002 Jul 03
3
[Bug 333] X11 forwarding not working in OpenSSH 3.4p1
http://bugzilla.mindrot.org/show_bug.cgi?id=333 ------- Additional Comments From stevesk at pobox.com 2002-07-04 05:41 ------- i will guess configure did not find an xauth when it was built ($PATH is irrelevant here). please verify. see $HOME/.ssh/rc example in sshd.8 which can be used as a workaround in this case. djm: autoconf-2.53 exposes a bug for xauth path detection. ------- You
2001 Jun 28
1
Adding 'name' key types
...s2 file entries can. So, after looking around, especially in key.h and key.c and auth2.c, it occurred to me that a new key type could be added for dealing with named keys, that is, names which can be authenticated (e.g., certificate names, Kerberos principal names). The neat thing is that auth2.c:user_key_allowed() is key-type independent (so arguably it doesn't belong in auth2.c), and thus could be called from ssh_gssapi_userok() [instead of, or in addition to the GSS mechanism specific *userok() methods]. The only questions, in my mind, are - how to format key names for use in authorized_keys2?...
2002 Aug 07
1
Unrelated (was RE: so-called-hang-on-exit)
"ssh -n ..." means ssh will close stdin and open /dev/null for stdin. It does not mean losing th eoutput of ssh. Nico -- > -----Original Message----- > From: Eric Garff [mailto:egarff at omniture.com] > Sent: Wednesday, August 07, 2002 12:11 PM > To: openssh-unix-dev at mindrot.org > Subject: Re: Unrelated (was RE: so-called-hang-on-exit) > > > Sadly, no such
2001 Nov 20
0
Patch: 3.0.1p1: rename a conflicting variable
...ons = NULL; + char *cp, *optionsp = NULL; linenum++; /* Skip leading whitespace, empty and comment lines. */ for (cp = line; *cp == ' ' || *cp == '\t'; cp++) @@ -703,7 +703,7 @@ /* no key? check if there are options for this key */ int quoted = 0; debug2("user_key_allowed: check options: '%s'", cp); - options = cp; + optionsp = cp; for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) { if (*cp == '\\' && cp[1] == '"') cp++; /* Skip both */ @@ -720,7 +720,7 @@ }...
2012 Aug 30
1
Patch to allow glob patterns as authorized keys file names
...Gitolite does.) Kind regards, -Maurice Bos- Author: Maurice Bos <m-ou.se at m-ou.se> Date: Thu Aug 30 15:14:49 2012 +0200 Allow glob patterns in authorized keys file names. diff --git a/auth2-pubkey.c b/auth2-pubkey.c --- a/auth2-pubkey.c +++ b/auth2-pubkey.c @@ -454,9 +454,16 @@ user_key_allowed(struct passwd *pw, Key *key) return success; for (i = 0; !success && i < options.num_authkeys_files; i++) { + int j; + glob_t glob_result; file = expand_authorized_keys( options.authorized_keys_files...
2006 Apr 21
4
Solaris 8 x86 rsa pubkey auth problem
...#39; authenticating on 'module' ( pubkey failed ) I've already compiled gdb and openssh with debug info. I've also started two debug sshd yesterday, but due two my not so cool knowledge of openssh sources and maybe schema of forking and privelege separation I still can't reach user_key_allowed function. Thank you for your great work. And thanks for help beforehand. Here's debug output: 1) kdc# ssh -vvv -i ~/.ssh/auditor_rsa_id root at 192.168.10.10 OpenSSH_4.3p1, OpenSSL 0.9.7i 14 Oct 2005 debug1: Reading configuration data /usr/pkg/etc/ssh/ssh_config debug2: ssh_connect: needpriv...
2001 Dec 04
0
PATCH: log key fingerprint upon successful login
...ons = NULL; + char *cp, *optionsp = NULL; linenum++; /* Skip leading whitespace, empty and comment lines. */ for (cp = line; *cp == ' ' || *cp == '\t'; cp++) @@ -703,7 +708,7 @@ /* no key? check if there are options for this key */ int quoted = 0; debug2("user_key_allowed: check options: '%s'", cp); - options = cp; + optionsp = cp; for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) { if (*cp == '\\' && cp[1] == '"') cp++; /* Skip both */ @@ -720,10 +725,14 @@ }...
2008 May 26
4
[Bug 1472] New: Authentication options not cleared in privileged process
...ct to localhost. When prompted for the public key passphrase, press Enter; then enter your normal password when prompted to do so. Observe that "hello" is printed and no shell is given. I believe that the problem here is that, if authentication fails after calling auth_rsa_key_allowed or user_key_allowed in the privileged process, authentication options are only cleared in the monitor rather than in the privileged process. The obvious fix seems to be to clear them in both processes. This is implemented by the attached patch. This is only reproducible if the last key offered by the client is the on...
2006 Feb 12
1
sshd double-logging
...d = compat20 ? "keyboard-interactive/pam" : + "challenge-response"; if (ret == 0) sshpam_authok = sshpam_ctxt; return (0); @@ -980,17 +981,20 @@ mm_answer_keyallowed(int sock, Buffer *m case MM_USERKEY: allowed = options.pubkey_authentication && user_key_allowed(authctxt->pw, key); + auth_method = "publickey"; break; case MM_HOSTKEY: allowed = options.hostbased_authentication && hostbased_key_allowed(authctxt->pw, cuser, chost, key); + auth_method = "hostbased"; break; case MM_RSAHOSTK...