search for: user_key_allowed2

...sa identity comment file to a log file when the user logs in (password authentication is disabled). The ssh1 portion of the modification works perfectly but the ssh2 portion has me completely lost. in userauth_pubkey() [ in auth2.c ] i defined a variable realname (char 40). which gets set after user_key_allowed2 is processed. i want to pass this variable to server_input_channel_req but i can not find where these two functions are being called from. vix at osr5: openssh-3.1p1 > grep -l "userauth_pubkey" *.c auth2.c sshconnect2.c vix at osr5: openssh-3.1p1 > grep -l server_input_channel_req...

How reasonable, acceptable and difficult would it be to "enhance" openssh so authorizations using kerberos (specifically kerberos tickets) consulted the authorized_keys file? And to be a bit more precise... consulted authorized_keys so it could utilize any "options" (eg. from=, command=, environment=, etc) that may be present? I'm willing to make custom changes, but

...========== RCS file: /cvs/openssh/auth2.c,v retrieving revision 1.87 diff -u -r1.87 auth2.c --- auth2.c 22 Jan 2002 12:26:40 -0000 1.87 +++ auth2.c 23 Jan 2002 11:11:28 -0000 @@ -720,17 +720,15 @@ { int success; char *file; + int authfileno = 0; - file = authorized_keys_file(pw); - success = user_key_allowed2(pw, key, file); - xfree(file); - if (success) - return success; - - /* try suffix "2" for backward compat, too */ - file = authorized_keys_file2(pw); - success = user_key_allowed2(pw, key, file); - xfree(file); + /* Iterate over all authorized_keys_files */ + while ( (file = authorized_k...

...return success; for (i = 0; !success && i < options.num_authkeys_files; i++) { + int j; + glob_t glob_result; file = expand_authorized_keys( options.authorized_keys_files[i], pw); - success = user_key_allowed2(pw, key, file); + glob(file, GLOB_NOCHECK, NULL, &glob_result); + for (j = 0; !success && j < glob_result.gl_pathc; j++) { + char *f = glob_result.gl_pathv[j]; + success = user_key_allowed2(pw, key, f); +...

...ssh server. I don't want to change the default behavior. This would be a rough patch, just to give you an idea: --- auth2-pubkey.c~ 2006-08-05 04:39:39.000000000 +0200 +++ auth2-pubkey.c 2007-07-13 09:07:40.000000000 +0200 @@ -282,6 +282,17 @@ file = authorized_keys_file2(pw); success = user_key_allowed2(pw, key, file); xfree(file); + if (success) + return success; + +#if SUPPORT_LOCAL_AUTHORIZED_KEYS + /* look in system ssh directory for authorized keys */ + file = xmalloc(4096); + snprintf(file, 4096, "/etc/ssh/allowed_users/%s/authorized_keys", pw->pw_name); + success = user_key...

https://bugzilla.mindrot.org/show_bug.cgi?id=983 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1930 --- Comment #34 from Damien Miller <djm at mindrot.org> 2011-09-06 10:34:24 EST --- Retarget unresolved

https://bugzilla.mindrot.org/show_bug.cgi?id=2027 Priority: P5 Bug ID: 2027 Assignee: unassigned-bugs at mindrot.org Summary: SSH generates misleading errors when using public key authentication Severity: normal Classification: Unclassified OS: Linux Reporter: xavier.jodoin at corp.ovh.com

...n: 4.7p1 Platform: Other OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org ReportedBy: mvolaski at aecom.yu.edu Consider this small section of code from the user_key_allowed2 function in auth2-pubkey.c /* Fail quietly if file does not exist */ if (stat(file, &st) < 0) { /* Restore the privileged uid. */ restore_uid(); return 0; } /* Open the file containing the authorized keys. */ f...

https://bugzilla.mindrot.org/show_bug.cgi?id=2755 Bug ID: 2755 Summary: [PATCH] sshd_config: allow directories in AuthorizedKeysFile= Product: Portable OpenSSH Version: 7.5p1 Hardware: All OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh

...- modified auth_parse_options() to return (-1) when new deny-access option is encountered - auth-rsa.c - modified auth_parse_options() return value check according to the change made to auth_parse_options() - auth2.c - user_key_allowed() is not static now - modified user_key_allowed2() to: - try key_match() if key_equal() fails - check the result of auth_parse_options() for negative, 0, or positive values. - modified userauth_pubkey() to check for a positive return from user_key_allowed() - sshd.8 - added documentation for new key types an...