Displaying 10 results from an estimated 10 matches for "verify_host_key".
2010 Nov 28
2
[PATCH] Use canonical hostname for DNS SSHFP lookup
...st the latest
snapshot of the portable OpenSSH version. Sorry if this causes any
inconvenience.
Regards,
Jan
diff -ur openssh/dns.c openssh-sshfp/dns.c
--- openssh/dns.c 2010-08-31 14:41:14.000000000 +0200
+++ openssh-sshfp/dns.c 2010-11-27 23:36:30.775455403 +0100
@@ -173,7 +173,7 @@
*/
int
verify_host_key_dns(const char *hostname, struct sockaddr *address,
- Key *hostkey, int *flags)
+ Key *hostkey, int *flags, const char *canohost)
{
u_int counter;
int result;
@@ -200,7 +200,7 @@
return -1;
}
- result = getrrsetbyname(hostname, DNS_RDATACLASS_IN,
+ result = getrrsetbyname(canohost...
2013 Sep 24
9
[PATCH] curve25519-sha256@libssh.org key exchange proposal
...n);
+ server_host_key = key_from_blob(server_host_key_blob, sbloblen);
+ if (server_host_key == NULL)
+ fatal("cannot decode server_host_key_blob");
+ if (server_host_key->type != kex->hostkey_type)
+ fatal("type mismatch for decoded server_host_key_blob");
+ if (kex->verify_host_key == NULL)
+ fatal("cannot verify server_host_key");
+ if (kex->verify_host_key(server_host_key) == -1)
+ fatal("server_host_key verification failed");
+
+ /* Q_S, server public key */
+ server_pubkey = packet_get_string(&slen);
+ if (slen != CURVE25519_PUBKEY_SIZE)
+ fa...
2018 Dec 10
2
[PATCH] cleanup of global variables server/client_version_string in sshconnect.c
...- a/sshconnect.h
+++ b/sshconnect.h
@@ -40,7 +40,7 @@ void ssh_kill_proxy_command(void);
void ssh_login(Sensitive *, const char *, struct sockaddr *, u_short,
struct passwd *, int);
-void ssh_exchange_identification(int);
+void ssh_exchange_identification(int, char **, char **);
int verify_host_key(char *, struct sockaddr *, struct sshkey *);
@@ -48,7 +48,7 @@ void get_hostfile_hostname_ipaddr(char *, struct sockaddr *, u_short,
char **, char **);
void ssh_kex(char *, struct sockaddr *);
-void ssh_kex2(char *, struct sockaddr *, u_short);
+void ssh_kex2(char *, struct sockaddr *...
2014 Mar 26
1
SSHFP issue
Have you seen this?
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742513
--mancha
2015 Jun 22
2
Small issue with DNSSEC / SSHFP
...nt matching_host_key_dns = 0;
+static int dns_secure = 0;
static pid_t proxy_command_pid = 0;
@@ -972,13 +973,18 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
fatal("%s: sshkey_fingerprint fail", __func__);
msg2[0] = '\0';
if (options.verify_host_key_dns) {
- if (matching_host_key_dns)
+ if (!matching_host_key_dns)
snprintf(msg2, sizeof(msg2),
- "Matching host key fingerprint"
+ "No matching host key fingerprint"
" found in DNS.\n");
+ else if (!dns_secure)
+ snprintf(ms...
2002 Oct 16
3
ssh-3.5p1 core dumps on Solaris 2.6
...0x42574 in debug (fmt=0xb9e28 "using hostkeyalias: %s") at log.c:159
#5 0x20c04 in check_host_key (host=0x5a "", hostaddr=0xf3560, host_key=0xffaa8, readonly=0,
user_hostfile=0x81 "", system_hostfile=0x69 " -v pf-i400") at sshconnect.c:561
#6 0x21634 in verify_host_key (host=0xfa790 "pf-i400", hostaddr=0xf3560, host_key=0xffaa8)
at sshconnect.c:810
#7 0x2446c in verify_host_key_callback (hostkey=0xffaa8) at sshconnect2.c:71
#8 0x4182c in kexgex_client (kex=0x105d90) at kexgex.c:184
#9 0x422c4 in kexgex (kex=0x105d90) at kexgex.c:413
#10 0x3fbe0 i...
2015 May 23
5
Name based SSH proxy
...t.h 2015-05-23 12:57:16.129172189 +0200
@@ -39,7 +39,7 @@ void ssh_kill_proxy_command(void);
void ssh_login(Sensitive *, const char *, struct sockaddr *, u_short,
struct passwd *, int);
-void ssh_exchange_identification(int);
+void ssh_exchange_identification(int, const char *);
int verify_host_key(char *, struct sockaddr *, Key *);
2006 Nov 15
11
OpenSSH Certkey (PKI)
...================
RCS file: /cvs/src/usr.bin/ssh/kexgexc.c,v
retrieving revision 1.11
diff -u -r1.11 kexgexc.c
--- kexgexc.c 6 Nov 2006 21:25:28 -0000 1.11
+++ kexgexc.c 15 Nov 2006 14:14:33 -0000
@@ -124,8 +124,6 @@
fatal("type mismatch for decoded server_host_key_blob");
if (kex->verify_host_key == NULL)
fatal("cannot verify server_host_key");
- if (kex->verify_host_key(server_host_key) == -1)
- fatal("server_host_key verification failed");
/* DH parameter f, server public DH key */
if ((dh_server_pub = BN_new()) == NULL)
@@ -141,7 +139,20 @@
/* signed...
2001 Jul 27
0
Updated ssh-keyscan patch for ssh2 support
...+
+static Key *
+keygrab_ssh2(con *c)
+{
+ int j;
+
+ packet_set_connection(c->c_fd, c->c_fd);
+ enable_compat20();
+ myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = c->c_keytype == KT_DSA?
+ "ssh-dss": "ssh-rsa";
+ c->c_kex = kex_setup(myproposal);
+ c->c_kex->verify_host_key = hostjump;
+
+ if (!(j = setjmp(kexjmp))) {
+ nonfatal_fatal = 1;
+ dispatch_run(DISPATCH_BLOCK, &c->c_kex->done, c->c_kex);
+ fprintf(stderr, "Impossible! dispatch_run() returned!\n");
+ exit(1);
+ }
+ nonfatal_fatal = 0;
+ xfree(c->c_kex);
+ c->c_kex = NULL;
+ pa...
2014 Jul 15
3
GSSAPI
If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches?
---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |