Displaying 20 results from an estimated 500 matches similar to: "[PATCH] using openssl with no-rsa?"
2010 Nov 28
2
[PATCH] Use canonical hostname for DNS SSHFP lookup
In the current implementation, ssh always uses the hostname supplied by
the user directly for the SSHFP DNS record lookup. This causes problems
when using the domain search path, e.g. I have "search example.com" in my
resolv.conf and then do a "ssh host", I will connect to host.example.com,
but ssh will query the DNS for an SSHFP record of "host.", not
2001 Jul 05
1
Patch to workaround host key size mismatch bug in old SSH sshd
Below is a patch against the current OpenBSD OpenSSH CVS to workaround a
behavior I have observed when converting from SSH 1.2.27 to OpenSSH while
using the same old RSA1 host key for protocol 1. In several cases I saw
that old SSH sshd reported a host key size of 1024 bits when OpenSSH saw it
as 1023 bits. Without the patch, when OpenSSH's ssh client connects to an
old SSH sshd it warns
2012 Jan 28
1
PATCH: Support for encrypted host keys
Hello all,
I recently found myself wanting to run sshd with passphrase-protected host keys rather than the usual unencrypted format, and was somewhat surprised to discover that sshd did not support this. I'm not sure if there's any particular reason for that, but I've developed the below patch (relative to current CVS at time of writing) that implements this. It prompts for the
2013 Jun 25
1
RFC: encrypted hostkeys patch
Hi,
About a year and a half ago I brought up the topic of encrypted hostkeys
and posted a patch
(http://marc.info/?l=openssh-unix-dev&m=132774431906364&w=2), and while the
general reaction seemed receptive to the idea, a few problems were pointed
out with the implementation (UI issues, ssh-keysign breakage).
I've finally had some spare time in which to get back to this, and I've
2000 Dec 22
1
bug in sshd.d (destroy_sensitive_data core dumps)
Hi,
experimenting with openssh_cvs on my SCO Unix 3.2v4.2 machine, I had
sshd core dumping on me.
Tracking this, I found that if a host key is specified in the sshd_config
that does not exist (I used "./sshd -d -d -d -f sshd_config" with the
shipped sshd_config file, to work around incompatibilities with the
installed sshd.com's sshd_config, and I do not have ssh2 host keys on
2024 Oct 25
1
[PATCH] Memory leak fixed - when lauched as non-root user When we lauch sshd as non-root user, its still able to load public keys but fails to load private keys. So before exiting free the memory allocated for the public key
---
sshd.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/sshd.c b/sshd.c
index dda8d9b77..cbdced5db 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1533,6 +1533,8 @@ main(int ac, char **av)
} else {
do_log2(ll, "Unable to load host key: %s",
options.host_key_files[i]);
+ sshkey_free(pubkey);
+ pubkey = NULL;
sensitive_data.host_keys[i] = NULL;
2000 May 17
4
Openssh-2.1.0p1 test release
This to announce a test release of 2.1.0p1 before making it widely
available.
This release includes many fixes to problems reported over the last
week. In particular:
- spurious error and coredumps caused by the inbuilt entropy gathering
- RSAref detection
- Compilation fixes for Solaris and others
It also contains (completely untested) support for compiling without
RSA support. This may be
2003 Nov 27
2
Question about adding another parameter for OpenSSH
Hello,
I need to allow for some people to execute ssh with one shared private
key for remote executing command on various machines. However, it is not
possible to set group permissions for private keys and it is possible
to have just one private key file for one user. Please, is it possible
to add patches into openssh development tree like these, so that standard
behavior of ssh is not changed,
2000 Jan 19
3
AIX openssh patches
I have a few patches for AIX. The patchfile is attached below. The patch
has been tested on AIX4.2 and AIX4.3. The patch is on openssh-1.2.1pre25,
with openssl-0.94, using RSAref.
1) authenticate support - this function allows the system to determine
authentification. Whatever the system allows for login, authenticate
will too. It doesn't matter whether it is AFS, DFS, SecureID, local.
2002 Aug 30
1
LIBCRYPTO?
Hi all,
I have a question about OpenSSH configuration. In Makefile there is defined
LIBS=$(LIBCRYPTO), but the problem is that the version of OpenSSL that I'm
using holds only the version LIBCRYPT. When adding LIBCRYPT to the Makefile
I get:
sshd.elf2flt: In function `key_regeneration_alarm':
/.../ssh/sshd.c:252: undefined reference to `RSA_free'
/.../ssh/sshd.c:253: undefined
2013 Aug 14
1
ssh.c - allocated wrong size for sensitive_data.keys?
Hello,
There's a memory allocation for sensitive_data.keys in ssh.c:848 which uses size of Key instead of Key*.
This is probably harmless but seems to be wrong.
--- a/ssh.c
+++ b/ssh.c
@@ -846,7 +846,7 @@ main(int ac, char **av)
options.hostbased_authentication) {
sensitive_data.nkeys = 7;
sensitive_data.keys = xcalloc(sensitive_data.nkeys,
-
2006 Feb 04
2
[PATCH] allow user to update changed key in known_hosts
Hi list,
I use ssh a lot and I often need to connect to hosts whose host key has
changed. If a host key of the remote host changes ssh terminates and the
user has to manually delete the offending host key from known_hosts. I
had to do this so many times that I no longer like the idea ;-)
I would really like ssh to ask me if the new host key is OK and if I
want to add it to known_hosts.
I talked
2024 Oct 14
2
[RFC] Preferentially TOFU certificate authorities rather than host keys
There's currently no way to express trust for an SSH certificate CA other
than by manually adding it to known_hosts. This patch modifies the automatic
key write-out behaviour on user verification to associate the hostname with
the CA rather than the host key, allowing environments making use of
certificates to update (potentially compromised) host keys without needing
to modify client
2009 Mar 11
2
Question about datatypes/plotting issue
Hi,
I am trying to plot the Case-Shiller index found at: http://www2.standardandpoors.com/spf/pdf/index/CSHomePrice_History_022445.xls
The way I'm importing it into R is as follows:
library(gdata)
W <- read.xls("http://www2.standardandpoors.com/spf/pdf/index/CSHomePrice_History_022445.xls
", header=TRUE)
attach(W)
To give you and idea of what the data looks like:
>
2015 Nov 17
2
[PATCH] Skip RSA1 host key when using hostbased auth
Hello,
The following patch avoids a warnign message when using hostbased
authentication as root and protocol v1 support has been disabled. The
case for non-root users has already been addressed, but root follows a
different code path.
--
Iain Morgan
diff --git a/ssh.c b/ssh.c
index cceb36e..e32aa0a 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1242,8 +1242,10 @@ main(int ac, char **av)
2001 Feb 05
1
I have an odd OpenSSH compatablity issue
I am on Solaris 2.8 with openssh 2.3.0p1 and openssl 0.9.6.
The remote machine is running ssh.com 1.2.20 and Solaris 2.6.
I think the problem has to do with the 1.2.20 KeyRegeneration, because in
the next hour I will beable to get into the machine ok with openssh and
then later in the day I will not beable to ssh in again for another hour.
ssh -v -v sa at myhost.com
SSH Version OpenSSH_2.3.0p1,
2004 Oct 03
0
[patch] tell user about hosts with same key
The attached patch implements a feature that would make my interaction
with ssh somewhat more secure. When connecting to a host whose key is
not in the known_hosts file, this patch makes ssh tell the user about any
other hosts in the known_hosts file that have the same key.
For example, if I have host A in my known_hosts file, and try to connect
to host B which is an alias for A, ssh will tell
2001 Feb 19
1
Dubious use of BN_num_bits in sshconnect1.c
Hiho...
I have recently encountered problems using OpenSSH 2.3.0p1 to connect to a SSH
1.2.20 server, with messages such as the following:
Warning: Server lies about size of server public key: actual size is 1151
bits vs. announced 1152.
Warning: This may be due to an old implementation of ssh.
respond_to_rsa_challenge: public_key 1151 < host_key 1024 +
SSH_KEY_BITS_RESERVED 128
2002 Sep 20
2
host_key and fingerprint problem with protocol 2
Hi all,
I just want to upgrade from protocol 1.5 to 1.99 and 2.0, respectively and run into the following problems:
The situation is the following:
I have a client ("c") inside the firewall and two servers outside ("a" and "b"). The firewall accepts connections on two ports (22136 and 22137) and directs the connections directly to port 22 of the two servers
2003 Mar 04
0
hashing known_hosts
Scenario:
I have access to a semi-public (about 30 users) server where I keep my
webpage. Occasionally, especially if I'm on the road. I use this as a
bounce point to get to "secured" systems which only allow ssh from
certian IP's. (Ignoring the discussion on spoofing, since we have host
keys)
But host keys are the problem. If anyone gets root on this hypothetical