similar to: poor default seeding of RNG

I have a need to have the same OpenSSH binaries run on multiple machines which are administered by different people. That means on Solaris, for example, there will be some with /dev/random, some on which I can run prngd because they'll be installing my binaries as root, and some which will have neither because they will be only installed as non-root. Below is a patch to enable choosing all 3

The way things are now, input_userauth_request() calls the authmethod, and then does a bunch of checks, like the special case for root. If an authmethod requires a challenge-response conversation, these checks are skipped, unless they are duplicated by the authmethod. For example, in auth2-chall.c, some of the code is duplicated (logging, sending the reply), but the root special case is skipped.

I noticed that (perhaps because ':' is invalid in a username) you can say ssh -l user:style host, where the "user:style" is sent by the client, and the server strips the ":style" part off and makes it available as part of the authentication context. It's currently unused. What are the plans for this, if any? I was experimenting with the idea of using it with SRP

On Sun, 29 Apr 2001, RJ Atkinson wrote: > At 06:26 27/04/01, Tom Wu wrote: > >For those of you who were following the discussion about the new draft > >and implementation of SRP-based password authentication in OpenSSH, I > >promised to have Stanford issue the IETF an official, explicit, > >statement reiterating the unencumbered royalty-free licensing terms. > >The

Does anybody use openbsd-compat/vis.c? Not at the moment I think: % find . -name '*.[ch]' -exec grep -l "vis *(" {} \; ./openbsd-compat/vis.c ./openbsd-compat/vis.h % find . -name '*.[ch]' -exec grep -l VIS_ {} \; ./includes.h ./openbsd-compat/vis.c ./openbsd-compat/vis.h The reason I ask is, AT&T's graphviz package includes a vis.h, and when I try to compile

The latest snapshot (20020324) fails to compile here. Linux 2.4.18-rc1 Alpha The first messages are: monitor_wrap.c: In function `mm_request_receive': monitor_wrap.c:91: warning: int format, different type arg (arg 3) monitor_wrap.c:100: warning: int format, different type arg (arg 3) which have to do with fatal() calls and int not being the same as ssize_t... But the next one is the

http://bugzilla.mindrot.org/show_bug.cgi?id=231 Summary: ssh-keygen has fatal error while updating comment in RSA1 key Product: Portable OpenSSH Version: 3.1p1 Platform: HPPA OS/Version: HP-UX Status: NEW Severity: normal Priority: P2 Component: ssh-keygen AssignedTo:

This is to announce the availability of SRP (Secure Remote Password) support for OpenSSH. A tarball is available on Tripod: http://members.tripod.com/professor_tom/archives/ http://members.tripod.com/professor_tom/archives/openssh-2.5.2p2-srp5.tar.gz (Note: Tripod requires you to LEFT click on links to download files.) To install, unpack, configure --with-srp, and make install, then create an

This is a Linux/Alpha system, with AT&T's graphviz suite installed. gcc -O2 -Wall -I. -I. -I/usr/local/ssl/include -DETCDIR=\"/usr/local/etc\" -D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/local/libexec/sftp-server\" -DHAVE_CONFIG_H -c atomicio.c In file included

This is the 2nd beta release of SRP for OpenSSH. The patch attached to this message is relative to the current (20010411) CVS sources of OpenSSH-portable (2.5.4p1). A tarball is also available: http://members.tripod.com/professor_tom/archives/ http://members.tripod.com/professor_tom/archives/openssh-2.5.4p1-srp6.tar.gz (Note: Tripod requires you to LEFT click on links to download files, and

I have uploaded a new release of the OpenSSH (portable) SRP patch. This version is vs. the 20010625 openssh_cvs; there are no other changes. You can find it here: http://members.tripod.com/professor_tom/archives/ http://members.tripod.com/professor_tom/archives/OpenSSH-srp9.tar.bz2 http://members.tripod.com/professor_tom/archives/OpenSSH-srp9.patch.bz2 The tarball is the whole thing with the

We've run into an interesting dilemma regarding last log information and ssh 4.2p1. In 3.8, we didn't see this problem, but now has cropped up in 4.2. When a user logs in, sshd seems to call 'last' to get the last log information. 'last' then opens the /var/log/wtmp file and processes the information. On some systems, this file can be quite large, and we're seeing

Hi, I am happy to (re)send a set of patches for compiling OpenSSH 4.7p1 with FIPS 140-2 OpenSSL. These are based on previously reported patches by Steve Marquess <marquess at ieee.org> and Ben Laurie <ben at algroup.co.uk>, for ver. OpenSSH 3.8. Note that these patches are NOT OFFICIAL, and MAY be used freely by anyone. Issues [partially] handled: SSL FIPS Self test. RC4,

Moin, attached is a patch, which adds a new configuration option "PreferAskpass" to the ssh config. ssh{,-add,-keygen,-agent} will use ssh-askpass to prompt for passwords, if this option is set to "yes", and if ssh-askpass is available. Default for "PreferAskpass" is "no". Pacth is against current CVS. Sebastian -- signature intentionally left blank.

I believe there is a problem with the openbsd-compat/bsd-arc4random.c file. If arc4random () is called without seed_rng having previously been called (eg if you run ssh-keygen -p ) then it does not in fact invoke seed_rng () if it is the first time. Instead it will invoke seed_rng every time BUT the first time. At least that is the way I read the code, and changing it as below allowed me to

Hi, I have a problem with the extern declarations of optarg, optind, etc. We're currently moving getopt from being a statically linked function to a dynamically linked function as part of the Cygwin DLL. On Windows, this requires to generate special symbols (__imp__optarg, etc.), which is done by marking the exported variables in the corresponding header. Instead of extern char *optarg;

------- Forwarded Message Subject: Re: Dubious use of BN_num_bits in sshconnect1.c From: Niels Provos <provos at citi.umich.edu> In-Reply-To: alex at foogod.com, Sun, 18 Feb 2001 19:38:56 PST To: alex at foogod.com Cc: openssh-unix-dev at mindrot.org Date: Mon, 19 Feb 2001 10:07:24 -0500 Sender: provos at citi.umich.edu Hi Alex, there is no problem in OpenSSH. In message

hello.. i am running openssh-3.7.1p2. on linux.It is working successfully..and daemon is running &client also connecting.But the problem is with the mips architecture when i connecting this server from remote syytem.?i got an error of buufer_get:trying to get more bytes 1 than buffer0.And client is not connecting from remote system.My out is as follows on my server ?in sshd main before

Yo All! openssh-SNAP-20010209.tar.gz fails to compile on Slackware. Patch at the end of this message. Here is the error: gcc -o sftp sftp.o sftp-client.o sftp-common.o sftp-int.o log-client.o -L. -Lopenbsd-compat/ -L/usr/local/ssl/lib -L/usr/local/ssl -lssh -lopenbsd-compat -lcrypt -lz -lnsl -lutil -lcrypto -lwrap openbsd-compat//libopenbsd-compat.a(bsd-arc4random.o): In function

Hi all Patch adds flag -C to ssh-agent which will force confirmation for any key added in agent (similar to ssh-add -c) Helps when forwarded agent authentication is used and each key should be confirmed before use catam --- ssh-agent.c 2006-08-28 14:02:12.000000000 +0300 +++ ssh-agent.c.orig 2006-08-28 13:36:05.000000000 +0300 @@ -111,9 +111,6 @@ /* Default lifetime (0 == forever) */