similar to: Case study of new possibilities with PartialAuth and HostbasedAuth

When using "HostbasedUsesNameFromPacketOnly yes", the ssh client sends the hostname with a trailing dot, but the server does not strip off the trailing dot when matching against .shosts et. al., or when looking up keys in ssh_known_hosts2. This causes the host to not be found. Adding the hostname with trailing dot to the config files "fixes" this, but I think sshd should

Attached is a patch which adds a new config option, AuthOrder2, to sshd_config.c. The syntax is: AuthOrder2 AuthMethod1[:SubAuthMethod1[:SubAuthMethod2...]][,AuthMethod2...] An example, requiring users to enter a public key _and_ a password, in that order: AuthOrder2 publickey:password The current default behaviour: AuthOrder2 password,publickey,keyboard-interactive Require a public key,

Here is a new version of my partial auth patch against the April 24, 2001 CVS image. It fixes a couple of things (thanks to Karl M <karlm30 at hotmail.com>), and includes support for hostbased auth. It's still not pretty, but it works. 2 things Karl mentioned aren't fixed: - auth methods are still hard-coded into servconf.c. Fixing this would require a lot of work, and all the

http://bugzilla.mindrot.org/show_bug.cgi?id=376 Summary: HostbasedAuthentication, followed snailbook but not working! :-( Product: Portable OpenSSH Version: -current Platform: UltraSparc URL: http://groups.google.com/groups?dq=&hl=en&lr=&ie=UTF-

Hello, I've troubles getting the hostbased method to work. I've given up on system-to-system for now (different versions), and I'm just trying to debug localhost. As far as I can see, the key is accepted, but then a sudden "Failed hostbased" is returned: [...] debug3: mm_answer_keyallowed: key 0x8099bc0 is disallowed debug3: mm_append_debug: Appending debug messages for

Hi, I'm trying to figure out how to read OpenSSH's log files (to assist our people in diagnosing "why is it always asking me for passwords"). All clients and servers are 3.0p1. First: server does not have the client's RSA2 key in known_host. debug1: done: ssh_kex2. debug1: send SSH2_MSG_SERVICE_REQUEST debug1: service_accept: ssh-userauth debug1: got

HI! I would like to introduce new patch which adds new config option "AuthOrder2" to sshd_config. I would like to say that I only modyfied the patch made by Carson Gaspar. If you want to know more about this patch see thread at: http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=98577021011067&w=2 I will appreciate any feedback from you. This patch is against 3.1p1. BTW:

How do you enable hostbased authentication in OpenSSH? I have two Red Hat 7.3 machines running openssh-3.4p1, and I would like to be able to ssh from either of the machines to the other, as any user, without using passwords or per-user keys. My /etc/ssh/sshd_config contains: [...] IgnoreRhosts no HostbasedAuthentication yes [...] My /etc/ssh/ssh_config contains: [...]

I'm attaching a simple doc patch against current CVS - feel free to re-word it as you see fit. I also noticed that if UseDNS is no, HostbasedUsesNameFromPacketOnly _must_ be yes if you want HostbasedAuthentication to work. -- Carson -------------- next part -------------- --- sshd_config.5.DIST 2003-09-13 02:25:18.365707000 -0400+++ sshd_config.5 2003-09-13 02:46:29.430974000 -0400@@

The attached unified diff fixes configure so that all --with-libfoo options are allowed to be --with-libfoo=PATH. If the option is specified with a PATH, only that PATH is searched for the library. If it is specified as =yes or with no argument, it tries without modifying anything, and then tries looking in /usr/local. The SunOS5 targets no longer add /usr/local to include or library paths

The attached unified diff fixes configure so that all --with-libfoo options are allowed to be --with-libfoo=PATH. If the option is specified with a PATH, only that PATH is searched for the library. If it is specified as =yes or with no argument, it tries without modifying anything, and then tries looking in /usr/local. The SunOS5 targets no longer add /usr/local to include or library paths

I attached a broken diff to my last mail. This one actually works. Sorry for the brain-o's tonight... -- Carson Gaspar - carson at taltos.org Queen trapped in a butch body -------------- next part -------------- A non-text attachment was scrubbed... Name: makediff Type: application/octet-stream Size: 3569 bytes Desc: not available Url :

auth.c:auth_log contains the following code: authlog("%s %s for %s%.100s from %.200s port %d%s", authmsg, method, authctxt->valid ? "" : "illegal user ", ---> authctxt->valid && authctxt->pw->pw_uid == 0 ? "ROOT" : authctxt->user, get_remote_ipaddr(),

The attached patch against today's CVS improves write() error handling and logging in clientloop.c when flushing stdout/stderr. -- Carson Gaspar - carson at taltos.org Queen trapped in a butch body -------------- next part -------------- A non-text attachment was scrubbed... Name: clientloop.c.diff Type: application/octet-stream Size: 966 bytes Desc: not available Url :

channels.h from today's CVS has MS-DOS ^M end-of-line chars. -- Carson Gaspar - carson at taltos.org Queen trapped in a butch body

Bug: all .out files get rebuilt every make. This is silly, and breaks make install if root cannot write to your build dir. Fix: add dependancy check sop .out files only get rebuilt if the source file changes FixBug: if any source file gets changed, all .out files get rebuilt. This is because man pages and config files both get .out extensions but get created differently. It's

I am seeing the same issues as another recent post, hostbased authentication in 3.4p1 not seeming to work. I tried the ssh-keysign.c patch posted, didn't seem to fix the problem. Details: Solaris 7, OpenSSH 3.4p1, OpenSSL 0.9.6d Key from client ssh_host_rsa_key.pub copied to server /etc/ssh/ssh_known_hosts2 with comma-separated client hostnames added to front and a blank space before rest of

http://cvs-mirror.mozilla.org/webtools/bugzilla/show_bug.cgi?id=382 Summary: Privilege Separation breaks HostbasedAuthentication Product: Portable OpenSSH Version: -current Platform: Sparc OS/Version: Solaris Status: NEW Severity: major Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at

http://bugzilla.mindrot.org/show_bug.cgi?id=356 Summary: 3.4p1 hostbased authentication between Linux and Solaris Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: Linux Status: NEW Severity: major Priority: P2 Component: ssh AssignedTo: openssh-unix-dev at mindrot.org

OpenSSH 2.9.9 has just been uploaded. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH 2.9.9 fixes a weakness in the key file option handling, including source IP based access control. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. This release contains many portability