Displaying 20 results from an estimated 300 matches similar to: "PATCH: log key fingerprint upon successful login"
2002 Jan 29
2
Key fingerprint logging
Hello there!
I have made a patch against OpenSSH 3.0.2p1 which allows the fingerprint of
the accepted key to be printed in the log message. It works with SSH1-RSA and
SSH2 pubkey (DSA+RSA) authentication.
This feature is controllable by the LogKeyFingerprint config option (turned
off by default).
Michal Kara
-------------- next part --------------
diff -u5
2001 Nov 20
0
Patch: 3.0.1p1: rename a conflicting variable
These patches are against 3.0.1p1. I need them because I have a local mod
which needs access to the ServerOptions struct named ``options'', hence the
rename.
--- auth-rsa.c.orig Mon Nov 19 16:54:01 2001
+++ auth-rsa.c Mon Nov 19 16:56:18 2001
@@ -180,8 +180,7 @@
* user really has the corresponding private key.
*/
while (fgets(line, sizeof(line), f)) {
- char *cp;
- char
2003 May 12
0
Patch logging comment field of authorized key being used
In order to comply with our internal security guidelines, we created a
patch on top of openssh-3.6.1p2. With that patch, if sshd sets up a
session based on key authentication, it logs to syslog which one of the
keys in authorized_keys or authorized_keys2 is actually being used. The
patch logs the key comment (typically the key owner's email address) as
well as the name of the file containing
2003 Feb 09
1
Logging of comments on keys
Hi,
during our usual work I found it anoying that one can not easily see
who logged in using public key authentication. In newer versions of
SSH the fingerprint of the public key gets logged, but who can tell
which key belongs to whom from his head?
So I wrote a little ad-hoc patch (vs. 3.5.p1) so that the comment
field on the keys in the authorized_keys[2] files get logged to make
life
2012 Aug 29
1
second FIPS patch for openssh 6.0p1, fix pubkey
The patch to enable FIPS mode for openssh 6.0p1 missed two instances of
the ssh client trying to use MD5. It causes pubkey-based authentication
to fail in FIPS mode.
I have copied the missing changes from auth2-pubkey.c into sshconnect2.c.
Here is a patch:
diff -cr openssh-6.0p1/sshconnect2.c openssh-6.0p1-patched/sshconnect2.c
*** openssh-6.0p1/sshconnect2.c Sun May 29 07:42:34 2011
---
2005 Jul 26
1
Linux in-kernel keys support
Hi all,
I recently made a patch to openssh 4.1p1 to allow it to use the
in-kernel key management provided by 2.6.12 or later Linux kernels.
I've attached the patch (which is still only a proof-of-concept, for
instance its very verbose right now) to this mail.
Now, my question is, is this a completely insane idea and would (a later
version of) the patch have a chance of making it into the
2002 Jan 24
1
PATCH: krb4/krb5/... names/patterns in auth_keys entries
This patch (to OpenSSH 3.0.2p1) adds support for using krb4, krb5 and
other principal names in authorized_keys entries.
It's a sort of replacement for .klogin and .k5login, but it's much more
general than .k*login as it applies to any authentication mechanism
where a name is associated with the ssh client and it supports name
patterns and all the normal authorized_keys entry options
2013 Jun 09
1
pass fingerprint to authorizedkeyscommand
Hi guys,
It might be nice if AuthorizedKeysCommand would receive the fingerprint of
the offered key as an argument, so that programs like gitolite could
implement more refined key-based identity lookup that offers better
performance than AuthorizedKeysFile's linear scan.
The following patch is untested but is the basic idea:
diff -ru openssh-6.2p1/auth2-pubkey.c
2006 Feb 04
2
[PATCH] allow user to update changed key in known_hosts
Hi list,
I use ssh a lot and I often need to connect to hosts whose host key has
changed. If a host key of the remote host changes ssh terminates and the
user has to manually delete the offending host key from known_hosts. I
had to do this so many times that I no longer like the idea ;-)
I would really like ssh to ask me if the new host key is OK and if I
want to add it to known_hosts.
I talked
2006 Nov 15
11
OpenSSH Certkey (PKI)
This patch against OpenBSD -current adds a simple form of PKI to
OpenSSH. We'll be using it at work. See README.certkey (the first chunk
of the patch) for details.
Everything below is BSD licensed, sponsored by Allamanda Networks AG.
Daniel
--- /dev/null Wed Nov 15 15:14:20 2006
+++ README.certkey Wed Nov 15 15:13:45 2006
@@ -0,0 +1,176 @@
+OpenSSH Certkey
+
+INTRODUCTION
+
+Certkey allows
2001 Aug 15
0
[ossh patch] principal name/patterns in authorized_keys2
As you know, revoking RSA/DSA keys in an SSH environment requires
editing all authorized_keys and authorized_keys2 files that reference
those public keys. This is, well, difficult at best but certainly very
obnoxious, particularly in a large environment.
SSH key management is difficult. This patch simplifies key management
wherever GSS-API/Kerberos is used and is general enough to be used with
2004 Oct 03
0
[patch] tell user about hosts with same key
The attached patch implements a feature that would make my interaction
with ssh somewhat more secure. When connecting to a host whose key is
not in the known_hosts file, this patch makes ssh tell the user about any
other hosts in the known_hosts file that have the same key.
For example, if I have host A in my known_hosts file, and try to connect
to host B which is an alias for A, ssh will tell
2002 Jan 23
0
[PATCH] Add multiple AuthorizedKeyFiles options
Hi,
We'd like to run sshd with a configuration morally equivilent to:
# stuff ...
AuthorizedKeysFile /var/db/keys-distributed-by-security-team/%u
AuthorizedKeysFile %h/.ssh/authorized_keys
# be backwards compatable for a bit longer yet
AuthorizedKeysFile %h/.ssh/authorized_keys2
# more stuff ...
The following patch (against the cvs source) turns the authorizedkeysfile
statement in sshd.conf
2002 Nov 05
2
[PATCH] Add a chroot_users option to sshd
This patch adds a new option to sshd, chroot_users. It has the effect of
chroot()ing incoming ssh users to their home directory. Note: this option
does not work if UsePrivilegeSeparation is enabled.
Patch is based on OpenSSH 3.4p1.
*** servconf.h@@\main\1 Tue Oct 1 17:25:32 2002
--- servconf.h Wed Oct 2 06:17:48 2002
***************
*** 131,136 ****
--- 131,137 ----
char
2002 May 09
0
functions : server_input_channel_req userauth_pubkey
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Greetings,
I am not sure if this is the correct place to ask these question,
if I am at the wrong place please advise.
I am currently working on some modifications to openssh
which record the users rsa/dsa identity comment file to
a log file when the user logs in (password authentication
is disabled).
The ssh1 portion of the modification works
2000 Jul 12
1
Problems with Port Forwarding and Password auth
Secure FTP through SecureFX 1.8B3: issues (Using OpenSSH 2.1.1p2)
I downloaded the latest SecureFX because it now claims support for OpenSSH. I'm
like cool, now I'll finally be able to secure my ftp on my gateway.
First off, I really like the new configure. Everything went ok, I could ssh into
the box just fine. Unfortunately ftp didn't work work through SecureFX. I would
get
2008 Jun 03
2
Order of authentication methods is causing unnecessary call to API?
Hey Guys,
I am wondering if I am missing something here. I am noticing that after a
user installs my app I get a request that not only contains an auth_key but
also contains a valid session key.
Occasionally I am seeing that Facebook server is occasionally sending a
connection reset during the auth key authentication method, this caused me
to notice that secure_with_token is given precedence in
2010 Apr 29
12
[Bug 1765] New: Error message if key not first in authorized_keys file
https://bugzilla.mindrot.org/show_bug.cgi?id=1765
Summary: Error message if key not first in authorized_keys file
Product: Portable OpenSSH
Version: 5.5p1
Platform: Other
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: unassigned-bugs at mindrot.org
2001 Feb 09
1
Bug in auth-options.c
Hi,
There's a nasty bug in auth-open.c that causes all options in a line
of authorized_keys to be applied to all subsequent lines without
options.
IMNSHO this clearly shows the evil of global variables, and using
extern whatever as a means of information sharing.
Cheers,
Han Holl
--- auth-options.c.orig Fri Feb 9 14:14:51 2001
+++ auth-options.c Fri Feb 9 14:18:43 2001
@@ -57,11 +57,12
2002 Jan 26
7
[PATCH] Added NoDelay config option and nodelay subsystem option
Hello again!
Since there was some resistance against adding TCP_NODELAY uncontionally,
I've made another patch. The new patch contains the following:
* Added a NoDelay yes/no (default no) config option to ssh and sshd
* Added -oNoDelay=yes to the ssh command line for sftp.
* Changed the sshd subsystem config option syntax from
Subsystem name path
to
Subsystem name options path