similar to: Bugzilla bug entry #342

Hi, I'm having a real difficulty here, and I'll keep this very short; ask for needed details. I've got two nearly identically configured RedHat 8 systems, call them A and B. I've generated keys with passphrases on both, added the public key for B to ~/.ssh/authorized_hosts on A and vice versa. On either machine, I can use ssh-agent with no problems. In particular, if I run

Both systems are running RH 7.3 with a compiled copy of 3.4p1 with pam support enabled via configure root at vlan root]# ssh -v -v -v root at 207.62.147.3 OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f debug1: Reading configuration data /usr/local/etc/ssh_config debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: ssh_connect: needpriv 0 debug1:

This patch (to OpenSSH 3.0.2p1) adds support for using krb4, krb5 and other principal names in authorized_keys entries. It's a sort of replacement for .klogin and .k5login, but it's much more general than .k*login as it applies to any authentication mechanism where a name is associated with the ssh client and it supports name patterns and all the normal authorized_keys entry options

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greetings, I am not sure if this is the correct place to ask these question, if I am at the wrong place please advise. I am currently working on some modifications to openssh which record the users rsa/dsa identity comment file to a log file when the user logs in (password authentication is disabled). The ssh1 portion of the modification works

As you know, revoking RSA/DSA keys in an SSH environment requires editing all authorized_keys and authorized_keys2 files that reference those public keys. This is, well, difficult at best but certainly very obnoxious, particularly in a large environment. SSH key management is difficult. This patch simplifies key management wherever GSS-API/Kerberos is used and is general enough to be used with

https://bugzilla.mindrot.org/show_bug.cgi?id=2496 Bug ID: 2496 Summary: sshd hangs when using AuthorizedKeysCommand Product: Portable OpenSSH Version: 7.1p1 Hardware: amd64 OS: FreeBSD Status: NEW Severity: normal Priority: P5 Component: sshd Assignee: unassigned-bugs at

https://bugzilla.mindrot.org/show_bug.cgi?id=2688 Bug ID: 2688 Summary: Long log messages to stderr missing newlines Product: Portable OpenSSH Version: 7.4p1 Hardware: All OS: Linux Status: NEW Severity: minor Priority: P5 Component: sshd Assignee: unassigned-bugs at

https://bugzilla.mindrot.org/show_bug.cgi?id=2615 Bug ID: 2615 Summary: LoginGraceTime bypass (DoS) Product: Portable OpenSSH Version: 7.3p1 Hardware: Sparc OS: Solaris Status: NEW Severity: normal Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org

Hi, I have added calls to `check_ntsec()' to the code which checks for the ownership and modes of identity files and directories. As you might know, check_ntsec() tests if owner/modes are supported by the OS (9x/ME=no, NT/W2K=yes), the filesystem (FAT/FAT32=no, NTFS=yes) and the current Cygwin settings (ntea/ntsec). Corinna Index: auth-rhosts.c

Hello, The patch below allows one to configure not only files like "%h/.ssh/authorized_keys" to be used, but also patterns like "%h/.ssh/authorized_keys.d/*". This can be quite useful if somebody or something has to manage an above average number of keys, like when running a git server that determines the user based on the ssh key. (Like what they do at github.com, and what

These patches are against 3.0.1p1. I need them because I have a local mod which needs access to the ServerOptions struct named ``options'', hence the rename. --- auth-rsa.c.orig Mon Nov 19 16:54:01 2001 +++ auth-rsa.c Mon Nov 19 16:56:18 2001 @@ -180,8 +180,7 @@ * user really has the corresponding private key. */ while (fgets(line, sizeof(line), f)) { - char *cp; - char

http://bugzilla.mindrot.org/show_bug.cgi?id=833 Summary: sshd server sends SshMsgChannelFailure despite of successfully running sftp server Product: Portable OpenSSH Version: 3.8p1 Platform: All OS/Version: Cygwin on NT/2k Status: NEW Severity: normal Priority: P2 Component: sshd

This patch is against 3.0.2p1. It produces output like the first line in the example below for both v1 and v2 logins. Logging is turned on by sticking ``LogFingerprint yes'' in sshd_conf. It would be nice if something like this would make it into OpenSSH. Dec 4 14:21:09 lizzy.bugworks.com sshd[7774]: [ID 800047 auth.info] Found matching RSA1 key:

https://bugzilla.mindrot.org/show_bug.cgi?id=1472 Summary: Authentication options not cleared in privileged process Classification: Unclassified Product: Portable OpenSSH Version: -current Platform: All URL: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug /161047 OS/Version: Linux

Playing around with the [wonderful] GSS-API patches for OpenSSH [1] I noticed that there is a bit of functionality missing from OpenSSH/GSS-API, namely that authorized_keys2 has no meaning when using GSS authentication. Yes, ~/.k5login can be used to grant access to an account for applications that support Kerberos, as does OpenSSH with those GSS patches, but .k5login does not and cannot provide

Hi all. As Corinna pointed out, there are some cases where sshd will log some authentications twice when privsep=yes. This can happen on any platform although it seems most obvious on the ones that don't do post-auth privsep. It also occurs when sshd logs to stderr (eg running under daemontools) or when you have a /dev/log in the privsep chroot. The patch below attempts to solve this for

Hello there! I have made a patch against OpenSSH 3.0.2p1 which allows the fingerprint of the accepted key to be printed in the log message. It works with SSH1-RSA and SSH2 pubkey (DSA+RSA) authentication. This feature is controllable by the LogKeyFingerprint config option (turned off by default). Michal Kara -------------- next part -------------- diff -u5

I updated a powerpc64 be system from fedora 25 (glibc 2.24) to fedora 26 (glibc 2.25) and several test cases started failing that deal with dynamic thread local storage. Failing Tests (3): LeakSanitizer-AddressSanitizer-powerpc64 :: TestCases/Linux/use_tls_dynamic.cc LeakSanitizer-Standalone-powerpc64 :: TestCases/Linux/use_tls_dynamic.cc MemorySanitizer-POWERPC64 ::

Hello list! So I recently reconfigured our office network to allow a permanent VPN connection to our data center. This consists of a Juniper SSG-520 connected via a tunnel to a Juniper Netscreen-25 over a 100M leased NTT VPN (yes I'm tunneling over the VPN as it's the only way to make it routable.) Here is where OpenSSH come in. When I try and ssh to a machine on the other end

Hello, I got some weird problem with public key authentication using rsa key pair. Let me first of all explain my setup. 1) I got two Solaris 8 x86 boxes uname -a SunOS 5.8 Generic_117351-24 i86pc i386 i86pc <kdc: 192.168.10.11> <---> <module: 192.168.10.10> 2) They're running absolutely identical openssh installations I'm using pkgsrc, so I've builded all