Displaying 20 results from an estimated 1100 matches similar to: "Trailing dot is not removed from client hostname if HostbasedUsesNameFromPacketOnly is yes"
2002 May 08
1
[PATCH] Strip trailing . when using HostbasedUsesNameFromPacketOnly
The following simple patch (against openssh-3.1) moves the test for a
trailing dot in the client-supplied hostname so that it is also stripped
when using the server option HostbasedUsesNameFromPacketOnly.
Please CC me on any replies, as I'm not subscribed to the list.
Cheers,
Bill Rugolsky
--- ssh/auth2.c~ Sun Feb 24 14:14:59 2002
+++ ssh/auth2.c Wed May 8 16:26:26 2002
@@ -709,15
2001 Nov 09
2
openssh-3.0p1, auth2.c
openssh-3.0p1 still contains the bug which I already reported on Sept. 28 2001
for 2.9p2, namely, the trailing dot in chost should be stripped before calling
auth_rhosts2() even with option "HostbasedUsesNameFromPacketOnly yes".
Otherwise, the host names in /etc/hosts.equiv and .rhosts would have to be
dot-terminated. Fix: Move lines 776-779 of auth2.c upwards to after line 767.
(These
2001 Sep 28
3
openssh-2.9p2, short hostnames
For systems where the local hostname is obtained as a short name without
domain, there should be a ssh_config option "DefaultDomain" as in ssh-3.x
from ssh.com.
For the server, there might be a corresponding option in order to strip
the domain name from the remote client name (if it matches the server's
DefaultDomain) for use in auth_rhost2, since netgroups usually contain
short
2003 Feb 28
1
Hostbased Authentication Question
Hi,
I am still working on getting hostbased authentication working in
OpenSSH 3.5p1. I emailed the user list, and got no response. It seems so
simple, yet I have continued to have problems getting it working properly.
I've read posts about it on this list, and the openssh-unix-dev list, and
nothing I have tried seems to work. My question is this, does it matter
which key, either
2005 Oct 06
1
Possible security problem in hostbased user authentication?
In auth2-hostbased.c, line #146
if (auth_rhosts2(pw, cuser, chost, chost) == 0)
^^^^^
shouldn't this be
if (auth_rhosts2(pw, cuser, chost, ipaddr) == 0)
^^^^^^
The code was found in 4.2.
Best regards,
Choung S.Park
2001 Sep 28
2
openssh-2.9p2, auth2.c
Even with option "HostbasedUsesNameFromPacketOnly yes", the trailing
dot in chost should be stripped before auth_rhosts2() is called from
hostbased_key_allowed().
Hans Werner Strube strube at physik3.gwdg.de
Drittes Physikalisches Institut, Univ. Goettingen
Buergerstr. 42-44, D-37073 Goettingen, Germany
Suggested change:
*** auth2.c.ORI Wed Apr 25 14:44:15 2001
---
2015 Jan 09
5
OpenSSH_6.7p1 hostbased authentication failing on linux->linux connection. what's wrong with my config?
Hi,
On Fri, Jan 9, 2015, at 10:48 AM, Tim Rice wrote:
> My ssh_config has
> Host *
> HostbasedAuthentication yes
> EnableSSHKeysign yes
> NoHostAuthenticationForLocalhost yes
>
> NoHostAuthenticationForLocalhost is not necessary.
> The one you are missing is EnableSSHKeysign.
>
> Additionally, you made no mention of your ssh_known_hosts files. Make
> sure
2001 Oct 29
5
HostbasedAuthentication problem
I'm trying to use HostbasedAuthentication. Running ssh -v -v -v user at host
the following error occurs:
debug3: authmethod_is_enabled hostbased
debug1: next auth method to try is hostbased
debug2: userauth_hostbased: chost <host>
debug2: we did not send a packet, disable method
What does this mean ? I enabled HostbasedAuthentication in
/etc/ssh/ssh_config and as it looks, this setting
2015 Jan 09
5
OpenSSH_6.7p1 hostbased authentication failing on linux->linux connection. what's wrong with my config?
I run OpenSSH on linux
@ client
which ssh
/usr/local/bin/ssh
ssh -v
OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014
@ server
which sshd
/usr/local/bin/sshd
sshd -v
unknown option -- V
OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014
usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-c host_cert_file]
[-E log_file] [-f config_file] [-g login_grace_time]
2002 Jul 01
3
3.4p1: 'buffer_append_space: alloc 10506240 not supported'
I have been trying to install 3.4p1 on a number of machines.
Servers on ia64 Linux, i386 Linux and SPARC Solaris are all working
like charms. On the other hand, I am having trouble at least with
HPUX 11, DEC OSF 5.1 and Unixware: on all those systems, sshd bails
out after authentication with an error in buffer_append_space.
Here is the output of sshd -d on the UnixWare machine
(uname -a:
2007 May 17
7
[Bug 616] proxycommand breaks hostbased authentication.
http://bugzilla.mindrot.org/show_bug.cgi?id=616
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org,
| |simon at sxw.org.uk
--- Comment #2 from
2003 Sep 13
2
CVS is missing documentation for HostbasedUsesNameFromPacketOnly
I'm attaching a simple doc patch against current CVS - feel free to re-word
it as you see fit. I also noticed that if UseDNS is no,
HostbasedUsesNameFromPacketOnly _must_ be yes if you want
HostbasedAuthentication to work.
--
Carson
-------------- next part --------------
--- sshd_config.5.DIST 2003-09-13 02:25:18.365707000 -0400+++ sshd_config.5 2003-09-13 02:46:29.430974000 -0400@@
2006 Oct 04
0
[Bug 1200] sshd does not strip trailing dot from client hostname with HostbasedUsesNameFromPacketOnly
http://bugzilla.mindrot.org/show_bug.cgi?id=1200
------- Comment #2 from res at qoxp.net 2006-10-05 09:01 -------
*** Bug 1248 has been marked as a duplicate of this bug. ***
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
2014 Nov 05
17
[Bug 2305] New: sshd does not accept @cert-authority when doing host based authentication.
https://bugzilla.mindrot.org/show_bug.cgi?id=2305
Bug ID: 2305
Summary: sshd does not accept @cert-authority when doing host
based authentication.
Product: Portable OpenSSH
Version: 6.5p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component:
2002 Aug 01
0
[Bug 376] New: HostbasedAuthentication, followed snailbook but not working! :-(
http://bugzilla.mindrot.org/show_bug.cgi?id=376
Summary: HostbasedAuthentication, followed snailbook but not
working! :-(
Product: Portable OpenSSH
Version: -current
Platform: UltraSparc
URL: http://groups.google.com/groups?dq=&hl=en&lr=&ie=UTF-
2023 Oct 22
1
Host name lookup failure using hostbased authentication
There is a nasty problem when using hostbased authentication:
[thomas at sarkovy ~]$ journalctl -l -f | grep -Fe 'sshd['
Okt 22 15:20:54 sarkovy sshd[35034]: userauth_hostbased mismatch: client
sends htpc.koeller.dyndns.org, but we resolve 192.168.0.2 to 192.168.0.2
Okt 22 15:20:54 sarkovy sshd[35034]: Connection closed by authenticating
user thomas 192.168.0.2 port 36284 [preauth]
^C
2010 Jun 15
3
[Bug 1782] New: Match support for HostbasedUsesNameFromPacketOnly
https://bugzilla.mindrot.org/show_bug.cgi?id=1782
Summary: Match support for HostbasedUsesNameFromPacketOnly
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P2
Component: sshd
AssignedTo: unassigned-bugs at mindrot.org
2020 Oct 23
3
"Semi-Trusted" SSH-Keys that also require PAM login
Hello Damien, Brian and all,
thanks for the suggestions. I actually had not considered host-based
authentication and looked it up.
As I understand from my first quick reading, I would need to specify the
clients which are allowed to use host-based auth on the server with a
DNS name or an IP, which would not work for a client behind a CG NAT or
in a cellular network.
Or did I get this wrong?
2002 Aug 07
0
[Bug 382] New: Privilege Separation breaks HostbasedAuthentication
http://cvs-mirror.mozilla.org/webtools/bugzilla/show_bug.cgi?id=382
Summary: Privilege Separation breaks HostbasedAuthentication
Product: Portable OpenSSH
Version: -current
Platform: Sparc
OS/Version: Solaris
Status: NEW
Severity: major
Priority: P2
Component: sshd
AssignedTo: openssh-unix-dev at
2016 Feb 14
5
[Bug 2541] New: Add explicit_bzero() before free() in OpenSSH-7.1p2 for auth1.c/auth2.c/auth2-hostbased.c
https://bugzilla.mindrot.org/show_bug.cgi?id=2541
Bug ID: 2541
Summary: Add explicit_bzero() before free() in OpenSSH-7.1p2
for auth1.c/auth2.c/auth2-hostbased.c
Product: Portable OpenSSH
Version: 7.1p1
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5