Displaying 20 results from an estimated 200 matches similar to: "second FIPS patch for openssh 6.0p1, fix pubkey"
2006 Nov 15
11
OpenSSH Certkey (PKI)
This patch against OpenBSD -current adds a simple form of PKI to
OpenSSH. We'll be using it at work. See README.certkey (the first chunk
of the patch) for details.
Everything below is BSD licensed, sponsored by Allamanda Networks AG.
Daniel
--- /dev/null Wed Nov 15 15:14:20 2006
+++ README.certkey Wed Nov 15 15:13:45 2006
@@ -0,0 +1,176 @@
+OpenSSH Certkey
+
+INTRODUCTION
+
+Certkey allows
2001 Dec 04
0
PATCH: log key fingerprint upon successful login
This patch is against 3.0.2p1. It produces output like the first line in the
example below for both v1 and v2 logins. Logging is turned on by sticking
``LogFingerprint yes'' in sshd_conf. It would be nice if something like this
would make it into OpenSSH.
Dec 4 14:21:09 lizzy.bugworks.com sshd[7774]: [ID 800047 auth.info] Found
matching RSA1 key:
2008 Apr 21
3
FIPS 140-2 OpenSSL(2007) patches
Hi,
I am happy to (re)send a set of patches for compiling OpenSSH 4.7p1 with
FIPS 140-2 OpenSSL.
These are based on previously reported patches by Steve Marquess
<marquess at ieee.org> and Ben Laurie <ben at algroup.co.uk>,
for ver. OpenSSH 3.8.
Note that these patches are NOT OFFICIAL, and MAY be used freely by
anyone.
Issues [partially] handled:
SSL FIPS Self test.
RC4,
2003 Feb 09
1
Logging of comments on keys
Hi,
during our usual work I found it anoying that one can not easily see
who logged in using public key authentication. In newer versions of
SSH the fingerprint of the public key gets logged, but who can tell
which key belongs to whom from his head?
So I wrote a little ad-hoc patch (vs. 3.5.p1) so that the comment
field on the keys in the authorized_keys[2] files get logged to make
life
2005 Jul 26
1
Linux in-kernel keys support
Hi all,
I recently made a patch to openssh 4.1p1 to allow it to use the
in-kernel key management provided by 2.6.12 or later Linux kernels.
I've attached the patch (which is still only a proof-of-concept, for
instance its very verbose right now) to this mail.
Now, my question is, is this a completely insane idea and would (a later
version of) the patch have a chance of making it into the
2002 Jan 29
2
Key fingerprint logging
Hello there!
I have made a patch against OpenSSH 3.0.2p1 which allows the fingerprint of
the accepted key to be printed in the log message. It works with SSH1-RSA and
SSH2 pubkey (DSA+RSA) authentication.
This feature is controllable by the LogKeyFingerprint config option (turned
off by default).
Michal Kara
-------------- next part --------------
diff -u5
2003 May 12
0
Patch logging comment field of authorized key being used
In order to comply with our internal security guidelines, we created a
patch on top of openssh-3.6.1p2. With that patch, if sshd sets up a
session based on key authentication, it logs to syslog which one of the
keys in authorized_keys or authorized_keys2 is actually being used. The
patch logs the key comment (typically the key owner's email address) as
well as the name of the file containing
2013 Jun 09
1
pass fingerprint to authorizedkeyscommand
Hi guys,
It might be nice if AuthorizedKeysCommand would receive the fingerprint of
the offered key as an argument, so that programs like gitolite could
implement more refined key-based identity lookup that offers better
performance than AuthorizedKeysFile's linear scan.
The following patch is untested but is the basic idea:
diff -ru openssh-6.2p1/auth2-pubkey.c
2006 Feb 04
2
[PATCH] allow user to update changed key in known_hosts
Hi list,
I use ssh a lot and I often need to connect to hosts whose host key has
changed. If a host key of the remote host changes ssh terminates and the
user has to manually delete the offending host key from known_hosts. I
had to do this so many times that I no longer like the idea ;-)
I would really like ssh to ask me if the new host key is OK and if I
want to add it to known_hosts.
I talked
2002 May 09
0
functions : server_input_channel_req userauth_pubkey
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Greetings,
I am not sure if this is the correct place to ask these question,
if I am at the wrong place please advise.
I am currently working on some modifications to openssh
which record the users rsa/dsa identity comment file to
a log file when the user logs in (password authentication
is disabled).
The ssh1 portion of the modification works
2004 Oct 03
0
[patch] tell user about hosts with same key
The attached patch implements a feature that would make my interaction
with ssh somewhat more secure. When connecting to a host whose key is
not in the known_hosts file, this patch makes ssh tell the user about any
other hosts in the known_hosts file that have the same key.
For example, if I have host A in my known_hosts file, and try to connect
to host B which is an alias for A, ssh will tell
2003 Mar 31
1
[Bug 526] potential ssh-keysign segfault if pktype == KEY_UNSPEC
http://bugzilla.mindrot.org/show_bug.cgi?id=526
Summary: potential ssh-keysign segfault if pktype == KEY_UNSPEC
Product: Portable OpenSSH
Version: 3.6p1
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Miscellaneous
AssignedTo: openssh-unix-dev at mindrot.org
2003 Oct 08
4
OS/390 openssh
Hello Steve, Hello OpenSSH-portable developers,
I am building OpenSSH for our (EBCDIC-based) BS2000 mainframe
operating system, and I noticed you do the same for OS/390.
Because my initial ssh port was based on IBM's OSS port (ssh-1.2.2
or some such), I thought it was fair enough to help with a little
co-operation; we might come up with a unified EBCDIC patch which could
be contributed to
2010 Mar 03
2
Viewing cetificate details
Hi,
I don't see any way to view the details of a certificate once it is
generated. Having such a capability would be very handy for debugging
purposes to check what constraints, principals, and validity interval
are associated with a given cert.
--
Iain Morgan
2010 Apr 29
12
[Bug 1765] New: Error message if key not first in authorized_keys file
https://bugzilla.mindrot.org/show_bug.cgi?id=1765
Summary: Error message if key not first in authorized_keys file
Product: Portable OpenSSH
Version: 5.5p1
Platform: Other
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: unassigned-bugs at mindrot.org
2014 Mar 26
1
SSHFP issue
Have you seen this?
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742513
--mancha
2001 Aug 15
0
[ossh patch] principal name/patterns in authorized_keys2
As you know, revoking RSA/DSA keys in an SSH environment requires
editing all authorized_keys and authorized_keys2 files that reference
those public keys. This is, well, difficult at best but certainly very
obnoxious, particularly in a large environment.
SSH key management is difficult. This patch simplifies key management
wherever GSS-API/Kerberos is used and is general enough to be used with
2009 Mar 24
3
A way to log what line of authorized_keys that was used
Hi!
I'm pretty sure that this isn't currently supported, so, I'll give it a
shot and rather be rtfm-flamed instead of not trying :)
Is there any way of logging what line of authorized_keys (and what file)
that was used when a user logs in? It would be very nice to have to
improve auditing logins of accounts with multiple publickeys.
And, if there isn't - Would it be of
2002 Jan 24
1
PATCH: krb4/krb5/... names/patterns in auth_keys entries
This patch (to OpenSSH 3.0.2p1) adds support for using krb4, krb5 and
other principal names in authorized_keys entries.
It's a sort of replacement for .klogin and .k5login, but it's much more
general than .k*login as it applies to any authentication mechanism
where a name is associated with the ssh client and it supports name
patterns and all the normal authorized_keys entry options
2011 Aug 03
0
OpenSSH and FIPS 140-2
Does anyone knows why in some OpenSSH patches for FIPS we have something like:
SSLeay_add_all_algorithms();
if (FIPS_mode() && !FIPSCHECK_verify(NULL, NULL)) {
fprintf(stderr,
"FIPS integrity verification test failed.\n");
exit(3);
}
This block of code is always in main() soon after starting
service/client. Why are they