similar to: [Bug 2175] New: possible use after free

Hello Steve, Hello OpenSSH-portable developers, I am building OpenSSH for our (EBCDIC-based) BS2000 mainframe operating system, and I noticed you do the same for OS/390. Because my initial ssh port was based on IBM's OSS port (ssh-1.2.2 or some such), I thought it was fair enough to help with a little co-operation; we might come up with a unified EBCDIC patch which could be contributed to

This patch against OpenBSD -current adds a simple form of PKI to OpenSSH. We'll be using it at work. See README.certkey (the first chunk of the patch) for details. Everything below is BSD licensed, sponsored by Allamanda Networks AG. Daniel --- /dev/null Wed Nov 15 15:14:20 2006 +++ README.certkey Wed Nov 15 15:13:45 2006 @@ -0,0 +1,176 @@ +OpenSSH Certkey + +INTRODUCTION + +Certkey allows

Hello, I had some difficulties in order to convert private keys between different implementations of SSH. So, I wrote the following patch to allow export of SSH2 RSA and DSA private keys into IETF SECSH format. Note that I also slightly revised the IETF SECSH key import code. Usage: use of the "-e" option on a private key file generates an unencrypted private key file in IETF SECSH

Hi all, I recently made a patch to openssh 4.1p1 to allow it to use the in-kernel key management provided by 2.6.12 or later Linux kernels. I've attached the patch (which is still only a proof-of-concept, for instance its very verbose right now) to this mail. Now, my question is, is this a completely insane idea and would (a later version of) the patch have a chance of making it into the

My keys are secured with a passphrase. That's good for security, but having to type the passphrase either at every login or at every invocation of ssh(1) is annoying. I know I could invoke ssh-add(1) just before invoking ssh(1), if I keep track of whether I invoked it already, or write some hacky scripts; but the rest of OpenSSH is wonderfully usable without any hacks. Hence, this patch.

Hello, There's a memory allocation for sensitive_data.keys in ssh.c:848 which uses size of Key instead of Key*. This is probably harmless but seems to be wrong. --- a/ssh.c +++ b/ssh.c @@ -846,7 +846,7 @@ main(int ac, char **av) options.hostbased_authentication) { sensitive_data.nkeys = 7; sensitive_data.keys = xcalloc(sensitive_data.nkeys, -

Here is a quick patch against openssh-2.5.1p1 to add a new config option (pkalg) for the ssh client allowing the selection of which public keys are obtained/verified. --cut-here- diff -c3 -r orig/openssh-2.5.1p1/key.c openssh-2.5.1p1/key.c *** orig/openssh-2.5.1p1/key.c Mon Feb 5 18:16:28 2001 --- openssh-2.5.1p1/key.c Sun Mar 11 23:10:10 2001 *************** *** 534,539 **** --- 534,567 ----

Dear OpenSSH developers, I've worked this week on an alternative key exchange mechanism, in reaction to the whole NSA leaks and claims over cryptographic backdoors and/or cracking advances. The key exchange is in my opinion the most critical defense against passive eavesdropping attacks. I believe Curve25519 from DJB can give users a secure alternative to classical Diffie-Hellman (with fixed

http://defect.opensolaris.org/bz/show_bug.cgi?id=2175 Summary: running full test/cli tests cause panic after a number of tests run.. Classification: Development Product: zfs-crypto Version: unspecified Platform: Other OS/Version: Solaris Status: NEW Severity: normal Priority: P2

Hi list, I have no idea if Damien Miller had the time to work on that. I have an initial patch to authenticate using PKCS#11 and ECDSA keys. This requires OpenSSL 1.0.2, prior OpenSSL versions do not expose the required interfaces to override the signature function pointer for ECDSA. The only limitation is that the OpenSSL API misses some cleanup function (finish, for instance), hence I have yet

libkeyutils is used by the keyctl command which is required for loading keys into the kernel (e.g. for mounting an authenticated UBIFS as root file system). libkeyutils usually invokes syscall() directly. As syscall() is not provided by klibc, libkeyutils has to be slightly modified for using the klibc wrappers. Signed-off-by: Christian Eggers <ceggers at arri.de> ---

This (very quick) patch allows you to connect with the commercial ssh.com windows client and use x509 certs for hostkeys. You have to import your CA cert (ca.crt) in the windows client and certify your hostkey: $ cat << 'EOF' > x509v3.cnf CERTPATHLEN = 1 CERTUSAGE = digitalSignature,keyCertSign CERTIP = 0.0.0.0 [x509v3_CA]

The included patch for openssh 3.0.2p1 implements overlapping read requests for the sftp client. It should be able to handle weird cases such as shriking files and reordered responses. This is only the first shot, and I'd be happy for any comments. I plan to implement something similar for the write path if this works out well. The maximum number of outstanding requests is quite high at

Hello everybody, I installed eucalyptus on ubuntu10, basic configuration . Everything is ok untill I start the instances, the disk is being created but it terminates soon. Environment: NFS , KVM, ubuntu10 x64, Euca on 2 machines (wc sc cc clc on one machine, and nc on another). libvirtd (libvirt) 0.7.5 QEMU PC emulator version 0.12.3 (qemu-kvm-0.12.3), Copyright (c) 2003-2008 Fabrice Bellard.

On Wed, 2020-07-08 at 08:37 +0200, Christian Eggers wrote: > libkeyutils is used by the keyctl command which is required for loading > keys into the kernel (e.g. for mounting an authenticated UBIFS as root > file system). > > libkeyutils usually invokes syscall() directly. As syscall() is not > provided by klibc, libkeyutils has to be slightly modified for using the > klibc

Hi, Is there any way to store HostKey in hardware (and delegate the related processing)? I have been using Roumen Petrov's x509 patch for clients, which works via an OpenSSL engine, but it does not seem to support server HostKey: http://roumenpetrov.info/pipermail/ssh_x509_roumenpetrov.info/2012q4/000019.html For PKCS#11, I have found an email on this list from a year back suggesting this

On July 27, 2020 2:43:36 AM PDT, Christian Eggers <ceggers at arri.de> wrote: >On Saturday, 25 July 2020, 23:36:33 CEST, Ben Hutchings wrote: >> On Wed, 2020-07-08 at 08:37 +0200, Christian Eggers wrote: >> > ... >> > libkeyutils usually invokes syscall() directly. As syscall() is not >> > provided by klibc, libkeyutils has to be slightly modified for

Some HSM's such as Safenet Network HSM do not allow searching for keys unauthenticated. To support such devices provide a mechanism for users to provide a pin code that is always used to automatically log in to the HSM when using PKCS11. The pin code is read from a file specified by the environment variable SSH_PKCS11_PINFILE if it is set. Tested against Safenet Network HSM. ---

i'm a chinese programmer, i want to write a system call to create an filter attach with some qdisc, but i don't know the filter param's struct in the kernel. i just know the struct struct tc_u32_key { __u32 mask; __u32 val; int off; int offmask; }; struct tc_u32_sel { unsigned char flags; unsigned char offshift; unsigned char nkeys; __u16 offmask; __u16 off;

On Saturday, 25 July 2020, 23:36:33 CEST, Ben Hutchings wrote: > On Wed, 2020-07-08 at 08:37 +0200, Christian Eggers wrote: > > ... > > libkeyutils usually invokes syscall() directly. As syscall() is not > > provided by klibc, libkeyutils has to be slightly modified for using the > > klibc wrappers. > > Wouldn't it be more useful for klibc to implement