similar to: [Bug 2541] New: Add explicit_bzero() before free() in OpenSSH-7.1p2 for auth1.c/auth2.c/auth2-hostbased.c

In auth2-hostbased.c, line #146 if (auth_rhosts2(pw, cuser, chost, chost) == 0) ^^^^^ shouldn't this be if (auth_rhosts2(pw, cuser, chost, ipaddr) == 0) ^^^^^^ The code was found in 4.2. Best regards, Choung S.Park

Even with option "HostbasedUsesNameFromPacketOnly yes", the trailing dot in chost should be stripped before auth_rhosts2() is called from hostbased_key_allowed(). Hans Werner Strube strube at physik3.gwdg.de Drittes Physikalisches Institut, Univ. Goettingen Buergerstr. 42-44, D-37073 Goettingen, Germany Suggested change: *** auth2.c.ORI Wed Apr 25 14:44:15 2001 ---

The following simple patch (against openssh-3.1) moves the test for a trailing dot in the client-supplied hostname so that it is also stripped when using the server option HostbasedUsesNameFromPacketOnly. Please CC me on any replies, as I'm not subscribed to the list. Cheers, Bill Rugolsky --- ssh/auth2.c~ Sun Feb 24 14:14:59 2002 +++ ssh/auth2.c Wed May 8 16:26:26 2002 @@ -709,15

I have been trying to install 3.4p1 on a number of machines. Servers on ia64 Linux, i386 Linux and SPARC Solaris are all working like charms. On the other hand, I am having trouble at least with HPUX 11, DEC OSF 5.1 and Unixware: on all those systems, sshd bails out after authentication with an error in buffer_append_space. Here is the output of sshd -d on the UnixWare machine (uname -a:

Hi, I am still working on getting hostbased authentication working in OpenSSH 3.5p1. I emailed the user list, and got no response. It seems so simple, yet I have continued to have problems getting it working properly. I've read posts about it on this list, and the openssh-unix-dev list, and nothing I have tried seems to work. My question is this, does it matter which key, either

OpenSSH 7.1p2 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. OpenSSH also includes transitional support for the legacy SSH 1.3 and 1.5 protocols that may be enabled at compile-time. Once again, we would like to thank the OpenSSH

Hi all. As Corinna pointed out, there are some cases where sshd will log some authentications twice when privsep=yes. This can happen on any platform although it seems most obvious on the ones that don't do post-auth privsep. It also occurs when sshd logs to stderr (eg running under daemontools) or when you have a /dev/log in the privsep chroot. The patch below attempts to solve this for

Remove sshkey_load_private(), as this function's role is similar to sshkey_load_private_type(). --- Dependency: This change depends over recently merged change in openbsd: https://github.com/openbsd/src/commit/b0c328c8f066f6689874bef7f338179145ce58d0 Change log: v1->v2 - Remove declaration of sshkey_load_private() in authfile.h authfile.c | 38

If the operation in the function is not allowed memory is leaked in three variables which were xmalloc'ed with buffer_get_string. In the allowed case these variables are pointed to by variables with a greater scope thus the reason this is a condtional leak. This entire set of patches passed the regression tests on my system. Resource leak bugs found by Coverity. Signed-off-by:

On Wed, Jul 20, 2016 at 09:02:57PM -0600, Selphie Keller wrote: > I wonder if could be useful to set the fall back account to something user > defined to avoid suggesting people add passwords to root, though I do like > root since the account is always there, Since committing that diff I've heard of people running in production with no root password (ie *LK*, !! or similar).

If HostbasedUsesNameFromPacketOnly is set to yes, sshd does not remove the trailing dot from the client supplied hostname, causing sshd to attempt to look up "foo.example.com." (note trailing period) in known_hosts and .shosts instead of "foo.example.com" Trivial patch attached. -- Carson -------------- next part -------------- An embedded and charset-unspecified text was

Hi, Folks ... Apologies in advance for the length of this message, but I wanted to be thorough, and provide as much info as I could. I'm trying to figure out a problem in trusted-host authentication using AIX hosts as clients, and a Sun host as the server; either I'm missing something real obvious, or there might be a bug somewhere in some piece of software involved here. -- All of

http://bugzilla.mindrot.org/show_bug.cgi?id=356 Summary: 3.4p1 hostbased authentication between Linux and Solaris Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: Linux Status: NEW Severity: major Priority: P2 Component: ssh AssignedTo: openssh-unix-dev at mindrot.org

http://cvs-mirror.mozilla.org/webtools/bugzilla/show_bug.cgi?id=382 Summary: Privilege Separation breaks HostbasedAuthentication Product: Portable OpenSSH Version: -current Platform: Sparc OS/Version: Solaris Status: NEW Severity: major Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at

https://bugzilla.mindrot.org/show_bug.cgi?id=2540 Bug ID: 2540 Summary: Adds xstrndup() to xmalloc.h/xmalloc.c in OpenSSH 7.x Product: Portable OpenSSH Version: 7.1p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: Miscellaneous Assignee:

Hello! I have a minor observation about code in sshbuf.c, not sure if it would be useful, but here it is. sshbuf_reset() is currently implemented like this: void sshbuf_reset(struct sshbuf *buf) { u_char *d; if (buf->readonly || buf->refcount > 1) { /* Nonsensical. Just make buffer appear empty */ buf->off = buf->size; return; } if (sshbuf_check_sanity(buf) != 0)

Hi, Can anyone advise me on how to compile R with Portland Group compiler on a Opeteron machine with Red Hat Enterprise Linux WS release 4 installed? I've edit config.site file to pick portland group compilers instead of gcc. Here is the list of modified flags: CC=/usr/pgi/linux86-64/6.0/bin/pgcc CFLAGS='-g -O2' CPPFLAGS='-I/usr/pgi/linux86-64/6.0/include

openssh-3.0p1 still contains the bug which I already reported on Sept. 28 2001 for 2.9p2, namely, the trailing dot in chost should be stripped before calling auth_rhosts2() even with option "HostbasedUsesNameFromPacketOnly yes". Otherwise, the host names in /etc/hosts.equiv and .rhosts would have to be dot-terminated. Fix: Move lines 776-779 of auth2.c upwards to after line 767. (These

Adrian Baugh wrote: > > Hi, > I'm using the Linux port of OpenSSH 1.2-pre15. > One of my users complained of not being able to log in using password > authentication but being able to log in okay using RSA authentication. > I set up the server in debug mode and got the following for RSA > authentication (usernames, machine names and IPs obfuscated): I think I have found

I believe auth-rhosts.c, function check_rhosts_file(), contains a bug that shows up when doing host-based authentication where the client_user name is not the same as the server_user name. Line 76 reads: strlcpy(userbuf, server_user, sizeof(userbuf)); I believe it should read: strlcpy(userbuf, client_user, sizeof(userbuf)); Otherwise later in the function this test will fail: /* Verify that