[PATCH] debug public key print

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hi all,

Attached is patch for feature to print the full public key of all
key-based login attempts when debug level is set to 1 or above. It was
written in the course of debugging/forensic analysis.

Looking for comments on merge worthiness.

Enhancement ticket can be seen here:
     https://bugzilla.mindrot.org/show_bug.cgi?id=2939

Github pull request here:
    https://github.com/openssh/openssh-portable/pull/112
(made before I realized they're not the preferred method of contribution)

    Andrew
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index 2fb5950..82cce57 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -122,6 +122,17 @@ userauth_pubkey(struct ssh *ssh)
                    "(received %d, expected %d)", __func__, key->type, pktype);
                goto done;
        }
+       if (log_level_get() >= SYSLOG_LEVEL_DEBUG1) {
+               if ((b = sshbuf_new()) == NULL)
+                       fatal("%s: sshbuf_new failed", __func__);
+               if ((r = sshkey_format_text(key, b)) != 0)
+                       fatal("%s: sshkey_format_text failed: %s", __func__,
+                               ssh_err(r));
+               debug("%s: public key of %s: %s", __func__, authctxt->user,
+                       sshbuf_ptr(b));
+               sshbuf_free(b);
+               b = NULL;
+       }
        if (sshkey_type_plain(key->type) == KEY_RSA &&
            (ssh->compat & SSH_BUG_RSASIGMD5) != 0) {
                logit("Refusing RSA key because client uses unsafe "
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux