search for: baushke

Displaying 20 results from an estimated 50 matches for "baushke".

Did you mean: banshee
2015 Jun 12
2
[Bug 2302] with DH-GEX, ssh (and sshd) should not fall back to unconfigured DH groups or at least document this behaviour and use a stronger group
On Fri 2015-06-12 01:52:54 -0400, Mark D. Baushke wrote: > I have communicated with Allen Roginsky on this topic and I have been given permission to post his response. > > In this message below, the 'vendor' was Darren Tucker's generated prime > that used a generator value of 5. > > -- Mark > > From: "Rogi...
2015 Oct 29
2
[Bug 2464] Adding timestamp to debug messages (log.c:do_log)
Darren Tucker <dtucker at zip.com.au> writes: > On Thu, Oct 29, 2015 at 12:32 PM, Mark D. Baushke <mdb at juniper.net> wrote: > > Diff updated with suggested changes (also, making the timestamp format > > ISO8601 compliant). > > > > Hmmm... full IOS8601 compliance would include the timzeone so the format > > I don't have a copy of the ISO8601 text, but t...
2017 Sep 24
3
DH Group Exchange Fallback
On 09/24/2017 12:21 AM, Mark D. Baushke wrote: > I suggest you upgrade to a more recent edition of the OpenSSH software. > The most recent release is OpenSSH 7.5 and OpenSSH 7.6 will be released > very soon. This problem is in v7.5 and v7.6. See dh.c:436. > OpenSSH 6.6 was first released on October 6, 2014. I brought up...
2017 Sep 25
4
DH Group Exchange Fallback
On 25 September 2017 at 02:32, Mark D. Baushke <mdb at juniper.net> wrote: > [+CC Loganaden Velvindron <logan at hackers.mu>] primary author of > the RFC 4419 refresh draft. https://datatracker.ietf.org/doc/draft-lvelvindron-curdle-dh-group-exchange/ ? Tangent: has any consideration been given to increasing the maximum allow...
2015 Oct 29
2
[Bug 2464] Adding timestamp to debug messages (log.c:do_log)
https://bugzilla.mindrot.org/show_bug.cgi?id=2464 --- Comment #3 from Darren Tucker <dtucker at zip.com.au> --- Created attachment 2741 --> https://bugzilla.mindrot.org/attachment.cgi?id=2741&action=edit Changes as suggested. Diff updated with suggested changes (also, making the timestamp format ISO8601 compliant). That said, what's the use case for this? The timestamps are
2019 Feb 14
2
Can we disable diffie-hellman-group-exchange-sha1 by default?
Can we disable diffie-hellman-group14-sha1 too? On Thu, Feb 14, 2019 at 10:23 PM Mark D. Baushke <mdb at juniper.net> wrote: > > Hi John, > > The short answer is YES. > > Jon DeVree <nuxi at vault24.org> writes: > > > I ask because the removal of diffie-hellman-group-exchange-sha1 happened > > accidently in 7.8 due to a mistake in a change to readco...
2019 Feb 20
2
[Bug 2971] New: Prevent OpenSSH from advertising its version number
Also, a lot of measurement/research on deployment of OpenSSH rely on version advertising for their statistics. It's going to be harder to know impact of deprecation of certain legacy features without statistics. I also agree with Mark here. On Wed, Feb 20, 2019 at 10:57 AM Mark D. Baushke <mdb at juniper.net> wrote: > Nagesh writes: > > > Cyber security team has recommended to disable the OpenSSH software > > version advertising when the connection has been established. > > With respect, your cyber security team are foolish if they think that > obsc...
2019 Feb 20
4
[Bug 2971] New: Prevent OpenSSH from advertising its version number
On 02/20/2019 07:51 AM, Mark D. Baushke wrote: > There are too just many cases where both OpenSSH interoperating with > itself as well as other SSH implementations have needed this version > number to properly deal with bugs in the code via negitations. FWIW, and without dismissing the possibility of fingerprinting a server in...
2017 Sep 23
2
DH Group Exchange Fallback
On 09/22/2017 06:10 PM, Mark D. Baushke wrote: > I suppose you want to be more paranoid: > > DH * > dh_new_group_fallback(int max) > { > debug3("%s: requested max size %d", __func__, max); > if (max <= 2048) { > debug3("using 2k bit group 14"); &gt...
2018 Nov 06
3
openSSH versions
Hi, I notice here: https://www.openssh.com/releasenotes.html That the versions always have a <number> and a <number>p1. Does the p1 indicate a patch? So does it mean that <number> and <number>p1 are two different versions? It doesn?t describe the differences between the two in case they are different versions. I would appreciate some clarification. Thanks, Roee.
2015 Dec 11
16
[Bug 2515] New: Implement diffie-hellman-group{14,15,16)-sha256
...h Assignee: dtucker at zip.com.au Reporter: dtucker at zip.com.au Blocks: 2451 The IETF ssh working group has proposed adding MODP groups 15 and 16 with SHA256 and deprecating group14-sha1 (we're already doing the latter). https://datatracker.ietf.org/doc/draft-baushke-ssh-dh-group-sha2/ Referenced Bugs: https://bugzilla.mindrot.org/show_bug.cgi?id=2451 [Bug 2451] Bugs intended to be fixed in 7.2 -- You are receiving this mail because: You are watching the reporter of the bug. You are watching the assignee of the bug.
2020 May 01
3
[PATCH] Use POSIX standardized options for head(1) and tail(1)
Hi Damien, Damien Miller <djm at mindrot.org> writes: > Thanks, but I don't think we're going to merge this one because I'm > somewhat worried that some systems we currently build on do not support > the -n syntax. Conversely, AFAIK everything* supports -number. Michael Forney said that he was trying to run on a system that did NOT support head -number and tail
2015 May 27
4
[Bug 2302] with DH-GEX, ssh (and sshd) should not fall back to unconfigured DH groups or at least document this behaviour and use a stronger group
On Wed, May 27, 2015 at 05:08:25PM -0400, Daniel Kahn Gillmor wrote: > On Tue 2015-05-26 15:39:49 -0400, Mark D. Baushke wrote: > > Hi Folks, > > > > The generator value of 5 does not lead to a q-ordered subgroup which > > is needed to pass tests in > > > > http://csrc.nist.gov/publications/nistpubs/800-56A/SP800-56A_Revision1_Mar08-2007.pdf > > I pulled revision 2 of this d...
2019 Feb 20
5
[Bug 2971] New: Prevent OpenSSH from advertising its version number
https://bugzilla.mindrot.org/show_bug.cgi?id=2971 Bug ID: 2971 Summary: Prevent OpenSSH from advertising its version number Product: Portable OpenSSH Version: 7.6p1 Hardware: All OS: Linux Status: NEW Severity: security Priority: P5 Component: sshd Assignee: unassigned-bugs at
2019 Feb 20
5
[Bug 2971] New: Prevent OpenSSH from advertising its version number
https://bugzilla.mindrot.org/show_bug.cgi?id=2971 Bug ID: 2971 Summary: Prevent OpenSSH from advertising its version number Product: Portable OpenSSH Version: 7.6p1 Hardware: All OS: Linux Status: NEW Severity: security Priority: P5 Component: sshd Assignee: unassigned-bugs at
2015 Jul 24
2
DH_GRP_MIN is currently 1024, should it be bumped to 2048?
Greetings, Given the weakness with Diffie-Hellman modp groups less than 2048, is it time to bump the suggested 1024 bit minimum value from the RFC 4419 to a more current 2048 value for OpenSSH 7.0? If so, should this be just a compile-time change, or should there be a new client and server runtime option? Thanks, -- Mark
2017 Sep 22
6
DH Group Exchange Fallback
On 09/22/2017 03:22 PM, Daniel Kahn Gillmor wrote: > On Thu 2017-09-21 18:12:44 -0400, Joseph S Testa II wrote: >> I gotta say... having a fallback mechanism here seems pretty >> strange. The entire point of the group exchange is to use a dynamic >> group and not a static one. > > fwiw, i think dynamic groups for DHE key exchange is intrinsically > problematic
1999 Dec 16
4
ANNOUNCE: openssh-1.2.1pre18
...emote_port() and friends for sshd -i; Holger.Trapp at Informatik.TU-Chemnitz.DE - [mpaux.c] make code simpler. no need for memcpy. niels@ ok - [pty.c] namebuflen not sizeof namebuflen; bnd at ep-ag.com via djm at mindrot.org fix proto; markus - [ssh.1] typo; mark.baushke at solipsa.com - [channels.c ssh.c ssh.h sshd.c] type conflict for 'extern Type *options' in channels.c; dot at dotat.at - [sshconnect.c] move checking of hostkey into own function. - [version.h] OpenSSH-1.2.1 - Clean up broken includes in pty.c - Some older system...
1999 Dec 09
1
openssh-1.2pre16 patch to pty.c for Solaris 2.6
Greetings, While attempting to build openssh for Solaris 2.6, I ran into a minor problem that should probably be corrected in the next release of openssh. The file pty.c does not #include <stropts.h> to define I_PUSH even though I_PUSH is used when HAVE_DEV_PTMX is defined. Platform: SunOS test01 5.6 Generic_105181-16 sun4u sparc SUNW,Ultra-60 Using: zlib 1.1.3
2002 Mar 08
1
Solaris 2.6 needs '#define HAVE_BOGUS_SYS_QUEUE_H 1' to build OpenSSH 3.1p1
I needed to manually add a '#define HAVE_BOGUS_SYS_QUEUE_H 1' to the config.h file to get OpenSSH 3.1p1 to properly build under Solaris 2.6. Without it, the system <sys/queue.h> is included rather than using the openbsd-compat/fake-queue.h and the various TAILQ_* macros are not defined. I suspect that the configure.ac file needs to be updated to add the lines: if test