search for: caletka

...riority: P5 Bug ID: 2040 Assignee: unassigned-bugs at mindrot.org Summary: Downgrade attack vulnerability when checking SSHFP records Severity: minor Classification: Unclassified OS: All Reporter: ondrej at caletka.cz Hardware: All Status: NEW Version: 6.1p1 Component: ssh Product: Portable OpenSSH Created attachment 2183 --> https://bugzilla.mindrot.org/attachment.cgi?id=2183&action=edit Fix downgrade attack vulnerability in handling SSHFP record...

...bug.cgi?id=2041 Priority: P5 Bug ID: 2041 Assignee: unassigned-bugs at mindrot.org Summary: Check for SSHFP when certificate is offered. Severity: enhancement Classification: Unclassified OS: All Reporter: ondrej at caletka.cz Hardware: All Status: NEW Version: 6.1p1 Component: ssh Product: Portable OpenSSH Created attachment 2185 --> https://bugzilla.mindrot.org/attachment.cgi?id=2185&action=edit Check for SSHFP when certificate is offered. When the sshd...

...ns.h key.c key.h ssh-keygen.c] add support for RFC6594 SSHFP DNS records for ECDSA key types. patch from bugzilla-m67 AT nulld.me in bz#1978; ok + tweak markus@ while the patch from the bug report was created by me - Ond?ej Sur? <ondrej at sury.org> - with contributions from Ond?ej Caletka and Daniel Black, as you can confirm from the original source of the patch: https://git.nic.cz/redmine/projects/ietf/repository/revisions/master/changes/ssh-sshfp-ecdsa.patch Please fix in next release, thank you, Ond?ej Sur? -- You are receiving this mail because: You are watching the assignee...

Hi, I was sure I sent this to openssh at openssh.com, but cannot find that email now in my Sent mailbox, so I am sending it to the developers list. I took a liberty and wrote an I-D with accompanying patch (with contributions from Ondrej Caletka) to support ECDSA in the SSHFP DNS resource record. The I-D is here: https://tools.ietf.org/html/draft-os-ietf-sshfp-ecdsa-sha2 (and the source XML here: https://git.nic.cz/redmine/projects/ietf/repository/revisions/master/changes/draft-os-ietf-sshfp-ecdsa-sha2-00.xml) The patch to vanilla 5.8 he...

....org/show_bug.cgi?id=2046 Priority: P5 Bug ID: 2046 Assignee: unassigned-bugs at mindrot.org Summary: ssh-add -d does not drop certificate Severity: trivial Classification: Unclassified OS: Linux Reporter: ondrej at caletka.cz Hardware: All Status: NEW Version: 6.1p1 Component: ssh-add Product: Portable OpenSSH When using ssh-add -d to drop keys previously learned by invoking ssh-add without arguments, only raw key is dropped even if there is also a certificate in...

...Product: Portable OpenSSH Version: 7.3p1 Hardware: amd64 OS: Linux Status: NEW Severity: normal Priority: P5 Component: Kerberos support Assignee: unassigned-bugs at mindrot.org Reporter: ondrej at caletka.cz I'm trying to build openssh-7.3 like this: $ ./configure --with-ldns $ make (cd openbsd-compat && make) make[1]: Entering directory '/hdhome/oskar/Downloads/openssh-7.3p1/openbsd-compat' gcc -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Ws...

Dear OpenSSH Developers, I'm a member of the Debian System Administration (DSA) team. [1] We manage the Debian Projects computing infrastructure. Recently, DSA had the opportunity to address a member's request that we begin using certificates to authenticate Debian Project machines to ssh clients. We provided a lengthy reply, the summary of which is "we publish SSHFP records; use

hi folks: it looks like ssh-keygen -r can''t export SSHFP records for ECDSA keys: 0 dkg@pip:/tmp/cdtemp.oiRYAS$ ssh-keygen -f foobar -t ecdsa -q -P '''' 0 dkg@pip:/tmp/cdtemp.oiRYAS$ ssh-keygen -r foobar -f foobar.pub export_dns_rr: unsupported algorithm 0 dkg@pip:/tmp/cdtemp.oiRYAS$ the first number in my prompt is the return code of the last command; note that

Hi, OpenSSH 6.3 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This release contains some substantial new features and a number of bugfixes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is