search for: certs_on

...(strcmp(optarg, "protocol-version") == 0) { #ifdef WITH_SSH1 cp = xstrdup("1\n2"); diff --git a/sshkey.c b/sshkey.c index 31710e5..1c5dfdb 100644 --- a/sshkey.c +++ b/sshkey.c @@ -195,14 +195,16 @@ sshkey_ecdsa_nid_from_name(const char *name) } char * -sshkey_alg_list(int certs_only, int plain_only, char sep) +sshkey_alg_list(int certs_only, int plain_only, int sigonly_also, char sep) { char *tmp, *ret = NULL; size_t nlen, rlen = 0; const struct keytype *kt; for (kt = keytypes; kt->type != -1; kt++) { - if (kt->name == NULL || kt->sigonly) + if (kt->nam...

...ert-v01 at openssh.com > rsa-sha2-512 > rsa-sha2-256 Those are "sign only" algorithms that use the same RSA keys but with a stronger signature algorithms. It looks like the advice in sshd_config(5) is not accurate (I think ssh -Q needs an option that calls sshkey_alg_list with certs_only=0, plain_only=0 and include_sigonly=1 for this case). > Only in `ssh -Q key`: > ssh-dss > ssh-dss-cert-v01 at openssh.com The list in sshd_config(5) is the types allowed by default, and DSA (aka ssh-dss) keys are no longer allowed by default. -- Darren Tucker (dtucker at dtucker.n...

Hi, I'm doing some test with a pkcs11 token that can only sign short messages. When connecting to one server, that reports pkalg rsa-sha2-512 blen 151, it fails to sign the pubkey because it is 83 bytes long. (sshd: OpenSSH_7.3p1) A older server that reports pkalg ssh-rsa blen 151, works perfectly as the pubkey signature required is only 35 bytes long. (sshd: OpenSSH_6.7p1) I am not sure

If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |

Hi, OpenSSH 8.2p1 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a feature release. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available via git using the instructions at