Displaying 19 results from an estimated 19 matches for "dbelyav".
Did you mean:
dbelyavs
2023 Mar 03
1
Enforcing sha2 algorithm in ssh-keygen.c
@Dmitry, you may get more traction by reporting this issue (with patch) at https://www.openssh.com/report.html .
It can also help other folks who may be encountering the same issue.
--
jmk
> On Mar 3, 2023, at 02:10, Dmitry Belyavskiy <dbelyavs at redhat.com> wrote:
>
> ?Dear colleagues,
>
> Could you please take a look?
>
>> On Fri, Jan 20, 2023 at 12:55?PM Dmitry Belyavskiy <dbelyavs at redhat.com> wrote:
>>
>> Dear colleagues,
>>
>> ssh-keygen uses SHA1 algorithm (default) whe...
2023 Jan 24
1
Upstream forwarding test failure
Dear colleagues,
I came across an upstream test suite failure on Fedora 36.
The test in question is forwarding, the output is
==========
adding modulifile='/home/dbelyavs/work/upstream/openssh-portable/moduli' to
sshd_config
using cached key type ssh-ed25519
using cached key type sk-ssh-ed25519 at openssh.com
using cached key type ecdsa-sha2-nistp256
using cached key type ecdsa-sha2-nistp384
using cached key type ecdsa-sha2-nistp521
using cached key type sk-ecd...
2023 Mar 03
1
Enforcing sha2 algorithm in ssh-keygen.c
Dear colleagues,
Could you please take a look?
On Fri, Jan 20, 2023 at 12:55?PM Dmitry Belyavskiy <dbelyavs at redhat.com> wrote:
>
> Dear colleagues,
>
> ssh-keygen uses SHA1 algorithm (default) when verifying that the key is usable. It causes problems on recent systems where SHA1 is disabled for use with signatures (at least, RHEL 9+).
>
> The proposed patch enforces using a sha2...
2021 Mar 29
12
[Bug 3289] New: Patch fixing the issues found by coverity scan
...scan
Product: Portable OpenSSH
Version: 8.5p1
Hardware: Other
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: Miscellaneous
Assignee: unassigned-bugs at mindrot.org
Reporter: dbelyavs at redhat.com
We have run a coverity scan and have implemented patches fixing the
issues we found.
PR link: https://github.com/openssh/openssh-portable/pull/238
--
You are receiving this mail because:
You are watching the assignee of the bug.
2023 Apr 03
12
[Bug 3558] New: Spelling "yes" as "Yes" in sshd_config has a fatal result
https://bugzilla.mindrot.org/show_bug.cgi?id=3558
Bug ID: 3558
Summary: Spelling "yes" as "Yes" in sshd_config has a fatal
result
Product: Portable OpenSSH
Version: 7.2p2
Hardware: All
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component:
2023 Jan 25
1
Upstream forwarding test failure
On Wed, 25 Jan 2023 at 19:29, Darren Tucker <dtucker at dtucker.net> wrote:
[...]
> I have a part-done patch that logs the output from all ssh and sshd
> instances to separate datestamped files. I'll see if I can tidy that
> up for you to try
You can grab it from here:
https://github.com/daztucker/openssh-portable/commit/b54b39349e1a64cbbb9b56b0f8b91a35589fb528
It's not
2023 Apr 19
3
FIPS compliance efforts in Fedora and RHEL
Dear Damien,
On Wed, Apr 19, 2023 at 9:55?AM Damien Miller <djm at mindrot.org> wrote:
>
> On Wed, 19 Apr 2023, Dmitry Belyavskiy wrote:
>
> > > While I'm sure this is good for RHEL/rawhide users who care about FIPS,
> > > Portable OpenSSH won't be able to merge this. We explictly aim to support
> > > LibreSSL's libcrypto as well as
2024 Feb 07
3
[Bug 3665] New: publickey RSA signature unverified: error in libcrypto to RHEL9 sshd (with LEGACY crypto policy enabled)
https://bugzilla.mindrot.org/show_bug.cgi?id=3665
Bug ID: 3665
Summary: publickey RSA signature unverified: error in libcrypto
to RHEL9 sshd (with LEGACY crypto policy enabled)
Product: Portable OpenSSH
Version: 8.7p1
Hardware: ix86
OS: Linux
Status: NEW
Severity: major
2023 Aug 17
21
[Bug 3603] New: ssh clients can't communicate with server with default cipher when fips is enabled at server end
https://bugzilla.mindrot.org/show_bug.cgi?id=3603
Bug ID: 3603
Summary: ssh clients can't communicate with server with default
cipher when fips is enabled at server end
Product: Portable OpenSSH
Version: 9.4p1
Hardware: All
OS: Linux
Status: NEW
Severity: critical
2023 Jan 20
1
Enforcing sha2 algorithm in ssh-keygen.c
Dear colleagues,
ssh-keygen uses SHA1 algorithm (default) when verifying that the key is
usable. It causes problems on recent systems where SHA1 is disabled for use
with signatures (at least, RHEL 9+).
The proposed patch enforces using a sha2 algorithm for key verification.
--
Dmitry Belyavskiy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ssh-keygen.patch
2023 Mar 03
2
[Bug 3546] New: Use SHA2 in ssh-keygen key verification
...ion
Product: Portable OpenSSH
Version: 8.7p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh-keygen
Assignee: unassigned-bugs at mindrot.org
Reporter: dbelyavs at redhat.com
Created attachment 3681
--> https://bugzilla.mindrot.org/attachment.cgi?id=3681&action=edit
Proposed fix
ssh-keygen uses SHA1 algorithm (default) when verifying that the key is
usable. It causes problems on recent systems where SHA1 is disabled for
use with signatures (at...
2023 Apr 12
1
Defend against user enumeration timing attacks - overkill
Dear colleagues,
I have a question about this commit:
https://github.com/openssh/openssh-portable/commit/e9d910b0289c820852f7afa67f584cef1c05fe95#diff-a25e40214ca9c9f78abce22f23bf2abdb2a24384c6610d60bbb314aed534eb48R216
The function ensure_minimum_time_since effectively doubles the time
spent in the input_userauth_request (mostly presumably in PAM). So if
PAM processing is really slow, it will
2023 Jun 28
1
Defend against user enumeration timing attacks - overkill
Dear colleagues,
May I ask you to explain whether I am wrong in my conclusions?
On Wed, Apr 12, 2023 at 11:55?AM Dmitry Belyavskiy <dbelyavs at redhat.com> wrote:
>
> Dear colleagues,
>
> I have a question about this commit:
>
> https://github.com/openssh/openssh-portable/commit/e9d910b0289c820852f7afa67f584cef1c05fe95#diff-a25e40214ca9c9f78abce22f23bf2abdb2a24384c6610d60bbb314aed534eb48R216
>
> The function...
2023 Jul 21
1
Announce: OpenSSH 9.3p2 released
On Thu, Jul 20, 2023 at 3:53?AM Damien Miller <djm at mindrot.org> wrote:
>
>
>
> On Wed, 19 Jul 2023, Dmitry Belyavskiy wrote:
>
> > Dear Damien,
> >
> > Could you please clarify which versions are vulnerable?
>
> OpenSSH 5.5 through 9.3p1 inclusive
Many thanks for the clarification!
--
Dmitry Belyavskiy
2023 Jul 23
1
Announce: OpenSSH 9.3p2 released
On Fri, Jul 21, 2023 at 4:37?AM Dmitry Belyavskiy <dbelyavs at redhat.com> wrote:
>
> On Thu, Jul 20, 2023 at 3:53?AM Damien Miller <djm at mindrot.org> wrote:
> >
> >
> >
> > On Wed, 19 Jul 2023, Dmitry Belyavskiy wrote:
> >
> > > Dear Damien,
> > >
> > > Could you please clarify whic...
2023 Jun 28
1
Defend against user enumeration timing attacks - overkill
Dear Peter,
I'm trying to balance the original problem statement (protection from
users enumeration) and avoid doubling time here if the process has
already taken a long time to provide faster auth method iteration.
I believe that a better solution is to set some arbitrary (probably
configurable) timeout and, in case when we spend more time than that
value, avoid doubling it.
On Wed, Jun 28,
2023 Nov 07
1
[Bug 3632] New: ssh should suppress output in stout and stdout when calling third party binaries
...y binaries
Product: Portable OpenSSH
Version: 9.4p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: dbelyavs at redhat.com
ssh -q to an unknown host should be a silent failure but with ipa/idm
installed a program called sss_ssh_knownhostsproxy writes to stderr.
To reproduce it, you need to have SSSD client enrolled to a FreeIPA
server and run "ssh -q thishostdoesnotexist ls"
The FreeIPA proj...
2023 Apr 19
1
FIPS compliance efforts in Fedora and RHEL
Dear Damien,
On Wed, Apr 19, 2023 at 7:13?AM Damien Miller <djm at mindrot.org> wrote:
>
> On Tue, 18 Apr 2023, Norbert Pocs wrote:
>
> > Hi OpenSSH mailing list,
> >
> > I would like to announce the newly introduced patch in Fedora rawhide [0]
> > for
> >
> > FIPS compliance efforts. The change will be introduced in an upcoming RHEL 9
> >
2023 Jul 19
1
Announce: OpenSSH 9.3p2 released
Dear Damien,
Could you please clarify which versions are vulnerable?
On Wed, Jul 19, 2023 at 7:38?PM Damien Miller <djm at cvs.openbsd.org> wrote:
>
> OpenSSH 9.3p2 has just been released. It will be available from the
> mirrors listed at https://www.openssh.com/ shortly.
>
> OpenSSH is a 100% complete SSH protocol 2.0 implementation and
> includes sftp client and server