search for: ecdsa

...__GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51 #1 0xb6b84600 in __GI_abort () at abort.c:79 #2 0x7f715c00 in __subvsi3 (a=<optimized out>, b=<optimized out>) at ../../../gcc-7-20180201/libgcc/libgcc2.c:119 #3 0x7f713494 in strlcpy ( dst=0x7fff2428 "ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,sk-ecdsa-sha2-nistp256-cert-v01 at openssh.com,ssh-ed25519-cert-v01 at openssh.com,sk-ssh-ed25519-cert-v01 at openssh.com,rsa-sha2-512-cert-v01 at openssh.com,rsa-sha2-256-c...

...r: # Accept also DSA keys PubkeyAcceptedKeyTypes=+ssh-dss and systemctl restart sshd I kept getting in journal the message: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth] I saw that the sshd process had started with the option ... -oPubkeyAcceptedKeyTypes=rsa-sha2-256,ecdsa-sha2-nistp256, ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384, ecdsa-sha2-nistp384-cert-v01 at openssh.com,rsa-sha2-512,ecdsa-sha2-nistp521, ecdsa-sha2-nistp521-cert-v01 at openssh.com,ssh-ed25519, ssh-ed25519-cert-v01 at openssh.com,ssh-rsa,ssh-rsa-cert-v01 at openssh.com So I fo...

...e sshd[3905]: debug3: privsep user:group > > 106:65534 [preauth] > > Nov 22 14:34:03 myhostname sshd[3905]: debug1: permanently_set_uid: > > 106/65534 [preauth] > > Nov 22 14:34:03 myhostname sshd[3905]: debug1: list_hostkey_types: > > ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256 [preauth] > > Nov 22 14:34:03 myhostname sshd[3905]: debug3: send packet: type 20 [preauth] > > Nov 22 14:34:03 myhostname sshd[3905]: debug1: SSH2_MSG_KEXINIT sent [preauth] > > > > Can you help? > > That ~13-year-old version of dbclient only has weak ke...

On 10/19/2016 11:34 AM, Leonard den Ottolander wrote: > Hello Gordon, > *snip* > > Personally I would be more concerned whether or not to enable ECDSA > algorithms (https://blog.cr.yp.to/20140323-ecdsa.html). > > Regards, > Leonard. > For web server ECDSA certs is currently a concern because the only curves with popular support across browsers have parameters that were chosen for undocumented reasons. That doesn't mean they...

I just added an ECDSA certificate to my mail server using ssl_alt_cert (the RSA certificate is specified by ssl_cert), both certificate files contain the certificate and a single intermediate (which currently happens to be the same intermediate from Let?s Encrypt). When connecting to the server using either RSA or ECDS...

hi folks: it looks like ssh-keygen -r can''t export SSHFP records for ECDSA keys: 0 dkg@pip:/tmp/cdtemp.oiRYAS$ ssh-keygen -f foobar -t ecdsa -q -P '''' 0 dkg@pip:/tmp/cdtemp.oiRYAS$ ssh-keygen -r foobar -f foobar.pub export_dns_rr: unsupported algorithm 0 dkg@pip:/tmp/cdtemp.oiRYAS$ the first number in my prompt is the return code of the last command; no...

...n@voipsupport.it</a>> wrote: </div> <div> <br> </div> <div> <br> </div> <div> On 08/03/18 18:43, Peter Linss wrote: </div> <blockquote type="cite"> <div> I just added an ECDSA certificate to my mail server using ssl_alt_cert (the RSA certificate is specified by ssl_cert), both certificate files contain the certificate and a single intermediate (which currently happens to be the same intermediate from Let’s Encrypt). </div> </blockquote> <blockquo...

Does the version of OpenSSL on Centos 6.5 support ECDSA keypairs? How do I test if this works? (though I should probably ask this on the OpenSSL list) The reason I suspect a problem is that HIPL for Centos (http://infrahip.hiit.fi/) is not creating the ECDSA Host Identity, whereas my Fedora installation IS creating the ECDSA HI.

In the past 24 hours multiple persons have contacted me regarding the use of elliptic curve cryptography in tinc 1.1 in light of the suspicion that the NSA might have weakened algorithms and/or elliptic curves published by NIST. The new protocol in tinc 1.1 (SPTPS) uses ECDH and ECDSA to do session key exchange and authentication, in such a way that it has the perfect forward secrecy (PFS) property. For both the ephemeral keys used in ECDH and the long-lived keys used for ECDSA, tinc uses the "secp521r1" curve, as published by NIST. There are suspicions in the cryptogr...

In the past 24 hours multiple persons have contacted me regarding the use of elliptic curve cryptography in tinc 1.1 in light of the suspicion that the NSA might have weakened algorithms and/or elliptic curves published by NIST. The new protocol in tinc 1.1 (SPTPS) uses ECDH and ECDSA to do session key exchange and authentication, in such a way that it has the perfect forward secrecy (PFS) property. For both the ephemeral keys used in ECDH and the long-lived keys used for ECDSA, tinc uses the "secp521r1" curve, as published by NIST. There are suspicions in the cryptogr...

The defaults for HostKeyAlgorithms option are: ecdsa-sha2-nistp256-cert-v01 at openssh.com, ecdsa-sha2-nistp384-cert-v01 at openssh.com, ecdsa-sha2-nistp521-cert-v01 at openssh.com, ssh-ed25519-cert-v01 at openssh.com, ssh-rsa-cert-v01 at openssh.com, ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, ssh-ed25519,ssh-rsa Why does OpenSSH p...

Hi list, I have no idea if Damien Miller had the time to work on that. I have an initial patch to authenticate using PKCS#11 and ECDSA keys. This requires OpenSSL 1.0.2, prior OpenSSL versions do not expose the required interfaces to override the signature function pointer for ECDSA. The only limitation is that the OpenSSL API misses some cleanup function (finish, for instance), hence I have yet to find a way to properly free the...

...efore and after the upgrade, cf. https://wiki2.dovecot.org/Upgrading/2.3 -> Setting default changes. The new defaults broke the connection. Jan > what are your settings? > > Mine are below and they work just fine: > > ssl_cipher_list = > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES25...

https://bugzilla.mindrot.org/show_bug.cgi?id=1971 Bug #: 1971 Summary: ssh-keyscan should default to ecdsa or ecdsa,rsa Classification: Unclassified Product: Portable OpenSSH Version: 5.9p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh-keyscan AssignedTo: unassigned-bugs...

...0/03/18 14:06, Aki Tuomi wrote: > > > >> On 10 March 2018 at 14:49 John Fawcett < john at voipsupport.it > >> <mailto:john at voipsupport.it>> wrote: > >> > >> > >> On 08/03/18 18:43, Peter Linss wrote: > >>> I just added an ECDSA certificate to my mail server using > >>> ssl_alt_cert (the RSA certificate is specified by ssl_cert), both > >>> certificate files contain the certificate and a single intermediate > >>> (which currently happens to be the same intermediate from Let?s > >&g...

Hello. I am running OpenSSH 7.9p1 on my client and server. ssh-keyscan shows the server has ssh-rsa, ssh-ed25519, and ecdsa-sha2-nistp256 host keys. My /etc/ssh/ssh_known_hosts file contains the server's ssh-ed25519 host key. When I try to SSH to the server I get this error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@...

...ypes=+ssh-dss > > and > systemctl restart sshd > > I kept getting in journal the message: > userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth] > > I saw that the sshd process had started with the option > ... -oPubkeyAcceptedKeyTypes=rsa-sha2-256,ecdsa-sha2-nistp256, > ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384, > ecdsa-sha2-nistp384-cert-v01 at openssh.com,rsa-sha2-512,ecdsa-sha2-nistp521, > ecdsa-sha2-nistp521-cert-v01 at openssh.com,ssh-ed25519, > ssh-ed25519-cert-v01 at openssh.com,ssh-rsa,ssh-rsa-cert-v01 at...

When I do ssh -Q key, where ssh is the OpenSSH 7.4p1 client, I get the following output: ssh-ed25519 ssh-ed25519-cert-v01 at openssh.com ssh-rsa ssh-dss ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 ssh-rsa-cert-v01 at openssh.com ssh-dss-cert-v01 at openssh.com ecdsa-sha2-nistp256-cert-v01 at openssh.com ecdsa-sha2-nistp384-cert-v01 at openssh.com ecdsa-sha2-nistp521-cert-v01 at openssh.com The thing is, one can invoke both client and se...

Hi, I was sure I sent this to openssh at openssh.com, but cannot find that email now in my Sent mailbox, so I am sending it to the developers list. I took a liberty and wrote an I-D with accompanying patch (with contributions from Ondrej Caletka) to support ECDSA in the SSHFP DNS resource record. The I-D is here: https://tools.ietf.org/html/draft-os-ietf-sshfp-ecdsa-sha2 (and the source XML here: https://git.nic.cz/redmine/projects/ietf/repository/revisions/master/changes/draft-os-ietf-sshfp-ecdsa-sha2-00.xml) The patch to vanilla 5.8 here: https://git.ni...

Folks, I read the 5.7 release announcement and updated, to try out ECDSA. Most parts worked very smoothly. The inability to create SSHFP records is understandable, since IANA haven't allocated a code yet. One apparent bug: I think StrictHostKeyChecking=ask is broken for ECDSA. % ssh -o HostKeyAlgorithms=ecdsa-sha2-nistp256 localhost @@@@@@@@@@@@@@@@@@@@@@@@@@@@@...