Displaying 14 results from an estimated 14 matches for "eckenfels".
2013 Feb 01
3
Wiki edit access?
Hello,
I am a happy CentOS user who has noticed some typos on the wiki (I sent one to Akemi yesterday). I would like to fix these directly, rather than sending email to someone else for each change. Is this possible? FWIW, I'm a committer on the ASF's httpd-docs project, although I am not currently active there.
My CentOS wiki username is ChrisPepper.
Thanks,
Chris Pepper
2023 Dec 20
1
Discussion: new terrapin resisting ciphers and macs (alternative to strict-kex) and -ctr mode question.
...ws, that those constructs are just very fragile.
For reference, there has been a similar request over on Ars Technica.
M. Sc. Fabian B?umer
Chair for Network and Data Security
Ruhr University Bochum
Universit?tsstr. 150, Building MC 4/145
44780 Bochum
Germany
Am 20.12.2023 um 11:57 schrieb Bernd Eckenfels:
> Hello,
>
>
> in addition to my last thread about a new config option to make strict-kex mandatory,
> I also wonder if a new mechanism for ciphers/macs can be introduced and is reliable
> by simple both sides using it.
>
> So there could be a Chacha20-Poly1305v2 at openssh...
2023 Dec 20
0
Feature Request: new "Require Strict-KEX" c/s option
...-kex mode as a server
config as well as a per-host config in the client config.
(obcredits: jssh has this setting).
Not sure if you also have precedence for warning on (console initiated)
connections which have no strict-kex, but that would be an additional
feature.
Gruss
Bernd
--
https://bernd.eckenfels.net
2024 Jan 27
1
enable strong KexAlgorithms, Ciphers and MACs in /etc/ssh/sshd_config file on RHEL 8.x Linux OS
BTW based on your output it looks like the DEFAULT policy is just fine,
If you really want to turn etm HMAC and chacha20 off, you should follow the RHEL security alert
https://access.redhat.com/security/cve/cve-2023-48795
cipher at SSH = -CHACHA20-POLY1305
ssh_etm = 0
by putting these lines into `/etc/crypto-policies/policies/modules/CVE-2023-48795.pmod`, applying the resulting subpolicy
2024 Mar 12
0
PrivateKeyCommand config idea
...m, okay, I just realized the protocol has a full specification at
> https://datatracker.ietf.org/doc/html/draft-miller-ssh-agent. Would it be
> possible to get that protocol added to the list of manuals which typically
> get installed with the OpenSSH package?
Gru?
Bernd
?
https://bernd.eckenfels.net
2024 Mar 12
1
PrivateKeyCommand config idea
BTW not for your usecase with the decryption, but if people want to dynamically create/provision short lived
keys, they could use ?match host * exec gen-key.sh %s? config to run a program before each connection.
However it can?t stdout the key material, but what it could do is update a temporary Idendity file or
push it short-lived with ssh-add to the running (standard) agent.
openssh at tr.id.au
2024 May 17
1
Splitting sshd
[This email is either empty or too large to be displayed at this time]
2013 Jan 22
1
new to the wiki
Hello,
I noticed some formatting issues and had some content improvements, so I
would like to get write access to the Wiki. I signed up as BerndEckenfels
there. One thing I was looking at is the not working "'''" marker in
http://wiki.centos.org/HowTos/JavaDevelopmentKit
Greetings
Bernd
2024 Mar 12
1
PrivateKeyCommand config idea
On Mon, Mar 11, 2024, at 6:05 PM, Bernd Eckenfels wrote:
> BTW not for your usecase with the decryption, but if people want to
> dynamically create/provision short lived
> keys, they could use ?match host * exec gen-key.sh %s? config to run a
> program before each connection.
> However it can?t stdout the key material, but what it...
2023 Dec 23
1
ssh-keygen generator 3 broken
Hello, I was re-generating the moduli for SSH, and during that process I noticed that, when running the following command:
ssh-keygen -M screen -O prime-tests=600 -O generator=3 -f moduli-2048-01.candidates moduli-2048-01c
It does not produce any errors, only the following:
ebug2: ???1467763: (4) Sophie-Germain
debug2: ???1467763: generator 0 != 3
debug2: ???1467764: (4) Sophie-Germain
2024 Jun 06
2
kerberos default_ccache_name with sssd
Good day everyone,
I am currently testing integrating kerberos into our MMR openldap cluster
and things have gone well so far.
I can ssh to my test clients using my kerberos credentials then ssh using
GSSAPI to other hosts as defined in my principals using my ticket,
achieving SSO.
*I wanted to see if I could make the cache file user-specific, instead of
the default location
2024 Mar 08
3
PrivateKeyCommand config idea
G'day,
In our infrastructure we're trying to be more diligent about switching to sk keys (and/or certs backed by sk keys.) However, there are some services like Gerrit and Jenkins which are written in java and I guess they will never support sk keys, or at least, it seems like it won't happen any time soon.
For such services, typical practices at the moment include putting
2023 Dec 20
1
Discussion: new terrapin resisting ciphers and macs (alternative to strict-kex) and -ctr mode question.
Hello,
in addition to my last thread about a new config option to make strict-kex mandatory,
I also wonder if a new mechanism for ciphers/macs can be introduced and is reliable
by simple both sides using it.
So there could be a Chacha20-Poly1305v2 at openssh.com which uses AD data to chain the
messages together, so it will be resistant against terrapin even without the strict-kex.
Consequently
2007 Feb 23
2
OCFS 1.2.4 memory problems still?
I have a 2 node cluster of HP DL380G4s. These machines are attached via
scsi to an external HP disk enclosure. They run 32bit RH AS 4.0 and
OCFS 1.2.4, the latest release. They were upgraded from 1.2.3 only a
few days after 1.2.4 was released. I had reported on the mailing list
that my developers were happy, and things seemed faster. However, twice
in that time, the cluster has gone down due