search for: ed25519

https://bugzilla.mindrot.org/show_bug.cgi?id=3195 Bug ID: 3195 Summary: ssh-keygen unable to convert ED25519 public keys Product: Portable OpenSSH Version: 8.2p1 Hardware: amd64 OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh-keygen Assignee: unassigned-bugs at mindrot.org R...

Dear all, Ed25519 public keys being as small as they are is very convenient. There is an opportunity to nudge the world towards modern algorithms. I believe choices made in OpenSSH can positively impact the wider eco-system and industry. I'd like to suggest ssh-keygen to generate an Ed25519 keypair, if invoked w...

Hi, Markus has just committed a few changes that add support for the Ed25519 signature algorithm[1] as a new private key type. This algorithm has a few benefits: it is fast (comparable to ECDSA and RSA), offers 256-bit security and doesn't require random numbers to generate a signature. This last property means it completely avoids (EC-)DSA's horrible, private-key l...

...upport at operamail.com wrote: > @client > > as root (as before) > > ssh server.DOMAIN.COM > Permission denied (hostbased). > > instead, as my user, fails differently for some reason, > > ssh server.DOMAIN.COM > ... > no matching hostkey found for key ED25519 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx > ssh_keysign: no reply > key_sign failed > Permission denied (hostbased). > So, that indicates that you have a problem with your client setup. Since you are trying to use ssh from /usr/local/bin, I take it that it is a local build...

Hello, Is it possible to sign/verify data with the ed25519 keys of a tinc 1.1 host? More specifically, is it possible to sign a file with these keys using openssl? If so, how? If not, what program could be used, and how? Thanks and cheers, @

...:2900:1 debug1: permanently_drop_suid: 65535 debug1: identity file /home/git/openssh-portable/regress/rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/git/openssh-portable/regress/rsa-cert type -1 debug1: identity file /home/git/openssh-portable/regress/ed25519 type 4 debug1: key_load_public: No such file or directory debug1: identity file /home/git/openssh-portable/regress/ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.1 debug1: Remote protocol version 2.0, remote software ver...

...t gmail.com> writes: > Hi, > > There is no need to add new mechanism identifiers to use specific curves. > > This can be done already using the CKM_ECDSA mechanism parameters (see > CKA_ECDSA_PARAMS > in the standard). > Given that the underlying HW or SW tokens supports Ed25519 curves, then you > could leverage it even with version 2.20 of the PKCS#11 standard. I think you need an OID to put in the namedCurve field of EC Parameters structure, right? The structure is: Parameters:: = CHOICE { ecParametersECParameters, namedCurveCURVES. & id( { CurveNames})...

Hello. I am running OpenSSH 7.9p1 on my client and server. ssh-keyscan shows the server has ssh-rsa, ssh-ed25519, and ecdsa-sha2-nistp256 host keys. My /etc/ssh/ssh_known_hosts file contains the server's ssh-ed25519 host key. When I try to SSH to the server I get this error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@...

Hello. Subramanian Moonesamy has gotten the ball rolling to include Ed25519 in IANA's registry for SSHFP key types [1]. I've opened a bug report [2] that includes a patch that adds the needed support code and provisionally assigns Ed25519 a value of 4 (values 1,2,3 reserved for RSA, DSA, and ECDA, respectively) [3]. The enhancement request/bug is meant to keep th...

https://bugzilla.mindrot.org/show_bug.cgi?id=2223 Bug ID: 2223 Summary: Ed25519 support in SSHFP DNS resource records Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at mindr...

https://bugzilla.mindrot.org/show_bug.cgi?id=3202 Bug ID: 3202 Summary: Ed25519 key on HSM is not getting listed in ssh-add -l command Product: Portable OpenSSH Version: 8.2p1 Hardware: ARM64 OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh-add...

What I'm hearing in this thread is: "a minority of people on planet Earth have a problem with the open-source implementation of ED25519, but instead of letting that minority choose to re-implement it when/if they want to, the rest of the community needs to stall their progress in improving security." And isn't the ED25519 code is already there on their machine? So isn't that itself already a problem for that minority...

...r, ssh-keysign is only used for non-root users. > > Here's also the ssk-keysign perms > > client > > ls -al /usr/local/libexec/ssh-keysign > -rwsr-xr-x+ 1 root root 459K Oct 11 06:51 /usr/local/libexec/ssh-keysign* > > ls -al /usr/local/etc/ssh/ssh.client.ed25519* > -rw-------+ 1 root root 517 May 9 2014 /usr/local/etc/ssh/ssh.client.ed25519 > -rw-r--r--+ 1 root root 107 May 9 2014 /usr/local/etc/ssh/ssh.client.ed25519.pub > Err, those _should_ be ssh_host_ed25519 and ssh_host_ed25519.pub. > > server > > ls -al /usr/loc...

...Severity: major Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org Reporter: yann at pleiades.fr.eu.org Hi, On Solaris 10, the keytype.sh test constantly fails for the edd25519-512 key type: run test keytype.sh ... [...] userkey ed25519-512, hostkey ed25519-512: real 0.0 user 0.0 sys 0.0 ssh userkey ed25519-512, hostkey ed25519-512 failed userkey ed25519-512, hostkey ed25519-512: real 0.0 user 0.0 sys 0.0 ssh userkey ed25519-512, hostkey ed25519-512 failed userkey ed25519-512, hostkey ed...

...f (success && store_hash && ip != NULL) > + success = write_host_entry(f, ip, NULL, key, 1); > return success; > } > thanks for the patch, unfortunatly it doesn't solve the issue. ssh is still claiming that the ecdsa key present in known_hosts differs from the ed25519 key. And if I answer yes to the question known_hosts is not updated. The way to fix this is still to remove the ecdsa key from known_hosts manually. -- Matthieu Herrb

...OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org Reporter: nuxi at vault24.org We have a server at work that had the following key types: ssh-rsa, ecdsa-sha2-nistp256, ssh-ed25519. Recently at new key of type ssh-ed25519-cert-v01 at openssh.com was added to the server and its causing some host key verification errors under OpenSSH 8.4p1 if the known_hosts file already contains the ecdsa-sha2-nistp256 key. If you're using an older version of OpenSSH or your known_hosts f...

The defaults for HostKeyAlgorithms option are: ecdsa-sha2-nistp256-cert-v01 at openssh.com, ecdsa-sha2-nistp384-cert-v01 at openssh.com, ecdsa-sha2-nistp521-cert-v01 at openssh.com, ssh-ed25519-cert-v01 at openssh.com, ssh-rsa-cert-v01 at openssh.com, ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, ssh-ed25519,ssh-rsa Why does OpenSSH prefer older and less secure (https://safecurves.cr.yp.to/) ECDSA with NIST curves over Ed25519? Also why are smaller key, curve and hash size...

See attached: (1) patch against 7.9p1, tested with openssl 1.1.0j and openssl 1.1.1a on linux/i386; passes regression test and connects to unpatched sshd without problems; I hacked a bit regress/unittests/kex, and benchmarked do_kex_with_key("curve25519-sha256 at libssh.org", KEY_ED25519, 256); Before: 0.3295s per call After: 0.2183s per call That is, 50% speedup; assuming ed25519 (added to openssl in 1.1.1) takes about same time as ecdh/x25519, there are potential for total 200% speedup in KEX. (2) rebased patch against git master; passes regression test; I relied on presen...

...d_proxy debug1: permanently_drop_suid: 65535 debug1: identity file /home/git/openssh-portable/regress/rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/git/openssh-portable/regress/rsa-cert type -1 debug1: identity file /home/git/openssh-portable/regress/ed25519 type 4 debug1: key_load_public: No such file or directory debug1: identity file /home/git/openssh-portable/regress/ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.1 debug1: Remote protocol version 2.0, remote software ver...

...ore authentication methods to try. Permission denied (hostbased). server log ... Jan 9 07:37:31 server sshd[19835]: debug2: input_userauth_request: try method hostbased [preauth] Jan 9 07:37:31 server sshd[19835]: debug1: userauth_hostbased: cuser root chost client.DOMAIN.COM. pkalg ssh-ed25519 slen 83 [preauth] Jan 9 07:37:31 server sshd[19835]: debug3: mm_key_allowed entering [preauth] Jan 9 07:37:31 server sshd[19835]: debug3: mm_request_send entering: type 22 [preauth] Jan 9 07:37:31 server sshd[19835]: debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth] Ja...