Displaying 14 results from an estimated 14 matches for "fingerprint_hash".
2020 Sep 29
4
[Bug 3214] New: Man page should specify which switches are incompatible with a 'command'
...ssh-agent
Assignee: unassigned-bugs at mindrot.org
Reporter: lwaynewalker at gmail.com
The usage message and the man page both show that [-c | -s] [-Dd] are
compatible with [command [arg ...]].
```
$ ssh-agent -D /bin/bash
usage: ssh-agent [-c | -s] [-Dd] [-a bind_address] [-E
fingerprint_hash]
[-P provider_whitelist] [-t life] [command [arg ...]]
ssh-agent [-c | -s] -k
$
```
The SYNOPSIS and the usage message should both be changed to show that
they are incompatible.
This would have saved me hours:
usage: ssh-agent [-a bind_address] [-E fingerprint_hash] [-P
p...
2024 Oct 14
2
[RFC] Preferentially TOFU certificate authorities rather than host keys
...= NULL;
u_int i;
/*
@@ -1189,13 +1190,20 @@ check_host_key(char *hostname, const struct ssh_conn_info *cinfo,
"type are already known for this host.");
} else
xextendf(&msg1, "", ".");
-
fp = sshkey_fingerprint(host_key,
options.fingerprint_hash, SSH_FP_DEFAULT);
ra = sshkey_fingerprint(host_key,
options.fingerprint_hash, SSH_FP_RANDOMART);
if (fp == NULL || ra == NULL)
fatal_f("sshkey_fingerprint failed");
+ if (cert) {
+ cafp = sshkey_fingerprint(cert->cert->signature_key,
+ options.finge...
2015 Jul 26
2
[PATCH] ssh-agent: Add support to load additional certificates
...and 2 are open or directed to /dev/null */
@@ -511,7 +558,7 @@ main(int argc, char **argv)
exit(2);
}
- while ((ch = getopt(argc, argv, "klLcdDxXE:e:s:t:")) != -1) {
+ while ((ch = getopt(argc, argv, "kplLcdDxXE:e:s:t:")) != -1) {
switch (ch) {
case 'E':
fingerprint_hash = ssh_digest_alg_by_name(optarg);
@@ -519,8 +566,15 @@ main(int argc, char **argv)
fatal("Invalid hash algorithm \"%s\"", optarg);
break;
case 'k':
+ if (cert_only)
+ fatal("-k and -p are incompatible");
key_only = 1;
break;
+ case ...
2015 Jan 07
11
[Bug 2332] New: Show more secure fingerprints than MD5 (e.g. SHA256) in ssh and ssh-keygen
https://bugzilla.mindrot.org/show_bug.cgi?id=2332
Bug ID: 2332
Summary: Show more secure fingerprints than MD5 (e.g. SHA256)
in ssh and ssh-keygen
Product: Portable OpenSSH
Version: 6.6p1
Hardware: Other
OS: All
Status: NEW
Severity: enhancement
Priority: P5
2014 Dec 17
0
[Bug 1872] Support better hash algorithms for key fingerprints (FIPS compat)
..._format] [-f input_keyfile]\n"
" ssh-keygen -y [-f input_keyfile]\n"
" ssh-keygen -c [-P passphrase] [-C comment] [-f
keyfile]\n"
- " ssh-keygen -l [-f input_keyfile]\n"
+ " ssh-keygen -l [-E fingerprint_hash] [-f
input_keyfile]\n"
" ssh-keygen -B [-f input_keyfile]\n");
#ifdef ENABLE_PKCS11
fprintf(stderr,
So far it seems to work for me. Thanks!
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the...
2020 Sep 01
0
[Bug 3208] New: ssh-keygen man page: sha1 fingerprint with "-E sha1" is supported
...p1
Hardware: Other
OS: Linux
Status: NEW
Severity: minor
Priority: P5
Component: ssh-keygen
Assignee: unassigned-bugs at mindrot.org
Reporter: vincent-openssh at vinc17.net
The ssh-keygen(1) man page says:
-E fingerprint_hash
Specifies the hash algorithm used when displaying key
fingerprints.
Valid options are: ?md5? and ?sha256?. The default is ?sha256?.
But sha1 is supported too.
--
You are receiving this mail because:
You are watching the assignee of the bug.
2013 Oct 10
3
FIPS 140-2 patch for openssh 6.3.p1
Hi,
Is FIPS 140-2 patch for openssh 6.3.p1 available somewhere or do I have to
make one using
http://www.openssl.com/export/openssh/openssh-6.0p1.fips-revised.patch ?
Regards,
Manish
2016 May 03
3
StreamLocal forwarding
...g, o->allow_agent_forwarding);
dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding);
+ dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink);
dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep);
dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash);
2018 Sep 06
4
Some wishes regarding revoked keys
Hello.
I am trying to play through the following test scenario about
certificate revocation on Ubuntu 18.04, which has OpenSSH of this version:
OpenSSH_7.6p1 Ubuntu-4, OpenSSL 1.0.2n? 7 Dec 2017
1. A CA key is created
ssh-keygen -t ed25519 -f ca
2. The CA public key is added to ~/.ssh/authorized_keys on some server:
cert-authority ssh-ed25519 AAAA...e ca at yoga
3. A user key is created on a
2017 Mar 01
7
[Bug 2686] New: SSHD segfaults when trying to load RSA1 host keys
https://bugzilla.mindrot.org/show_bug.cgi?id=2686
Bug ID: 2686
Summary: SSHD segfaults when trying to load RSA1 host keys
Product: Portable OpenSSH
Version: 7.4p1
Hardware: Other
OS: Linux
Status: NEW
Keywords: patch
Severity: enhancement
Priority: P5
Component: sshd
2016 May 03
2
StreamLocal forwarding
Hi,
The code definitely attempts to unlink any old listener
beforehand (see misc.c:unix_listener()) so I don't understand why
that isn't being called. You might try simulating your configuration
using sshd's -T and -C to make sure the flag is correctly being set.
Could chroot be interfering? Some platforms implement additional
restrictions on devices and sockets inside chroot.
-d
2016 Dec 28
2
certificates keys on pkcs11 devices
Hi,
I have not found any way to use a Certificate with ssh-agent when my Key is
stored on a pkcs11 device. I can add my key with
ssh-add -s /usr/local/lib/opensc-pkcs11.so
but
ssh-add -s /usr/local/lib/opensc-pkcs11.so ~/.ssh/mykey-cert.pub
does not add the certificate to my agent. As far as I undestand, in
ssh-add.c line 580
if (pkcs11provider != NULL) {
if (update_card(agent_fd,
2015 Jul 29
2
[PATCH] ssh: Add option to present certificates on command line
...nnect2.c b/sshconnect2.c
index 34dbf9a..fb24b5e 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1016,6 +1016,7 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
u_int skip = 0;
int ret = -1;
int have_sig = 1;
+ int i;
char *fp;
if ((fp = sshkey_fingerprint(id->key, options.fingerprint_hash,
@@ -1053,6 +1054,33 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
}
buffer_put_string(&b, blob, bloblen);
+ /* If the key is an input certificate, sign its private key instead.
+ * If no such private key exists, return failure and continue with
+ * other methods of authent...
2017 Oct 26
3
[RFC 0/2] add engine based keys
Engine keys are private key files which are only understood by openssl
external engines. ?The problem is they can't be loaded with the usual
openssl methods, they have to be loaded via ENGINE_load_private_key().
?Because they're files, they fit well into openssh pub/private file
structure, so they're not very appropriately handled by the pkcs11
interface because it assumes the private