search for: hostdsakey

...d by the SSH 2 protocol implementation. You can generate RSA keys for use with SSH 2 protocol with: $ ssh-keygen -t rsa -f /etc/ssh_host_rsa_key To use RSA or DSA keys in SSH 2 protocol, simply add the public keys to the .ssh/authorised_keys2 file. IdentityFile2, HostDsaKey and DSAAuthentication are obsolete: You can use multiple IdentityFile and HostKey options instead, e.g HostKey /etc/ssh_host_key HostKey /etc/ssh_host_dsa_key HostKey /etc/ssh_host_rsa_key in /etc/sshd_config The option DSAAuthentication has been replaced by Pu...

...d by the SSH 2 protocol implementation. You can generate RSA keys for use with SSH 2 protocol with: $ ssh-keygen -t rsa -f /etc/ssh_host_rsa_key To use RSA or DSA keys in SSH 2 protocol, simply add the public keys to the .ssh/authorised_keys2 file. IdentityFile2, HostDsaKey and DSAAuthentication are obsolete: You can use multiple IdentityFile and HostKey options instead, e.g HostKey /etc/ssh_host_key HostKey /etc/ssh_host_dsa_key HostKey /etc/ssh_host_rsa_key in /etc/sshd_config The option DSAAuthentication has been replaced by Pu...

...0p1 (downloaded as Redhat RPMs, revision 2) OpenSSL version 0.9.5a (downloaded as Redhat RPMs, revision 3) PPP version 2.3.10 One exposed external IP address (for this list, assume to be 100.100.100.100) /etc/ssh/sshd_config: Port 22 Protocol 2,1 ListenAddress 0.0.0.0 HostKey /etc/ssh/ssh_host_key HostDSAKey /etc/ssh/ssh_host_dsa_key ServerKeyBits 768 LoginGraceTime 600 KeyRegenerationInterval 3600 PermitRootLogin no IgnoreRhosts yes StrictModes yes X11Forwarding no X11DisplayOffset 10 PrintMotd yes KeepAlive yes /etc/ppp/options: lock local noauth proxyarp Client information: *Stock Redhat 6.2 machi...

Hi, Is there any way to store HostKey in hardware (and delegate the related processing)? I have been using Roumen Petrov's x509 patch for clients, which works via an OpenSSL engine, but it does not seem to support server HostKey: http://roumenpetrov.info/pipermail/ssh_x509_roumenpetrov.info/2012q4/000019.html For PKCS#11, I have found an email on this list from a year back suggesting this

...ys. SSH2 RSA keys are fully supported by ssh-agent. Keys are tried in the order in which they are added to the agent, so 'ssh-add' your RSA key first if you want to try it out. For the server, all hostkeys are now unified and sshd will automatically detect the type of a host key. The 'HostDSAKey' option is therefore deprecated in favor of 'HostKey'. To specify RSA and DSA keys for SSH2 use, just use more 'HostKey' options. The 'DSAAuthentication' option is deprecated in favour of the general 'PubkeyAuthentication' option. The host key section of my ss...

..., @@ -294,9 +282,6 @@ const char *name; ServerOpCodes opcode; } keywords[] = { - /* Portable-specific options */ - { "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt }, - /* Standard Options */ { "port", sPort }, { "hostkey", sHostKeyFile }, { "hostdsakey", sHostKeyFile }, /* alias */ @@ -440,12 +425,6 @@ charptr = NULL; opcode = parse_token(arg, filename, linenum); switch (opcode) { - /* Portable-specific options */ - case sPAMAuthenticationViaKbdInt: - intptr = &options->pam_authentication_via_kbd_int; - goto parse_flag; -...

..., @@ -307,9 +295,6 @@ const char *name; ServerOpCodes opcode; } keywords[] = { - /* Portable-specific options */ - { "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt }, - /* Standard Options */ { "port", sPort }, { "hostkey", sHostKeyFile }, { "hostdsakey", sHostKeyFile }, /* alias */ @@ -453,12 +438,6 @@ charptr = NULL; opcode = parse_token(arg, filename, linenum); switch (opcode) { - /* Portable-specific options */ - case sPAMAuthenticationViaKbdInt: - intptr = &options->pam_authentication_via_kbd_int; - goto parse_flag; -...

..., @@ -307,9 +295,6 @@ const char *name; ServerOpCodes opcode; } keywords[] = { - /* Portable-specific options */ - { "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt }, - /* Standard Options */ { "port", sPort }, { "hostkey", sHostKeyFile }, { "hostdsakey", sHostKeyFile }, /* alias */ @@ -453,12 +438,6 @@ charptr = NULL; opcode = parse_token(arg, filename, linenum); switch (opcode) { - /* Portable-specific options */ - case sPAMAuthenticationViaKbdInt: - intptr = &options->pam_authentication_via_kbd_int; - goto parse_flag; -...

Could people please test -current? We will be making a release fairly soon. -d -- | By convention there is color, \\ Damien Miller <djm at mindrot.org> | By convention sweetness, By convention bitterness, \\ www.mindrot.org | But in reality there are atoms and space - Democritus (c. 400 BCE)

Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the

...veInterval, sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, @@ -282,6 +288,7 @@ u_int flags; } keywords[] = { { "port", sPort, SSHCFG_GLOBAL }, + { "cakeyfile", sCAKeyFile, SSHCFG_GLOBAL }, { "hostkey", sHostKeyFile, SSHCFG_GLOBAL }, { "hostdsakey", sHostKeyFile, SSHCFG_GLOBAL }, /* alias */ { "pidfile", sPidFile, SSHCFG_GLOBAL }, @@ -296,6 +303,7 @@ { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_GLOBAL }, { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_GL...