search for: jakuj

...and to work with ssh-agent. It does not bring any new dependency, provides unit and regress tests (while fixing agent-pkcs11 regress test). The code is on github and ready for comments/reviews (some details will need to be adjusted): https://github.com/openssh/openssh-portable/compare/master...Jakuje:jjelen-pkcs11 I will fill a bugzilla later. I would be grateful for your ideas, comments or reviews for this feature. Other useful parts of RFC, that could be implemented would be a way to provide a PIN or a PIN source for the token, other ways of providing module-path (module-name). Regards...

...sed by other tools working with PKCS#11 devices. It would be very simple to extend the work to allow specifying various ways for providing PINs, which is part of the RFC. The commits are reviewable on github [1] or in the attachment. [1] https://tools.ietf.org/html/rfc7512 [2] https://github.com/Jakuje/openssh-portable/commits/jjelen-pkcs11 -- You are receiving this mail because: You are watching the assignee of the bug.

...2 extension is used, under the hood there is just SHA1. This is because the different agents are ignoring the flags passed with the signature request. This can be simply reproduced with the following patch, which dumps the actual hash algorithm used in the signature itself: https://gist.github.com/Jakuje/b1f7161d89472c4b6a3e2024675b0b46 The issue can be simply reproduced by running ssh-agent from gnome- keyring (pageant or others should do the same) and connect to the server with the above patch. In the server log, we can notice the following messages (where hash_alg=1 is SSH_DIGEST_SHA1): debug...

Hello, I recently made a change to the openssh ssh client code to allow configuring the client syslog facility to use. I made the change in openssh-6.6p1. If there is interest I can port the change to the openssh portable github. Cheers, Ethan

...sting it here to see if upstream is interested in this feature, otherwise it will have to be maintained as downstream cygwin patch. And of course, comments, improvements and patches are welcomed. [1] https://github.com/OpenSCAP/scap-workbench/issues/14#issuecomment-120105262 [2] https://github.com/Jakuje/stuff/blob/master/openssh_without_fdpass.patch -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.

...ot.org ( Bug 2705 - https://bugzilla.mindrot.org/show_bug.cgi?id=2705 ). I have a patch attached to the email that implements this as well. I wasn't able to find a list of coding standards or contribution guidelines for OpenSSH, so please correct me if I'm wrong. I'd also like to thank Jakuje for helping me out with some info on the whitespace standards a few months ago when I posted this on GitHub. Cheers, Ethan On Mon, Jan 9, 2017 at 5:15 PM, Darren Tucker <dtucker at zip.com.au> wrote: > On Tue, Jan 10, 2017 at 11:34 AM, Ethan Rahn <ethan.rahn at gmail.com> wrote:...

On Sat, 2020-02-22 at 10:50 -0600, Douglas E Engert wrote: > As a side note, OpenSC is looking at issues with using tokens vs > separate > readers and smart cards. The code paths in PKCS#11 differ. Removing a > card > from a reader leaves the pkcs#11 slot still available. Removing a > token (Yubikey) > removes both the reader and and its builtin smart card. Firefox has a >

Hi, OpenSSH 8.1p1 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a bugfix release. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available via git using the instructions at

https://bugzilla.mindrot.org/show_bug.cgi?id=2468 Bug ID: 2468 Summary: Option to include external files to sshd_config Product: Portable OpenSSH Version: 7.1p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs

I've architected this in a way that looks future proof at least to the openssl provider transition. What will happen in openssl 3.0.0 is that providers become active and will accept keys via URI. The current file mechanisms will still be available but internally it will become a file URI. To support the provider interface, openssl will have to accept keys by URI instead of file and may