search for: karn

There's one vulnerability that's bugged me for some time. It applies to nearly all crypto software, including ssh. That's the swapping of sensitive info (such as keys and key equivalents) onto hard drives where they could possibly be recovered later. The Linux kernel provides a system call, mlock(), that inhibits swapping of a specified region of virtual memory. It locks it into real

...SA keys stolen) I use different RSA key pairs on my different client machines. So it occurs to me that it would be nice if ssh could log which key was used when logging in to a particular account that has more than one entry in .ssh/authorized_keys. Right now it simply says "Accepted rsa for karn from <blah blah>" without saying which key was used. You obviously don't want to log the whole public key, just the comment field from the appropriate line in .ssh/authorized_keys would do. Phil

Has anyone heavily exercised the TCP connection forwarding features in openssh? I use this feature quite extensively for secure web surfing. I run a ssh command like this: ssh -c blowfish -L3128:127.0.0.1:3128 squidmachine Then I set up Netscape on my local machine to use 127.0.0.1:3128 as a proxy server. Needless to say, this exercises the TCP connection forwarding feature quite heavily. This

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 openssh-1.2.1pre20 has been released at: http://violet.ibs.com.au/openssh/files/ This release integrates more of Andre Lucas' portability patch, Ben Taylor's utmpx patch and some cleanups and bugfixes of my own. The auth-passwd failures should be fixed, as should lastlog support on NetBSD. Since Andre Lucas' patch included platform

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 openssh-1.2.1pre20 has been released at: http://violet.ibs.com.au/openssh/files/ This release integrates more of Andre Lucas' portability patch, Ben Taylor's utmpx patch and some cleanups and bugfixes of my own. The auth-passwd failures should be fixed, as should lastlog support on NetBSD. Since Andre Lucas' patch included platform

Hi. I saw a new release appear today, and I pulled it down to see if some residual problems in port forwarding from openssh-1.2.3 were fixed. The configure script had trouble finding the openssl package, even though I had it installed in the standard place (/usr/local/ssl). I investigated and found that the failed test compile was caused by two nonfatal compiler warnings that memset and RAND_add

I'm using Opus for a networked ham radio communications receiver. Kudos on the whole project; it sounds excellent even at low bit rates and the API was surprisingly simple and easy to use. And god knows the world needs a really good, general purpose, non-proprietary codec. One question, though. Depending on the mode my receiver can generate mono or stereo. Most operating modes are mono, but a

Scenario: Use the ssh-keygen utility in openssh-1.2pre17 to generate a host key Kill and restart sshd Remove the old host key from ~/.ssh/known_hosts Connect to the host using ssh. I get this: homer.ka9q.ampr.org$ ssh 199.106.106.3 who The authenticity of host '199.106.106.3' can't be established. Key fingerprint is 1024 a0:8d:17:f0:fa:a9:9f:6f:b5:d0:1c:d6:02:92:bd:5e. Are you sure

For some time I have routinely websurfed across a forwarded TCP connection using SSH. The other end of the TCP tunnel connects to a Squid proxy cache on the same machine. This usually works. But I see lots of error messages on each end of the form Jun 13 13:22:02 tunnel sshd[32378]: error: channel 0: chan_shutdown_read: shutdown() failed for fd5 [i1 o128]: Transport endpoint is not connected

I'm still seeing problems when I use TCP connection forwarding across SSH to surf the web. I see lots of error messages of the form channel 1: chan_shutdown_read: shutdown() failed for fd7 [i1 o128]: Transport endpoint is not connected And I see occasional connection lockups. Both ends are running openssh-2.1.1p1. Phil

Phil Karn wrote: > This works well, but then I noticed the SET_FORCE_CHANNELS option. Is > there any advantage to my detecting identical left and right channels > and setting this to force mono? Or does the Opus encoder already do this > internally in the AUTO mode? No, the automatic setting sho...

I have recently compiled and installed openssh-2.1.1p1 on a linux box. The login reporting does not seem to work properly. When logging into the box via ssh (protocol 1) utmp shows the user logged in and the tty properly, but the field for the login date/time and the field for originating host contain all NULLs. Is anyone else seeing this same behavior, or have I just done something really

...ading segment of its copy. If they match, the sender simply sends the newly appended data and instructs the receiver to append it to its copy. I just joined this list, and I couldn't find any obvious discussion of this issue in the archives. My apologies if it has already been discussed. Phil Karn

Hi all, I was investigating the SMB signing problems between Win2k clients and Windows XP servers and thought I'd take a look to see if there were any hotfix patches for Win2k that were post service pack 2. I discovered this list.... : http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com/support/ServicePacks/Windows/2000/Win2000_Post-SP2_Hotfixes.asp of *amazing*

> Thanks all point about security, I''ll do as follows. > I thought that the point was the following two. > > > 1. Storage place of encrypted password > Should I store it in /etc/xen/passwd ? > Or, should I wait for DB of Xen that will be released in > the future? The xend life cycle management patches were posted by Alistair a couple of months back.

This was posted not too long ago on sci.crypt... Enjoy... I think the most relevant information is near the top, but it''s all quite good... :-) -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- There is no intrinsic difference between algorithm and data, the same information can be viewed as data in one context and as algorithm in another. Why then do so many people claim that encryption algorithms

Has any consideration been given to support for external file attributes, at least on file systems that implement them? At the very least I'd find it VERY useful if the FLAC command simply copied any extended file attributes between source and destination files. My application is a program that records and plays raw I/Q sample streams in a software defined radio system. I/Q signal streams

I ran into a nasty gotcha today with scp from openssh-1.2pre17. If you use scp to copy a file between machines when the local and remote file args correspond to the same physical file (e.g., exported by a NFS mount) the file is trashed. E.g., if your home directories on "homer" and "bart" share the same NFS-mounted volume and you do homer$ scp foo bart:foo file

When I encounter the problem with TCP port forwarding locking up, I'll see this on the client window (if I haven't invoked ssh with -q): chan_shutdown_read failed for #1/fd6: Transport endpoint is not connected chan_shutdown_read failed for #1/fd6: Transport endpoint is not connected This is with Blowfish encryption. I have to kill and restart the client when this happens. Phil