search for: kex_algorithms

...options->macs = xstrdup(arg); break; @@ -1262,7 +1262,7 @@ process_server_config_line(ServerOptions if (!kex_names_valid(arg)) fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.", filename, linenum, arg ? arg : "<NONE>"); - if (options->kex_algorithms == NULL) + if (*activep && options->kex_algorithms == NULL) options->kex_algorithms = xstrdup(arg); break; Index: servconf.h =================================================================== RCS file: /cvs/src/usr.bin/ssh/servconf.h,v retrieving revision 1.112 diff -u -p -...

...========================================== RCS file: /var/cvs/openssh/sshd.c,v retrieving revision 1.448 retrieving revision 1.453 diff -u -p -r1.448 -r1.453 --- sshd.c 26 Feb 2014 23:20:08 -0000 1.448 +++ sshd.c 20 Apr 2014 03:28:41 -0000 1.453 @@ -2462,6 +2438,9 @@ do_ssh2_kex(void) if (options.kex_algorithms != NULL) myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms; + myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal( + myproposal[PROPOSAL_KEX_ALGS]); + if (options.rekey_limit || options.rekey_interval) packet_set_rekey_limits((u_int32_t)options.rekey_limit, (time_t)options...

https://bugzilla.mindrot.org/show_bug.cgi?id=2929 Bug ID: 2929 Summary: OpenSSH server should not send the SSH_MSG_EXT_INFO message after rekeying Product: Portable OpenSSH Version: 7.7p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5

...$ nmap -sV --script ssh2-enum-algos 192.168.1.233 -p 22 Starting Nmap 7.93 ( https://nmap.org ) at 2024-06-02 14:57 EEST Nmap scan report for marciano (192.168.1.233) Host is up (0.00099s latency). PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.0 (protocol 2.0) | ssh2-enum-algos: | kex_algorithms: (9) | curve25519-sha256 | curve25519-sha256 at libssh.org | ecdh-sha2-nistp256 | ecdh-sha2-nistp384 | ecdh-sha2-nistp521 | diffie-hellman-group-exchange-sha256 | diffie-hellman-group14-sha256 | diffie-hellman-group16-sha512 | diffie-hellman-gro...

On 2020-02-05 at 20:39 -0500, Phil Pennock wrote: > On 2020-02-06 at 10:29 +1100, Damien Miller wrote: > > OpenSSH 8.2p1 is almost ready for release, so we would appreciate testing > > on as many platforms and systems as possible. This is a feature release. > > > * The RFC8332 RSA SHA-2 signature algorithms rsa-sha2-256/512. These > This actually affects me:

If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |

In sshconnect.c there are two global variables for server_version_string client_version_string. These are used just in a few functions and can easily be passed as parameters. Also, there is a strange construct, where their memory is allocated to the global pointers, then copies of these pointers are assigned to the kex structure. The kex_free finally frees them via cleanup of the kex