search for: kex_default_kex

...ey exchange (KEX) algorithm. Unlike current algorithms like DH, mine needs to be able to fail gracefully, and in case of failure, continue with whatever algorithm would have been negotiated if mine was not selected. My strategy for graceful failure is to remove my KEX algorithm from myproposal[KEX_DEFAULT_KEX] and to initiate a new key exchange. My question is whether it is safe (and a good idea) to simply call do_ssh2_kex (server) / ssh2_kex (client) in order to do another exchange, and whether there are any negative consequences of doing so (e.g. security or reliability). Thanks! Georgi --------...

Using ssh2 via agent to connect through proxy to sshd host. Each connection (client to proxy, proxy to host) takes an average of 22 seconds, totaling approximately 44 seconds for a complete connection. Debug logging with vmstat directed to the same file indicates two points where a majority of time is spent (have looked at the similar postings): debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP (*6

...ld change. I do apologize for not using the patch format and I also apologize if we are not supposed to post patch-like info. Also.. if you do try to recompile.. you might need to change your Makefiles. All of these files are in /usr/src/ssh/ TO REMOVE GROUP1 and GROUP14 IN myproposal.h #define KEX_DEFAULT_KEX "diffie-hellman-group-exchange-sha256," \ "diffie-hellman-group-exchange-sha1," \ "diffie-hellman-group14-sha1," \ "diffie-hellman-group1-sha1" CHANGE TO #define KEX_DEFAULT_KEX "diffie-hellman-group-exchange-sha256," \ "diffie-he...

...s, free server key */ + free(client_pubkey); + kex_derive_keys(kex, hash, hashlen, shared_secret); + BN_clear_free(shared_secret); + kex_finish(kex); +} diff --git a/myproposal.h b/myproposal.h index 4e913e3..0d88090 100644 --- a/myproposal.h +++ b/myproposal.h @@ -66,6 +66,7 @@ #endif # define KEX_DEFAULT_KEX \ + "curve25519-sha256 at libssh.org," \ KEX_ECDH_METHODS \ KEX_SHA256_METHODS \ "diffie-hellman-group-exchange-sha1," \ diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 8b807c1..dfe561b 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -254,6 +254,7 @@ keygrab_ssh2(con *c...

...===== RCS file: /cvs/src/usr.bin/ssh/myproposal.h,v retrieving revision 1.21 diff -u -r1.21 myproposal.h --- myproposal.h 25 Mar 2006 22:22:43 -0000 1.21 +++ myproposal.h 15 Nov 2006 14:14:35 -0000 @@ -24,6 +24,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #define KEX_DEFAULT_KEX \ + "diffie-hellman-group-exchange-cert," \ "diffie-hellman-group-exchange-sha256," \ "diffie-hellman-group-exchange-sha1," \ "diffie-hellman-group14-sha1," \ Index: pathnames.h =================================================================== RCS fi...