Displaying 20 results from an estimated 24 matches for "kex_input_ext_info".
2017 Feb 17
11
[Bug 2680] New: Regression in server-sig-algs offer in 7.4p1 (Deprecation of SHA1 is not being enforced)
https://bugzilla.mindrot.org/show_bug.cgi?id=2680
Bug ID: 2680
Summary: Regression in server-sig-algs offer in 7.4p1
(Deprecation of SHA1 is not being enforced)
Product: Portable OpenSSH
Version: 7.4p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
2018 Oct 10
2
no mutual signature algorithm with RSA user certs client 7.8, server 7.4
...;s the latest beta
macOS 10.14.1) with ssh version "OpenSSH_7.8p1, LibreSSL 2.7.3" is
unable to use our user SSH RSA certificates to authenticate to our
servers (which are running "OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan
2017").
We see this error on the client side:
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
...
debug1: Offering public key: RSA-CERT SHA256:xxx /path/to/key
debug1: send_pubkey_test: no mutual signature algorithm
(So far as I can tell, neither the server nor client are overriding
default algorithms in their respective configurations)
I...
2016 Mar 02
6
[Bug 2547] New: ssh-ext-info: missing server signature algorithms
https://bugzilla.mindrot.org/show_bug.cgi?id=2547
Bug ID: 2547
Summary: ssh-ext-info: missing server signature algorithms
Product: Portable OpenSSH
Version: 7.2p1
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5
Component: sshd
Assignee: unassigned-bugs at
2019 Jan 15
4
SSH SSO without keytab file
Hai,
Lets start here.
Handy for us to know.
OS?
Samba version?
AD or member setup?
And I suggest, set this in the ssh server.
# GSSAPI options
GSSAPIAuthentication yes
Restart the ssh server and try to SSO login.
If its a AD server this should work.
Yes, you dont get home dir etc, end up in / after login, but lets check if this works.
Greetz,
Louis
> -----Oorspronkelijk
2015 Feb 02
4
[Bug 2348] New: allow ssh to connect to a unix domain socket
https://bugzilla.mindrot.org/show_bug.cgi?id=2348
Bug ID: 2348
Summary: allow ssh to connect to a unix domain socket
Product: Portable OpenSSH
Version: -current
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs at
2019 Jan 18
0
SSH SSO without keytab file
...achine.
>
> I have tried two options (after `kinit administrator`):
>
> a) Using `UsePAM yes` in sshd_config:
> ------------------------
>
> I ran `ssh administrator at dc1.domain.com -vv`
>
> SSH client logs:
>
> debug1: SSH2_MSG_EXT_INFO received
> debug1: kex_input_ext_info:
> server-sig-algs=<ssh-ed25519,ssh-rsa,ssh-dss,ecdsa-sha2-nistp2
> 56,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
> debug2: service_accept: ssh-userauth
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug1: Authentications that can continue:
> gssapi-keyex,gssapi-with-mic,pas...
2019 Jan 18
1
SSH SSO without keytab file
...`kinit administrator`):
> >
> > a) Using `UsePAM yes` in sshd_config:
> >
> > --------------------------------------
> >
> > I ran `ssh administrator at dc1.domain.com -vv`
> > SSH client logs:
> > debug1: SSH2_MSG_EXT_INFO received
> > debug1: kex_input_ext_info:
> > server-sig-algs=<ssh-ed25519,ssh-rsa,ssh-dss,ecdsa-sha2-nistp2
> > 56,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
> > debug2: service_accept: ssh-userauth
> > debug1: SSH2_MSG_SERVICE_ACCEPT received
> > debug1: Authentications that can continue:
> > gssa...
2023 Jun 22
2
[Bug 3583] New: server-sig-algs reports incorrect list of algorithms
...3.aarch64) reports more PK algorithms than
are actually allowed.
Modified server configuration (just one PK algorithm allowed):
PubkeyAcceptedAlgorithms rsa-sha2-256
Obtaining debug info:
ssh -vvv -i mykey.pem -o PubkeyAcceptedKeyTypes=rsa-sha2-512
ec2-user@<...IP...>
Debug output:
debug1: kex_input_ext_info:
server-sig-algs=<ssh-ed25519,sk-ssh-ed25519 at openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256 at openssh.com,webauthn-sk-ecdsa-sha2-nistp256 at openssh.com>
Additional notes:
Note that Putty is unable...
2018 Mar 28
2
random wrong login shell in domain member
...d matches the ECDSA host key.
debug1: Found key in /Users/alice/.ssh/known_hosts:31
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/alice/.ssh/id_rsa
debug1: Authentic...
2018 Oct 11
2
no mutual signature algorithm with RSA user certs client 7.8, server 7.4
On Thu, Oct 11, 2018 at 10:41 AM Damien Miller <djm at mindrot.org> wrote:
> On Wed, 10 Oct 2018, Adam Eijdenberg wrote:
> > We see this error on the client side:
> >
> > debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
> > ...
> > debug1: Offering public key: RSA-CERT SHA256:xxx /path/to/key
> > debug1: send_pubkey_test: no mutual signature algorithm
>
> That looks like a bug:
>
> diff --git a/sshkey.c b/sshkey.c
> index f7c09fb.....
2018 Mar 28
0
random wrong login shell in domain member
...1: Found key in /Users/alice/.ssh/known_hosts:31
> debug1: rekey after 134217728 blocks
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug1: SSH2_MSG_NEWKEYS received
> debug1: rekey after 134217728 blocks
> debug1: SSH2_MSG_EXT_INFO received
> debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-
> with-mic,password
> debug1: Next authentication method: publickey
> debug1: Trying private key: /Users/alice/.ss...
2016 Aug 24
3
kex protocol error: type 7 seq xxx error message
...*/
pubkey_cleanup(&authctxt);
ssh_dispatch_range(ssh, SSH2_MSG_USERAUTH_MIN,
SSH2_MSG_USERAUTH_MAX, NULL);
debug("Authentication succeeded (%s).", authctxt.method->name);
}
Is the only place where the dispatch for that packet is set. However in
kex.c:
int
kex_input_ext_info(int type, u_int32_t seq, void *ctxt)
{
...
debug("SSH2_MSG_EXT_INFO received");
ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &kex_protocol_error);
...
}
Ensuring this packet will only be accepted before authentication.
However the server side is different:
int
kex_send_ne...
2018 Nov 13
12
[Bug 2929] New: OpenSSH server should not send the SSH_MSG_EXT_INFO message after rekeying
https://bugzilla.mindrot.org/show_bug.cgi?id=2929
Bug ID: 2929
Summary: OpenSSH server should not send the SSH_MSG_EXT_INFO
message after rekeying
Product: Portable OpenSSH
Version: 7.7p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
2018 Apr 24
2
AIX make checks issue
...ceived
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug2: key: /.ssh/id_rsa (0)
debug2: key: /.ssh/id_dsa (0)
debug2: key: /.ssh/id_ecdsa (0)
debug2: key: /.ssh/id_ed25519 (0)
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info:
server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packe...
2018 Apr 21
4
build-issue on AIX with openssh-7.7p1 - easy correction! included
Get the following error:
root at x065:[/data/prj/openbsd/openssh/openssh-7.7p1/openbsd-compat]make
??????? xlc_r -I/opt/include -O2 -qmaxmem=-1 -qarch=pwr5 -q64 -I. -I..
-I../../src/openssh-7.7p1/openbsd-compat
-I../../src/openssh-7.7p1/openbsd-compat/.. -I/opt/include
-DHAVE_CONFIG_H -c ../../src/openssh-7.7p1/openbsd-compat/strndup.c
2016 Jan 05
14
[Bug 2521] New: subtract buffer size from computed rekey limit to avoid exceeding it
https://bugzilla.mindrot.org/show_bug.cgi?id=2521
Bug ID: 2521
Summary: subtract buffer size from computed rekey limit to
avoid exceeding it
Product: Portable OpenSSH
Version: 6.8p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: minor
Priority: P5
Component: sshd
2017 Jun 13
7
[Bug 2729] New: Can connect with MAC hmac-sha1 even though it's not configured on the server
https://bugzilla.mindrot.org/show_bug.cgi?id=2729
Bug ID: 2729
Summary: Can connect with MAC hmac-sha1 even though it's not
configured on the server
Product: Portable OpenSSH
Version: 7.5p1
Hardware: All
OS: Linux
Status: NEW
Severity: security
Priority: P5
2019 Mar 29
2
Call for testing: OpenSSH 8.0
...ttempt key: /home/me/.ssh/id_ecdsa
> debug1: Will attempt key: /home/me/.ssh/id_ed25519
> debug1: Will attempt key: /home/me/.ssh/id_xmss
> debug2: pubkey_prepare: done
> debug3: send packet: type 5
> debug3: receive packet: type 7
> debug1: SSH2_MSG_EXT_INFO received
> debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
> debug3: receive packet: type 6
> debug2: service_accept: ssh-userauth
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug3: send packet: type 50
> debug3: receive packet: type 51
> debug1: Authentications that can continue: publi...
2016 May 26
19
[Bug 2573] New: dead sessions cannot be closed with ~.
https://bugzilla.mindrot.org/show_bug.cgi?id=2573
Bug ID: 2573
Summary: dead sessions cannot be closed with ~.
Product: Portable OpenSSH
Version: 3.7.1p2
Hardware: Other
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
2023 Oct 10
17
[Bug 3627] New: openssh 9.4p1 does not see RSA keys in know_hosts file.
...ssh/id_ecdsa_sk
debug1: Will attempt key: /export/home/user/.ssh/id_ed25519
debug1: Will attempt key: /export/home/user/.ssh/id_ed25519_sk
debug1: Will attempt key: /export/home/user/.ssh/id_xmss
debug1: Will attempt key: /export/home/user/.ssh/id_dsa
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /export/home/user/.ssh/id_rsa
debug1: Trying private key: /export/home/...