search for: kolahilft

https://bugzilla.mindrot.org/show_bug.cgi?id=3704 Bug ID: 3704 Summary: Implement an interface to capture port number of random remote port forwarding -R 0:localhost:22 Product: Portable OpenSSH Version: 9.7p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority:

...Product: Portable OpenSSH Version: 9.7p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org Reporter: kolAflash at kolahilft.de With "-X" SSH forwards X11 by listening to a TCP port on the server's localhost IP. Usually TCP 127.0.0.1:6010 for the first client. 127.0.0.1 isn't highly secure. Other users on the same host can connect to it. And even JavaScript code from arbitrary websites running in a lo...

...roduct: Portable OpenSSH Version: 6.6p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: Miscellaneous Assignee: unassigned-bugs at mindrot.org Reporter: kolAflash at kolahilft.de OpenSSH shouldn't allow old Ciphers, KexAlgorithms and MACs by default, if they are not explicitly enabled in the the servers or users configuration file. (should be still possible to enable those by configuration file, if user wishes so) I'm thinking of disabling (by default) these:...

...Product: Portable OpenSSH Version: 6.6p1 Hardware: Other OS: All Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org Reporter: kolAflash at kolahilft.de When connecting to a server the first time, the only information you get about the servers public key fingerprint in MD5. Since all I know, MD5 is pretty much broken for security purposes. Guess it would be wise, to additionally (not exclusively) display a more secure fingerprint. Probably SH...