Displaying 13 results from an estimated 13 matches for "middlebox".
2019 Apr 02
2
Call for testing: OpenSSH 8.0
...oS=none ...) and seeing
> > whether that makes any difference?
>
> Yes - setting -oIPQoS=none on the client allows for a successful
> connection to the server.
>
> Would you still like me to check on the other things or is that enough
> to go on with?
No - it looks like a middlebox in Amazon's network might be getting confused
when the DSCP value changes during the connection.
Thanks a lot for helping to chase this down.
Cheers,
Damien
2018 Dec 09
2
[PATCH] Enable ConnectTimeout with ConnectionAttempts
Fix bug ConnectTimeout=N only works on the first ConnectionAttempts
https://bugzilla.mindrot.org/show_bug.cgi?id=2918
---
sshconnect.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/sshconnect.c b/sshconnect.c
index 4862da5e..b837a83a 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -454,11 +454,12 @@ waitrfd(int fd, int *timeoutp)
{
struct pollfd pfd;
struct timeval
2020 Jan 13
4
Adding SNI support to SSH
Christian Weisgerber <naddy at mips.inka.de> writes:
> On 2020-01-12, Dustin Lundquist <dustin at null-ptr.net> wrote:
>
>> I think the intended application is to proxy through a proxy host provided by the service provider. If SSH had a SNI like feature where a host identifier was passed in plain text during the initial connection. This way the user would just need to
2020 Jan 13
3
Adding SNI support to SSH
Hi,
On Mon, Jan 13, 2020 at 03:16:00PM +0000, Jochen Bern wrote:
> Out of interest:
> 1. If an extended mechanism were to be implemented, which server pubkey
> do you expect to be seen/stored/verified by the client? The proxy's
> / v4 middlebox's, or the v6 backend's? Or would you require that all
> server-side machines use the *same* host keypairs?
I'd do the "SNI" part before exchanging server host keys ("just as it is
done in https, for good reason"). That way, every backend can have its
own key....
2019 Apr 02
2
Call for testing: OpenSSH 8.0
On Wed, 3 Apr 2019, Adam Eijdenberg wrote:
> > From: Damien Miller <djm at mindrot.org>
> > Thanks for testing - are you able to see if there's anything in
> > the server logs?
>
> Hi Damien,
>
> I've been able to reproduce being unable to successfully connect to
> EC2 instances launched with either Amazon Linux 2 AMI (HVM) or Amazon
> Linux AMI
2011 May 04
1
ssh 'connection reset by peer' problem: updates
Hi,
The new interesting piece of information regarding the problem I (and others) reported here on February, is that it's reproducible on some Cisco-firewalled networks.
I concluded that because that's what my workplace is using, and also seen this report on https://www.nowhere.dk/articles/natty-narwhal-problems-connecting-to-servers-behind-cisco-firewalls-using-ssh
I've also
2007 Jul 25
0
[LLVMdev] svn issues
Hi David,
On Wed, 2007-07-25 at 10:38 -0500, David A. Greene wrote:
> I'm getting a lot of errors from svn like this:
>
> svn: REPORT request failed on '/svn/llvm-project/!svn/vcc/default'
> svn: REPORT of '/svn/llvm-project/!svn/vcc/default': Could not read response
> body: Secure connection truncated (https://llvm.org)
What is
2007 Jul 25
3
[LLVMdev] svn issues
I'm getting a lot of errors from svn like this:
svn: REPORT request failed on '/svn/llvm-project/!svn/vcc/default'
svn: REPORT of '/svn/llvm-project/!svn/vcc/default': Could not read response
body: Secure connection truncated (https://llvm.org)
I've now been checking out llvm-gcc for two days.
Is there a problem with the server? I don't have this issue with other
2023 Apr 20
4
It would be nice if OpenSSH would have features to circumvent network filters, like SSL tunneling
I am in the network that is behind the Zscaler firewall.
Virtually all ports except 80 and 443 are closed. ssh through any of
ports 80 and 443 is disallowed based on protocol content analysis.
It would be nice if OpenSSH would have some features that would allow
the user to break out of such network.
I suggest that OpenSSH adds the SSL tunneling feature:
1. The server would have the
2018 Sep 01
2
Certificates
>
> And for other services like IMAP, SMTP, LDAP (maybe not LDAP) constant
> changing certs even with a long lived root may get old for your customers.
Why? I have corporate systems on 2 year commercial CA signed
certificates and personal servers on 90 day LetsEncrypt ones - my users
of IMAP and SMTP have never ever noticed when I changed the
certificates on any device. They
2020 Jan 13
2
Adding SNI support to SSH
...> ssh" (i.e. need to configure ssh or don't land on the target host
>> immediately).
>
> Out of interest:
> 1. If an extended mechanism were to be implemented, which server pubkey
> do you expect to be seen/stored/verified by the client? The proxy's
> / v4 middlebox's, or the v6 backend's? Or would you require that all
> server-side machines use the *same* host keypairs?
> 2. Are there any clients *with* v6 accessing the same backends? Via
> generic v6? How is the distinction made, FQDNs given in the public
> DNS with the proxy'...
2016 Jan 15
3
[Patch] TCP MD5SIG for OpenSSH
On 15 January 2016 at 08:48, Alex Bligh <alex at alex.org.uk> wrote:
> > The socket option is enabled *after* connection establishment, thus
> > doesn't protect against SYN floods. This is because server doesn't
> > know (in userspace) what the address of the peer is until they
> > connect. Again because signed addresses.
> So could they exchange a secret
2009 Jul 06
69
link protection review
Hi all,
Link protection is a new feature we are planning to introduce to
Solaris and we would like to solicit your feedback on it.
Please see attached document for details.