search for: mlkem768x25519

...rt-v01 at openssh.com,rsa-sha2-256-cert-v01 at openssh.com,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa debug3: send packet: type 20 debug1: SSH2_MSG_KEXINIT sent debug3: receive packet: type 20 debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: mlkem768x25519-sha256,sntrup761x25519-sha512,sntrup761x25519-sha512 at openssh.com,curve25519-sha256,curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha2...

Hi, This is mostly a note for downstream distributors of OpenSSH. I've just pushed fixes to the V_9_9 stable branch for a bug in the mlkem768x25519-sha256 key exchange algorithm that was added in this release that causes connection failures when connecting between big-endian and little-endian hosts. The problem is on the big-endian side. No change is required for the more common little-endian architectures (e.g. x86, ARM). If you distribute...

On Sun, Oct 27, 2024 at 03:45:33PM +1100, Damien Miller wrote: > This is mostly a note for downstream distributors of OpenSSH. I've > just pushed fixes to the V_9_9 stable branch for a bug in the > mlkem768x25519-sha256 key exchange algorithm that was added in this > release that causes connection failures when connecting between > big-endian and little-endian hosts. > > The problem is on the big-endian side. No change is required for > the more common little-endian architectures (e.g. x86,...

...ailures when predicates and their arguments were separated by '=' characters instead of whitespace (bz3739). * sshd(8): fix the "Match invalid-user" predicate, which was matching incorrectly in the initial pass of config evaluation. * ssh(1), sshd(8), ssh-keyscan(1): fix mlkem768x25519-sha256 key exchange on big-endian systems. * Fix a number of build problems on particular operating systems / configurations. Checksums: ========== - SHA1 (openssh-9.9p2.tar.gz) = edefe960645780dee78059c444d4261667ad3056 - SHA256 (openssh-9.9p2.tar.gz) = karbYD4IzChe3fll4RmdAlhfqU2ZTWyu...

...ailures when predicates and their arguments were separated by '=' characters instead of whitespace (bz3739). * sshd(8): fix the "Match invalid-user" predicate, which was matching incorrectly in the initial pass of config evaluation. * ssh(1), sshd(8), ssh-keyscan(1): fix mlkem768x25519-sha256 key exchange on big-endian systems. * Fix a number of build problems on particular operating systems / configurations. Checksums: ========== - SHA1 (openssh-9.9p2.tar.gz) = edefe960645780dee78059c444d4261667ad3056 - SHA256 (openssh-9.9p2.tar.gz) = karbYD4IzChe3fll4RmdAlhfqU2ZTWyu...

https://bugzilla.mindrot.org/show_bug.cgi?id=3824 Bug ID: 3824 Summary: ssh -Q should also accept a remote hostname to query Product: Portable OpenSSH Version: 10.0p2 Hardware: amd64 OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee:

...sh/ssh_known_hosts2: No such file or directory debug3: order_hostkeyalgs: no algorithms matched; accept original debug3: send packet: type 20 debug1: SSH2_MSG_KEXINIT sent debug3: receive packet: type 20 debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: mlkem768x25519-sha256,sntrup761x25519-sha512,sntrup761x25519-sha512 at openssh.com,curve25519-sha256,curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha2...

...* ssh(1), sshd(8): add support for a new hybrid post-quantim key exchange based on on the FIPS 203 Module-Lattice Key Enapsulation mechanism (ML-KEM) combined with X25519 ECDH as described by https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03 This algorithm "mlkem768x25519-sha256" is available by default. * ssh(1): the ssh_config "Include" directive can now expand environment as well as the same set of %-tokens "Match Exec" supports. * sshd(8): add a sshd_config "RefuseConnection" option that, if set will terminate the...

...* ssh(1), sshd(8): add support for a new hybrid post-quantum key exchange based on the FIPS 203 Module-Lattice Key Enapsulation mechanism (ML-KEM) combined with X25519 ECDH as described by https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03 This algorithm "mlkem768x25519-sha256" is available by default. * ssh(1): the ssh_config "Include" directive can now expand environment as well as the same set of %-tokens "Match Exec" supports. * sshd(8): add a sshd_config "RefuseConnection" option that, if set will terminate the...

...* ssh(1), sshd(8): add support for a new hybrid post-quantum key exchange based on the FIPS 203 Module-Lattice Key Enapsulation mechanism (ML-KEM) combined with X25519 ECDH as described by https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03 This algorithm "mlkem768x25519-sha256" is available by default. * ssh(1): the ssh_config "Include" directive can now expand environment as well as the same set of %-tokens "Match Exec" supports. * sshd(8): add a sshd_config "RefuseConnection" option that, if set will terminate the...

...* ssh(1), sshd(8): add support for a new hybrid post-quantum key exchange based on the FIPS 203 Module-Lattice Key Enapsulation mechanism (ML-KEM) combined with X25519 ECDH as described by https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03 This algorithm "mlkem768x25519-sha256" is available by default. * ssh(1): the ssh_config "Include" directive can now expand environment as well as the same set of %-tokens "Match Exec" supports. * sshd(8): add a sshd_config "RefuseConnection" option that, if set will terminate the...

...* ssh(1), sshd(8): add support for a new hybrid post-quantum key exchange based on the FIPS 203 Module-Lattice Key Enapsulation mechanism (ML-KEM) combined with X25519 ECDH as described by https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03 This algorithm "mlkem768x25519-sha256" is available by default. * ssh(1): the ssh_config "Include" directive can now expand environment as well as the same set of %-tokens "Match Exec" supports. * sshd(8): add a sshd_config "RefuseConnection" option that, if set will terminate the...

...scp(1) can still use a mux connection, > so ssh(1) can be used to establish one, after which they can use it > as per usual. > > Changes since OpenSSH 9.9 > ========================= > > New features > ------------ > > * ssh(1): the hybrid post-quantum algorithm mlkem768x25519-sha256 > is now used by default for key agreement. This algorithm is > considered to be safe against attack by quantum computers, > is guaranteed to be no less strong than the popular > curve25519-sha256 algorithm, has been standardised by NIST > and is considerably fa...

...used with ControlMaster=auto. sftp(1) and scp(1) can still use a mux connection, so ssh(1) can be used to establish one, after which they can use it as per usual. Changes since OpenSSH 9.9 ========================= New features ------------ * ssh(1): the hybrid post-quantum algorithm mlkem768x25519-sha256 is now used by default for key agreement. This algorithm is considered to be safe against attack by quantum computers, is guaranteed to be no less strong than the popular curve25519-sha256 algorithm, has been standardised by NIST and is considerably faster than the previous de...