Displaying 20 results from an estimated 41 matches for "myproposal".
2005 Oct 26
2
openssh 4.2p1 zlib compression broken for old clients
...elow makes the old ssh clients happy again with option "-C"
-------------------------------------------------------------------------------
--- openssh-4.2p1/sshd.c~ 2005-10-05 17:58:21.000000000 +0200
+++ openssh-4.2p1/sshd.c 2005-10-26 18:17:44.000000000 +0200
@@ -2014,7 +2014,7 @@
myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";
} else if (options.compression == COMP_DELAYED) {
myproposal[PROPOSAL_COMP_ALGS_CTOS] =
- myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib at openssh.com";
+ myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib at openssh.com,zlib"...
2001 Mar 07
1
patch to select pkalg
Suppose an SSH server has both RSA and DSA host keys for protocol 2, but I
only have the DSA key, and I want to use that. I'm stuck; the OpenSSH client
is hard-wired to offer both algorithms in the key exchange, and will select
ssh-rsa if it's available (see myproposal.h, KEX_DEFAULT_PK_ALG).
Below is a patch adding the client configuration option "PKAlgorithms" for
this purpose. It doesn't validate the supplied list; I'm not sure if that's
really necessary or desirable.
This situation raises a couple of questions. The first is about the...
2016 Jan 19
2
[Bug 2527] New: default algorithms mismatch between man pages and myproposal.h
https://bugzilla.mindrot.org/show_bug.cgi?id=2527
Bug ID: 2527
Summary: default algorithms mismatch between man pages and
myproposal.h
Product: Portable OpenSSH
Version: 7.1p1
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: P5
Component: Documentation
Assignee: unassigned-bugs at mindrot.org
Reporter: i at f2l...
2001 Oct 24
2
disable features
...in the RFC file, it must be
* called by a name other than "ssh" or "Secure Shell".
*/
+#ifdef WITH_COMPRESSION
#include "includes.h"
RCSID("$OpenBSD: compress.c,v 1.15 2001/09/27 11:58:16 markus Exp $");
@@ -154,3 +155,4 @@
}
}
}
+#endif
Index: myproposal.h
===================================================================
RCS file: /home/markus/cvs/ssh/myproposal.h,v
retrieving revision 1.12
diff -u -r1.12 myproposal.h
--- myproposal.h 5 Mar 2001 15:56:16 -0000 1.12
+++ myproposal.h 22 Oct 2001 18:42:06 -0000
@@ -34,7 +34,11 @@
"hmac-md5,hm...
2014 Apr 20
2
bad bignum encoding for curve25519-sha256@libssh.org
...===============
RCS file: /var/cvs/openssh/sshd.c,v
retrieving revision 1.448
retrieving revision 1.453
diff -u -p -r1.448 -r1.453
--- sshd.c 26 Feb 2014 23:20:08 -0000 1.448
+++ sshd.c 20 Apr 2014 03:28:41 -0000 1.453
@@ -2462,6 +2438,9 @@ do_ssh2_kex(void)
if (options.kex_algorithms != NULL)
myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;
+ myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
+ myproposal[PROPOSAL_KEX_ALGS]);
+
if (options.rekey_limit || options.rekey_interval)
packet_set_rekey_limits((u_int32_t)options.rekey_limit,
(time_t)options.rekey_interval);
Index...
2015 Apr 22
2
non-openssl build fixes
The attached patches fixes and cleans up the build when configured
with --without-openssl.
Summary:
* Fix KEX_SERVER_ENCRYPT macro in myproposal.h
* Fix unresolved symbols in ssh-keygen.c
* Isolate openssl code and extend WITH_OPENSSL wrappers around it
* Make ed25519 default key type in ssh-keygen when configured --without-openssl
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-myproposal.h-fix-newl...
2020 Feb 06
3
Call for testing: OpenSSH 8.2
On 2020-02-05 at 20:39 -0500, Phil Pennock wrote:
> On 2020-02-06 at 10:29 +1100, Damien Miller wrote:
> > OpenSSH 8.2p1 is almost ready for release, so we would appreciate testing
> > on as many platforms and systems as possible. This is a feature release.
>
> > * The RFC8332 RSA SHA-2 signature algorithms rsa-sha2-256/512. These
> This actually affects me:
2015 Nov 06
2
hmac-ripemd160 not in PROTOCOL
Hi there,
I noticed that hmac-ripemd160 and hmac-ripemd160 at openssh.com are not listed in the OpenSSH protocols file, yet they are listed in myproposal.h. I was wondering whether this is intentional, if yes, what the rationale behind this is?
Thanks,
Max
2023 Feb 24
1
[PATCH 1/1] Add support for ZSTD compression
...il the
server sends the SSH_MSG_USERAUTH_SUCCESS which is the same time as with
the "zlib at openssh.com" method.
Signed-off-by: Sebastian Andrzej Siewior <sebastian at breakpoint.cc>
---
cipher.c | 30 +++++-
configure.ac | 8 ++
kex.c | 5 +
kex.h | 3 +
myproposal.h | 2 +-
packet.c | 272 +++++++++++++++++++++++++++++++++++++++++++++------
readconf.c | 8 +-
servconf.c | 14 +--
ssh.c | 4 +-
9 files changed, 300 insertions(+), 46 deletions(-)
diff --git a/cipher.c b/cipher.c
index 02aea4089ff91..1634bb4019c86 100644
--- a/cipher.c
++...
2007 Jan 08
0
How to remove group1 and group14 from OpenSSH..
...eant to show what should change.
I do apologize for not using the patch format
and I also apologize if we are not supposed to post patch-like info. Also.. if you do try to recompile..
you might need to change your Makefiles. All of these files are in /usr/src/ssh/
TO REMOVE GROUP1 and GROUP14
IN myproposal.h
#define KEX_DEFAULT_KEX "diffie-hellman-group-exchange-sha256," \
"diffie-hellman-group-exchange-sha1," \
"diffie-hellman-group14-sha1," \
"diffie-hellman-group1-sha1"
CHANGE TO
#define KEX_DEFAULT_KEX "diffie-hellman-group-exchange-sha25...
2015 Sep 14
15
[Bug 2466] New: Cipher defines from opensslconf.h
https://bugzilla.mindrot.org/show_bug.cgi?id=2466
Bug ID: 2466
Summary: Cipher defines from opensslconf.h
Product: Portable OpenSSH
Version: 7.1p1
Hardware: All
OS: Linux
Status: NEW
Severity: minor
Priority: P5
Component: Miscellaneous
Assignee: unassigned-bugs at mindrot.org
2001 Mar 11
0
patch to allow client to select rsa/dss
...alias; /* hostname alias for .ssh/known_hosts */
diff -c3 -r orig/openssh-2.5.1p1/sshconnect2.c openssh-2.5.1p1/sshconnect2.c
*** orig/openssh-2.5.1p1/sshconnect2.c Fri Feb 16 01:34:57 2001
--- openssh-2.5.1p1/sshconnect2.c Sun Mar 11 23:15:37 2001
***************
*** 94,99 ****
--- 94,104 ----
myproposal[PROPOSAL_MAC_ALGS_CTOS] =
myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
}
+ if (options.pkalg != NULL) {
+ debug("Copying pkalg=%.100s to mypromposal", options.pkalg);
+ myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = options.pkalg;
+ }
+
/* buffe...
2023 Feb 24
1
[PATCH 0/1] ZSTD compression support for OpenSSH
I added ZSTD support to OpenSSH roughly three years ago and I've been
playing with it ever since.
The nice part is that ZSTD achieves reasonable compression (like zlib)
but consumes little CPU so it is unlikely that compression becomes the
bottle neck of a transfer. The compression overhead (CPU) is negligible
even when uncompressed data is tunneled over the SSH connection (SOCKS
proxy, port
2001 Mar 07
3
protocol 2 performance gain?
has anyone noticed a performance gain with protocol 2?
-David Higdon
2008 Jun 28
1
KEX graceful failure
...erimental key exchange (KEX) algorithm.
Unlike current algorithms like DH, mine needs to be able to fail gracefully,
and in case of failure, continue with whatever algorithm would have been
negotiated if mine was not selected.
My strategy for graceful failure is to remove my KEX algorithm from
myproposal[KEX_DEFAULT_KEX] and to initiate a new key exchange.
My question is whether it is safe (and a good idea) to simply call do_ssh2_kex
(server) / ssh2_kex (client) in order to do another exchange, and whether
there are any negative consequences of doing so (e.g. security or
reliability).
Thanks!...
2013 Nov 25
2
Last http://hg.mindrot.org/openssh commit is from 2013-06-11
Hello,
well it''s
| Rev: || 11096:745a39c852ab tip 11094:e34042dabbd8
| Auth: dtucker
| Date: Tue, 11 Jun 2013 02:10:02 +0000
- (dtucker) [myproposal.h] Make the conditional algorithm support consistent
and add some comments so it''s clear what goes where.
Note it was still advertised in the 6.3 release notes.
Has it been replaced by a git(1) repository? :-))
Thank you,
--steffen
2009 Apr 01
3
[Bug 1582] New: memory leak in do_ssh2_kex() routine (sshd.c)
...uel.sanders at arcelormittal.com
CC: miguel.sanders at arcelormittal.com
Created an attachment (id=1620)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=1620)
Fix for memory leak
There is small memory leak in the do_ssh2_kex() routine in sshd.c.
Line 2195 in sshd.c states:
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
Where list_hostkey_types() returns a pointer allocated by the xstrdup
call (line 735). This pointer should be freed in the calling routine
do_ssh2_kex().
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You a...
2019 Feb 14
2
Can we disable diffie-hellman-group-exchange-sha1 by default?
...n a change to readconf.c. I noticed
this and filed a bug about it along with a patch to fix readconf.c to use
KEX_CLIENT_* like it used to:
https://github.com/openssh/openssh-portable/commit/1b9dd4aa
https://bugzilla.mindrot.org/show_bug.cgi?id=2967
Its clear the removal was unintentional because myproposal.h still
lists diffie-hellman-group-exchange-sha1 under KEX_CLIENT_KEX:
https://github.com/openssh/openssh-portable/blob/V_7_8_P1/myproposal.h#L102
I was just thinking that if this hasn't been causing a problem for the
last 2 releases then maybe its time to disable this by default in the
clie...
2015 Apr 23
16
[Bug 2388] New: build fixups for --without-openssl
...Component: Build system
Assignee: unassigned-bugs at mindrot.org
Reporter: reubenhwk at gmail.com
Created attachment 2599
--> https://bugzilla.mindrot.org/attachment.cgi?id=2599&action=edit
git format-patch origin/master
Summary:
* Fix KEX_SERVER_ENCRYPT macro in myproposal.h
* Fix unresolved symbols in ssh-keygen.c
* Isolate openssl code and extend WITH_OPENSSL wrappers around it
* Make ed25519 default key type in ssh-keygen when configured
--without-openssl
The attached patches apply to master (commit id 70860b6)
--
You are receiving this mail because:
You are wa...
2020 Mar 24
4
ZSTD compression support for OpenSSH
I hacked zstd support into OpenSSH a while ago and just started to clean
it up in the recent days. The cleanup includes configuration support
among other things that I did not have.
During testing I noticed the following differences compared to zlib:
- highly interactive shell output (as in refreshed at a _very_ high
rate) may result in higher bandwidth compared to zlib. Since zstd is
quicker