search for: myproposal

...elow makes the old ssh clients happy again with option "-C" ------------------------------------------------------------------------------- --- openssh-4.2p1/sshd.c~ 2005-10-05 17:58:21.000000000 +0200 +++ openssh-4.2p1/sshd.c 2005-10-26 18:17:44.000000000 +0200 @@ -2014,7 +2014,7 @@ myproposal[PROPOSAL_COMP_ALGS_STOC] = "none"; } else if (options.compression == COMP_DELAYED) { myproposal[PROPOSAL_COMP_ALGS_CTOS] = - myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib at openssh.com"; + myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib at openssh.com,zlib"...

Suppose an SSH server has both RSA and DSA host keys for protocol 2, but I only have the DSA key, and I want to use that. I'm stuck; the OpenSSH client is hard-wired to offer both algorithms in the key exchange, and will select ssh-rsa if it's available (see myproposal.h, KEX_DEFAULT_PK_ALG). Below is a patch adding the client configuration option "PKAlgorithms" for this purpose. It doesn't validate the supplied list; I'm not sure if that's really necessary or desirable. This situation raises a couple of questions. The first is about the...

https://bugzilla.mindrot.org/show_bug.cgi?id=2527 Bug ID: 2527 Summary: default algorithms mismatch between man pages and myproposal.h Product: Portable OpenSSH Version: 7.1p1 Hardware: All OS: All Status: NEW Severity: major Priority: P5 Component: Documentation Assignee: unassigned-bugs at mindrot.org Reporter: i at f2l...

...in the RFC file, it must be * called by a name other than "ssh" or "Secure Shell". */ +#ifdef WITH_COMPRESSION #include "includes.h" RCSID("$OpenBSD: compress.c,v 1.15 2001/09/27 11:58:16 markus Exp $"); @@ -154,3 +155,4 @@ } } } +#endif Index: myproposal.h =================================================================== RCS file: /home/markus/cvs/ssh/myproposal.h,v retrieving revision 1.12 diff -u -r1.12 myproposal.h --- myproposal.h 5 Mar 2001 15:56:16 -0000 1.12 +++ myproposal.h 22 Oct 2001 18:42:06 -0000 @@ -34,7 +34,11 @@ "hmac-md5,hm...

...=============== RCS file: /var/cvs/openssh/sshd.c,v retrieving revision 1.448 retrieving revision 1.453 diff -u -p -r1.448 -r1.453 --- sshd.c 26 Feb 2014 23:20:08 -0000 1.448 +++ sshd.c 20 Apr 2014 03:28:41 -0000 1.453 @@ -2462,6 +2438,9 @@ do_ssh2_kex(void) if (options.kex_algorithms != NULL) myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms; + myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal( + myproposal[PROPOSAL_KEX_ALGS]); + if (options.rekey_limit || options.rekey_interval) packet_set_rekey_limits((u_int32_t)options.rekey_limit, (time_t)options.rekey_interval); Index...

The attached patches fixes and cleans up the build when configured with --without-openssl. Summary: * Fix KEX_SERVER_ENCRYPT macro in myproposal.h * Fix unresolved symbols in ssh-keygen.c * Isolate openssl code and extend WITH_OPENSSL wrappers around it * Make ed25519 default key type in ssh-keygen when configured --without-openssl -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-myproposal.h-fix-newl...

On 2020-02-05 at 20:39 -0500, Phil Pennock wrote: > On 2020-02-06 at 10:29 +1100, Damien Miller wrote: > > OpenSSH 8.2p1 is almost ready for release, so we would appreciate testing > > on as many platforms and systems as possible. This is a feature release. > > > * The RFC8332 RSA SHA-2 signature algorithms rsa-sha2-256/512. These > This actually affects me:

Hi there, I noticed that hmac-ripemd160 and hmac-ripemd160 at openssh.com are not listed in the OpenSSH protocols file, yet they are listed in myproposal.h. I was wondering whether this is intentional, if yes, what the rationale behind this is? Thanks, Max

...il the server sends the SSH_MSG_USERAUTH_SUCCESS which is the same time as with the "zlib at openssh.com" method. Signed-off-by: Sebastian Andrzej Siewior <sebastian at breakpoint.cc> --- cipher.c | 30 +++++- configure.ac | 8 ++ kex.c | 5 + kex.h | 3 + myproposal.h | 2 +- packet.c | 272 +++++++++++++++++++++++++++++++++++++++++++++------ readconf.c | 8 +- servconf.c | 14 +-- ssh.c | 4 +- 9 files changed, 300 insertions(+), 46 deletions(-) diff --git a/cipher.c b/cipher.c index 02aea4089ff91..1634bb4019c86 100644 --- a/cipher.c ++...

...eant to show what should change. I do apologize for not using the patch format and I also apologize if we are not supposed to post patch-like info. Also.. if you do try to recompile.. you might need to change your Makefiles. All of these files are in /usr/src/ssh/ TO REMOVE GROUP1 and GROUP14 IN myproposal.h #define KEX_DEFAULT_KEX "diffie-hellman-group-exchange-sha256," \ "diffie-hellman-group-exchange-sha1," \ "diffie-hellman-group14-sha1," \ "diffie-hellman-group1-sha1" CHANGE TO #define KEX_DEFAULT_KEX "diffie-hellman-group-exchange-sha25...

https://bugzilla.mindrot.org/show_bug.cgi?id=2466 Bug ID: 2466 Summary: Cipher defines from opensslconf.h Product: Portable OpenSSH Version: 7.1p1 Hardware: All OS: Linux Status: NEW Severity: minor Priority: P5 Component: Miscellaneous Assignee: unassigned-bugs at mindrot.org

...alias; /* hostname alias for .ssh/known_hosts */ diff -c3 -r orig/openssh-2.5.1p1/sshconnect2.c openssh-2.5.1p1/sshconnect2.c *** orig/openssh-2.5.1p1/sshconnect2.c Fri Feb 16 01:34:57 2001 --- openssh-2.5.1p1/sshconnect2.c Sun Mar 11 23:15:37 2001 *************** *** 94,99 **** --- 94,104 ---- myproposal[PROPOSAL_MAC_ALGS_CTOS] = myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; } + if (options.pkalg != NULL) { + debug("Copying pkalg=%.100s to mypromposal", options.pkalg); + myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = options.pkalg; + } + /* buffe...

I added ZSTD support to OpenSSH roughly three years ago and I've been playing with it ever since. The nice part is that ZSTD achieves reasonable compression (like zlib) but consumes little CPU so it is unlikely that compression becomes the bottle neck of a transfer. The compression overhead (CPU) is negligible even when uncompressed data is tunneled over the SSH connection (SOCKS proxy, port

has anyone noticed a performance gain with protocol 2? -David Higdon

...erimental key exchange (KEX) algorithm. Unlike current algorithms like DH, mine needs to be able to fail gracefully, and in case of failure, continue with whatever algorithm would have been negotiated if mine was not selected. My strategy for graceful failure is to remove my KEX algorithm from myproposal[KEX_DEFAULT_KEX] and to initiate a new key exchange. My question is whether it is safe (and a good idea) to simply call do_ssh2_kex (server) / ssh2_kex (client) in order to do another exchange, and whether there are any negative consequences of doing so (e.g. security or reliability). Thanks!...

Hello, well it''s | Rev: || 11096:745a39c852ab tip 11094:e34042dabbd8 | Auth: dtucker | Date: Tue, 11 Jun 2013 02:10:02 +0000 - (dtucker) [myproposal.h] Make the conditional algorithm support consistent and add some comments so it''s clear what goes where. Note it was still advertised in the 6.3 release notes. Has it been replaced by a git(1) repository? :-)) Thank you, --steffen

...uel.sanders at arcelormittal.com CC: miguel.sanders at arcelormittal.com Created an attachment (id=1620) --> (http://bugzilla.mindrot.org/attachment.cgi?id=1620) Fix for memory leak There is small memory leak in the do_ssh2_kex() routine in sshd.c. Line 2195 in sshd.c states: myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types(); Where list_hostkey_types() returns a pointer allocated by the xstrdup call (line 735). This pointer should be freed in the calling routine do_ssh2_kex(). -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You a...

...n a change to readconf.c. I noticed this and filed a bug about it along with a patch to fix readconf.c to use KEX_CLIENT_* like it used to: https://github.com/openssh/openssh-portable/commit/1b9dd4aa https://bugzilla.mindrot.org/show_bug.cgi?id=2967 Its clear the removal was unintentional because myproposal.h still lists diffie-hellman-group-exchange-sha1 under KEX_CLIENT_KEX: https://github.com/openssh/openssh-portable/blob/V_7_8_P1/myproposal.h#L102 I was just thinking that if this hasn't been causing a problem for the last 2 releases then maybe its time to disable this by default in the clie...

...Component: Build system Assignee: unassigned-bugs at mindrot.org Reporter: reubenhwk at gmail.com Created attachment 2599 --> https://bugzilla.mindrot.org/attachment.cgi?id=2599&action=edit git format-patch origin/master Summary: * Fix KEX_SERVER_ENCRYPT macro in myproposal.h * Fix unresolved symbols in ssh-keygen.c * Isolate openssl code and extend WITH_OPENSSL wrappers around it * Make ed25519 default key type in ssh-keygen when configured --without-openssl The attached patches apply to master (commit id 70860b6) -- You are receiving this mail because: You are wa...

I hacked zstd support into OpenSSH a while ago and just started to clean it up in the recent days. The cleanup includes configuration support among other things that I did not have. During testing I noticed the following differences compared to zlib: - highly interactive shell output (as in refreshed at a _very_ high rate) may result in higher bandwidth compared to zlib. Since zstd is quicker