Displaying 20 results from an estimated 41 matches for "myproposals".
Did you mean:
myproposal
2005 Oct 26
2
openssh 4.2p1 zlib compression broken for old clients
Hello OpenSSH developers,
openssh 4.2p1 breaks old openssh clients up to 3.4p1 when they try to use compression:
# ssh-3.4p1 -C remote-host-with-4.2p1 pwd
no matching comp found: client zlib server none,zlib at openssh.com
option "-vv" shows
...
debug2: kex_parse_kexinit: zlib
...
debug2: kex_parse_kexinit: none,zlib at openssh.com
...
debug2: mac_init: found hmac-md5
no
2001 Mar 07
1
patch to select pkalg
...cs = NULL;
+ options->pkalgorithms = NULL;
options->protocol = SSH_PROTO_UNKNOWN;
options->num_identity_files = 0;
options->hostname = NULL;
***************
*** 797,802 ****
--- 809,815 ----
options->cipher = SSH_CIPHER_NOT_SET;
/* options->ciphers, default set in myproposals.h */
/* options->macs, default set in myproposals.h */
+ /* options->pkalgorithms, default set in myproposals.h */
if (options->protocol == SSH_PROTO_UNKNOWN)
options->protocol = SSH_PROTO_1|SSH_PROTO_2|SSH_PROTO_1_PREFERRED;
if (options->num_identity_files == 0) {
***...
2016 Jan 19
2
[Bug 2527] New: default algorithms mismatch between man pages and myproposal.h
https://bugzilla.mindrot.org/show_bug.cgi?id=2527
Bug ID: 2527
Summary: default algorithms mismatch between man pages and
myproposal.h
Product: Portable OpenSSH
Version: 7.1p1
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: P5
Component: Documentation
2001 Oct 24
2
disable features
this (uncomplete) patch makes various features compile time
options and saves up to 24K in the resulting
ssh/sshd binaries. i don't know whether this
should be added to the CVS since it makes
the code less readable.
perhaps WITH_COMPRESSION should be added, since
it removes the dependency on libz
-m
Index: Makefile.inc
===================================================================
RCS
2014 Apr 20
2
bad bignum encoding for curve25519-sha256@libssh.org
Hi,
So I screwed up when writing the support for the curve25519 KEX method
that doesn't depend on OpenSSL's BIGNUM type - a bug in my code left
leading zero bytes where they should have been skipped. The impact of
this is that OpenSSH 6.5 and 6.6 will fail during key exchange with a
peer that implements curve25519-sha256 at libssh.org properly about 0.2%
of the time (one in every 512ish
2015 Apr 22
2
non-openssl build fixes
The attached patches fixes and cleans up the build when configured
with --without-openssl.
Summary:
* Fix KEX_SERVER_ENCRYPT macro in myproposal.h
* Fix unresolved symbols in ssh-keygen.c
* Isolate openssl code and extend WITH_OPENSSL wrappers around it
* Make ed25519 default key type in ssh-keygen when configured --without-openssl
-------------- next part --------------
A non-text attachment was
2020 Feb 06
3
Call for testing: OpenSSH 8.2
On 2020-02-05 at 20:39 -0500, Phil Pennock wrote:
> On 2020-02-06 at 10:29 +1100, Damien Miller wrote:
> > OpenSSH 8.2p1 is almost ready for release, so we would appreciate testing
> > on as many platforms and systems as possible. This is a feature release.
>
> > * The RFC8332 RSA SHA-2 signature algorithms rsa-sha2-256/512. These
> This actually affects me:
2015 Nov 06
2
hmac-ripemd160 not in PROTOCOL
Hi there,
I noticed that hmac-ripemd160 and hmac-ripemd160 at openssh.com are not listed in the OpenSSH protocols file, yet they are listed in myproposal.h. I was wondering whether this is intentional, if yes, what the rationale behind this is?
Thanks,
Max
2023 Feb 24
1
[PATCH 1/1] Add support for ZSTD compression
From: Sebastian Andrzej Siewior <sebastian at breakpoint.cc>
The "zstd at breakpoint.cc" compression algorithm enables ZSTD based
compression as defined in RFC8478. The compression is delayed until the
server sends the SSH_MSG_USERAUTH_SUCCESS which is the same time as with
the "zlib at openssh.com" method.
Signed-off-by: Sebastian Andrzej Siewior <sebastian at
2007 Jan 08
0
How to remove group1 and group14 from OpenSSH..
Hello everyone.. I am fairly new to the patching format.. so I just decided to post a basic info
about how to remove group1 and group14 diffie key exchange in OpenSSH.
I know that they are listed as required in RFC 4253 but I don't want a client to have the choice
to use a 1024 bit prime for the key exchange. If someone is getting into my system.. they should
upgrade to a new client. I am a
2015 Sep 14
15
[Bug 2466] New: Cipher defines from opensslconf.h
https://bugzilla.mindrot.org/show_bug.cgi?id=2466
Bug ID: 2466
Summary: Cipher defines from opensslconf.h
Product: Portable OpenSSH
Version: 7.1p1
Hardware: All
OS: Linux
Status: NEW
Severity: minor
Priority: P5
Component: Miscellaneous
Assignee: unassigned-bugs at mindrot.org
2001 Mar 11
0
patch to allow client to select rsa/dss
Here is a quick patch against openssh-2.5.1p1 to add a new config
option (pkalg) for the ssh client allowing the selection of which
public keys are obtained/verified.
--cut-here-
diff -c3 -r orig/openssh-2.5.1p1/key.c openssh-2.5.1p1/key.c
*** orig/openssh-2.5.1p1/key.c Mon Feb 5 18:16:28 2001
--- openssh-2.5.1p1/key.c Sun Mar 11 23:10:10 2001
***************
*** 534,539 ****
--- 534,567 ----
2023 Feb 24
1
[PATCH 0/1] ZSTD compression support for OpenSSH
I added ZSTD support to OpenSSH roughly three years ago and I've been
playing with it ever since.
The nice part is that ZSTD achieves reasonable compression (like zlib)
but consumes little CPU so it is unlikely that compression becomes the
bottle neck of a transfer. The compression overhead (CPU) is negligible
even when uncompressed data is tunneled over the SSH connection (SOCKS
proxy, port
2001 Mar 07
3
protocol 2 performance gain?
has anyone noticed a performance gain with protocol 2?
-David Higdon
2008 Jun 28
1
KEX graceful failure
Dear all,
I am currently implementing an experimental key exchange (KEX) algorithm.
Unlike current algorithms like DH, mine needs to be able to fail gracefully,
and in case of failure, continue with whatever algorithm would have been
negotiated if mine was not selected.
My strategy for graceful failure is to remove my KEX algorithm from
myproposal[KEX_DEFAULT_KEX] and to initiate a new key
2013 Nov 25
2
Last http://hg.mindrot.org/openssh commit is from 2013-06-11
Hello,
well it''s
| Rev: || 11096:745a39c852ab tip 11094:e34042dabbd8
| Auth: dtucker
| Date: Tue, 11 Jun 2013 02:10:02 +0000
- (dtucker) [myproposal.h] Make the conditional algorithm support consistent
and add some comments so it''s clear what goes where.
Note it was still advertised in the 6.3 release notes.
Has it been replaced by a git(1) repository? :-))
2009 Apr 01
3
[Bug 1582] New: memory leak in do_ssh2_kex() routine (sshd.c)
https://bugzilla.mindrot.org/show_bug.cgi?id=1582
Summary: memory leak in do_ssh2_kex() routine (sshd.c)
Product: Portable OpenSSH
Version: 5.2p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy:
2019 Feb 14
2
Can we disable diffie-hellman-group-exchange-sha1 by default?
I ask because the removal of diffie-hellman-group-exchange-sha1 happened
accidently in 7.8 due to a mistake in a change to readconf.c. I noticed
this and filed a bug about it along with a patch to fix readconf.c to use
KEX_CLIENT_* like it used to:
https://github.com/openssh/openssh-portable/commit/1b9dd4aa
https://bugzilla.mindrot.org/show_bug.cgi?id=2967
Its clear the removal was unintentional
2015 Apr 23
16
[Bug 2388] New: build fixups for --without-openssl
https://bugzilla.mindrot.org/show_bug.cgi?id=2388
Bug ID: 2388
Summary: build fixups for --without-openssl
Product: Portable OpenSSH
Version: 6.8p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: Build system
Assignee: unassigned-bugs at
2020 Mar 24
4
ZSTD compression support for OpenSSH
I hacked zstd support into OpenSSH a while ago and just started to clean
it up in the recent days. The cleanup includes configuration support
among other things that I did not have.
During testing I noticed the following differences compared to zlib:
- highly interactive shell output (as in refreshed at a _very_ high
rate) may result in higher bandwidth compared to zlib. Since zstd is
quicker