search for: nistp521

...sh-dss not in PubkeyAcceptedKeyTypes [preauth] I saw that the sshd process had started with the option ... -oPubkeyAcceptedKeyTypes=rsa-sha2-256,ecdsa-sha2-nistp256, ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384, ecdsa-sha2-nistp384-cert-v01 at openssh.com,rsa-sha2-512,ecdsa-sha2-nistp521, ecdsa-sha2-nistp521-cert-v01 at openssh.com,ssh-ed25519, ssh-ed25519-cert-v01 at openssh.com,ssh-rsa,ssh-rsa-cert-v01 at openssh.com So I found the unit file for sshd that refers to /etc/crypto-policies/back-ends/opensshserver.config In the mean time I was able to reach my target going and editin...

...es256-cbc,rijndael-cbc at lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com,chacha20-poly1305 at openssh.com HostbasedAcceptedKeyTypes ssh-ed25519,ssh-ed25519-cert-v01 at openssh.com,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa-cert-v01 at openssh.com,ssh-dss-cert-v01 at openssh.com,ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com HostKeyAlgorithms ssh-ed25519,ssh-ed25519-cert-v01 at openssh.com,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,e...

...ort () at abort.c:79 #2 0x7f715c00 in __subvsi3 (a=<optimized out>, b=<optimized out>) at ../../../gcc-7-20180201/libgcc/libgcc2.c:119 #3 0x7f713494 in strlcpy ( dst=0x7fff2428 "ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,sk-ecdsa-sha2-nistp256-cert-v01 at openssh.com,ssh-ed25519-cert-v01 at openssh.com,sk-ssh-ed25519-cert-v01 at openssh.com,rsa-sha2-512-cert-v01 at openssh.com,rsa-sha2-256-cert-v01 at openssh.com,ssh-rsa-cert-v01 at openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-s...

...tedKeyTypes [preauth] > > I saw that the sshd process had started with the option > ... -oPubkeyAcceptedKeyTypes=rsa-sha2-256,ecdsa-sha2-nistp256, > ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384, > ecdsa-sha2-nistp384-cert-v01 at openssh.com,rsa-sha2-512,ecdsa-sha2-nistp521, > ecdsa-sha2-nistp521-cert-v01 at openssh.com,ssh-ed25519, > ssh-ed25519-cert-v01 at openssh.com,ssh-rsa,ssh-rsa-cert-v01 at openssh.com > > So I found the unit file for sshd that refers > to /etc/crypto-policies/back-ends/opensshserver.config > In the mean time I was able to re...

When I do ssh -Q key, where ssh is the OpenSSH 7.4p1 client, I get the following output: ssh-ed25519 ssh-ed25519-cert-v01 at openssh.com ssh-rsa ssh-dss ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 ssh-rsa-cert-v01 at openssh.com ssh-dss-cert-v01 at openssh.com ecdsa-sha2-nistp256-cert-v01 at openssh.com ecdsa-sha2-nistp384-cert-v01 at openssh.com ecdsa-sha2-nistp521-cert-v01 at openssh.com The thing is, one can invoke both client and server with -o HostKeyAlgorithms=rsa-sha2-256, or -o Hos...

...sh.com,umac-128-etm at openssh.com,hmac- sha2-512-etm at openssh.com,hmac-sha2-256,hmac-sha1,umac-128 at openssh.com,hmac-sha2-512 -oGSSAPIKexAlgorithms=gss-gex-sha1-,gss-group14-sha1- -oKexAlgorithms= curve25519-sha256,curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellma n-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1 -oHostKeyAlgor ithms=rsa-sha2-256,rsa-sha2-256-cert-v01 at openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp2...

...ed debug2: kex_parse_kexinit: diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-ed25519-cert-v01 at openssh.com,ssh-rsa-cert-v01 at openssh.com,ssh-ed25519,ss h-rsa,ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01@ openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,ecdsa-sha2-nistp256,ecd sa-sha2-nistp384,ecdsa-sha2-nistp521 debug2: kex_parse_kexinit: aes128-ctr debug2: kex_parse_kexinit: aes128-ctr debug2: kex_parse_kexinit: hmac-sha1 debug2: kex_parse_kexinit: hmac-sha1 debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib d...

...wn_hosts" debug3: record_hostkey: found key type ECDSA in file /Users/user1/.ssh/known_hosts:3 debug3: load_hostkeys: loaded 1 keys from remote_host debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha25...

The defaults for HostKeyAlgorithms option are: ecdsa-sha2-nistp256-cert-v01 at openssh.com, ecdsa-sha2-nistp384-cert-v01 at openssh.com, ecdsa-sha2-nistp521-cert-v01 at openssh.com, ssh-ed25519-cert-v01 at openssh.com, ssh-rsa-cert-v01 at openssh.com, ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, ssh-ed25519,ssh-rsa Why does OpenSSH prefer older and less secure (https://safecurves.cr.yp.to/) ECDSA with NIST curves over Ed25519? Also why...

Hi, I have compatibility issues with the latest version of openssh-server and an old dropbear client, the dopbear client stops at preauth ov 22 14:34:03 myhostname sshd[3905]: debug1: Client protocol version 2.0; client software version dropbear_0.46 Nov 22 14:34:03 myhostname sshd[3905]: debug1: no match: dropbear_0.46 Nov 22 14:34:03 myhostname sshd[3905]: debug1: Local version string

...ord_hostkey: found key type ECDSA in file > /Users/user1/.ssh/known_hosts:3 > debug3: load_hostkeys: loaded 1 keys from remote_host > debug3: order_hostkeyalgs: prefer hostkeyalgs: > ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2- > nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com > ,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521 > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug2: kex_parse_kexinit: > curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2- > nistp384,ecdh-sha2-nistp521,dif...

...matching key->type debug1: key_sig_algorithm: cp: ecdsa-sha2-nistp384-cert-v01 at openssh.com sshkey_sigalg_by_name(cp): ecdsa-sha2-nistp384 debug1: key_sig_algorithm: skipping ecdsa-sha2-nistp384-cert-v01 at openssh.com due to not matching key->type debug1: key_sig_algorithm: cp: ecdsa-sha2-nistp521-cert-v01 at openssh.com sshkey_sigalg_by_name(cp): ecdsa-sha2-nistp521 debug1: key_sig_algorithm: skipping ecdsa-sha2-nistp521-cert-v01 at openssh.com due to not matching key->type debug1: key_sig_algorithm: cp: ssh-ed25519-cert-v01 at openssh.com sshkey_sigalg_by_name(cp): ssh-ed25519 debug1: k...

...> When I do ssh -Q key, where ssh is the OpenSSH 7.4p1 client, I get the > > following output: > > > > ssh-ed25519 > > ssh-ed25519-cert-v01 at openssh.com > > ssh-rsa > > ssh-dss > > ecdsa-sha2-nistp256 > > ecdsa-sha2-nistp384 > > ecdsa-sha2-nistp521 > > ssh-rsa-cert-v01 at openssh.com > > ssh-dss-cert-v01 at openssh.com > > ecdsa-sha2-nistp256-cert-v01 at openssh.com > > ecdsa-sha2-nistp384-cert-v01 at openssh.com > > ecdsa-sha2-nistp521-cert-v01 at openssh.com > > > > The thing is, one can invoke bot...

Hi there, has anybody managed to get the eToken Pro Anywhere work with SSH? I'm using the latest SafeNetAuthentication drivers available for Ubuntu 64bit (8.3) and everything is working just fine except for ssh. I can use the eToken for logging in, openvpn, rdestkop, etc. but it seems ssh does not recognize the device properly. The command "ssh -I /usr/lib/libeToken.so.8 user at

...er_hostkeyalgs: prefer hostkeyalgs: ssh-ed25519-cert-v01 at openssh.com,ssh-rsa-cert-v01 at openssh.com,ssh-ed25519,ss h-rsa debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2 -nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange -sha1,diffie-hellman-group14-sha1 debug2: kex_parse_kexinit: ssh-ed25519-cert-v01 at openssh.com,ssh-rsa-cert-v01 at openssh.com,ssh-ed25519,ss h-rsa,ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01@ openssh...

Hi! I'm having a difficult time getting X11 forwarding to work. Since I've read the docs completely about this, this must be an SSH bug which is likely because I'm using Gentoo as the SSH server. When trying to forward X11 connections, I get X11 connection rejected because of wrong authentication. kwrite: cannot connect to X server XXXXXXXXX:10.0 Using command ssh -Y -p 1111 -4

In the past 24 hours multiple persons have contacted me regarding the use of elliptic curve cryptography in tinc 1.1 in light of the suspicion that the NSA might have weakened algorithms and/or elliptic curves published by NIST. The new protocol in tinc 1.1 (SPTPS) uses ECDH and ECDSA to do session key exchange and authentication, in such a way that it has the perfect forward secrecy (PFS)

In the past 24 hours multiple persons have contacted me regarding the use of elliptic curve cryptography in tinc 1.1 in light of the suspicion that the NSA might have weakened algorithms and/or elliptic curves published by NIST. The new protocol in tinc 1.1 (SPTPS) uses ECDH and ECDSA to do session key exchange and authentication, in such a way that it has the perfect forward secrecy (PFS)

...and comment fields give the RSA key for protocol version 1; the comment field is not used for anything (but may be convenient for the user to identify the key). For protocol version 2 the keytype is ``ecdsa-sha2-nistp256'', ``ecdsa-sha2-nistp384'', ``ecdsa-sha2-nistp521'', ``ssh-dss'' or ``ssh-rsa''. >>>> last line: ecdsa-sha2-nistp521 -???-> ecdsa-sha2-nistp512 Tev

...openssh.com ? For example in default settings for KexAlgorithms the curve25519-sha256 at libssh.org is preferred over ecdh-sha2-nistp256. Fedor Defaults in openssh-6.6p1 HostKeyAlgorithms ecdsa-sha2-nistp256-cert-v01 at openssh.com, ecdsa-sha2-nistp384-cert-v01 at openssh.com, ecdsa-sha2-nistp521-cert-v01 at openssh.com, ssh-ed25519-cert-v01 at openssh.com, ssh-rsa-cert-v01 at openssh.com,ssh-dss-cert-v01 at openssh.com, ssh-rsa-cert-v00 at openssh.com,ssh-dss-cert-v00 at openssh.com, ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, ssh-ed25519,ssh-rsa,ssh-dss KexAlg...