Displaying 20 results from an estimated 119 matches for "nistp521".
2019 Oct 17
2
DSA key not accepted on CentOS even after enabling
...sh-dss not in PubkeyAcceptedKeyTypes [preauth]
I saw that the sshd process had started with the option
... -oPubkeyAcceptedKeyTypes=rsa-sha2-256,ecdsa-sha2-nistp256,
ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384,
ecdsa-sha2-nistp384-cert-v01 at openssh.com,rsa-sha2-512,ecdsa-sha2-nistp521,
ecdsa-sha2-nistp521-cert-v01 at openssh.com,ssh-ed25519,
ssh-ed25519-cert-v01 at openssh.com,ssh-rsa,ssh-rsa-cert-v01 at openssh.com
So I found the unit file for sshd that refers
to /etc/crypto-policies/back-ends/opensshserver.config
In the mean time I was able to reach my target going and editin...
2018 Nov 23
2
Debian Stretch 9.6: openssh-server and old dropbear client don't work togheter
...es256-cbc,rijndael-cbc at lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com,chacha20-poly1305 at openssh.com
HostbasedAcceptedKeyTypes
ssh-ed25519,ssh-ed25519-cert-v01 at openssh.com,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa-cert-v01 at openssh.com,ssh-dss-cert-v01 at openssh.com,ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com
HostKeyAlgorithms
ssh-ed25519,ssh-ed25519-cert-v01 at openssh.com,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,e...
2020 Jun 11
2
pointer subtraciton on arm for 8.3p1
...ort () at abort.c:79
#2 0x7f715c00 in __subvsi3 (a=<optimized out>, b=<optimized out>) at
../../../gcc-7-20180201/libgcc/libgcc2.c:119
#3 0x7f713494 in strlcpy (
dst=0x7fff2428
"ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,sk-ecdsa-sha2-nistp256-cert-v01 at openssh.com,ssh-ed25519-cert-v01 at openssh.com,sk-ssh-ed25519-cert-v01 at openssh.com,rsa-sha2-512-cert-v01 at openssh.com,rsa-sha2-256-cert-v01 at openssh.com,ssh-rsa-cert-v01 at openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-s...
2019 Oct 17
0
DSA key not accepted on CentOS even after enabling
...tedKeyTypes [preauth]
>
> I saw that the sshd process had started with the option
> ... -oPubkeyAcceptedKeyTypes=rsa-sha2-256,ecdsa-sha2-nistp256,
> ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384,
> ecdsa-sha2-nistp384-cert-v01 at openssh.com,rsa-sha2-512,ecdsa-sha2-nistp521,
> ecdsa-sha2-nistp521-cert-v01 at openssh.com,ssh-ed25519,
> ssh-ed25519-cert-v01 at openssh.com,ssh-rsa,ssh-rsa-cert-v01 at openssh.com
>
> So I found the unit file for sshd that refers
> to /etc/crypto-policies/back-ends/opensshserver.config
> In the mean time I was able to re...
2020 Mar 02
3
Question about host key algorithms
When I do ssh -Q key, where ssh is the OpenSSH 7.4p1 client, I get the
following output:
ssh-ed25519
ssh-ed25519-cert-v01 at openssh.com
ssh-rsa
ssh-dss
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
ssh-rsa-cert-v01 at openssh.com
ssh-dss-cert-v01 at openssh.com
ecdsa-sha2-nistp256-cert-v01 at openssh.com
ecdsa-sha2-nistp384-cert-v01 at openssh.com
ecdsa-sha2-nistp521-cert-v01 at openssh.com
The thing is, one can invoke both client and server with -o
HostKeyAlgorithms=rsa-sha2-256, or -o Hos...
2020 Oct 07
0
dbus issue on centos 7 as a lxc container
...sh.com,umac-128-etm at openssh.com,hmac-
sha2-512-etm at openssh.com,hmac-sha2-256,hmac-sha1,umac-128 at openssh.com,hmac-sha2-512
-oGSSAPIKexAlgorithms=gss-gex-sha1-,gss-group14-sha1- -oKexAlgorithms=
curve25519-sha256,curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellma
n-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
-oHostKeyAlgor
ithms=rsa-sha2-256,rsa-sha2-256-cert-v01 at openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp2...
2016 Feb 09
2
Test Failure OpenSSH 7.1 P2 on HPE NSE for integrity
...ed
debug2: kex_parse_kexinit:
diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit:
ssh-ed25519-cert-v01 at openssh.com,ssh-rsa-cert-v01 at openssh.com,ssh-ed25519,ss
h-rsa,ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01@
openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,ecdsa-sha2-nistp256,ecd
sa-sha2-nistp384,ecdsa-sha2-nistp521
debug2: kex_parse_kexinit: aes128-ctr
debug2: kex_parse_kexinit: aes128-ctr
debug2: kex_parse_kexinit: hmac-sha1
debug2: kex_parse_kexinit: hmac-sha1
debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib
d...
2016 Oct 24
2
SSH fail to login due to hang over after authenticated.
...wn_hosts"
debug3: record_hostkey: found key type ECDSA in file
/Users/user1/.ssh/known_hosts:3
debug3: load_hostkeys: loaded 1 keys from remote_host
debug3: order_hostkeyalgs: prefer hostkeyalgs:
ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit:
curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha25...
2018 May 25
5
Strange crypto choices
The defaults for HostKeyAlgorithms option are:
ecdsa-sha2-nistp256-cert-v01 at openssh.com,
ecdsa-sha2-nistp384-cert-v01 at openssh.com,
ecdsa-sha2-nistp521-cert-v01 at openssh.com,
ssh-ed25519-cert-v01 at openssh.com,
ssh-rsa-cert-v01 at openssh.com,
ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
ssh-ed25519,ssh-rsa
Why does OpenSSH prefer older and less secure
(https://safecurves.cr.yp.to/) ECDSA with NIST curves over Ed25519?
Also why...
2018 Nov 22
2
Debian Stretch 9.6: openssh-server and old dropbear client don't work togheter
Hi, I have compatibility issues with the latest version of
openssh-server and an old dropbear client, the dopbear client stops at
preauth
ov 22 14:34:03 myhostname sshd[3905]: debug1: Client protocol version
2.0; client software version dropbear_0.46
Nov 22 14:34:03 myhostname sshd[3905]: debug1: no match: dropbear_0.46
Nov 22 14:34:03 myhostname sshd[3905]: debug1: Local version string
2016 Oct 24
1
SSH fail to login due to hang over after authenticated.
...ord_hostkey: found key type ECDSA in file
> /Users/user1/.ssh/known_hosts:3
> debug3: load_hostkeys: loaded 1 keys from remote_host
> debug3: order_hostkeyalgs: prefer hostkeyalgs:
> ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-
> nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com
> ,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug2: kex_parse_kexinit:
> curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-
> nistp384,ecdh-sha2-nistp521,dif...
2018 Oct 10
2
no mutual signature algorithm with RSA user certs client 7.8, server 7.4
...matching key->type
debug1: key_sig_algorithm: cp:
ecdsa-sha2-nistp384-cert-v01 at openssh.com sshkey_sigalg_by_name(cp):
ecdsa-sha2-nistp384
debug1: key_sig_algorithm: skipping
ecdsa-sha2-nistp384-cert-v01 at openssh.com due to not matching key->type
debug1: key_sig_algorithm: cp:
ecdsa-sha2-nistp521-cert-v01 at openssh.com sshkey_sigalg_by_name(cp):
ecdsa-sha2-nistp521
debug1: key_sig_algorithm: skipping
ecdsa-sha2-nistp521-cert-v01 at openssh.com due to not matching key->type
debug1: key_sig_algorithm: cp: ssh-ed25519-cert-v01 at openssh.com
sshkey_sigalg_by_name(cp): ssh-ed25519
debug1: k...
2020 Mar 02
4
Question about host key algorithms
...> When I do ssh -Q key, where ssh is the OpenSSH 7.4p1 client, I get the
> > following output:
> >
> > ssh-ed25519
> > ssh-ed25519-cert-v01 at openssh.com
> > ssh-rsa
> > ssh-dss
> > ecdsa-sha2-nistp256
> > ecdsa-sha2-nistp384
> > ecdsa-sha2-nistp521
> > ssh-rsa-cert-v01 at openssh.com
> > ssh-dss-cert-v01 at openssh.com
> > ecdsa-sha2-nistp256-cert-v01 at openssh.com
> > ecdsa-sha2-nistp384-cert-v01 at openssh.com
> > ecdsa-sha2-nistp521-cert-v01 at openssh.com
> >
> > The thing is, one can invoke bot...
2013 Dec 11
4
OpenSSH 6.3p1 Smartcard-Support
Hi there,
has anybody managed to get the eToken Pro Anywhere work with SSH? I'm using the latest SafeNetAuthentication drivers available for Ubuntu 64bit (8.3) and everything is working just fine except for ssh. I can use the eToken for logging in, openvpn, rdestkop, etc. but it seems ssh does not recognize the device properly. The command "ssh -I /usr/lib/libeToken.so.8 user at
2016 Feb 09
2
Test Failure OpenSSH 7.1 P2 on HPE NSE for key-commands
...er_hostkeyalgs: prefer hostkeyalgs:
ssh-ed25519-cert-v01 at openssh.com,ssh-rsa-cert-v01 at openssh.com,ssh-ed25519,ss
h-rsa
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit:
curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2
-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange
-sha1,diffie-hellman-group14-sha1
debug2: kex_parse_kexinit:
ssh-ed25519-cert-v01 at openssh.com,ssh-rsa-cert-v01 at openssh.com,ssh-ed25519,ss
h-rsa,ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01@
openssh...
2015 May 23
2
X11 forwarding not working.
Hi!
I'm having a difficult time getting X11 forwarding to work.
Since I've read the docs completely about this, this must be an SSH bug
which is likely because I'm using Gentoo as the SSH server.
When trying to forward X11 connections, I get
X11 connection rejected because of wrong authentication.
kwrite: cannot connect to X server XXXXXXXXX:10.0
Using command
ssh -Y -p 1111 -4
2013 Sep 14
4
Elliptic curves in tinc
In the past 24 hours multiple persons have contacted me regarding the use of
elliptic curve cryptography in tinc 1.1 in light of the suspicion that the NSA
might have weakened algorithms and/or elliptic curves published by NIST.
The new protocol in tinc 1.1 (SPTPS) uses ECDH and ECDSA to do session key
exchange and authentication, in such a way that it has the perfect forward
secrecy (PFS)
2013 Sep 14
4
Elliptic curves in tinc
In the past 24 hours multiple persons have contacted me regarding the use of
elliptic curve cryptography in tinc 1.1 in light of the suspicion that the NSA
might have weakened algorithms and/or elliptic curves published by NIST.
The new protocol in tinc 1.1 (SPTPS) uses ECDH and ECDSA to do session key
exchange and authentication, in such a way that it has the perfect forward
secrecy (PFS)
2011 Feb 21
1
A possible typo in sshd(8) ?
...and comment fields give the RSA key for protocol
version 1; the comment field is not used for anything (but may be
convenient for the user to identify the key). For protocol version 2 the
keytype is ``ecdsa-sha2-nistp256'', ``ecdsa-sha2-nistp384'',
``ecdsa-sha2-nistp521'', ``ssh-dss'' or ``ssh-rsa''.
>>>>
last line: ecdsa-sha2-nistp521 -???-> ecdsa-sha2-nistp512
Tev
2014 Apr 10
0
nistp256 preferred over ed25519
...openssh.com ?
For example in default settings for KexAlgorithms the
curve25519-sha256 at libssh.org is preferred over ecdh-sha2-nistp256.
Fedor
Defaults in openssh-6.6p1
HostKeyAlgorithms
ecdsa-sha2-nistp256-cert-v01 at openssh.com,
ecdsa-sha2-nistp384-cert-v01 at openssh.com,
ecdsa-sha2-nistp521-cert-v01 at openssh.com,
ssh-ed25519-cert-v01 at openssh.com,
ssh-rsa-cert-v01 at openssh.com,ssh-dss-cert-v01 at openssh.com,
ssh-rsa-cert-v00 at openssh.com,ssh-dss-cert-v00 at openssh.com,
ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
ssh-ed25519,ssh-rsa,ssh-dss
KexAlg...