search for: nunojpg

...rently that is not what happens, and users can find out too late that they have instead tried a wrong pin too many times and locked their token... Regards, Nuno On Fri, Jun 17, 2016 at 10:04 PM, Alon Bar-Lev <alon.barlev at gmail.com> wrote: > On 17 June 2016 at 22:45, Nuno Gon?alves <nunojpg at gmail.com> wrote: >> On Fri, Jun 17, 2016 at 7:57 PM, Alon Bar-Lev <alon.barlev at gmail.com> wrote: >>> On 17 June 2016 at 20:58, Nuno Gon?alves <nunojpg at gmail.com> wrote: >>>> Hi, >>>> >>>> It seems there is a bug with the pk...

https://bugzilla.mindrot.org/show_bug.cgi?id=2547 Bug ID: 2547 Summary: ssh-ext-info: missing server signature algorithms Product: Portable OpenSSH Version: 7.2p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: sshd Assignee: unassigned-bugs at

On Fri, Jun 17, 2016 at 7:57 PM, Alon Bar-Lev <alon.barlev at gmail.com> wrote: > On 17 June 2016 at 20:58, Nuno Gon?alves <nunojpg at gmail.com> wrote: >> Hi, >> >> It seems there is a bug with the pkcs11 feature where a zero-length >> PIN is accepted. I believe this is a bug, since the user might want to >> press return when asked for the PIN to ignore that slot/key. > > Hi, > > Em...

...;t clear the port binding when the connection droped. Restarting sshd on the server *doesn't* clear this issue, the port remains binded. ?Shouldn't a sshd restart solve this? Also wouldn't it be reasonable to add a tunnel timeout option to sshd? Regards, Nuno -- + Nuno Gon?alves + nunojpg at gmail.com + http://nunoassimassim.blogspot.com/ + PORTUGAL E-mail sent directly from Google Mail webmail using HTTPS on behalf of Nuno Jo?o Pinto Gon?alves, birth date 1986-11-16. E-mail headers provide good assurance that this message was not tampered and originates from nunojpg at gmail.com. I...

Hi, It seems there is a bug with the pkcs11 feature where a zero-length PIN is accepted. I believe this is a bug, since the user might want to press return when asked for the PIN to ignore that slot/key. This is caused at pkcs11_rsa_private_encrypt: snprintf(prompt, sizeof(prompt), "Enter PIN for '%s': ", si->token.label); pin = read_passphrase(prompt, RP_ALLOW_EOF); if

On Wed, 5 Apr 2017, Jakub Jelen wrote: > Disabling SHA-1 for signatures sounds like a good idea these days (and was the > main reason why the extension created if I read it right [1]). > This leaves me confused if the use case without SHA1 was missed from the draft > or it was left as an implementation detail, that was not implemented in > OpenSSH. The reasons we didn't

https://bugzilla.mindrot.org/show_bug.cgi?id=2680 Bug ID: 2680 Summary: Regression in server-sig-algs offer in 7.4p1 (Deprecation of SHA1 is not being enforced) Product: Portable OpenSSH Version: 7.4p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5

Hi, Following the fix [1] being released on 7.5, now SHA2 RSA signature methods work properly. On the other hand it is still not possible to disable SHA1 RSA alone (as an example, as SHA2-256 or SHA2-512 could also potentially be not desirable), where it is considered insecure or undesirable. I am proposing to add a mechanism, and happy to submit a patch, to enable selection of the Hashes

Hi, I'm doing some test with a pkcs11 token that can only sign short messages. When connecting to one server, that reports pkalg rsa-sha2-512 blen 151, it fails to sign the pubkey because it is 83 bytes long. (sshd: OpenSSH_7.3p1) A older server that reports pkalg ssh-rsa blen 151, works perfectly as the pubkey signature required is only 35 bytes long. (sshd: OpenSSH_6.7p1) I am not sure