search for: rapier

Using stock OpenSSH 4.7 I found different behavior when trying to specify the use of the 'none' cipher depending on the command line option nomenclature. This is under linux 2.6.19-web100 using -ocipher=none [root at delta openssh-4.7p1-hpnv19]# /home/rapier/ssh47/bin/scp -S /home/rapier/ssh47/bin/ssh -ocipher=none -P 2222 ~rapier/2gb rapier at localhost:/dev/null rapier at localhost's password: 2gb 3% 74MB 32.7MB/s 01:00 ETA using -cnone [root at delta openssh-4.7p1-hpnv19]# /home/rapier/ssh47/bin/scp -S /home/rapier/ssh47/bin/ssh...

On my test systems: Ubuntu 22.04 with GCC 11.4 and OpenSSL 3.0.2 on AMD: PASS Fedora 39 with GCC 12.3.1 and OpenSSL 3.0.9 on Intel: PASS OS X 14.3.1 with clang 15.0.0 on Apple M2 (--without-openssl): FAIL The failure is with "make tests" specifically when it runs /Users/rapier/openssh-portable/ssh-keygen -if /Users/rapier/openssh-portable/regress/rsa_ssh2.prv | diff - /Users/rapier/openssh-portable/regress/rsa_openssh.prv key conversion disabled at compile time 0a1,15 > -----BEGIN RSA PRIVATE KEY----- > // elided // > -----END RSA PRIVATE KEY----- make[1]:...

...ously and switch to a cipher with a 128 > bit block length (AES or Camelia). > > ? > > From: openssh-unix-dev > <openssh-unix-dev-bounces+herbie.robinson=stratus.com at mindrot.org> On Behalf > Of Damien Miller > Sent: Wednesday, March 29, 2023 2:38 PM > To: Chris Rapier <rapier at psc.edu> > Cc: Christian Weisgerber <naddy at mips.inka.de>; openssh-unix-dev at mindrot.org > Subject: [EXTERNAL] Re: ChaCha20 Rekey Frequency > > ? > > [EXTERNAL SENDER: This email originated from outside of Stratus > Technologies. Do not click links...

I don't know if anyone would be interested in this but I'm including a patch to allow for offsets when transferring files with SCP. It's pretty simple and assumes the user knows what they are doing (for example, if transferring with a wild card the offset would apply to all files). -A is the number of bytes offset from the beginning of the files. -Z is the number of bytes inset

Ah, with an internal block size [Is that what one calls it?] of 64 bytes. From: Damien Miller <djm at mindrot.org> Sent: Wednesday, March 29, 2023 3:08 PM To: Robinson, Herbie <Herbie.Robinson at stratus.com> Cc: Chris Rapier <rapier at psc.edu>; Christian Weisgerber <naddy at mips.inka.de>; openssh-unix-dev at mindrot.org Subject: RE: [EXTERNAL] Re: ChaCha20 Rekey Frequency [EXTERNAL SENDER: This email originated from outside of Stratus Technologies. Do not click links or open attachments unless you recogn...

Hey all, So I do some development based on openssh and I'm trying to think of some new projects that might extend the functionality, feature set, user workflow, performance, etc of ssh. So open ended question: Do any of you have a wish list of things you'd like to see in ssh? Mostly I'm just curious to see what the larger community is thinking of rather than being driven

On Thu, 7 Nov 2024 at 07:55, Chris Rapier <rapier at psc.edu> wrote: >[...]I had been using > Blake2b512 for the hashing algorithm but I want to put in a path to use > xxhash instead. Maintaining backward compatibility means I need to know > something about the remote. In the case of sftp at least, that sounds like a fun...

On Fri, 8 Nov 2024 at 03:16, Darren Tucker <dtucker at dtucker.net> wrote: > > On Thu, 7 Nov 2024 at 07:55, Chris Rapier <rapier at psc.edu> wrote: > >[...]I had been using > > Blake2b512 for the hashing algorithm but I want to put in a path to use > > xxhash instead. Maintaining backward compatibility means I need to know > > something about the remote. Could you use the already (draft...

On Thu, Feb 8, 2024 at 1:18?PM Chris Rapier <rapier at psc.edu> wrote: > > I know that there are some methods to use federated identities (e.g. > OAuth2) with SSH authentication but, from what I've seen, they largely > seem clunky and require users to interact with web browsers to get one > time tokens. Which is sort...

...on the security of the cipher" comment seriously and switch to a cipher with a 128 bit block length (AES or Camelia). From: openssh-unix-dev <openssh-unix-dev-bounces+herbie.robinson=stratus.com at mindrot.org> On Behalf Of Damien Miller Sent: Wednesday, March 29, 2023 2:38 PM To: Chris Rapier <rapier at psc.edu> Cc: Christian Weisgerber <naddy at mips.inka.de>; openssh-unix-dev at mindrot.org Subject: [EXTERNAL] Re: ChaCha20 Rekey Frequency [EXTERNAL SENDER: This email originated from outside of Stratus Technologies. Do not click links or open attachments unless you recogni...

On Thu, Aug 3, 2023 at 2:35?PM Chris Rapier <rapier at psc.edu> wrote: > > Howdy all, > > So, one night over beers I was telling a friend how you could use the > timing between key presses on a type writer to extract information. > Basically, you make some assumptions about the person typing (touch > typing at so m...

Hi Chris, On 18/10/2023 19:13, Chris Rapier wrote: > Do any of you have a wish list of things you'd like to see in ssh? get Roumen Petrovs pkissh implementation merged and maintained upstream I know this is a huge page with little chances to get accepted, but I'd like to mention this, because it has been on my personal wish lis...

On 11/6/24 8:07 PM, Damien Miller wrote: > On Wed, 6 Nov 2024, Chris Rapier wrote: > >> I think I know the answer to this (which would be that you can't) but is there >> any not entirely insane way to get the ssh->compat information back to either >> scp or sftp? > > There's no way at present. That's what I thought. >> I&...

...PIs that cause orchestration to add SSH keys to authorized_keys on hosts, before they implement Kerberos just for this. On top of that, Active Directory is a legacy solution now.? Its successor uses OAuth2. On 2024-02-08 23:49, Nico Kadel-Garcia wrote: > On Thu, Feb 8, 2024 at 1:18?PM Chris Rapier <rapier at psc.edu> wrote: >> I know that there are some methods to use federated identities (e.g. >> OAuth2) with SSH authentication but, from what I've seen, they largely >> seem clunky and require users to interact with web browsers to get one >> time tokens. Wh...

Howdy all, So, one night over beers I was telling a friend how you could use the timing between key presses on a type writer to extract information. Basically, you make some assumptions about the person typing (touch typing at so many words per second and then fuzzing the parameters until words come out). The I found a paper written back in 2001 talked about using the interpacket timing in

I am newbie to OpenSSH and have a question on providing password during a client log in session. I am using OpenSSH for Windows(XP) version 3.81p1. Is this the latest version for windows? >From the archive list I gather that OpenSSH will not provide a password option while invoking ssh commands, is this true? or will this be included in the future releases? I read something about using

.... When I run the test as root I get: run test connect.sh ... Connection closed by 127.0.0.1 ssh connect with protocol 1 failed failed simple connect make[1]: *** [t-exec] Error 1 make: *** [tests] Error 2 However, when I run as a normal user I got: test remote exit status: proto 1 status 0 /Users/rapier/Desktop/sshtest/openssh/regress/test-exec.sh: line 24: 14772 Bus error ${SSH} -$p -F $OBJ/ssh_proxy -n otherhost exec sh -c \'"sleep 2; exec > /dev/null 2>&1; sleep 3; exit $s"\' exit code (with sleep) mismatch for protocol 1: 138 != 0 test remote exit st...

...the community. This patch passes all regression tests and seems to work pretty well. If you do get this please be sure to rebuild configure so it picks up the changes in configure.ac. You can grab the patch here https://sourceforge.net/projects/hpnssh/files/OpenSSL-1.1%20Compatibility/ Chris Rapier

I know that there are some methods to use federated identities (e.g. OAuth2) with SSH authentication but, from what I've seen, they largely seem clunky and require users to interact with web browsers to get one time tokens. Which is sort of acceptable for occasional logins but doesn't work with automated/scripted actions. I'm just wondering if anyone has done any work on this or

On Mon, 7 Aug 2023, Chris Rapier wrote: > > The broader issue of hiding all potential keystroke timing is not yet fixed. > > Could some level of obfuscation come from enabling Nagle for interactive > sessions that has an associated TTY? Though that would be of limited > usefulness in low RTT environments. I don...