search for: rapier

Using stock OpenSSH 4.7 I found different behavior when trying to specify the use of the 'none' cipher depending on the command line option nomenclature. This is under linux 2.6.19-web100 using -ocipher=none [root at delta openssh-4.7p1-hpnv19]# /home/rapier/ssh47/bin/scp -S /home/rapier/ssh47/bin/ssh -ocipher=none -P 2222 ~rapier/2gb rapier at localhost:/dev/null rapier at localhost's password: 2gb 3% 74MB 32.7MB/s 01:00 ETA using -cnone [root at delta openssh-4.7p1-hpnv19]# /home/rapier/ssh47/bin/scp -S /home/rapier/ssh47/bin/ssh...

On my test systems: Ubuntu 22.04 with GCC 11.4 and OpenSSL 3.0.2 on AMD: PASS Fedora 39 with GCC 12.3.1 and OpenSSL 3.0.9 on Intel: PASS OS X 14.3.1 with clang 15.0.0 on Apple M2 (--without-openssl): FAIL The failure is with "make tests" specifically when it runs /Users/rapier/openssh-portable/ssh-keygen -if /Users/rapier/openssh-portable/regress/rsa_ssh2.prv | diff - /Users/rapier/openssh-portable/regress/rsa_openssh.prv key conversion disabled at compile time 0a1,15 > -----BEGIN RSA PRIVATE KEY----- > // elided // > -----END RSA PRIVATE KEY----- make[1]:...

...ously and switch to a cipher with a 128 > bit block length (AES or Camelia). > > ? > > From: openssh-unix-dev > <openssh-unix-dev-bounces+herbie.robinson=stratus.com at mindrot.org> On Behalf > Of Damien Miller > Sent: Wednesday, March 29, 2023 2:38 PM > To: Chris Rapier <rapier at psc.edu> > Cc: Christian Weisgerber <naddy at mips.inka.de>; openssh-unix-dev at mindrot.org > Subject: [EXTERNAL] Re: ChaCha20 Rekey Frequency > > ? > > [EXTERNAL SENDER: This email originated from outside of Stratus > Technologies. Do not click links...

I don't know if anyone would be interested in this but I'm including a patch to allow for offsets when transferring files with SCP. It's pretty simple and assumes the user knows what they are doing (for example, if transferring with a wild card the offset would apply to all files). -A is the number of bytes offset from the beginning of the files. -Z is the number of bytes inset

Ah, with an internal block size [Is that what one calls it?] of 64 bytes. From: Damien Miller <djm at mindrot.org> Sent: Wednesday, March 29, 2023 3:08 PM To: Robinson, Herbie <Herbie.Robinson at stratus.com> Cc: Chris Rapier <rapier at psc.edu>; Christian Weisgerber <naddy at mips.inka.de>; openssh-unix-dev at mindrot.org Subject: RE: [EXTERNAL] Re: ChaCha20 Rekey Frequency [EXTERNAL SENDER: This email originated from outside of Stratus Technologies. Do not click links or open attachments unless you recogn...

Hey all, So I do some development based on openssh and I'm trying to think of some new projects that might extend the functionality, feature set, user workflow, performance, etc of ssh. So open ended question: Do any of you have a wish list of things you'd like to see in ssh? Mostly I'm just curious to see what the larger community is thinking of rather than being driven

On Thu, Feb 8, 2024 at 1:18?PM Chris Rapier <rapier at psc.edu> wrote: > > I know that there are some methods to use federated identities (e.g. > OAuth2) with SSH authentication but, from what I've seen, they largely > seem clunky and require users to interact with web browsers to get one > time tokens. Which is sort...

...on the security of the cipher" comment seriously and switch to a cipher with a 128 bit block length (AES or Camelia). From: openssh-unix-dev <openssh-unix-dev-bounces+herbie.robinson=stratus.com at mindrot.org> On Behalf Of Damien Miller Sent: Wednesday, March 29, 2023 2:38 PM To: Chris Rapier <rapier at psc.edu> Cc: Christian Weisgerber <naddy at mips.inka.de>; openssh-unix-dev at mindrot.org Subject: [EXTERNAL] Re: ChaCha20 Rekey Frequency [EXTERNAL SENDER: This email originated from outside of Stratus Technologies. Do not click links or open attachments unless you recogni...

On Thu, Aug 3, 2023 at 2:35?PM Chris Rapier <rapier at psc.edu> wrote: > > Howdy all, > > So, one night over beers I was telling a friend how you could use the > timing between key presses on a type writer to extract information. > Basically, you make some assumptions about the person typing (touch > typing at so m...

Hi Chris, On 18/10/2023 19:13, Chris Rapier wrote: > Do any of you have a wish list of things you'd like to see in ssh? get Roumen Petrovs pkissh implementation merged and maintained upstream I know this is a huge page with little chances to get accepted, but I'd like to mention this, because it has been on my personal wish lis...

...PIs that cause orchestration to add SSH keys to authorized_keys on hosts, before they implement Kerberos just for this. On top of that, Active Directory is a legacy solution now.? Its successor uses OAuth2. On 2024-02-08 23:49, Nico Kadel-Garcia wrote: > On Thu, Feb 8, 2024 at 1:18?PM Chris Rapier <rapier at psc.edu> wrote: >> I know that there are some methods to use federated identities (e.g. >> OAuth2) with SSH authentication but, from what I've seen, they largely >> seem clunky and require users to interact with web browsers to get one >> time tokens. Wh...

Howdy all, So, one night over beers I was telling a friend how you could use the timing between key presses on a type writer to extract information. Basically, you make some assumptions about the person typing (touch typing at so many words per second and then fuzzing the parameters until words come out). The I found a paper written back in 2001 talked about using the interpacket timing in

I am newbie to OpenSSH and have a question on providing password during a client log in session. I am using OpenSSH for Windows(XP) version 3.81p1. Is this the latest version for windows? >From the archive list I gather that OpenSSH will not provide a password option while invoking ssh commands, is this true? or will this be included in the future releases? I read something about using

.... When I run the test as root I get: run test connect.sh ... Connection closed by 127.0.0.1 ssh connect with protocol 1 failed failed simple connect make[1]: *** [t-exec] Error 1 make: *** [tests] Error 2 However, when I run as a normal user I got: test remote exit status: proto 1 status 0 /Users/rapier/Desktop/sshtest/openssh/regress/test-exec.sh: line 24: 14772 Bus error ${SSH} -$p -F $OBJ/ssh_proxy -n otherhost exec sh -c \'"sleep 2; exec > /dev/null 2>&1; sleep 3; exit $s"\' exit code (with sleep) mismatch for protocol 1: 138 != 0 test remote exit st...

...the community. This patch passes all regression tests and seems to work pretty well. If you do get this please be sure to rebuild configure so it picks up the changes in configure.ac. You can grab the patch here https://sourceforge.net/projects/hpnssh/files/OpenSSL-1.1%20Compatibility/ Chris Rapier

I know that there are some methods to use federated identities (e.g. OAuth2) with SSH authentication but, from what I've seen, they largely seem clunky and require users to interact with web browsers to get one time tokens. Which is sort of acceptable for occasional logins but doesn't work with automated/scripted actions. I'm just wondering if anyone has done any work on this or

On Mon, 7 Aug 2023, Chris Rapier wrote: > > The broader issue of hiding all potential keystroke timing is not yet fixed. > > Could some level of obfuscation come from enabling Nagle for interactive > sessions that has an associated TTY? Though that would be of limited > usefulness in low RTT environments. I don...

On Thu, 3 Aug 2023, Chris Rapier wrote: > Howdy all, > > So, one night over beers I was telling a friend how you could use the timing > between key presses on a type writer to extract information. Basically, you > make some assumptions about the person typing (touch typing at so many words > per second and then...

On Wed, 29 Mar 2023, Chris Rapier wrote: > I was wondering if there was something specific to the internal chacha20 > cipher as opposed to OpenSSL implementation. > > I can't just change the block size because it breaks compatibility. I can do > something like as a hack (though it would probably be better to do...

...default size of this buffer is 2MB. TcpRcvBufPoll, if set to yes, will override this value. This behaviour may change in future versions. Comments, questions, and especially critiques are always welcome. Note: I did not attach the patch, as is customary, because its around 1900 lines. Chris Rapier Network Research & Application Engineer Pittsburgh Supercomputing Center