search for: rfc4255

https://bugzilla.mindrot.org/show_bug.cgi?id=2197 Bug ID: 2197 Summary: Add ED25519 support to SSHFP dns record Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at

...umber in my prompt is the return code of the last command; note that ssh-keygen -r fails to produce an SSHFP DNS RR, but it returns 0. at the least, it should return non-zero on failure. I note that the relevant RFC doesn''t include an enumeration for ECDSA: https://tools.ietf.org/html/rfc4255#section-3.1.1 Could anyone on this list kick off the IETF process for allocating a new ID in that registry for ECDSA? I''m not currently involved in the IETF''s Network Working Group so i don''t really know the political landscape there. Regards, --dkg ______________...

Hi, we're currently considering making use of RFC4255 SSHFP records, but are hitting a problem with a 4.4p1 client running on Tru64 5.1A: [...] debug3: verify_host_key_dns DNS lookup error: out of memory [...] No matching host key fingerprint found in DNS. A 4.3p2 linux client gives the following : [...] debug3: verify_host_key_dns debug1: found 1 i...

...ity: normal Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org Reporter: lukastesar03 at gmail.com This bug was already reported back in 2022 in the openssh-unix-dev ML[1] with no response. Basically the OpenSSH client is not compliant with RFC4255 in the way it checks the SSHFP records. > "If the algorithm and fingerprint of the key received from the SSH server match the algorithm and fingerprint of *one of* the SSHFP resource record(s) returned from DNS, the client MAY accept the identity of the server." However, if OpenSSH...

...ached patch adds support for Ed25519 keys (introduced in OpenSSH 6.5) for use in SSHFP DNS resource records. Though not yet allocated by IANA, we provisionally assign an RR type value of four (4) for Ed25519 in anticipation of an update to the standards. References: [1] http://tools.ietf.org/html/rfc4255 [2] http://tools.ietf.org/html/rfc6594 [3] https://www.iana.org/assignments/dns-sshfp-rr-parameters/dns-sshfp-rr-parameters.txt [4] http://tools.ietf.org/html/draft-moonesamy-sshfp-ed25519-01 -- You are receiving this mail because: You are watching the assignee of the bug.