search for: roumen

Displaying 20 results from an estimated 120 matches for "roumen".

2015 Dec 07
2
OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
Thanks Roumen. >Lets assume that application use OpenSSL FIPS validated module. FIPS mode is activated in openssl command if environment variable OPENSSL_FIPS is set. Similarly I use OPENSSL_FIPS environment variable to activate FIPS mode. Code will call FIPS_mode_set(1) if crypto module is not FIPS mode. D...
2015 Dec 07
2
OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
Thanks Roumen. I have few more questions below: 1. What version of OpenSSH can the patch be applied to? What branch should I check out the patch? 2. >Impact is not only for source code. Build process has to be updated as well. Red Hat is based on "fipscheck". What build process should be changed?...
2011 Sep 08
2
Announce: X.509 certificates support v7.0 for OpenSSH version 5.9p1
...d into external devices. The implementation is based on openssl dynamic engines. For instance E_NSS engine ( http://developer.berlios.de/projects/enss ) will allow you to use certificates and keys from Firefox, SeaMonkey, Thunderbird security database to authenticate to remote hosts. Regards, Roumen Petrov -- Get X.509 certificates support in OpenSSH: http://roumenpetrov.info/openssh/
2008 Jan 16
4
x509 patch for SSH
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi guys, been trying the x509 patch for ssh from Roumen, it works great. However, I can't figure out couple of things, and been trying to solve it for couple of days already. I'am using OpenSSH_4.7p1-hpn12v19, OpenSSL 0.9.8g with 6.1 version of your patch. The serverside hostkey is configured correctly, to present x509v3-sign-rsa dynowork / #...
2008 Dec 16
3
Patch for OpenSSH for Windows to allow authentication through certificates
Hi all, Does anyone know if it exists a patch for OpenSSH for Windows to allow authentication through certificates? Is it possible to make one if it doesn't exists? Using OpenSSH for Windows 3.8p1-1 20040709 Build. I know there is Roumen Petrov patch, but is for unix machines if i'm not mistaken. I need a similar one for Windows that work with the Roumen Petrov patch so i can have authentication through certificates between Windows machine and Linux machine. Any help greatly appreciated, Adriana
2000 Dec 21
2
Réf. : configure.in: Someone please show me a better way :)
If I remove all the export and change all the ' in ", it does work on SCO 3.2v5.0.4 |--------+-----------------------------> | | Roumen Petrov | | | <Roumen.Petrov at skal| | | asoft.com> | | | | | | 21/12/00 13:10 | | | | |--------+-----------------------------> >---------------------...
2002 Sep 05
7
sshd and SIGKILL
On command: #kill -9 `cat /var/run/sshd.pid` sshd leave pid file ! sshd.c code: =============== .... /* * Arrange to restart on SIGHUP. The handler needs * listen_sock. */ signal(SIGHUP, sighup_handler); signal(SIGTERM, sigterm_handler); signal(SIGQUIT, sigterm_handler); .... =============== Missing line is : signal(SIGKILL, sigterm_handler);
2008 Mar 13
0
[Fwd: Re: OpenSSH and X.509 Certificate Support]
Hi Roumen, I discovered that the need of appending the .pub part of id_rsa(client key+cert) on the server can be eliminated by adding the Certificate Blob to authorized_keys which could look something like this: x509v3-sign-rsa subject= /C=FR/ST=PARIS/L=DESEl/O=SSL/OU=VLSI/CN=10.244.82.83/emailAddress=c...
2015 Mar 03
2
configure and have crypt or DES_crypt
...openssl/des.h> # define crypt DES_crypt # endif ... Only above preprocessor statement use defines HAVE_CRYPT and HAVE_DES_CRYPT. Configure script look like ( if with OpenSSL then .... else ... AC_CHECK_FUNCS([crypt DES_crypt]) fi Proposed patch restore previous behavior. Regards, Roumen Petrov -- Get SSH with X.509 certificate support http://roumenpetrov.info/openssh/ -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-configure.ac-rewrite-check-for-functions-crypt-and-D.patch Type: text/x-diff Size: 971 bytes Desc: not available URL: <h...
2001 Jan 23
11
cc & no 64bit int patches
Here are a couple of patches against the CVS (Jan 22 18:41 PST) Some C++ comments found their way into ssh.h The no64.patch puts ifdefs around buffer_get_int64() now in bufaux.[c,h] -- Tim Rice Multitalents (707) 887-1469 tim at multitalents.net -------------- next part -------------- --- ssh.h.old Mon Jan 22 18:40:58 2001 +++ ssh.h Mon Jan 22 19:02:02 2001 @@ -25,8 +25,10 @@ # include
2001 Feb 06
16
sftp client
As of Sunday evening, OpenSSH has an interactive sftp client. It should be in the more recent snapshots. It would be appreciated if you could test new client and find all the bugs :) Please also have a read of the manpage and ensure that it matches what is implemented. I am working on fixing the ones that I know about, so please try to stay up to date with the snapshots. Thanks, Damien
2008 Feb 20
4
OpenSSH and X.509 Certificate Support
Hi, I need to add X.509 Certificate support to OpenSSH. I came across the following post on the openssh-unix-dev mailing list that is very useful: http://marc.info/?l=openssh-unix-dev&m=120298135706959&w=2 <http://marc.info/?l=openssh-unix-dev&m=120298135706959&w=2> And also, http://marc.info/?l=openssh-unix-dev&m=104395024824680&w=2
2023 Mar 10
1
OpenSSH FIPS support
...ct that require SSH server with FIPS and using OpenSSL v3. There is no way to work with OpenSSL v3 due to many reasons. If you like to get FIPS capable secsh implementation compatible with OpenSSL FIPS validated modules 1.2 and 2.0 , RedHat ES, or Oracle Solaris you could use PKIX-SSH. Regards, Roumen Petrov -- Advanced secure shell implementation with X.509 certificate support http://roumenpetrov.info/secsh/
2023 Oct 23
2
ssh wish list?
Hi Chris, On 18/10/2023 19:13, Chris Rapier wrote: > Do any of you have a wish list of things you'd like to see in ssh? get Roumen Petrovs pkissh implementation merged and maintained upstream I know this is a huge page with little chances to get accepted, but I'd like to mention this, because it has been on my personal wish list for a long time. Sure, I can install pkissh, but if it were upstream, another 5-10 years la...
2006 Jan 16
1
man pages (20060116)
...l, The file ~/.ssh/environment is used by ssh daemon. Since sshd sets up basic environment I guess that sentences in ssh(1) that reference the file ~/.ssh/environment and environment variables should be moved to sshd(8). Wim, could you check why anonymous CVS require password, please? Regards, Roumen Petrov
2006 Sep 30
1
Announce: X.509 certificates support version 5.5.1 in OpenSSH 4.4p1
Hi All, The version 5.5.1 of "X.509 certificates support in OpenSSH" is ready for download. On download page http://roumenpetrov.info.localhost/openssh/download.html#get_-5.5.1 you can found diff for OpenSSH versions 4.4p1. What's new: * specific diff of 5.5 for OpenSSH 4.4p1 Because of OpenSSH source code changes, like include statements and new server option "Match", X.509 certificate support sp...
2001 Jan 22
3
CVS source tree from 22 Jan 2001
Makefile.in is not fixed ! in old ssh.h # define SSH_ASKPASS_DEFAULT "/usr/X11R6/bin/ssh-askpass" in new pathnames.h #define _PATH_SSH_ASKPASS_DEFAULT "/usr/X11R6/bin/ssh-askpass" but in Makefile.in PATHS=...-DSSH_ASKPASS_DEFAULT=\"$(ASKPASS_PROGRAM)\" ----------------------------------------------------------- about patch: - remove unused defines:
2007 Jul 29
38
[Bug 1346] New: PAM environment takes precedence over SendEnv
http://bugzilla.mindrot.org/show_bug.cgi?id=1346 Summary: PAM environment takes precedence over SendEnv Product: Portable OpenSSH Version: 4.6p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org ReportedBy:
2010 Oct 30
2
x509 cert chain
...ointed to with CACertificateFile in sshd_config. In the authorized_keys I've got: x509v3-sign-rsa subject= /C=COUNTRY/ST=STATE/O=ORGANIZATION/OU=OU/CN=CN ie. the DN of the ROOT CA certificate - should this instead be the issuing CA? Generally any pointers would be very helpful, I've found Roumen Petrovs patches and read some of his stuff but I find it a bit difficult to follow and in any case I'm not sure how relevant his implementation is to the mainline openssh 5.4/5.5 x509. Thanks Paul
2012 May 25
2
Announce: X.509 certificates support v7.2 for OpenSSH version 6.0p1
...support for OpenSSH version 6.0p1 was published. I brief new version include : - support for Android platform; - engine implementation is now considered stable; - various regression test improvements including fixes for OpenSSL FIPS enabled 1.0.1 stable release and korn shell Yours sincerely, Roumen Petrov -- Get X.509 certificates support in OpenSSH: http://roumenpetrov.info/openssh/