search for: roumenpetrov

Displaying 20 results from an estimated 88 matches for "roumenpetrov".

2006 Sep 30
1
Announce: X.509 certificates support version 5.5.1 in OpenSSH 4.4p1
Hi All, The version 5.5.1 of "X.509 certificates support in OpenSSH" is ready for download. On download page http://roumenpetrov.info.localhost/openssh/download.html#get_-5.5.1 you can found diff for OpenSSH versions 4.4p1. What's new: * specific diff of 5.5 for OpenSSH 4.4p1 Because of OpenSSH source code changes, like include statements and new server option "Match", X.509 certificate support specific...
2003 Jun 26
6
[Bug 605] make install don't create piddir
...Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: Build system AssignedTo: openssh-bugs at mindrot.org ReportedBy: openssh at roumenpetrov.info Command "make install" should create piddir. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
2008 Jan 16
4
x509 patch for SSH
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi guys, been trying the x509 patch for ssh from Roumen, it works great. However, I can't figure out couple of things, and been trying to solve it for couple of days already. I'am using OpenSSH_4.7p1-hpn12v19, OpenSSL 0.9.8g with 6.1 version of your patch. The serverside hostkey is configured correctly, to present x509v3-sign-rsa dynowork
2008 Feb 20
4
OpenSSH and X.509 Certificate Support
Hi, I need to add X.509 Certificate support to OpenSSH. I came across the following post on the openssh-unix-dev mailing list that is very useful: http://marc.info/?l=openssh-unix-dev&m=120298135706959&w=2 <http://marc.info/?l=openssh-unix-dev&m=120298135706959&w=2> And also, http://marc.info/?l=openssh-unix-dev&m=104395024824680&w=2
2011 Sep 08
2
Announce: X.509 certificates support v7.0 for OpenSSH version 5.9p1
...ic engines. For instance E_NSS engine ( http://developer.berlios.de/projects/enss ) will allow you to use certificates and keys from Firefox, SeaMonkey, Thunderbird security database to authenticate to remote hosts. Regards, Roumen Petrov -- Get X.509 certificates support in OpenSSH: http://roumenpetrov.info/openssh/
2015 Dec 07
2
OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
...PS module will need to invoke the "FIPS_mode_set()" function first, otherwise the OpenSSL library will be operating as the non-FIPS version. My question is, how and when does OpenSSH server invoke the FIPS function? Thanks. On Sun, Dec 6, 2015 at 1:30 AM, Roumen Petrov <openssh at roumenpetrov.info> wrote: > security veteran wrote: > >> Hi All: >> >> I tried to rebuild openssl with the FIPS modules, and then install the new >> openssl libs (lib crypto.so to be specific) on my Ubuntu 12.04 box. >> >> After that I noticed it seemed to break Ope...
2007 Jul 29
38
[Bug 1346] New: PAM environment takes precedence over SendEnv
http://bugzilla.mindrot.org/show_bug.cgi?id=1346 Summary: PAM environment takes precedence over SendEnv Product: Portable OpenSSH Version: 4.6p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org ReportedBy:
2004 Mar 08
7
[Bug 811] locked /etc/shadow password prefix on linux
...nux Product: Portable OpenSSH Version: 3.8p1 Platform: All OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: openssh at roumenpetrov.info Current prefix for locked password is set to '!!' This might is RedHat specific. Slakware and SuSE use: '!' - account(password) can be unlocked '*' - account(password) always remain locked ------- You are receiving this mail because: ------- You are the assignee fo...
2008 Mar 13
0
[Fwd: Re: OpenSSH and X.509 Certificate Support]
...Blob to authorized_keys which could look something like this: x509v3-sign-rsa subject= /C=FR/ST=PARIS/L=DESEl/O=SSL/OU=VLSI/CN=10.244.82.83/emailAddress=client at company.com This is extracted from the client certificate using openssl as described in the README file provided by you at http://roumenpetrov.info/openssh/x509h/README.x509v3 This system works fine, however my only concern is that I would like all Clients (possessing a valid Client-Certifcates signed by the CA) to be authenticated without having to place anything in the ~/.ssh/authorized_keys file on the server.(i.e authenticate all...
2015 Dec 07
2
OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
...tivated? Also I think for the applications which need to use OpenSSL FIPS mode will also need to run the FIPS self tests functions (also provided by the OpenSSL FIPS modules). Does the patched OpenSSH also run these self tests? Thanks. On Mon, Dec 7, 2015 at 11:39 AM, Roumen Petrov <openssh at roumenpetrov.info> wrote: > security veteran wrote: > >> Thanks Roumen. >> >> I have few more questions below: >> >> 1. What version of OpenSSH can the patch be applied to? What branch should >> I check out the patch? >> > There is no separate patch but I o...
2012 May 25
2
Announce: X.509 certificates support v7.2 for OpenSSH version 6.0p1
...include : - support for Android platform; - engine implementation is now considered stable; - various regression test improvements including fixes for OpenSSL FIPS enabled 1.0.1 stable release and korn shell Yours sincerely, Roumen Petrov -- Get X.509 certificates support in OpenSSH: http://roumenpetrov.info/openssh/
2003 Jun 26
7
[Bug 606] sshd [-t] should warn when cannot create pid file
...Product: Portable OpenSSH Version: -current Platform: All OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: openssh at roumenpetrov.info 1.) sshd should warn user when cannot create pid file. 2.) sshd -t should warn user when dont have write permition to pid_file_dir. One possible reason is missing directory. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee...
2015 Mar 03
2
configure and have crypt or DES_crypt
...ve preprocessor statement use defines HAVE_CRYPT and HAVE_DES_CRYPT. Configure script look like ( if with OpenSSL then .... else ... AC_CHECK_FUNCS([crypt DES_crypt]) fi Proposed patch restore previous behavior. Regards, Roumen Petrov -- Get SSH with X.509 certificate support http://roumenpetrov.info/openssh/ -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-configure.ac-rewrite-check-for-functions-crypt-and-D.patch Type: text/x-diff Size: 971 bytes Desc: not available URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20150303...
2003 May 19
1
[Bug 570] configure --disable-FEATURE fix
...Product: Portable OpenSSH Version: -current Platform: All OS/Version: Linux Status: NEW Severity: minor Priority: P2 Component: Build system AssignedTo: openssh-bugs at mindrot.org ReportedBy: openssh at roumenpetrov.info .... - Macro: AC_ARG_ENABLE (FEATURE, HELP-STRING, [ACTION-IF-GIVEN], [ACTION-IF-NOT-GIVEN]) If the user gave `configure' the option `--enable-FEATURE' or `--disable-FEATURE', run shell commands ACTION-IF-GIVEN. If neither option was given, run shell commands ACTION-IF-NOT-GIVE...
2003 Jun 27
2
[Bug 570] configure --disable-FEATURE fix
http://bugzilla.mindrot.org/show_bug.cgi?id=570 openssh at roumenpetrov.info changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|minor |normal ------- Additional Comments From openssh at roumenpetrov.info 2003-06-27 21:46 ------- When...
2006 Apr 27
0
Announce: X.509 certificates support in OpenSSH version 5.4
Hi All, The version 5.4 of "X.509 certificates support in OpenSSH" is ready for download. On download page http://roumenpetrov.info.localhost/openssh/download.html#get_-5.4 you can found diffs for OpenSSH versions 4.2p1 and 4.3p2. What's new: * given up support for "x509v3-sign-rsa-sha1" and "x509v3-sign-dss-sha1" The implementation realised in previous version 5.3 is not fully in conformance...
2007 Aug 07
0
Announce: X.509 certificates support in OpenSSH (version 6.0-International)
Today, I released a new version of "X.509 certificates support in OpenSSH" ( http://roumenpetrov.info/openssh/ ). Version 6.0 add following enhancements: - Printable X.509 name attributes compared in UTF-8 Printable attributes are converted to utf-8 before to compare. This allow distinguished name in "authorized keys" file to be in UTF-8. - "Distinguished Name" with es...
2007 Oct 26
0
Announce: X.509 certificates support in OpenSSH (version 6.1-International)
Hi All, The version 6.1 of "X.509 certificates support in OpenSSH" is ready for download. On page http://www.roumenpetrov.info/openssh/download.html you can found diffs for OpenSSH versions 4.5p1,4.6p1 and 4.7p1. Details ( from http://www.roumenpetrov.info/openssh ): * distinguished name compare bug(security): The bug affect versions 6.0 and 6.0.1 only. The work around is to write in "authorized keys"...
2008 Mar 10
1
Benefits of OpenSSH X.509 over key based authentication?
Hi, I have some observations regarding the X.509 patch developed by Roumen Petrov for OpenSSH available at http://roumenpetrov.info/openssh/ , I don't understand some things here like 1. When certificate based authentication of the client is desired, shouldn't it be something like what mod_ssl does in Apache where u have a CA certificate at the server, and then the client certificate installed in the client...
2003 Sep 17
7
[Bug 650] fix for build problem on IRIX 6.5
http://bugzilla.mindrot.org/show_bug.cgi?id=650 Summary: fix for build problem on IRIX 6.5 Product: Portable OpenSSH Version: 3.7p1 Platform: MIPS OS/Version: IRIX Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: openssh-bugs at mindrot.org ReportedBy: koenig at