search for: roumenpetrov

Hi All, The version 5.5.1 of "X.509 certificates support in OpenSSH" is ready for download. On download page http://roumenpetrov.info.localhost/openssh/download.html#get_-5.5.1 you can found diff for OpenSSH versions 4.4p1. What's new: * specific diff of 5.5 for OpenSSH 4.4p1 Because of OpenSSH source code changes, like include statements and new server option "Match", X.509 certificate support specific...

...Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: Build system AssignedTo: openssh-bugs at mindrot.org ReportedBy: openssh at roumenpetrov.info Command "make install" should create piddir. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi guys, been trying the x509 patch for ssh from Roumen, it works great. However, I can't figure out couple of things, and been trying to solve it for couple of days already. I'am using OpenSSH_4.7p1-hpn12v19, OpenSSL 0.9.8g with 6.1 version of your patch. The serverside hostkey is configured correctly, to present x509v3-sign-rsa dynowork

Hi, I need to add X.509 Certificate support to OpenSSH. I came across the following post on the openssh-unix-dev mailing list that is very useful: http://marc.info/?l=openssh-unix-dev&m=120298135706959&w=2 <http://marc.info/?l=openssh-unix-dev&m=120298135706959&w=2> And also, http://marc.info/?l=openssh-unix-dev&m=104395024824680&w=2

...ic engines. For instance E_NSS engine ( http://developer.berlios.de/projects/enss ) will allow you to use certificates and keys from Firefox, SeaMonkey, Thunderbird security database to authenticate to remote hosts. Regards, Roumen Petrov -- Get X.509 certificates support in OpenSSH: http://roumenpetrov.info/openssh/

...PS module will need to invoke the "FIPS_mode_set()" function first, otherwise the OpenSSL library will be operating as the non-FIPS version. My question is, how and when does OpenSSH server invoke the FIPS function? Thanks. On Sun, Dec 6, 2015 at 1:30 AM, Roumen Petrov <openssh at roumenpetrov.info> wrote: > security veteran wrote: > >> Hi All: >> >> I tried to rebuild openssl with the FIPS modules, and then install the new >> openssl libs (lib crypto.so to be specific) on my Ubuntu 12.04 box. >> >> After that I noticed it seemed to break Ope...

http://bugzilla.mindrot.org/show_bug.cgi?id=1346 Summary: PAM environment takes precedence over SendEnv Product: Portable OpenSSH Version: 4.6p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org ReportedBy:

...nux Product: Portable OpenSSH Version: 3.8p1 Platform: All OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: openssh at roumenpetrov.info Current prefix for locked password is set to '!!' This might is RedHat specific. Slakware and SuSE use: '!' - account(password) can be unlocked '*' - account(password) always remain locked ------- You are receiving this mail because: ------- You are the assignee fo...

...Blob to authorized_keys which could look something like this: x509v3-sign-rsa subject= /C=FR/ST=PARIS/L=DESEl/O=SSL/OU=VLSI/CN=10.244.82.83/emailAddress=client at company.com This is extracted from the client certificate using openssl as described in the README file provided by you at http://roumenpetrov.info/openssh/x509h/README.x509v3 This system works fine, however my only concern is that I would like all Clients (possessing a valid Client-Certifcates signed by the CA) to be authenticated without having to place anything in the ~/.ssh/authorized_keys file on the server.(i.e authenticate all...

...tivated? Also I think for the applications which need to use OpenSSL FIPS mode will also need to run the FIPS self tests functions (also provided by the OpenSSL FIPS modules). Does the patched OpenSSH also run these self tests? Thanks. On Mon, Dec 7, 2015 at 11:39 AM, Roumen Petrov <openssh at roumenpetrov.info> wrote: > security veteran wrote: > >> Thanks Roumen. >> >> I have few more questions below: >> >> 1. What version of OpenSSH can the patch be applied to? What branch should >> I check out the patch? >> > There is no separate patch but I o...

...include : - support for Android platform; - engine implementation is now considered stable; - various regression test improvements including fixes for OpenSSL FIPS enabled 1.0.1 stable release and korn shell Yours sincerely, Roumen Petrov -- Get X.509 certificates support in OpenSSH: http://roumenpetrov.info/openssh/

...Product: Portable OpenSSH Version: -current Platform: All OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: openssh at roumenpetrov.info 1.) sshd should warn user when cannot create pid file. 2.) sshd -t should warn user when dont have write permition to pid_file_dir. One possible reason is missing directory. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee...

...ve preprocessor statement use defines HAVE_CRYPT and HAVE_DES_CRYPT. Configure script look like ( if with OpenSSL then .... else ... AC_CHECK_FUNCS([crypt DES_crypt]) fi Proposed patch restore previous behavior. Regards, Roumen Petrov -- Get SSH with X.509 certificate support http://roumenpetrov.info/openssh/ -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-configure.ac-rewrite-check-for-functions-crypt-and-D.patch Type: text/x-diff Size: 971 bytes Desc: not available URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20150303...

...Product: Portable OpenSSH Version: -current Platform: All OS/Version: Linux Status: NEW Severity: minor Priority: P2 Component: Build system AssignedTo: openssh-bugs at mindrot.org ReportedBy: openssh at roumenpetrov.info .... - Macro: AC_ARG_ENABLE (FEATURE, HELP-STRING, [ACTION-IF-GIVEN], [ACTION-IF-NOT-GIVEN]) If the user gave `configure' the option `--enable-FEATURE' or `--disable-FEATURE', run shell commands ACTION-IF-GIVEN. If neither option was given, run shell commands ACTION-IF-NOT-GIVE...

http://bugzilla.mindrot.org/show_bug.cgi?id=570 openssh at roumenpetrov.info changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|minor |normal ------- Additional Comments From openssh at roumenpetrov.info 2003-06-27 21:46 ------- When...

Hi All, The version 5.4 of "X.509 certificates support in OpenSSH" is ready for download. On download page http://roumenpetrov.info.localhost/openssh/download.html#get_-5.4 you can found diffs for OpenSSH versions 4.2p1 and 4.3p2. What's new: * given up support for "x509v3-sign-rsa-sha1" and "x509v3-sign-dss-sha1" The implementation realised in previous version 5.3 is not fully in conformance...

Today, I released a new version of "X.509 certificates support in OpenSSH" ( http://roumenpetrov.info/openssh/ ). Version 6.0 add following enhancements: - Printable X.509 name attributes compared in UTF-8 Printable attributes are converted to utf-8 before to compare. This allow distinguished name in "authorized keys" file to be in UTF-8. - "Distinguished Name" with es...

Hi All, The version 6.1 of "X.509 certificates support in OpenSSH" is ready for download. On page http://www.roumenpetrov.info/openssh/download.html you can found diffs for OpenSSH versions 4.5p1,4.6p1 and 4.7p1. Details ( from http://www.roumenpetrov.info/openssh ): * distinguished name compare bug(security): The bug affect versions 6.0 and 6.0.1 only. The work around is to write in "authorized keys"...

Hi, I have some observations regarding the X.509 patch developed by Roumen Petrov for OpenSSH available at http://roumenpetrov.info/openssh/ , I don't understand some things here like 1. When certificate based authentication of the client is desired, shouldn't it be something like what mod_ssl does in Apache where u have a CA certificate at the server, and then the client certificate installed in the client...

http://bugzilla.mindrot.org/show_bug.cgi?id=650 Summary: fix for build problem on IRIX 6.5 Product: Portable OpenSSH Version: 3.7p1 Platform: MIPS OS/Version: IRIX Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: openssh-bugs at mindrot.org ReportedBy: koenig at