search for: sntrup761x25519

...e. I see the most of the increase > is here in receiving 'SSH2_MSG_KEX_ECDH_INIT received'. There is > increase of about 336221 - 150435 = ~185 msec. Here's the reason: > //OpenSSH 9.6p1 logs > Jul 23 17:42:50.150288 ifav87-apic2 sshd[1090464]: debug1: kex: > algorithm: sntrup761x25519-sha512 at openssh.com [preauth] > //OpenSSH 8.6p1 > Jul 23 17:32:24.932126 apic2 sshd[342983]: debug1: kex: algorithm: > curve25519-sha256 [preauth] OpenSSH 9.0 introduced a quantum resistant hybrid kex method as the highest priority method. Quoting https://www.openssh.com/releasenotes....

...rsa-sha2-256-cert-v01 at openssh.com,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa debug3: send packet: type 20 debug1: SSH2_MSG_KEXINIT sent debug3: receive packet: type 20 debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: mlkem768x25519-sha256,sntrup761x25519-sha512,sntrup761x25519-sha512 at openssh.com,curve25519-sha256,curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,kex-stric...

...ker wrote: > OpenSSH 9.0 introduced a quantum resistant hybrid kex method as the > highest priority method. Quoting > https://www.openssh.com/releasenotes.html#9.0: > > * ssh(1), sshd(8): use the hybrid Streamlined NTRU Prime + x25519 key > exchange method by default ("sntrup761x25519-sha512 at openssh.com"). > The NTRU algorithm is believed to resist attacks enabled by future > quantum computers and is paired with the X25519 ECDH key exchange > (the previous default) as a backstop against any weaknesses in > NTRU Prime that may be discovered in the...

...list_hostkey_types: ssh-rsa [preauth] Jul 23 17:42:50.150134 ifav87-apic2 sshd[1090464]: debug1: SSH2_MSG_KEXINIT sent [preauth] Jul 23 17:42:50.150251 ifav87-apic2 sshd[1090464]: debug1: SSH2_MSG_KEXINIT received [preauth] Jul 23 17:42:50.150288 ifav87-apic2 sshd[1090464]: debug1: kex: algorithm: sntrup761x25519-sha512 at openssh.com [preauth] Jul 23 17:42:50.150323 ifav87-apic2 sshd[1090464]: debug1: kex: host key algorithm: ssh-rsa [preauth] Jul 23 17:42:50.150363 ifav87-apic2 sshd[1090464]: debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha1 compression: none [preauth] Jul 23 17:42:50.15040...

...o such file or directory debug3: order_hostkeyalgs: no algorithms matched; accept original debug3: send packet: type 20 debug1: SSH2_MSG_KEXINIT sent debug3: receive packet: type 20 debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: mlkem768x25519-sha256,sntrup761x25519-sha512,sntrup761x25519-sha512 at openssh.com,curve25519-sha256,curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,kex-stric...

...directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: sntrup761x25519-sha512 at openssh.com,curve25519-sha256,curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00 at openssh.com...

https://bugzilla.mindrot.org/show_bug.cgi?id=3824 Bug ID: 3824 Summary: ssh -Q should also accept a remote hostname to query Product: Portable OpenSSH Version: 10.0p2 Hardware: amd64 OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee:

https://bugzilla.mindrot.org/show_bug.cgi?id=3522 Bug ID: 3522 Summary: Crash with "free(): double free detected" with old clients Product: Portable OpenSSH Version: 9.1p1 Hardware: amd64 OS: Linux Status: NEW Severity: minor Priority: P5 Component: sshd

Good morning! We're experiencing rather very bad latency spikes on busy Linux systems, for example if one machine is the jumphost (ssh -J) for a few hundred connections, while at the same time handles CPU intensive tasks. Would RT/Linux SCHED_FIXED or SCHED_RR be of help in such a case, e.g. put all ssh processes into the SCHED_FIXED scheduling class, with a priority higher than the

...code to a substantially faster implementation. * ssh(1), sshd(8): the hybrid Streamlined NTRUPrime/X25519 key exchange algorithm now has an IANA-assigned name in addition to the "@openssh.com" vendor extension name. This algorithm is now also available under this name "sntrup761x25519-sha512" * ssh(1), sshd(8), ssh-agent(1): prevent private keys from being included in core dump files for most of their lifespans. This is in addition to pre-existing controls in ssh-agent(1) and sshd(8) that prevented coredumps. This feature is supported in OpenBSD, Linux and Fre...

...code to a substantially faster implementation. * ssh(1), sshd(8): the hybrid Streamlined NTRUPrime/X25519 key exchange algorithm now has an IANA-assigned name in addition to the "@openssh.com" vendor extension name. This algorithm is now also available under this name "sntrup761x25519-sha512" * ssh(1), sshd(8), ssh-agent(1): prevent private keys from being included in core dump files for most of their lifespans. This is in addition to pre-existing controls in ssh-agent(1) and sshd(8) that prevented coredumps. This feature is supported on OpenBSD, Linux and Fre...

...code to a substantially faster implementation. * ssh(1), sshd(8): the hybrid Streamlined NTRUPrime/X25519 key exchange algorithm now has an IANA-assigned name in addition to the "@openssh.com" vendor extension name. This algorithm is now also available under this name "sntrup761x25519-sha512" * ssh(1), sshd(8), ssh-agent(1): prevent private keys from being included in core dump files for most of their lifespans. This is in addition to pre-existing controls in ssh-agent(1) and sshd(8) that prevented coredumps. This feature is supported on OpenBSD, Linux and Fre...

...code to a substantially faster implementation. * ssh(1), sshd(8): the hybrid Streamlined NTRUPrime/X25519 key exchange algorithm now has an IANA-assigned name in addition to the "@openssh.com" vendor extension name. This algorithm is now also available under this name "sntrup761x25519-sha512" * ssh(1), sshd(8), ssh-agent(1): prevent private keys from being included in core dump files for most of their lifespans. This is in addition to pre-existing controls in ssh-agent(1) and sshd(8) that prevented coredumps. This feature is supported on OpenBSD, Linux and Fre...

...code to a substantially faster implementation. * ssh(1), sshd(8): the hybrid Streamlined NTRUPrime/X25519 key exchange algorithm now has an IANA-assigned name in addition to the "@openssh.com" vendor extension name. This algorithm is now also available under this name "sntrup761x25519-sha512" * ssh(1), sshd(8), ssh-agent(1): prevent private keys from being included in core dump files for most of their lifespans. This is in addition to pre-existing controls in ssh-agent(1) and sshd(8) that prevented coredumps. This feature is supported on OpenBSD, Linux and Fre...

Hey all, So I do some development based on openssh and I'm trying to think of some new projects that might extend the functionality, feature set, user workflow, performance, etc of ssh. So open ended question: Do any of you have a wish list of things you'd like to see in ssh? Mostly I'm just curious to see what the larger community is thinking of rather than being driven