Displaying 9 results from an estimated 9 matches for "ssh_msg_kexinit".
Did you mean:
ssh2_msg_kexinit
2024 Feb 05
0
Server-side algorithms selection
...due to misconfiguration or
any other reason sets aes128-cbc as preferred even if it supports more
modern alternatives, then aes128-cbc is used, for example:
ssh -c aes128-cbc,chacha20-poly1305 at openssh.com ...
2) if the server (but also the client) could inspect the algorithms
before sending SSH_MSG_KEXINIT interesting things could be done, for
example the server checks KEX and kex-strict-c-v00 at openssh.com is not
found, it may not send chacha20-poly1305 at openssh.com
One common solution used in some servers is to associate algorithms to
client's initial banner (see for example SFTPClientMa...
2005 Jun 16
1
Bug report: first_kex_packet_follows behaviour seems wrong
Hello,
It seems to me the algorithm negotiation of the transport layer has a bug,
it does not follow the specification of draft-ietf-secsh-transport-24, page
19, where the behaviour of first_kex_packet_follows is specified.
I've got an ssh client that sends an SSH_MSG_KEXINIT message and specifies
only 'diffie-hellman-group1-sha1' as key exchange algorithm. It sets
first_kex_packet_follows to true, and immediately sends the
SSH_MSG_KEXDH_INIT message. The ssh server (openssh-3.9p1) specifies three
key exchange algorithms in its SSH_MSG_KEXINIT message:
'diff...
2000 Feb 15
1
Rekeying
Hello,
I apologize that this is slightly off topic.
According to the Internet Draft I found for SSH ver 1
(draft-ietf-tls-ssh-00.txt from Jun 13, 1996), the client or server can
send a SSH_MSG_KEXINIT at any time to force a new key exchange. I looked
through the code for OpenSSH and ssh-1.2.27 and can't find where it does
this. I then searched the Secure Shell mailing list archives and saw some
comments that rekeying will be implemented in Ver 2.
Did I miss the code in OpenSSH? Are the...
2013 Nov 02
2
[PATCH] curve25519-sha256@libssh.org key exchange proposal
Am 02.11.2013 um 11:38 schrieb Aris Adamantiadis <aris at 0xbadc0de.be>:
> RFC4251 describes mpint to be multi-size and with positive values having
> MSB clear, so it's clearly incompatible with raw string.
>
> Since you both agreed on the curve25519 implementation to use, I'll work
> today on Markus' patch to make the changes Damien wanted.
What do you want to
2016 Jan 26
2
Questions about inferred state machines for OpenSSH
Dear all,
For my thesis, I've been working on automatic inference of state
machines for SSH servers. I ran into a couple of particularities
regarding OpenSSH's inferred state machine, and was hoping some of you
might be interested. Maybe you can even shed some light on it.
Setup: I'm using LearnLib's (Java) version of the L* learning
algorithm [1] to come up with sequences of
2014 Jul 30
0
checking for "dh_gen_key: group too small" errors
On Ubuntu 12.04 / OpenSSH_5.9p1 Debian-5ubuntu1 trying to initiate a
connection with hmac-sha2-512 and diffie-hellman-group1-sha1 results in
OpenSSH killing the connection after the SSH_MSG_KEXINIT packet is sent.
The OpenSSH error logs state the following:
debug2: mac_setup: found hmac-sha2-512 [preauth]
debug1: kex: server->client arcfour256 hmac-sha2-512 none [preauth]
dh_gen_key: group too small: 1024 (2*need 1024) [preauth]
debug1: do_cleanup [preauth]
This behavior, I believe, is i...
2019 Jan 19
3
Can we disable diffie-hellman-group14-sha1 by default?
e.g. can we make it throw warnings etc. rsa-sha2-256 and rsa-sha2-512
are fine, they use PSS.
On Sun, Jan 20, 2019 at 1:55 AM Yegor Ievlev <koops1997 at gmail.com> wrote:
>
> Also can we do anything with ssh-rsa? It uses both SHA-1 and
> deprecated PKCS#1 padding. If it's used to sign certificates, there's
> no additional protection of SHA-2 hashing before SHA-1
2011 Dec 08
1
Converting SSH2 keys for use in OpenSSH
...enSSH: Major: 5 Minor: 5 Revision: 0
debug: Ssh2Transport: All versions of OpenSSH handle kex guesses incorrectly.
debug: Ssh2Transport: My version: SSH-1.99-3.2.3 F-Secure SSH Windows Client
debug: Ssh2Transport: local kexinit: first_packet_follows = FALSE
debug: Ssh2Transport: Processing received SSH_MSG_KEXINIT.
debug: Ssh2Transport: Computing algorithms from key exchange.
debug: Ssh2Transport: client: kex = diffie-hellman-group1-sha1, hk_alg = ssh-dss
,ssh-rsa,x509v3-sign-dss,x509v3-sign-rsa
debug: Ssh2Transport: server: kex = diffie-hellman-group-exchange-sha256,diffie-
hellman-group-exchange-sha1,diffi...
2018 Nov 13
12
[Bug 2929] New: OpenSSH server should not send the SSH_MSG_EXT_INFO message after rekeying
https://bugzilla.mindrot.org/show_bug.cgi?id=2929
Bug ID: 2929
Summary: OpenSSH server should not send the SSH_MSG_EXT_INFO
message after rekeying
Product: Portable OpenSSH
Version: 7.7p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5