search for: sshv2

When should sshd disconnect an SSHv2 connection? Markus Friedl says "for protocol v2 the client decides when to close the connection." In principle, I agree, because SSHv2 supports multiple sessions over the same connection, with the client able to launch new sessions anytime then it should be upto the client. But this wo...

Hi, On Fri, Mar 27, 2015 at 02:36:50PM +0100, Hubert Kario wrote: > > Same thing with needing sshv1 to access old network gear where even sshv1 > > was an achievement. "Throw away gear that does its job perfectly well, > > but has no sshv2 for *management*" or "keep around an ssh v1 capable > > client"? > > If you depend on hardware like this, you should have support* for it. Exactly > because issues like this. > > * - where "support" means that either you have other people responsibl...

https://bugzilla.mindrot.org/show_bug.cgi?id=1835 Summary: sftp should fallback to sshv1 if server doesn't support sshv2 Product: Portable OpenSSH Version: 5.6p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sftp AssignedTo: unassigned-bugs at mindrot.org ReportedBy: jchadima at redhat...

The "integration" of SSH with apps is already there. Read the OpenSSH [or other SSH implementation's] man pages and the SSHv2 specs. RTFM! Essentially SSH supports tunneling of X11 traffic. The SSH daemon is responsible for creating a local X11 display endpoint and setting the DISPLAY environment variable appropriately, then the apps you run in SSH sessions with X11 forwarding do the right thing and open a display which...

...og in the portable OpenSSH tarballs. Thanks to the many people who contributed to this release. Future deprecation notice ========================= OpenSSH plans to remove support for the DSA signature algorithm in early 2025 and compile-time disable it later this year. DSA, as specified in the SSHv2 protocol, is inherently weak - being limited to a 160 bit private key and use of the SHA1 digest. Its estimated security level is only 80 bits symmetric equivalent. OpenSSH has disabled DSA keys by default since 2015 but has retained run-time optional support for them. DSA was the only mandatory-t...

In SSHv2, the data that consumes window space is that sent in the channel data and channel data extended messages. My question is, how is the data that consumes window space reckoned? One would have thought that it is the total length of the message itself, but the standard seems to imply that only the data...

On Fri, 29 Dec 2017, Daniel Kahn Gillmor wrote: > On Thu 2017-12-28 21:31:28 -0800, Dan Mahoney (Gushi) wrote: > > Why not make minimum key length a tunable, just as the other options are? > > Because the goal of building secure software is to make it easy to > answer the question "are you using it securely?" This is a nice summation of our approach. It's the

...ctly working and secure machine, because its out of band interface is crap" or "keep around an old and insecure browser"? Same thing with needing sshv1 to access old network gear where even sshv1 was an achievement. "Throw away gear that does its job perfectly well, but has no sshv2 for *management*" or "keep around an ssh v1 capable client"? I, for one, need to explain why I buy new gear, and "because the out of band / management access only does sshv1" is not a good reason for my management ("then just use telnet, no?")... gert -- USEN...

...e project. More information on donations may be found at: https://www.openssh.com/donations.html Future deprecation notice ========================= OpenSSH plans to remove support for the DSA signature algorithm in early 2025 and compile-time disable it later this year. DSA, as specified in the SSHv2 protocol, is inherently weak - being limited to a 160 bit private key and use of the SHA1 digest. Its estimated security level is only 80 bits symmetric equivalent. OpenSSH has disabled DSA keys by default since 2015 but has retained run-time optional support for them. DSA was the only mandatory-t...

Hi, OpenSSH plans to remove support for DSA keys in the near future. This message describes our rationale, process and proposed timeline. Rationale --------- DSA, as specified in the SSHv2 protocol, is inherently weak - being limited to a 160 bit private key and use of the SHA1 digest. Its estimated security level is <=80 bits symmetric equivalent[1][2]. OpenSSH has disabled DSA keys by default since 2015 but has retained optional support for them. DSA is the only mandatory-to-im...

Hi, OpenSSH plans to remove support for DSA keys in the near future. This message describes our rationale, process and proposed timeline. Rationale --------- DSA, as specified in the SSHv2 protocol, is inherently weak - being limited to a 160 bit private key and use of the SHA1 digest. Its estimated security level is <=80 bits symmetric equivalent[1][2]. OpenSSH has disabled DSA keys by default since 2015 but has retained optional support for them. DSA is the only mandatory-to-im...

Hi All. This patch calls pam_chauthtok() to change an expired password via PAM during keyboard-interactive authentication (SSHv2 only). It is tested on Redhat 8 and Solaris 8. In theory, it should have simply been a matter of calling pam_chauthtok with the PAM_CHANGE_EXPIRED_AUTHTOK flag, it'd only change the password is if it's expired, right? From the Solaris pam_chauthtok man page: [quote] PAM_CHANGE_EXP...

...e project. More information on donations may be found at: https://www.openssh.com/donations.html Future deprecation notice ========================= OpenSSH plans to remove support for the DSA signature algorithm in early 2025 and compile-time disable it later this year. DSA, as specified in the SSHv2 protocol, is inherently weak - being limited to a 160 bit private key and use of the SHA1 digest. Its estimated security level is only 80 bits symmetric equivalent. OpenSSH has disabled DSA keys by default since 2015 but has retained run-time optional support for them. DSA was the only mandatory-t...

...existing > integration could be "cleaner". > Greg > > P.S. Is my signature not explicit enough? I don't need to receive > multiple copies, one to the list is plenty, thanks. > > > Read the OpenSSH [or other SSH implementation's] man pages > and the SSHv2 specs. RTFM! > > > > Essentially SSH supports tunneling of X11 traffic. The SSH > daemon is responsible for creating a local X11 display > endpoint and setting the DISPLAY environment variable > appropriately, then the apps you run in SSH sessions with X11 > forwarding...

...anks to the many people who contributed to this release. > > Future deprecation notice > ========================= > > OpenSSH plans to remove support for the DSA signature algorithm in > early 2025 and compile-time disable it later this year. > > DSA, as specified in the SSHv2 protocol, is inherently weak - being > limited to a 160 bit private key and use of the SHA1 digest. Its > estimated security level is only 80 bits symmetric equivalent. > > OpenSSH has disabled DSA keys by default since 2015 but has retained > run-time optional support for them. DSA...

...cle.com Created attachment 2441 --> https://bugzilla.mindrot.org/attachment.cgi?id=2441&action=edit pam_enhancements for OpenSSH server We have implemented the following PAM enhancements for Solaris and we would like to contribute back our implementations for these enhancements: 1) Each SSHv2 userauth method has its own PAM service name so that PAM can be used to control what userauth methods are allowed. This is for protocol 2 only. ----------------------------------------------- | SSHv2 Userauth | PAM Service Name | -----------------------------------------...

I referred to the fact that there is no value for 4096-bit groups at all. For higher strengths than 128 bits one should probably not use non-EC crypto at all, as the document suggests. On Fri, Feb 15, 2019 at 9:19 AM Darren Tucker <dtucker at dtucker.net> wrote: > > On Fri, 15 Feb 2019 at 16:45, Yegor Ievlev <koops1997 at gmail.com> wrote: > > That doesn't seem to be

...t;use rsync or something-over-bare-ssh instead, good luck". 3. 'scp' stays, but becomes the CLI for SFTP, and the SCP protocol breaks. 4. 'scp' goes away, and a new 's'-command[*] is created that does file transfer via CLI, possibly using SFTP. The old proprietary SSHv2 did #4, with the new command called 'scp2', and a long tail for the transition while 'scp' and 'scp2' coexisted. ____________________ [*]: For example, "sput", "scpx", or for fun, "Secure Copying Remote Artifacts Program" = "scrap"....

...anks to the many people who contributed to this release. > > Future deprecation notice > ========================= > > OpenSSH plans to remove support for the DSA signature algorithm in > early 2025 and compile-time disable it later this year. > > DSA, as specified in the SSHv2 protocol, is inherently weak - being > limited to a 160 bit private key and use of the SHA1 digest. Its > estimated security level is only 80 bits symmetric equivalent. > > OpenSSH has disabled DSA keys by default since 2015 but has retained > run-time optional support for them. DSA...

2017-02-05 23:12 GMT+01:00 Michael Stone <mstone at mathom.us>: > > It was probably because of this commit: > > http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd.c.diff?r1=1.472&r2=1.473 > Yes here the combination cr and lf is removed. > Which removed support for protocols older than 2 but perhaps failed to > account for the fact that newline had been