search for: v00

I was recently looking at verifying the attestation data (ssh-sk-attest-v00) for a SK key, but I believe the data saved in this structure is insufficient for completing verification of the attestation. While the structure has enough information for U2F devices, FIDO2 devices sign their attestation over a richer "authData" blob [1] (concatenated with the challenge...

...3: load_hostkeys: found key type RSA in file > /Users/nickstanoszek/.ssh/known_hosts:55 > > debug3: load_hostkeys: loaded 1 keys > > debug3: order_hostkeyalgs: prefer hostkeyalgs: > ssh-rsa-cert-v01 at openssh.com > <mailto:ssh-rsa-cert-v01 at openssh.com>,ssh-rsa-cert-v00 at openssh.com > <mailto:ssh-rsa-cert-v00 at openssh.com>,ssh-rsa > > debug1: SSH2_MSG_KEXINIT sent > > debug1: SSH2_MSG_KEXINIT received > > debug2: kex_parse_kexinit: > diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-s...

...gt; > Rename "constraints" field to "critical options" > > Add a new non-critical "extensions" field > > Add a serial number > > The older format is still supported for authentication and cert > generation (use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 > certificate) so it seems like an opportune time to mention the deprecation rules that I plan to follow for the certificate support as it is developed. There are basically three goals: 1) Develop OpenSSH certificates until they solve enough of the us...

...>> /Users/nickstanoszek/.ssh/known_hosts:55 >> >> debug3: load_hostkeys: loaded 1 keys >> >> debug3: order_hostkeyalgs: prefer hostkeyalgs: >> ssh-rsa-cert-v01 at openssh.com >> <mailto:ssh-rsa-cert-v01 at openssh.com>,ssh-rsa-cert-v00 at openssh.com <mailto:ssh-rsa-cert-v00 at openssh.com>,ssh-rsa >> >> debug1: SSH2_MSG_KEXINIT sent >> >> debug1: SSH2_MSG_KEXINIT received >> >> debug2: kex_parse_kexinit: >> diffie-hellman-group-exchange-sha256,diffie-hellman-group-e...

...s in openssh-6.6p1 HostKeyAlgorithms ecdsa-sha2-nistp256-cert-v01 at openssh.com, ecdsa-sha2-nistp384-cert-v01 at openssh.com, ecdsa-sha2-nistp521-cert-v01 at openssh.com, ssh-ed25519-cert-v01 at openssh.com, ssh-rsa-cert-v01 at openssh.com,ssh-dss-cert-v01 at openssh.com, ssh-rsa-cert-v00 at openssh.com,ssh-dss-cert-v00 at openssh.com, ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, ssh-ed25519,ssh-rsa,ssh-dss KexAlgorithms curve25519-sha256 at libssh.org, ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffi...

...entries for host "ilohost" from file "/home/efo/.ssh/known_hosts" debug3: load_hostkeys: found key type RSA in file /home/efo/.ssh/known_hosts:185 debug3: load_hostkeys: loaded 1 keys debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01 at openssh.com,ssh-rsa-cert-v00 at openssh.com,ssh-rsa debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1...

...SG_KEXINIT received debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-dss debug2: kex_parse_kexinit: aes...

...10 (debug=0x0) Jun 5 20:26:20 pbx kernel: Winbond W6692 PCI driver Rev. 1.13 Jun 5 20:26:21 pbx kernel: PCI: Found IRQ 9 for device 0000:00:0f.0 Jun 5 20:26:21 pbx kernel: mISDN_w6692: found adapter Winbond W6692 at 0000:00:0f.0 Jun 5 20:26:21 pbx kernel: W6692: Winbond W6692 version (0): W6692 V00 Jun 5 20:26:21 pbx kernel: w6692: IRQ 9 count 4 Jun 5 20:26:21 pbx kernel: w6692 1 cards installed Jun 5 20:26:34 pbx kernel: MISDN free_device: entitylist not empty Am I using wrong or incompatible source versions or is this a bug or am I doing something wrong? Btw the misdn.conf contains: [...

Hi there, has anybody managed to get the eToken Pro Anywhere work with SSH? I'm using the latest SafeNetAuthentication drivers available for Ubuntu 64bit (8.3) and everything is working just fine except for ssh. I can use the eToken for logging in, openvpn, rdestkop, etc. but it seems ssh does not recognize the device properly. The command "ssh -I /usr/lib/libeToken.so.8 user at

https://bugzilla.mindrot.org/show_bug.cgi?id=2089 Bug ID: 2089 Summary: filter out bad host key algorithms Classification: Unclassified Product: Portable OpenSSH Version: 6.1p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: Miscellaneous

...,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,ssh-ed25519-cert-v01 at openssh.com,ssh-rsa-cert-v01 at openssh.com,ssh-dss-cert-v01 at openssh.com,ssh-rsa-cert-v00 at openssh.com,ssh-dss-cert-v00 at openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm at openssh.com,aes256-gcm at openssh.com,chacha20-poly1305 at openssh.c...

...ost "msp9022" from file "/Users/sherlock holmes/.ssh/known_hosts" debug3: load_hostkeys: found key type RSA in file /Users/sherlock holmes/.ssh/known_hosts:52 debug3: load_hostkeys: loaded 1 keys debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01 at ...,ssh-rsa-cert-v00 at ...,ssh-rsa debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: k...

...-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01 at openssh.com,ssh-rsa-cert-v01 at openssh.com,ssh-dss-cert-v01 at openssh.com,ssh-rsa-cert-v00 at openssh.com,ssh-dss-cert-v00 at openssh.com,ssh-ed25519,ssh-rsa,ssh-dss debug2: kex_parse_kexinit: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,a...

My apologies Darren, The error i get is a "PUBLICKEY" error as noted previously. Nicks-MacBook-Pro:Downloads$ ssh -i WHATEVERKEY.pem ubuntu at IPADDRESS Permission denied (publickey). Nicks-MacBook-Pro:Downloads$ I followed the directions as noted in the previous email to a T. Just copied and pasted---and used v6.9 ssh (which is the latest). What other info do you need? Thanks

Hi! I'm having a difficult time getting X11 forwarding to work. Since I've read the docs completely about this, this must be an SSH bug which is likely because I'm using Gentoo as the SSH server. When trying to forward X11 connections, I get X11 connection rejected because of wrong authentication. kwrite: cannot connect to X server XXXXXXXXX:10.0 Using command ssh -Y -p 1111 -4

...IT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa-cert-v01 at openssh.com,ssh-dss-cert-v01 at openssh.com,ssh-rsa-cert-v00 at openssh.com,ssh-dss-cert-v00 at openssh.com,ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.liu.se debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr...

..."db1.example.com" from file "/Users/MyUser/.ssh/known_hosts" debug3: load_hostkeys: found key type RSA in file /Users/MyUser/.ssh/known_hosts:172 debug3: load_hostkeys: loaded 1 keys debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01 at openssh.com, ssh-rsa-cert-v00 at openssh.com,ssh-rsa debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa-cert-v01 at openssh...

...fie-hellman-group1-sha1 debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01 at openssh.com, ecdsa-sha2-nistp384-cert-v01 at openssh.com, ecdsa-sha2-nistp521-cert-v01 at openssh.com,ssh-ed25519-cert-v01 at openssh.com, ssh-rsa-cert-v01 at openssh.com,ssh-dss-cert-v01 at openssh.com, ssh-rsa-cert-v00 at openssh.com,ssh-dss-cert-v00 at openssh.com ,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr, aes128-gcm at openssh.com,aes256-gcm at openssh.com,chacha20-poly1305 at openssh.com ,arcfour256,arcfo...

...ms: sntrup761x25519-sha512 at openssh.com,curve25519-sha256,curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00 at openssh.com debug2: host key algorithms: ssh-ed25519-cert-v01 at openssh.com,ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,sk-ssh-ed25519-cert-v01 at openssh.com,sk-ecdsa-sha2-nistp256-cert-v01 at openssh.com,r...

...s to permit non-OpenSSH implementation of this key format to degrade gracefully when encountering keys with options they do not recognize. The older format is still supported for authentication and may still be used when signing certificates (use "ssh-keygen -t v00 ..."). The v00 format, introduced in OpenSSH 5.4, will be supported for at least one year from this release, after which it will be deprecated and removed. BugFixes: * The PKCS#11 code now retries a lookup for a private key if there is no matching key with CKA_SIGN attribut...