similar to: [Bug 877] ssh 3.8.1p1 client cannot disable encryption with "-c none"

https://bugzilla.mindrot.org/show_bug.cgi?id=1801 Summary: cipher_spec section of ssh man page needs update Product: Portable OpenSSH Version: 5.5p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Documentation AssignedTo: unassigned-bugs at mindrot.org

http://bugzilla.mindrot.org/show_bug.cgi?id=1337 Summary: SCP performance twice as slow as RCP Product: Portable OpenSSH Version: 3.8.1p1 Platform: Other OS/Version: AIX Status: NEW Severity: enhancement Priority: P3 Component: scp AssignedTo: bitbucket at mindrot.org ReportedBy:

Hi, In a recent security review some systems I manage were flagged due to supporting "weak" ciphers, specifically the ones listed below. So first question is are people generally modifying the list of ciphers supported by the ssh client and sshd? On CentOS 6 currently it looks like if I remove all the ciphers they are concerned about then I am left with Ciphers

As the man pages say, you can force an encryption algorithm from the server side by use of the "Cipher" command. How would one verify this is working? Thanks. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev at mindrot.org http://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

https://bugzilla.mindrot.org/show_bug.cgi?id=2089 Bug ID: 2089 Summary: filter out bad host key algorithms Classification: Unclassified Product: Portable OpenSSH Version: 6.1p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: Miscellaneous

I see that: SSH uses the following ciphers for encryption: Cipher SSH1 SSH2 DES yes no 3DES yes yes IDEA yes no Blowfish yes yes Twofish no yes Arcfour no yes Cast128-cbc no yes Two ques re: sshd: 1) Using openssh, how do I configure which

Hello all, It seems the overhaul on key exchange/selection broke it badly. I haven't managed to use any other encryption method than 3des and blowfish when connecting to SNAP -> SNAP. SNAP -> 2.2.0p1 will use arcfour etc. quite cleanly. How SNAP -> SNAP looks like: --- debug: Local version string SSH-2.0-OpenSSH_2.2.0p2 debug: send KEXINIT debug: done debug: wait KEXINIT debug:

Hello All. Portable OpenSSH version 3.8.1p1 nearing release. This is primarily a bug fix release and we're asking for interested parties to try a snapshot [1]. A reminder: we rely on community feedback to find out about problems, particularly as there are many platforms any configurations that we don't have access to and can't test. In most cases, running the built-in tests is

https://bugzilla.mindrot.org/show_bug.cgi?id=1550 Summary: Move from 3DES to AES-256 for private key encryption Product: Portable OpenSSH Version: 5.1p1 Platform: All OS/Version: All Status: NEW Keywords: patch Severity: enhancement Priority: P2 Component: ssh-keygen AssignedTo:

Does anyone knows which one is the strongest and which is the fastest encryption algorithms used in OpenSSH 3.7.1p2 from the list below aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, arcfour, aes192-cbc, aes256-cbc, rijndael-cbc at lysator.liu.se, aes128-ctr, aes192-ctr, aes256-ctr Strong Encryption OpenSSH supports 3DES, Blowfish, AES and arcfour as encryption algorithms. These are patent

Hi, Is cipher "3des-ctr" supported by openssh? It is not mentioned in the list of supported ciphers in the man page of ssh_config: Thanks, Sunil Ciphers Specifies the ciphers allowed for protocol version 2 in order of preference. Multiple ciphers must be comma-separated. The supported ciphers are ''3des-cbc'', ''aes128-cbc'',

By making a one-line change it is possible to enable the cipher 'none' in openssh. But you still have to ask for it explicitly, either by adding it to /etc/ssh/ssh_config or by giving the '-c none' option to ssh. I think that this 'feature' should be turned back on, because for slow machines or large file transfers, using encryption slows things down a lot. This means

Ok.. I'm starting official testing calls early this release. I'd like to have more feedback and more time for handling fixes. If people could test snapshots (http://www.openssh.org/portable.html, pick your favorate mirror and select snapshots directory) and report failures it would be useful. For those with pmake install there is regress/ which you can try out. It may help any platform

http://bugzilla.mindrot.org/show_bug.cgi?id=1340 Summary: Support for Camellia block cipher to OpenSSH-portable. Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: Miscellaneous AssignedTo: bitbucket at mindrot.org

https://bugzilla.mindrot.org/show_bug.cgi?id=2729 Bug ID: 2729 Summary: Can connect with MAC hmac-sha1 even though it's not configured on the server Product: Portable OpenSSH Version: 7.5p1 Hardware: All OS: Linux Status: NEW Severity: security Priority: P5

Hi, Connecting from RHL7 with OpenSSH 2.3.0p1 or 2.5.0p1 to OpenSSH 2.3.0p1 on AIX 4.3.1. Protocol 2 doesn't work if you specify 'Ciphers rijndael128-cbc' or Ciphers 'aes128-cbc'. sshd -d -d -d on the server shows _nothing_ about these connections. I'm not sure if rijndael has been left out from sshd somehow, but shouldn't the error message be a little more

Folks, I've just updated a machine to the latest IBM supplied OpenSSL RPMS: openssl-0.9.6m-1 openssl-devel-0.9.6m-1 (this is a power4 running AIX 5.1) and Tried to upgrade to the latest OpenSSH (3.8p1 - both the release and a snapshot from about a week ago) I'm using: ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-ssl-dir=/opt/freeware and the compilation seems OK: OpenSSH

OpenSSH Security Advisory: cbc.adv Regarding the "Plaintext Recovery Attack Against SSH" reported as CPNI-957037[1]: The OpenSSH team has been made aware of an attack against the SSH protocol version 2 by researchers at the University of London. Unfortunately, due to the report lacking any detailed technical description of the attack and CPNI's unwillingness to share necessary

Why are legacy MACs (like md5-96), and legacy Ciphers (anything in cbc-mode, arcfour*(?)) enabled by default? My proposal would be to change the defaults for ssh_config and sshd_config to contain: MACs hmac-sha2-256,hmac-sha2-512,hmac-sha1 Ciphers aes128-ctr,aes192-ctr,aes256-ctr ...removing md5, truncated versions of sha1, umac64 (for which I can find barely any review), any cipher in cbc

Hi, I would like to know the key-length used for 3DES data encryption in openssh. I thought that it should be 192 (3 * 64) bits, but the sshd man page states 128 bit key used for 3DES. Also, I would like to know the 3des key negotiation - who generates the key (the client or the server). I am interested in the export regulations concerning openssh in USA. Any idea on this ? I would really