similar to: [Bug 1314] Support for rsa1024-sha1 KEX method

https://bugzilla.mindrot.org/show_bug.cgi?id=2291 Bug ID: 2291 Summary: ssh -Q kex lists diffie-hellman-group1-sha1 twice Product: Portable OpenSSH Version: 6.7p1 Hardware: Other OS: Linux Status: NEW Severity: minor Priority: P5 Component: sftp-server Assignee:

there are more implications to changing key algorithms than KEX algorithms. If a change is made to the specification, then it might invalidate all the keys that are out there, this isn't the case with any other negotiated algorithm, On Sun, 27 May 2018, Yegor Ievlev wrote: > I don't think we should wait for a RFC in order to use stronger > crypto. We already prefer Curve25519 for

https://bugzilla.mindrot.org/show_bug.cgi?id=1242 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WONTFIX --- Comment #7 from Damien Miller <djm at

Here you go: OpenSSH_7.9p1, OpenSSL 1.1.1d 10 Sep 2019 debug1: Reading configuration data /home/ryantm/.ssh/config debug1: /home/ryantm/.ssh/config line 4: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 13: Applying options for * debug2: resolving "{REDACTED}" port 22 debug2: ssh_connect_direct debug1: Connecting to

https://bugzilla.mindrot.org/show_bug.cgi?id=1422 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |WONTFIX Status|NEW |RESOLVED CC|

https://bugzilla.mindrot.org/show_bug.cgi?id=2680 Bug ID: 2680 Summary: Regression in server-sig-algs offer in 7.4p1 (Deprecation of SHA1 is not being enforced) Product: Portable OpenSSH Version: 7.4p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5

Thanks for testing - are you able to see if there's anything in the server logs? I've just committed some extra verbosity in the client's log messages that might clarify where it is exiting (patch attached). -d On Fri, 29 Mar 2019, Adam Eijdenberg wrote: > On Wed, Mar 27, 2019 at 10:04 PM Damien Miller <djm at mindrot.org> wrote: > > > > OpenSSH 8.0p1 is almost

Hello Damien, I am using OpenSSH-5.0 on my ARM board. I want to perform RSA authentication, but server is not accepting the key generated by the client. I have copied the authorized_keys in the "$HOME/.ssh/" folder and provided permission (755) to that folder. Please help me how to solve this problem. Following is the log from the client OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006

On Thu, 11 Oct 2018, Adam Eijdenberg wrote: > On Thu, Oct 11, 2018 at 12:13 PM Damien Miller <djm at mindrot.org> wrote: > > Could you try this? > > > > diff --git a/sshconnect2.c b/sshconnect2.c > > index f104408..1d2906f 100644 > > --- a/sshconnect2.c > > +++ b/sshconnect2.c > > @@ -1080,7 +1080,8 @@ key_sig_algorithm(struct ssh *ssh, const

https://bugzilla.mindrot.org/show_bug.cgi?id=742 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |WONTFIX CC|

https://bugzilla.mindrot.org/show_bug.cgi?id=1753 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org Resolution|--- |WONTFIX Status|NEW

http://bugzilla.mindrot.org/show_bug.cgi?id=943 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |WONTFIX CC| |djm

Works on my netbsd tinkerbox. NetBSD 5.0.2 NetBSD 5.0.2 (GENERIC) It uses rlimit. Privsep sandbox style: rlimit I also get warnings during make. fmt_scaled.c: In function 'scan_scaled': fmt_scaled.c:84: warning: array subscript has type 'char' fmt_scaled.c:111: warning: array subscript has type 'char' fmt_scaled.c:155: warning: array subscript has type 'char'

https://bugzilla.mindrot.org/show_bug.cgi?id=1486 Summary: Improperly used buffer during KEX Classification: Unclassified Product: Portable OpenSSH Version: 5.0p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Miscellaneous AssignedTo: unassigned-bugs at

Thanks for your suggestion! It seems to have gone a little further this time, but isn't accepting the key and is failing back on password-based auth. We're double-checking that the public key was correctly configured with the account, and also trying a DSA key to see if it behaves differently. Is there anything you'd suggest we look at or try at this point, and thank you very much

https://bugzilla.mindrot.org/show_bug.cgi?id=3663 Bug ID: 3663 Summary: KEX host signature length wrong since strict kex introduced Product: Portable OpenSSH Version: 9.6p1 Hardware: Other OS: Linux Status: NEW Severity: major Priority: P5 Component: sshd

https://bugzilla.mindrot.org/show_bug.cgi?id=2586 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |WONTFIX CC|

https://bugzilla.mindrot.org/show_bug.cgi?id=2198 Bug ID: 2198 Summary: GSSAPIKeyExchange gssapi-keyex bug in kex.c choose_kex() Product: Portable OpenSSH Version: 6.4p1 Hardware: All OS: Linux Status: NEW Severity: normal Priority: P5 Component: Kerberos support

https://bugzilla.mindrot.org/show_bug.cgi?id=1044 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WONTFIX --- Comment #9 from Damien Miller <djm at

On 09/13/2018 08:18 PM, Damien Miller wrote: > We have any plans to add more crypto options to OpenSSH without a strong > justification, and I don't see one for X448-SHA512 ATM. What I like about it is that it offers ~224 bit security level, whereas X25519 offers ~128 bits (according to RFC7748). Hence, pairing X448 with AES256 would provide a full chain of security in the ~224 bit