Displaying 20 results from an estimated 10000 matches similar to: "a protocol weakness at the user-interface level"
2008 May 13
4
Trick user to send private key password to compromised host
Hi list,
I do not known, if this is really an issue but i noticed that when
connecting to a remote ssh host with the standard linux openssh client
using a private key, that there is no line of text indicating when the
local key-passwd process was completed and the connection session was
established.
On a compromised host, the login shell could write the line 'Enter
passphrase for key
2000 Jul 04
0
AW: rhostsauthentication fails. (Or why I hate poorly documented software.)
> jeff at ntcor.com [SMTP:jeff at ntcor.com] wrote:
>
> I have a ssh enabled server and client machine (we'll call them "server"
> and "client" respectively...)
OK :-)
> They both have proper RSA and DSA keys,using protocol version 2 works
> fine between them. (so ssh itself and the network is working fine)
OK.
> However, I want to get something that
2001 May 01
1
Problem with .hushlogin in Tru64 UNIX 4.0e
I have tried this with openssh-2.5.2p2 and openssh-SNAP-20010501.
I have noticed that with a .hushlogin file in my home directory I still
get messages.
With the .hushlogin file I get these messages:
Last successful login for ricardo: Tue May 1 08:06:00 2001 from
blah.mnsu.edu
Last unsuccessful login for ricardo: Tue May 1 08:05:21 2001 from
blah.mnsu.edu
Without the .hushlogin file I get
2002 Mar 29
2
Non-interactive root access via hostbased using shosts.equiv
Hello all!
I'm looking for a solution to the following problem -
I need to be able to use OpenSSH from root on one
system to perform work on several dozen other systems
using some automation. The restrictions that have to
be met to keep the business happy are that no
cleartext passwords or unencrypted private keys can be
stored on disk. Since this is within an automated
environment, there
2004 Sep 06
0
OpenSSH 3.9p1 bug, .hushlogin is ignored
Hello Darren! Hello OpenSSH (portable) users!
After updating from OpenSSH 3.8.1p1 to OpenSSH 3.9p1 on my
Fedora Core 2 Linux box, the "sshd" no longer respects
"~/.hushlogin" to get a quiet and silent login. Now I get
the noisy "Last login: somedate from somehost" line.
I really loved that feature. ;-)
The problem is related to a change in "session.c",
2001 Apr 13
0
Fixed patch for Digital Unix SIA
Okay, here is a fixed version of the patch I sent before for fixing the
problems I know about with Digital Unix SIA: displaying too much info
(MOTD, last login, etc.) when access is denied, and the loss of the
error message sometimes when access is denied.
It does break some code out of do_login into a couple of separate
functions. I did this to avoid duplicating the code in a couple of
places.
2002 Mar 26
0
[Bug 187] New: ssh-keygen not converting from and to SECSH standard correctly
http://bugzilla.mindrot.org/show_bug.cgi?id=187
Summary: ssh-keygen not converting from and to SECSH standard
correctly
Product: Portable OpenSSH
Version: 3.1p1
Platform: Sparc
OS/Version: Solaris
Status: NEW
Severity: normal
Priority: P2
Component: ssh-keygen
AssignedTo:
2010 Jun 25
1
Compromised servers, SSH keys, and replay attacks
We had an incident recently where an openssh client and server were
replaced with trojanned versions (it has SKYNET ASCII-art in the binary,
if anyone's seen it. Anyone seen the source code ?). The trojan ssh &
sshd both logged host/user/password, and probably had a login backdoor.
Someone asked me what was their exposure if they used public/private keys
instead of passwords.
My
2004 Sep 09
4
[Bug 927] Last login displayed even when .hushlogin exists
http://bugzilla.mindrot.org/show_bug.cgi?id=927
Summary: Last login displayed even when .hushlogin exists
Product: Portable OpenSSH
Version: -current
Platform: Sparc
OS/Version: Solaris
Status: NEW
Severity: trivial
Priority: P2
Component: Miscellaneous
AssignedTo: openssh-bugs at mindrot.org
2002 Apr 24
1
hostbased authentication and the root account
We have a problem using hostbased authentication in combination with the
root account. We use hostbased authentication to hop from a 'management
server' where we use strong authentication to several systems in a cluster.
The management server is defined in shosts.equiv and the public key of this
server is defined in ssh_known_hosts. This setup works for all users except
for the root user
2000 Oct 30
2
Feature disappeared?
Hi,
working on tightening our network (somewhat) today, I found that OpenSSH
doesn't seem to have the "AllowSHosts" directive (in sshd_config) that
Commercial SSH (at least 1.2.25 & up) has.
Now I wonder whether that hasn't been implemented yet, or has been dropped
for a certain reason.
I find this very useful for what I want to achieve - inside the company
network,
2001 Jan 18
1
New configuration scripts for Cygwin
Hi,
I have attached two new shell scripts `ssh-host-config' and
`ssh-user-config' which will replace the script `ssh-config'
in the next Cygwin OpenSSH release.
Could somebody with write access please remove
contrib/cygwin/ssh-config
from the OpenSSH repository and add these two attached files
instead?
The third attached file is the diff for contrib/cygwin/README.
Thanks in
2008 Feb 13
2
OggPCM: support for little-endianness only?
On 2008-02-14, Conrad Parker wrote:
> I tend to disagree with your sentiment. The specification of any
> format or protocol has mandatory and recommended sections (not
> "features"); MUST and SHOULD respectively for IETF and W3C stuff.
Then why not make the common endianness MUST and the rest of it SHOULD?
That was my sentiment, after all...
--
Sampo Syreeni, aka decoy -
2008 Feb 13
3
OggPCM: support for little-endianness only?
On 2007-12-30, Timothy B. Terriberry wrote:
> In any format that is to be used on both, it is always better to pick
> one and stick with it.
Then recommend one single format. Nobody *has* to support all of the
features present, yet it makes sense to *allow* common variances. Most
of all, because:
> Unless you can guarantee that you're writing streams that are only
> going to
2008 Jan 02
1
OggPCM: support for little-endianness only?
On 2007-12-30, Ian Malone wrote:
> Really it's pretty trivial and hardly taxing on the processor either.
> As far as I can tell the OggPCM standard was designed to provide a way
> to wrap and describe arbitrary PCM data[1]. If you prefer to
> distribute it in little endian all well and good.
My thoughts exactly.
On a related note, comments on the reworked channel mapping
2005 Nov 17
0
OggPCM2: channel map
On 2005-11-17, Erik de Castro Lopo wrote:
> I did flesh out the wiki a **little** more. Is the intent clearer now?
Yes. Channel map type tells us what the primary interpretation of the
stored signals is. Channel definitions are there to tell which stored
channel corresponds to which abstract channel in the type. Channel
conversions define downmixes to secondary formats, as they do in MLP,
2000 Jun 27
1
[CVS] humbolt:/tinc/cabal/src net.c netutl.c protocol.c
> - Indirectdata finally REALLY REALLY works now!
> - More precise debug messages
Hmmm ... I can't prove that using the CVS code I checked out this morning.
Everything works like yesterday: I can ping the peer but I canot go beyond:
*** SERVER ***
Jun 27 09:04:56 lemon tinc.9[10186]: tincd 1.0pre3 (Jun 27 2000 08:53:56)
startin
g, debug level 4
Jun 27 09:04:56 lemon tinc.9[10186]:
2007 Oct 19
0
OggPCM family
On 2007-10-19, Martin Leese wrote:
> OggPCM Draft3
Draft 3 is obviously a joke. Draft 2 is what most of the people agreed
upon the last time around, with the channel maps left unfinished. Draft
1 was abandoned by most people in favour of draft 2.
> I suggest this because somebody has started making changes to OggPCM
> Draft2.
That someone is me. I've asked about this on-list
2008 Sep 08
2
OggPCM channel maps
I've tried to solicit discussion on this point in the past, but now I'd
like the press the issue for a bit. I'd like to remove the less well
developed mapping header (option 1) from the OggPCM draft, and make
my/our (with Martin Leese) suggestion (option 2) the definitive one.
If anybody objects, let's discuss it on-list. If not, I think it
wouldn't be too bad of an idea
2003 Nov 27
0
[Announce] GnuPG's ElGamal signing keys compromised
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
GnuPG's ElGamal signing keys compromised
==========================================
Summary
=======
Phong Nguyen identified a severe bug in the way GnuPG creates and uses
ElGamal keys for signing. This is a significant security failure
which can lead to a compromise of almost all ElGamal keys used for
signing. Note that