similar to: ssh1 keyexchange problem ?

Below is a patch against the current OpenBSD OpenSSH CVS to workaround a behavior I have observed when converting from SSH 1.2.27 to OpenSSH while using the same old RSA1 host key for protocol 1. In several cases I saw that old SSH sshd reported a host key size of 1024 bits when OpenSSH saw it as 1023 bits. Without the patch, when OpenSSH's ssh client connects to an old SSH sshd it warns

Hi, Is there any way to store HostKey in hardware (and delegate the related processing)? I have been using Roumen Petrov's x509 patch for clients, which works via an OpenSSL engine, but it does not seem to support server HostKey: http://roumenpetrov.info/pipermail/ssh_x509_roumenpetrov.info/2012q4/000019.html For PKCS#11, I have found an email on this list from a year back suggesting this

We've run into an interesting dilemma regarding last log information and ssh 4.2p1. In 3.8, we didn't see this problem, but now has cropped up in 4.2. When a user logs in, sshd seems to call 'last' to get the last log information. 'last' then opens the /var/log/wtmp file and processes the information. On some systems, this file can be quite large, and we're seeing

Could everyone please test the latest snapshots as we will be making a new release soon. If you have any patches you would like us to consider, please resend them to the list ASAP. -d -- | Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's | http://www.mindrot.org / distributed filesystem'' - Dan Geer

I'm seeing some extremely odd behavior with solaris. I have a suspicion it's me, but here's the story and maybe someone can suggest an avenue of investigation. This seems to be happening with any release of openssh since at least 2.5.2p1. 1) Problem #1: If SSH protocol 1 is enabled then sshd segfaults right off. This turns out to be because the call to arc4random_stir is

In the current implementation, ssh always uses the hostname supplied by the user directly for the SSHFP DNS record lookup. This causes problems when using the domain search path, e.g. I have "search example.com" in my resolv.conf and then do a "ssh host", I will connect to host.example.com, but ssh will query the DNS for an SSHFP record of "host.", not

Hi, About a year and a half ago I brought up the topic of encrypted hostkeys and posted a patch (http://marc.info/?l=openssh-unix-dev&m=132774431906364&w=2), and while the general reaction seemed receptive to the idea, a few problems were pointed out with the implementation (UI issues, ssh-keysign breakage). I've finally had some spare time in which to get back to this, and I've

http://bugzilla.mindrot.org/show_bug.cgi?id=1242 Summary: GSSAPI Keyexchange support Product: Portable OpenSSH Version: 4.3p2 Platform: Other OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Kerberos support AssignedTo: bitbucket at mindrot.org ReportedBy: simon at

Hello, There's a memory allocation for sensitive_data.keys in ssh.c:848 which uses size of Key instead of Key*. This is probably harmless but seems to be wrong. --- a/ssh.c +++ b/ssh.c @@ -846,7 +846,7 @@ main(int ac, char **av) options.hostbased_authentication) { sensitive_data.nkeys = 7; sensitive_data.keys = xcalloc(sensitive_data.nkeys, -

http://bugzilla.mindrot.org/show_bug.cgi?id=1242 hotz at jpl.nasa.gov changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |hotz at jpl.nasa.gov ------- Comment #2 from hotz at jpl.nasa.gov 2006-11-10 06:20 ------- At our institution machines are SA'd

https://bugzilla.mindrot.org/show_bug.cgi?id=1242 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WONTFIX --- Comment #7 from Damien Miller <djm at

https://bugzilla.mindrot.org/show_bug.cgi?id=1242 Tomas Mraz <t8m at centrum.cz> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |t8m at centrum.cz -- Configure bugmail:

Hello, The following patch avoids a warnign message when using hostbased authentication as root and protocol v1 support has been disabled. The case for non-root users has already been addressed, but root follows a different code path. -- Iain Morgan diff --git a/ssh.c b/ssh.c index cceb36e..e32aa0a 100644 --- a/ssh.c +++ b/ssh.c @@ -1242,8 +1242,10 @@ main(int ac, char **av)

Hello all, I recently found myself wanting to run sshd with passphrase-protected host keys rather than the usual unencrypted format, and was somewhat surprised to discover that sshd did not support this. I'm not sure if there's any particular reason for that, but I've developed the below patch (relative to current CVS at time of writing) that implements this. It prompts for the

In the source code of openssh(my source code is 6.0 for Openbsd?? The content below is Rsa.h #ifndef RSA_H #define RSA_H #include <openssl/bn.h> #include <openssl/rsa.h> void rsa_public_encrypt(BIGNUM *, BIGNUM *, RSA *); int rsa_private_decrypt(BIGNUM *, BIGNUM *, RSA *); void rsa_generate_additional_parameters(RSA *); #endif /* RSA_H */ Question:

Hello, I'm running several Sparcs with Solaris 2.7 on them. They all have Openssh 2.9 installed, and all work fine. Except one. Every once in a while I get this: "Disconnecting: Corrupted check bytes on input." When I truss or I am at the console I get this: "rsa_private_decrypt() failed" I've tried reinstalling with OpenSSH 2.5, 2.9 and the commercial versions.

Hello everyone and Timo in particular, about a year ago I implemented a SHA-1 variant of the HMAC(-MD5) present in Dovecot. I had always disliked this a bit, because it replicates a lot of code. This patch generalizes the HMAC function to take a hash_method struct as parameter, and changes existing code which uses the "old" HMAC function to use this new one. I'm not really sure

The following code snippet will not compile support for RSAref on NetBSD even if it exists on the system (which breaks OpenSSL): for WANTS_RSAREF in "" 1 ; do if test -z "$WANTS_RSAREF" ; then LIBS="$saved_LIBS -lcrypto" else LIBS="$saved_LIBS -lcrypto -lRSAglue

I have openssl-0.9.5a and openssh-2.1.0. I configured ssl with rsaref and it passes the tests. When I configure ssh I get: ---- checking for OpenSSL directory... configure: error: Could not find working SSLeay / OpenSSL libraries, please install ---- it is failing RSA_private_decrypt function call. The RSA_generate_key seems to work (does not return null) but then goes on to fail at

Hello... to openssh-unix-dev at mindrot.org cc djm at ibs.com.au devel platform: linux intel redhat 6.2beta http://violet.ibs.com.au/openssh/files/openssh-1.2.2.tar.gz from rpm at same. I am NOT subscribed to the openssh-unix-dev list. I ran into a problem using openssh-1.2.2 with openssl-0.9.5. With openssl 0.9.5 you can now compile shared libraries without idea, rc5 and rsa. openssl