similar to: sshd question:

Sunil-- Actually, you do not "see that openssl has some patent issues." You do see that OpenSSL implements many algorithms, some of which have been (at various times) been patented or encumbered in some countries. Without knowing what country you're in, none of us here can really give useful advice as to which software/algorithm patents could potentially apply. To the best of my

I hate following up to myself, but I thought a clarification of one point (specifically WRT RC5 which was mentioned in the original question) might be worthwhile...because what I should have said originally was that "To the best of my non-legally- admissible knowledge, however, none of the algorithms in the current *OpenSSH* implementation are currently encumbered by patents that would

I've attached two patches. The first just changes the output of "ssh -V" to print that it was built against rsaref if libRSAglue (which is built as part of openssl only when it is built against rsaref) is present at build-time. The second adds appropriate calls to pam_setcred() in sshd. Without them, our systems can't access AFS because the PAM modules only get tokens at a

I get error: %SSHD-3-ERROR: Could not load host key: /tmp/ssh_host_dsa_key: Bad file descriptor Jan 26 23:58:52: %SSHD-6-INFO: Disabling protocol version 2. Could not load host key Everything looks okay, the file exists, (it was generated using command: ssh-keygen -d -f ssh_host_dsa_key -N '') I also do 'ls' and find the file exists with permissions: -rw------- 1 root group

Hello, I have: SSH-1.5-OpenSSH_2.3.1p1 I find that this client displays error when I specify (from command line), '-c' [cipher] for SSH1. {for SSH2 looks okay}. Thus, if I specify: ./ssh -v -l user -c des -1 host or ./ssh -v -l user -c 3des -1 host I get error: bad cipher des [des] or error: bad cipher 3des [3des] respectively.... and client immediately exits ! But, this is okay:

On Solaris2.6, I have just run into some problems where using the 1.2pre17 scp to another box with either 1.2pre16 or 1.2pre17 on it. The scp dies with an "Alarm Clock" problem on larger files (the failure case file is a 1297920 byte solaris package.). It does not always die in the same place. openssh-1.2pre17-spa 51% |************** | qd 00:00 ETAAlarm Clock Write

The following code snippet will not compile support for RSAref on NetBSD even if it exists on the system (which breaks OpenSSL): for WANTS_RSAREF in "" 1 ; do if test -z "$WANTS_RSAREF" ; then LIBS="$saved_LIBS -lcrypto" else LIBS="$saved_LIBS -lcrypto -lRSAglue

Hello *, sorry if i missed an article which already solves my problem. I need a working configuration of OpenSSH for Solaris 7 (SunOS 5.7) with AFS support. PAM support to use the AFS PAm module `pam_afs.so' and TCP-Wrapper support would be nice. It would be nice to have similar configurations for Solaris 6 (SunOS 5.6), Solaris 8 (SunOS 5.8) and Solaris 2.5.1. I have tested a few

Howdy, The string of notices on BugTraq about RSAref being vulnerable to overflows has me concerned. After trying to sort through all the messages, I can't figure out whether I need to update OpenSSL (a check of their website indicates no new patches), OpenSSH, both, or neither. I am aware there is no known exploit for it yet. I could be a bad boy and just run all

http://bugzilla.mindrot.org/show_bug.cgi?id=416 Summary: problems with sshd starting up and hostkeys Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: Linux Status: NEW Severity: major Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy:

I am working on a proxy which can be hosted on a single IP address and dispatch requests to different backends depending on which hostname the client used to connect to this IP address. Currently such a proxy can be build to support HTTP, HTTPS, SMTP, and DNS. However SSH support is impossible due to the ssh client not sending the information such a proxy would need. I am not the first to want

I have the OpenSSH regression tests hooked up to run in Debian and Ubuntu's "autopkgtest" system, so that they're automatically run on uploads of OpenSSH itself or any of its dependencies. This is especially good for enforcing interoperability between it and other SSH implementations, but it's also pretty good for throwing up occasional extremely-hard-to-debug failures since

Hello. I have been having trouble configuring the source code for the abovementioned. I have to use RSARef as I'm a resident of the USA, so I can avoid patent violation. The configure script fails to see the OpenSSL+RSAref mix on three different platforms, including the following: FreeBSD 4.0-STABLE (Which has its own port, but I wanted to try it there to see if I could reliably reproduce

Hello, OpenSSH supports PKCS#11 on the client side, but that does not extend to the server side. I would like to bring PKCS#11 support to sshd. I am working on embedded Linux systems with integrated HSM. The sshd host key is stored on the HSM. To have sshd using that key, we rely on the following chain: sshd -> OpenSSL -> OpenSSL Engine -> HSM Having PKCS#11 support in sshd, would

This is debugs seen on server, whose keys are not accepted by the client: debug1: Seeding random number generator debug1: sshd version OpenSSH_2.5.2p2 debug1: load_private_key_autodetect: type 0 RSA1 debug1: read SSH2 private key done: name rsa w/o comment success 1 debug1: load_private_key_autodetect: type 1 RSA debug1: read SSH2 private key done: name dsa w/o comment success 1 debug1:

Hi, I tried to compile openssh-2.1.1p4 on a slackware 7.1 (and then on a slackware 7.0). you need to supply -lcrypt because otherwise auth-passwd.c line 135 calls the wrong crypt and sshd will never let you log in. (took a while to figure that out.) I tried './configure --with-libs crypt' but configure doesn't seem to understand me ;) checking host system type... Invalid

Here's a unified diff, proposed by Christos Zoulas (with a little reworking to get the configure.in part a bit cleaner). The main target of the patches are NetBSD compatability, although there are some changes making if (pointer X) into if (X != NULL) as well. Christos also proposed a change to Makefile.in, but I'll send that as a seperate mail. Thanks, David Index: configure.in

Precedence: bulk Hi, I try to connect from a SuSE Linux openssh-2.1.1p1-4 system to a FreeBSD system which runs SSH Version 1.2.27 [i386-unknown-freebsd3.2], protocol version 1.5. Standard version. Does not use RSAREF. Before I switched (at home) to openssh I could use ssh-add, ssh (freebsd), and from there to another server ssh (freebsd2), where (freebsd[2..n]) are n+1 unix systems

Wonder if you guys could help me out...have a security problem with sshd wich enables a user to do a password login tough the sshd_config states PasswordAuthentication no My config works fine in both gentoo and openbsd 3.3 but users are able to login with tunneled clear text passwords in both 4.9 and 5.1 Im lost.tried everything I can think of. Here is the config:

I see that commercial SSH version it is possible to run sshd in SSH1 using DES (i.e, accepting SSH-DES clients). I understand from Damien Miller that Cisco routers also run in only SSH1 DES mode. Is it possible in openSSH to configure sshd (compile-time/runtime) to run sshd in SSH1 or SSH2 mode and accept SSH1 or SSH2 DES clients ? [I would like to be able to run sshd in SSH1/DES mode ] Is