similar to: protocol 2 performance gain?

I have upgraded my openssh version from 2.2.0.p1 to 3.0.2p1. 3.0.2 was compile on a sunblade 100 running Solaris 8. Is it possible for my to use my existing DSA key? Thanks, David Higdon UNIX System Administrator (503) 450-4800 (Office) (503) 701-5558 (Cell Phone) higdon.david at cnf.com

Has anyone had success with getting /dev/random to work after installing SUNWski? After I install the pkg and start /etc/ init.d/cryptorand, the /dev/random file remains 0 bytes. I am running Solaris 2.8 - David

This is my first time installing ssh and I am getting the following error: $ ssh <hostname> The authenticity of host <hostname> can't be established. RSA key fingerprint is <xxxxxxxxxxxxxxxxxxxxxxxxx>. Are you sure you want to continue connecting (yes/no)? David

Hello OpenSSH developers, openssh 4.2p1 breaks old openssh clients up to 3.4p1 when they try to use compression: # ssh-3.4p1 -C remote-host-with-4.2p1 pwd no matching comp found: client zlib server none,zlib at openssh.com option "-vv" shows ... debug2: kex_parse_kexinit: zlib ... debug2: kex_parse_kexinit: none,zlib at openssh.com ... debug2: mac_init: found hmac-md5 no

On 2020-02-05 at 20:39 -0500, Phil Pennock wrote: > On 2020-02-06 at 10:29 +1100, Damien Miller wrote: > > OpenSSH 8.2p1 is almost ready for release, so we would appreciate testing > > on as many platforms and systems as possible. This is a feature release. > > > * The RFC8332 RSA SHA-2 signature algorithms rsa-sha2-256/512. These > This actually affects me:

To the openssh and sudo developer mailing lists: Ssh has a key agent allowing authentication to remote hosts without entering your password/passphrase again and again, which is very convenient. I think the 'su', 'sudo', and similiar commands could benefit from this idea and mechanism. I don't have the necessary expertise in cryptology to do this myself so I just want to throw

The attached patches fixes and cleans up the build when configured with --without-openssl. Summary: * Fix KEX_SERVER_ENCRYPT macro in myproposal.h * Fix unresolved symbols in ssh-keygen.c * Isolate openssl code and extend WITH_OPENSSL wrappers around it * Make ed25519 default key type in ssh-keygen when configured --without-openssl -------------- next part -------------- A non-text attachment was

https://bugzilla.mindrot.org/show_bug.cgi?id=2466 Bug ID: 2466 Summary: Cipher defines from opensslconf.h Product: Portable OpenSSH Version: 7.1p1 Hardware: All OS: Linux Status: NEW Severity: minor Priority: P5 Component: Miscellaneous Assignee: unassigned-bugs at mindrot.org

Hi there, I noticed that hmac-ripemd160 and hmac-ripemd160 at openssh.com are not listed in the OpenSSH protocols file, yet they are listed in myproposal.h. I was wondering whether this is intentional, if yes, what the rationale behind this is? Thanks, Max

I added ZSTD support to OpenSSH roughly three years ago and I've been playing with it ever since. The nice part is that ZSTD achieves reasonable compression (like zlib) but consumes little CPU so it is unlikely that compression becomes the bottle neck of a transfer. The compression overhead (CPU) is negligible even when uncompressed data is tunneled over the SSH connection (SOCKS proxy, port

From: Sebastian Andrzej Siewior <sebastian at breakpoint.cc> The "zstd at breakpoint.cc" compression algorithm enables ZSTD based compression as defined in RFC8478. The compression is delayed until the server sends the SSH_MSG_USERAUTH_SUCCESS which is the same time as with the "zlib at openssh.com" method. Signed-off-by: Sebastian Andrzej Siewior <sebastian at

> *NOTE* IIRC compiling this with -O0 on x86-64 can yield the wrong result > since clang will emit shifts and on intel shifts are mod the register > size [...snip...] I remember finding the same thing (although I haven't tried it on a recent clang version) and what I wondered was whether there was mileage in having an explicit intrinsic for rotation (like there is for bit counting,

I hacked zstd support into OpenSSH a while ago and just started to clean it up in the recent days. The cleanup includes configuration support among other things that I did not have. During testing I noticed the following differences compared to zlib: - highly interactive shell output (as in refreshed at a _very_ high rate) may result in higher bandwidth compared to zlib. Since zstd is quicker

https://bugzilla.mindrot.org/show_bug.cgi?id=2388 Bug ID: 2388 Summary: build fixups for --without-openssl Product: Portable OpenSSH Version: 6.8p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: Build system Assignee: unassigned-bugs at

Hello, well it''s | Rev: || 11096:745a39c852ab tip 11094:e34042dabbd8 | Auth: dtucker | Date: Tue, 11 Jun 2013 02:10:02 +0000 - (dtucker) [myproposal.h] Make the conditional algorithm support consistent and add some comments so it''s clear what goes where. Note it was still advertised in the 6.3 release notes. Has it been replaced by a git(1) repository? :-))

Dear all, I am currently implementing an experimental key exchange (KEX) algorithm. Unlike current algorithms like DH, mine needs to be able to fail gracefully, and in case of failure, continue with whatever algorithm would have been negotiated if mine was not selected. My strategy for graceful failure is to remove my KEX algorithm from myproposal[KEX_DEFAULT_KEX] and to initiate a new key

If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |

https://bugzilla.mindrot.org/show_bug.cgi?id=1582 Summary: memory leak in do_ssh2_kex() routine (sshd.c) Product: Portable OpenSSH Version: 5.2p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy:

I added ZSTD support to OpenSSH roughly over a year and I've been playing with it ever since. The nice part is that ZSTD achieves reasonable compression (like zlib) but consumes little CPU so it is unlikely that compression becomes the bottle neck of a transfer. The compression overhead (CPU) is negligible even when uncompressed data is tunneled over the SSH connection (SOCKS proxy, port

In sshconnect.c there are two global variables for server_version_string client_version_string. These are used just in a few functions and can easily be passed as parameters. Also, there is a strange construct, where their memory is allocated to the global pointers, then copies of these pointers are assigned to the kex structure. The kex_free finally frees them via cleanup of the kex