Displaying 20 results from an estimated 2000 matches similar to: "Kerberos v5 and GSSAPI support in OpenSSH"
2002 Mar 21
1
GSSAPI/Kerberos support in OpenSSH 3.1p1
I've now completed updating my patches for GSSAPI in protocol v2 to
OpenSSH 3.1p1
See http://www.sxw.org.uk/computing/patches/openssh.html
As previously, you will need to apply the protocol v1 krb5 patch
before the GSSAPI one, and run autoreconf from an autoconf later
than 2.52
There are a number of improvements and minor bug fixes over previous
patches. However, due to protocol changes this
2003 Jun 27
3
Kerberos Support in OpenSSH
Dear Sir and Madam:
I'm writing to you on behalf of the MIT Kerberos team and several
other parties interested in the availability of Kerberos
authentication for the SSH protocol.
We recently noticed that the OpenSSH developers had added support for
the kerberos-2 at ssh.com user authentication mechanism. We are
delighted but we believe additional steps are necessary, as explained
2003 Sep 03
1
value for SSH_MSG_USERAUTH_GSSAPI_ERRTOK
Hi,
i notice in draft-ietf-secsh-gsskeyex-06.txt that the value for
SSH_MSG_USERAUTH_GSSAPI_ERRTOK is not defined. does anyone know what this
should be (i guess *will* be in a future rev)? thanks
glen
2004 May 23
5
OpenSSH v3.8p1 fails to interoperate for GSSAPI (Kerberos) and X-Windows
Versions: openssh-3.8p1-33, heimdal-0.6.1rc3-51, XFree86-4.3.99.902-40,
tk-8.4.6-37, all from SuSE 9.1 (unhacked); back-version peers have
openssh-3.5p1, XFree86-4.3.0-115, etc. from SuSE 8.2.
Symptoms:
1. When the client and server versions are unequal, the Kerberos ticket
is not accepted for authentication. All the clients have
PreferredAuthentications gssapi-with-mic, gssapi, others.
2.
2001 Feb 14
1
Kerberos/GSSAPI support
Hi,
Just wondering if anyone was looking at implementing
draft-ietf-secsh-gsskeyex-00 in OpenSSH?
My patches for SSH version 1 Kerberos 5 support (heavily based upon
work done by Dan Kouril) are now available from
http://www.sxw.org.uk/computing/patches/
Is there any interest in integrating these into the distribution? If so, I'd
be happy to update them to the development version.
Cheers,
2002 May 27
0
GSSAPI patches for OpenSSH 3.2.3p1
The latest version of my patches providing GSSAPI support for OpenSSH
is available from http://www.sxw.org.uk/computing/patches/openssh.html
These patches provide support for authentication mechanisms such as
Kerberos and GSI with version 2 of the SSH protocol. They are
conditionally compliant with draft-ietf-secsh-gsskeyex-03.txt, with
the optional error message passing and host key validation
2002 Jun 27
0
GSSAPI patches for OpenSSH 3.4p1 now available
An updated version of my GSSAPI patches is now available for use with
OpenSSH 3.4p1. This version also includes support for running with privsep
enabled. The patches are available from
http://www.sxw.org.uk/computing/patches/openssh.html
These patches provide support for Kerberos and GSI authentication and
credential passing with version 2 of the SSH protocol. They implement
the protocol
2005 Oct 10
0
[Bug 1100] GSSAPI-with-mic doesn't handle empty usernames
http://bugzilla.mindrot.org/show_bug.cgi?id=1100
Summary: GSSAPI-with-mic doesn't handle empty usernames
Product: Portable OpenSSH
Version: 4.2p1
Platform: Other
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: bitbucket at mindrot.org
ReportedBy:
2004 Mar 01
1
GSSAPI support in 3.8 ?
Hi All,
>From Changelog with 3.8:
"The experimental "gssapi" support has been replaced with the
"gssapi-with-mic" to fix possible MITM attacks.The two versions are not
compatible."
I am using OpenSSH-3.6 with Simon's patch and OpenSSH-3.7 built with GSSAPI
support. The latest version OpenSSH-3.8 is not working with 3.6 or 3.7 with
GSSAPI authentication. I
2003 Aug 22
1
gss userauth (fwd)
what about this? can we do about this if
we break the protocol?
-------------- next part --------------
An embedded message was scrubbed...
From: Love <lha at stacken.kth.se>
Subject: gss userauth
Date: Fri, 22 Aug 2003 16:06:27 +0200
Size: 2878
Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20030822/f7bb85a0/attachment.mht
2003 May 01
2
Kerberos password auth/expiry kbdint patch
I took Markus Friedl's advice and set up a KbdintDevice for Kerberos
password authentication/expiry. It took me a bit to wrap my head
around privsep, but I think it's working properly (code stolen
shamelessly from FBSD's PAM implementation :->).
The hardest part was working out how to get the interaction
between krb5_get_init_creds_password() (along with the prompter)
to work
2004 Jan 22
11
Pending OpenSSH release: contains Kerberos/GSSAPI changes
(I hope this message is appropriate for these lists. If not, please
tell me and I won't do it again.)
Hi All.
There will be a new release of OpenSSH in a couple of weeks. This
release contains Kerberos and GSSAPI related changes that we would like
to get some feedback about (and hopefully address any issues with)
before the release.
I encourage anyone with an interest in
2005 May 19
1
ssh-keygen private keys export - new feature
Hello,
I had some difficulties in order to convert private keys between different
implementations of SSH.
So, I wrote the following patch to allow export of SSH2 RSA and DSA private
keys into IETF SECSH format.
Note that I also slightly revised the IETF SECSH key import code.
Usage: use of the "-e" option on a private key file generates an unencrypted
private key file in IETF SECSH
2009 Sep 08
3
OpenSSH and keystroke timings
Old news, but ... http://lwn.net/Articles/298833/
I first posted about this back in 2001 and it's still not resolved:
http://osdir.com/ml/ietf.secsh/2001-09/msg00000.html
1) high latency networks are a reality that will never go away. In fact they
will only become more prevalent since distributed networks continue to grow
broader but (surprise) the speed of light remains a constant.
2)
2007 May 07
2
[PATCH] Adds support for SSH_FXP_LINK request to sftp-server and sftp client
Dear list,
Attached is a patch that adds support for the SSH_FXP_LINK request, as
described in draft-ietf-secsh-filexfer-07 onwards, to the sftp server
and client. It is for and has been tested on the current portable
snapshot but also applies to openbsd CVS.
Thanks,
--
Peter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openssh-sftp-hardlink-pcvs-v2.patch
2018 Dec 28
19
[Bug 2948] New: implement "copy-data" sftp extension
https://bugzilla.mindrot.org/show_bug.cgi?id=2948
Bug ID: 2948
Summary: implement "copy-data" sftp extension
Product: Portable OpenSSH
Version: -current
Hardware: All
URL: https://tools.ietf.org/html/draft-ietf-secsh-filexfer-
extensions-00#section-7
OS: All
Status: NEW
2002 Mar 15
1
Key Pair Conversion Openssh => SSH2
On Thu, Mar 14, 2002 at 12:12:20PM -0800, Bob Smith wrote:
> i find it amusing that the OpenBSD web site states on the main index page
> "Our efforts emphasize portability, standardization,...." but by not
> following standards like secsh's key format you're failing according to
> your own goals.
This is not exactly the truth.
You have to consider your user base
2023 Mar 10
1
OpenSSH FIPS support
Hi Joel,
Joel GUITTET wrote:
> Hi,
> We currently work on a project that require SSH server with FIPS and using OpenSSL v3.
There is no way to work with OpenSSL v3 due to many reasons.
If you like to get FIPS capable secsh implementation compatible with OpenSSL FIPS validated modules 1.2 and 2.0 , RedHat ES, or Oracle Solaris you could use PKIX-SSH.
Regards,
Roumen Petrov
--
Advanced
2001 May 25
1
sftp transfer status feedback?
>Is there a simple way to achieve this behavior? Is there a document on
>the sftp protocol somewhere?
http://search.ietf.org/internet-drafts/draft-ietf-secsh-filexfer-00.txt
--
Darren J Moffat
2005 Jun 16
1
Bug report: first_kex_packet_follows behaviour seems wrong
Hello,
It seems to me the algorithm negotiation of the transport layer has a bug,
it does not follow the specification of draft-ietf-secsh-transport-24, page
19, where the behaviour of first_kex_packet_follows is specified.
I've got an ssh client that sends an SSH_MSG_KEXINIT message and specifies
only 'diffie-hellman-group1-sha1' as key exchange algorithm. It sets