similar to: how to specify cipher for ssh client ?

I see that: SSH uses the following ciphers for encryption: Cipher SSH1 SSH2 DES yes no 3DES yes yes IDEA yes no Blowfish yes yes Twofish no yes Arcfour no yes Cast128-cbc no yes Two ques re: sshd: 1) Using openssh, how do I configure which

I get error: %SSHD-3-ERROR: Could not load host key: /tmp/ssh_host_dsa_key: Bad file descriptor Jan 26 23:58:52: %SSHD-6-INFO: Disabling protocol version 2. Could not load host key Everything looks okay, the file exists, (it was generated using command: ssh-keygen -d -f ssh_host_dsa_key -N '') I also do 'ls' and find the file exists with permissions: -rw------- 1 root group

I see that commercial SSH version it is possible to run sshd in SSH1 using DES (i.e, accepting SSH-DES clients). I understand from Damien Miller that Cisco routers also run in only SSH1 DES mode. Is it possible in openSSH to configure sshd (compile-time/runtime) to run sshd in SSH1 or SSH2 mode and accept SSH1 or SSH2 DES clients ? [I would like to be able to run sshd in SSH1/DES mode ] Is

Damien Miller <djm at mindrot.org> wrote: On 29 Dec 2000, sunil vallamkonda wrote: > Hello, > > Looking at: > http://www.openssh.com/features.html > > Under 'Free Licensing' section: > > "any licensed or patented components are chosen from > external libraries (e.g. OpenSSL)" > > Can someone please enlighten me which > components

Hi, Is cipher "3des-ctr" supported by openssh? It is not mentioned in the list of supported ciphers in the man page of ssh_config: Thanks, Sunil Ciphers Specifies the ciphers allowed for protocol version 2 in order of preference. Multiple ciphers must be comma-separated. The supported ciphers are ''3des-cbc'', ''aes128-cbc'',

Looking at openSSH INSTALL: To generate a host key, run "make host-key". Alternately you can do so manually using the following commands: ssh-keygen -b 1024 -f /etc/ssh/ssh_host_key -N "" ssh-keygen -d -f /etc/ssh/ssh_host_dsa_key -N "" But when I try latter, I get: (gdb) n 1 0x35a6 in save_private_key_ssh2 ( filename=0xb2d2c

My question is regarding the possibility of someone wiretapping the communication and repeat the action. What if an intruder notice that there's a secure session starting (by guessing at the dst IP address and unintelligible payload) and then start capturing all the packets on this session for the purpose of repeating the whole session again? The secure user could add/delete interfaces and

This is debugs seen on server, whose keys are not accepted by the client: debug1: Seeding random number generator debug1: sshd version OpenSSH_2.5.2p2 debug1: load_private_key_autodetect: type 0 RSA1 debug1: read SSH2 private key done: name rsa w/o comment success 1 debug1: load_private_key_autodetect: type 1 RSA debug1: read SSH2 private key done: name dsa w/o comment success 1 debug1:

Hello, Looking at: http://www.openssh.com/features.html Under 'Free Licensing' section: "any licensed or patented components are chosen from external libraries (e.g. OpenSSL)" Can someone please enlighten me which components specifically have patent/ licensing restrictions from openSSL that are being used by openSSH ? Are any of these restricted by US export laws ? Thank

Sunil-- Actually, you do not "see that openssl has some patent issues." You do see that OpenSSL implements many algorithms, some of which have been (at various times) been patented or encumbered in some countries. Without knowing what country you're in, none of us here can really give useful advice as to which software/algorithm patents could potentially apply. To the best of my

I hate following up to myself, but I thought a clarification of one point (specifically WRT RC5 which was mentioned in the original question) might be worthwhile...because what I should have said originally was that "To the best of my non-legally- admissible knowledge, however, none of the algorithms in the current *OpenSSH* implementation are currently encumbered by patents that would

Hello, I donot know if this is a bug or a feature or something that I need to configure... I have: RCSID("$OpenBSD: sshd.c,v 1.122 2000/07/11 08:11:34 deraadt Exp $"); I am experiencing a weird symptom when I run sshd on NetBSD1.4.1. When I run sshd -d (debug on), everything is fine. If I run sshd as stand alone (w/o debug on), sshd is in hug state, after following output: server:

I have a question on authentication. In openSSH, how do I enable keys based authentication (RSA) ? (Normally a user creates private/public keys, then puts public key on server under ~/.ssh/xxx ). How can this be achieved using openSSH ? I did not see in doc (may be I missed something..). Is it enough: In sshd_config: RSAAuthentication yes 1) On server, where should the user's public key be

Hello, I see that incase of command execution: :fork()" is called twice, in sshd. Once to spin off child sshd from parenat and second from child sshd, to execute command. Due to this I see 3 processes being created for each connection viz: 16398 0.0 0.3 1284 892 ?? S 4:33PM 0:00.05 sshd:child 16399 0.0 0.1 320 232 p4 Is+ 4:33PM 0:00.06 -sh -c foo_command 16401 0.0

Hello all, I tried to connect to the server that supports protocol 1: # ssh -1 -o "cipher none" remotehost <No valid SSH1 cipher, using 3des instead> As per the code in sshconnect1.c, it has to alert the user about "none" cipher usage. try_challenge_response_authentication() { .... if (options.cipher == SSH_CIPHER_NONE)

We are trying to upgrade from SSH1 to OpenSSH/SSH2. I see that configuration support for "cipher NONE" was removed in OpenSSH. Is there an alternative for this ? We need to move big files (>100Mb) between machines on the Internet. In the past we had used NFS or ftp but want to block those services at one or both ends. Moving them with SSH 1 scp takes quite a bit of CPU effort for

Hi Sunil, I'm looking into this thread now. Does this mean we cannot use FTP option to copy OCFS files to ext3? If so, is there any ftp version available for OCFS, similar to cp --o_direct? Also, is there any version of sync available for OCFS (in normal FS, sync does a refresh of FS from kernel cache so that the FS is consistent). By this can we say that the FS shard by both nodes is

Like tools, the checksum validate function now prints the values in hex. Signed-off-by: Sunil Mushran <sunil.mushran at oracle.com> --- fs/ocfs2/blockcheck.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/ocfs2/blockcheck.c b/fs/ocfs2/blockcheck.c index ec6d123..c7ee03c 100644 --- a/fs/ocfs2/blockcheck.c +++ b/fs/ocfs2/blockcheck.c @@ -439,7 +439,7 @@ int

One line fix from Joel's version. Also, some comments removed. 18:58 <sunil> wc->w_first_new_cpos = 18:58 <sunil> - ocfs2_align_bytes_to_clusters(inode->i_sb, i_size_read(inode)); 18:58 <sunil> + ocfs2_clusters_for_bytes(inode->i_sb, i_size_read(inode));

o2dlm join and leave messages are more than informational as they are required is debugging locking issues. This patch changes them from KERN_INFO to KERN_NOTICE. Signed-off-by: Sunil Mushran <sunil.mushran at oracle.com> --- fs/ocfs2/dlm/dlmdomain.c | 6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) diff --git a/fs/ocfs2/dlm/dlmdomain.c b/fs/ocfs2/dlm/dlmdomain.c index