Displaying 20 results from an estimated 10000 matches similar to: "Potential SSH2 exploit"
2020 Sep 16
2
ssh-ed25519 and ecdsa-sha2-nistp256 host keys
Hello.
I am running OpenSSH 7.9p1 on my client and server. ssh-keyscan shows
the server has ssh-rsa, ssh-ed25519, and ecdsa-sha2-nistp256 host
keys. My /etc/ssh/ssh_known_hosts file contains the server's
ssh-ed25519 host key. When I try to SSH to the server I get this
error:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!
2009 Sep 07
6
Question about Server Authentication
Hi guys,
I'm working on a project which concern SSH and there is something i don't understand about server authentication. So I explain my problem:
- When you authorize only RSA keys in the sshd_config on the server, you need to have the RSA public key of this server in the known_hosts file of the client. This is absolutely normal.
- When you authorize only DSA keys in the sshd_config
2001 Oct 29
5
HostbasedAuthentication problem
I'm trying to use HostbasedAuthentication. Running ssh -v -v -v user at host
the following error occurs:
debug3: authmethod_is_enabled hostbased
debug1: next auth method to try is hostbased
debug2: userauth_hostbased: chost <host>
debug2: we did not send a packet, disable method
What does this mean ? I enabled HostbasedAuthentication in
/etc/ssh/ssh_config and as it looks, this setting
2003 May 07
1
Manual Page for ssh_config
Hello,
I am using OpenSSH on a FreeBSD box
(OpenSSH_3.5p1 FreeBSD-20030201, SSH protocols 1.5/2.0, OpenSSL 0x0090701f)
and I noticed that the manual page for ssh_config probably needs to be
fixed. The manual page says that the default value for the parameter
HostKeyAlgorithms is "ssh-rsa,ssh-dss" but that seems to be wrong,
because ssh only uses RSA-Keys in my .ssh/known_hosts if I
2024 Jun 18
1
Call for testing: openssh-9.8
On 18.06.24 13:36, Stuart Henderson wrote:
> Not sure whether anything should be done with it, but I noticed so
> thought I'd mention: if you pass ssh-keygen -R a known_hosts file with
> DSA sigs, you get "invalid line" warnings.
Out of interest, did you, perchance, try running an ssh-keygen -l on a
DSA-infested file?
(I added a bit of extra IDS to our monitoring that
2015 Apr 22
2
shared private key
Hi SSH-devs,
This may be a bit off topic for this list, but....
Would it be ok to share a private key in an installer script so long
as the corresponding public key is setup like this...
command="cat ~/.ssh/id_rsa.pub" ssh-rsa AAAA...
I'm looking for a secure way to get a user to share their public key
through SSH which can be invoked from an installer on another
host...for
2020 Sep 16
2
ssh-ed25519 and ecdsa-sha2-nistp256 host keys
Here you go:
OpenSSH_7.9p1, OpenSSL 1.1.1d 10 Sep 2019
debug1: Reading configuration data /home/ryantm/.ssh/config
debug1: /home/ryantm/.ssh/config line 4: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 13: Applying options for *
debug2: resolving "{REDACTED}" port 22
debug2: ssh_connect_direct
debug1: Connecting to
2017 Jan 28
3
known_hosts question for Ubuntu Server 14.04 and 16.04 LTS
Hello & thanks for reading.
I'm having a problem configuring known_hosts from scripts so an accept
key yes/no prompt doesn't appear.
I'm using this command to detect if the server is known and add it to
known_hosts:
if ! ssh-keygen -F ${IP_ADDR} -f ~/.ssh/known_hosts > /dev/null 2>&1; t
hen ssh-keyscan -p ${PORT} ${IP_ADDR} >> ~/.ssh/known_hosts; fi
This works
2010 Jun 06
19
Collecting _all_ ssh keys
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hello,
I read and find a way (well, there seems to be several equal
implementations) to collect the ssh keys of machines. However they all
give only the choice to choose between the key formats.
But is there a way to collect both keys of a machine, the rsa _and_ the
dss key (and maybe the rsa1 too)? I didn''t find a way to solve this as
2020 Feb 06
3
Call for testing: OpenSSH 8.2
On 2020-02-05 at 20:39 -0500, Phil Pennock wrote:
> On 2020-02-06 at 10:29 +1100, Damien Miller wrote:
> > OpenSSH 8.2p1 is almost ready for release, so we would appreciate testing
> > on as many platforms and systems as possible. This is a feature release.
>
> > * The RFC8332 RSA SHA-2 signature algorithms rsa-sha2-256/512. These
> This actually affects me:
2003 Oct 20
12
[Bug 747] host authentication requires RSA1 keys
http://bugzilla.mindrot.org/show_bug.cgi?id=747
Summary: host authentication requires RSA1 keys
Product: Portable OpenSSH
Version: 3.7.1p1
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Documentation
AssignedTo: openssh-bugs at mindrot.org
ReportedBy:
2020 Oct 30
3
[Bug 3226] New: Feature request: Prempt fingerprint prompt when connecting to new server
https://bugzilla.mindrot.org/show_bug.cgi?id=3226
Bug ID: 3226
Summary: Feature request: Prempt fingerprint prompt when
connecting to new server
Product: Portable OpenSSH
Version: 8.4p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component:
2002 Dec 20
3
Bad packet length problem with "aes128-cbc" and openssh3.1p1
Hi,
I am trying to run openssh 3.1p1. But it is giving "Bad packet length" error
when I run sshd with default config file. On further investigation I found
that the error is coming only for the cipher algorithm "aes128-cbc". Also
the error comes only when I don't specify any protocol file
(/usr/local/etc/ssh_host_[rd]sa_key) or specify only "protocol 2" files.
I
2015 May 23
2
X11 forwarding not working.
Hi!
I'm having a difficult time getting X11 forwarding to work.
Since I've read the docs completely about this, this must be an SSH bug
which is likely because I'm using Gentoo as the SSH server.
When trying to forward X11 connections, I get
X11 connection rejected because of wrong authentication.
kwrite: cannot connect to X server XXXXXXXXX:10.0
Using command
ssh -Y -p 1111 -4
2013 Dec 11
4
OpenSSH 6.3p1 Smartcard-Support
Hi there,
has anybody managed to get the eToken Pro Anywhere work with SSH? I'm using the latest SafeNetAuthentication drivers available for Ubuntu 64bit (8.3) and everything is working just fine except for ssh. I can use the eToken for logging in, openvpn, rdestkop, etc. but it seems ssh does not recognize the device properly. The command "ssh -I /usr/lib/libeToken.so.8 user at
2001 Nov 06
13
OpenSSH 3.0
OpenSSH 3.0 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.
This release contains many portability bug-fixes (listed in the
ChangeLog) as well as several new features (listed below).
We would like to thank the
2015 Oct 12
2
ssh-keyscan non-standard port broken
Hello,
If one passes the -p option for a non-standard port to ssh-keyscan when
using the -f option to pull hosts from a file, it results in a
known_hosts entry that is incorrect:
micah at muck$ cat /tmp/try
199.254.238.47 micah.riseup.net,199.254.238.47
ssh-keyscan -t rsa -p 4422 -f /tmp/try > /tmp/known
micah at muck$ cat /tmp/known
[micah.riseup.net,199.254.238.47]:4422 ssh-rsa
2015 Jul 29
3
Updating from 6.6 - 6.9 SSH
No I'm referring to "sshd -ddd" (preferrable on a high port like -p
8080 so you don't break your current ability to connect to the
machine). As clearly the server is rejecting it. And only the server
side debug can tell us that.
- Ben
Nick Stanoszek wrote:
> I am using an AWS ubuntu 14.04 server...is that what you are asking?
>
> On Tue, Jul 28, 2015 at 10:00 PM,
2003 Jun 10
2
SecurID authentication for 3.6.1p2 with privsep
Hello all,
I have made SecurID authentication for OpenSSH 3.6.1p2.
This patch was totaly rewritten, so please test it before use.
Kbd-int authentication is now integrated into challenge response
auth.
Privsep is now fully suported.
PS: What do you think of selective access to the individual
authentications, similar to AllowGroups/DenyGroups or maybe
AllowUsers/DenyUsers ?
Vaclav Tomec
2016 Oct 24
2
SSH fail to login due to hang over after authenticated.
Hi OpenSSH,
I encountered that SSH will hang over after I input the password.
Could you help show me how to resolve this problem? Thanks for your
help.
Please find the ssh debug info and my ssh version as below.
$ ssh -vvv user1 at remote_host
OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data /Users/user1/.ssh/config
debug1: /Users/user1/.ssh/config line 36: Applying options for