similar to: Weird problems on solaris 7 & 8

Hi, Is there any way to store HostKey in hardware (and delegate the related processing)? I have been using Roumen Petrov's x509 patch for clients, which works via an OpenSSL engine, but it does not seem to support server HostKey: http://roumenpetrov.info/pipermail/ssh_x509_roumenpetrov.info/2012q4/000019.html For PKCS#11, I have found an email on this list from a year back suggesting this

Hi, Has anybody produced diffs for openssh-2.3.0p1 for the rsa keyexchange problem that Core-SDI described ? ( I noticed that fix is already in openbsd tree ). -Jarno -- Jarno Huuskonen - System Administrator | Jarno.Huuskonen at uku.fi University of Kuopio - Computer Center | Work: +358 17 162822 PO BOX 1627, 70211 Kuopio, Finland | Mobile: +358 40 5388169

Below is a patch against the current OpenBSD OpenSSH CVS to workaround a behavior I have observed when converting from SSH 1.2.27 to OpenSSH while using the same old RSA1 host key for protocol 1. In several cases I saw that old SSH sshd reported a host key size of 1024 bits when OpenSSH saw it as 1023 bits. Without the patch, when OpenSSH's ssh client connects to an old SSH sshd it warns

../openssh-3.1p1/configure --host=mips-linux --build=i686-linux --with-pam does not work. It selects the correct toolchain prefix, but the configure script bails on cross-compilation. Attached is a patch that *might* make the right paranoid assumptions, but I am not positive. -- bryan --- configure.ac.orig Tue Feb 26 22:12:35 2002 +++ configure.ac Wed Mar 27 14:28:02 2002 @@ -437,20 +437,6

Hello everyone and Timo in particular, about a year ago I implemented a SHA-1 variant of the HMAC(-MD5) present in Dovecot. I had always disliked this a bit, because it replicates a lot of code. This patch generalizes the HMAC function to take a hash_method struct as parameter, and changes existing code which uses the "old" HMAC function to use this new one. I'm not really sure

We've run into an interesting dilemma regarding last log information and ssh 4.2p1. In 3.8, we didn't see this problem, but now has cropped up in 4.2. When a user logs in, sshd seems to call 'last' to get the last log information. 'last' then opens the /var/log/wtmp file and processes the information. On some systems, this file can be quite large, and we're seeing

Hello, attached is an hg export on top of the current dovecot-2.2 branch, which adds support for a SCRAM-SHA-1 password scheme. Ideally I'd want doveadm pw's rounds flag to apply to this, but that's currently specific to the crypt password scheme, so I left it out for now. Regards, Florian Zeitz -------------- next part -------------- # HG changeset patch # User Florian Zeitz

Hi. Several OSes have a getpgrp() function that takes an argument, unlike what POSIX mandates. NeXT was covered, but SunOS wasn't. This provides a generic solution through autoconf. Charles ======================================================================== --- configure.in.orig-2.2.0p1 Wed Aug 30 18:20:05 2000 +++ configure.in Tue Sep 5 10:48:20 2000 @@ -284,6 +284,8 @@ ) fi

In the current implementation, ssh always uses the hostname supplied by the user directly for the SSHFP DNS record lookup. This causes problems when using the domain search path, e.g. I have "search example.com" in my resolv.conf and then do a "ssh host", I will connect to host.example.com, but ssh will query the DNS for an SSHFP record of "host.", not

http://bugzilla.mindrot.org/show_bug.cgi?id=321 Summary: configure does not work when cross compiling Product: Portable OpenSSH Version: -current Platform: MIPS OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: openssh-unix-dev at mindrot.org

Dear OpenSSH developers, I've worked this week on an alternative key exchange mechanism, in reaction to the whole NSA leaks and claims over cryptographic backdoors and/or cracking advances. The key exchange is in my opinion the most critical defense against passive eavesdropping attacks. I believe Curve25519 from DJB can give users a secure alternative to classical Diffie-Hellman (with fixed

I'm trying to understand the rational behind the arc4random() and arc4random_stir() functions in the OpenSSH source tree. On a system that has a good random number generator, say an in kernel /dev/random what extra functionality is this stuff providing ? Would it be acceptable to replace the calls to arc4random() with reading from /dev/random and drop the arc4random_stir() all together ?

Hi, About a year and a half ago I brought up the topic of encrypted hostkeys and posted a patch (http://marc.info/?l=openssh-unix-dev&m=132774431906364&w=2), and while the general reaction seemed receptive to the idea, a few problems were pointed out with the implementation (UI issues, ssh-keysign breakage). I've finally had some spare time in which to get back to this, and I've

Hi, Yesterday I tried to replace the system openssl in a gentoo system with libressl. With openssh an interesting issue popped up: * RAND_bytes in libressl calls arc4random * arc4random is a compat function both in openssh and libressl * arc4random from openssh uses RAND_bytes So what's happening is a recursion. arc4random wants to use RAND_bytes and RAND_bytes wants to use arc4random. The

Hi folks, here're some quick+dirty fixes to allow sysroot'ed crosscompiling. probably not yet very clean, but seems to work. cu -- --------------------------------------------------------------------- Enrico Weigelt == metux IT service phone: +49 36207 519931 www: http://www.metux.de/ fax: +49 36207 519932 email: contact at metux.de

I'm trying to replace some sshv1 clients and servers in a modular way, and the "Server Lies" warning (when the server says the key has one more bit than it really has) is causing heartache. Per the FAQ, this is relatively benign. Here's a patch that allows an admin or user to disable the warning. - Morty diff -Nur openssh-3.7.1p2/readconf.c

http://bugzilla.mindrot.org/show_bug.cgi?id=1133 Summary: configure.ac sets wrong BROKEN_ var (snprintf/vsnprintf) Product: Portable OpenSSH Version: -current Platform: HPPA OS/Version: HP-UX Status: NEW Severity: major Priority: P2 Component: Build system AssignedTo: bitbucket at mindrot.org

Hello, Due to patent concerns, I compiled a version of openssl with the no-rsa, no-idea, no-rc5 options. I was able to then take this compile of openssl, with the standard openssh-2.1.0 rpms and run it on another machine. Most things seemed to work fine, except I was unable to ssh into the machine. After applying the following patch to the sshd code, a quick test with an ssh session worked:

On a plain vanilla Solaris 8 install, the man page source WILL NOT generate readable manpages. It just ends up as one big paragraph. I've been using the cat pages as a workaround, but it would be nice if the man pages would format with nroff -man --jeh Asst. Systems Administrator Research Computing Systems UW Electrical Engineering

Howdy. I'm trying to get OpenSSH to work on Mac OS X which is basically BSD unix. I'm getting segfaults connecting to SSH1 servers (I have no SSH2 servers to test against so I'm not sure if it's common). I've followed the instructions on compiling at http://www.stepwise.com/Articles/Workbench/2001-03-21.01.html which essentially amount to ./configure