Displaying 20 results from an estimated 5000 matches similar to: "[Bug 216] New: ssh-keygen vs. SSH Version 2.0.13 hostkeys"
2012 Dec 27
3
[PATCH] hostfile: list known names (if any) for new hostkeys
When connecting to a host for which there's no known hostkey, check if the
relevant key has been accepted for other hostnames. This is useful when
connecting to a host with a dymamic IP address or multiple names.
---
auth.c | 4 ++--
hostfile.c | 42 ++++++++++++++++++++++++++++--------------
hostfile.h | 8 ++++++--
sshconnect.c | 39 +++++++++++++++++++++++++++++++++------
2002 Apr 15
1
[Bug 216] ssh-keygen vs. SSH Version 2.0.13 hostkeys
http://bugzilla.mindrot.org/show_bug.cgi?id=216
------- Additional Comments From markus at openbsd.org 2002-04-16 02:34 -------
please test against latest snapshot.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
2002 Mar 26
0
[Bug 187] New: ssh-keygen not converting from and to SECSH standard correctly
http://bugzilla.mindrot.org/show_bug.cgi?id=187
Summary: ssh-keygen not converting from and to SECSH standard
correctly
Product: Portable OpenSSH
Version: 3.1p1
Platform: Sparc
OS/Version: Solaris
Status: NEW
Severity: normal
Priority: P2
Component: ssh-keygen
AssignedTo:
2024 Nov 12
3
[PATCH 0/2] Specify signature algorithm during server hostkeys prove
From: Maxime Rey <maximejeanrey at gmail.com>
Hello,
I've discovered an issue with sshd when it's configured to use the SSH agent
alongside multiple host keys. Specifically, this problem happens during the
hostkeys-prove-00 at openssh.com request, when the server attempts to
demonstrate ownership of the host keys by calling the agent.
The issue occurs because, while processing the
2024 Nov 12
0
[PATCH 1/2] Add test to cover multiple server hostkeys with agent
From: Maxime Rey <maximejeanrey at gmail.com>
This tests the hostkey-prove mechanism in sshd when provided with multiple
host keys managed by the agent
---
regress/hostkey-agent.sh | 31 +++++++++++++++++++++++++++++++
1 file changed, 31 insertions(+)
diff --git a/regress/hostkey-agent.sh b/regress/hostkey-agent.sh
index 222d424bd..3fa80655e 100644
--- a/regress/hostkey-agent.sh
+++
2007 Jan 30
3
[Bug 1279] Address- and/or port-specific HostKeys support
http://bugzilla.mindrot.org/show_bug.cgi?id=1279
Summary: Address- and/or port-specific HostKeys support
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P2
Component: sshd
AssignedTo: bitbucket at mindrot.org
ReportedBy:
2002 Jun 05
1
Per-port hostkeys
My apologies if this has been covered already. My search of the archives
was unfruitful.
OpenSSH seems to be lacking a certain capability present in ssh.com's
client; namely, the ability to store remote hostkeys on a per-port basis.
I have various machines that, due to iptables port-forwarding, appear to
be running copies of (open)sshd on multiple ports. "Commercial" ssh
stores
2013 Jul 25
2
[Bug 2131] New: ssh: list known names (if any) for new hostkeys
https://bugzilla.mindrot.org/show_bug.cgi?id=2131
Bug ID: 2131
Summary: ssh: list known names (if any) for new hostkeys
Product: Portable OpenSSH
Version: 6.2p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs at
2002 Jun 27
3
UsePrivilegeSeparation: "fatal: xrealloc: out of memory"
I just upgraded to OpenSSH 3.4p1 from 2.5.2p2 to take advantage of
privilege separation. After installation, when a user tries to login
he gets dropped almost immediately. In the server's
/var/log/messages:
Jun 26 20:15:04 sclp3 sshd[6433]: Accepted password for jason from 128.165.148.66 port 41871 ssh2
Jun 26 20:15:12 sclp3 jason[110]: sshd[6444]: fatal: xrealloc: out of memory (new_size
2013 Jan 16
2
HostKey Management
Hi,
As far as I can tell, when working in an environment with many servers,
there seem to be several ways for your client to authenticate the
HostKeys of each:
1) Set StrictHostKeyChecking=no, and hope you don't get MITM'd the first
time you connect to a server.
2) Use SSHFP records (which generally requires you to have DNSSEC fully
deployed to be meaningful compared to #1, I think?)
2013 Jun 25
1
RFC: encrypted hostkeys patch
Hi,
About a year and a half ago I brought up the topic of encrypted hostkeys
and posted a patch
(http://marc.info/?l=openssh-unix-dev&m=132774431906364&w=2), and while the
general reaction seemed receptive to the idea, a few problems were pointed
out with the implementation (UI issues, ssh-keysign breakage).
I've finally had some spare time in which to get back to this, and I've
2002 Jan 31
7
x509 for hostkeys.
This (very quick) patch allows you to connect with the commercial
ssh.com windows client and use x509 certs for hostkeys. You have
to import your CA cert (ca.crt) in the windows client and certify
your hostkey:
$ cat << 'EOF' > x509v3.cnf
CERTPATHLEN = 1
CERTUSAGE = digitalSignature,keyCertSign
CERTIP = 0.0.0.0
[x509v3_CA]
2015 Feb 21
1
[Bug 2357] New: please add "vhosting" features respectively per-LocalAdress HostKeys/etc.
https://bugzilla.mindrot.org/show_bug.cgi?id=2357
Bug ID: 2357
Summary: please add "vhosting" features respectively
per-LocalAdress HostKeys/etc.
Product: Portable OpenSSH
Version: 6.7p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
2019 Oct 21
2
Multiple Signatures on SSH-Hostkeys
Hello, OpenSSH-wizards.
In our company, we have looked into SSH-HostKey-signing in order to
realize automated access without the need to accept the server's
hostkey, manually.
I got it to work with the HostCertificate-directive inside the
sshd_config.
Now, I was wondering whether it is possible to have multiple
signatures, so I can, for example, sign the hostkey once with a
2024 Oct 28
1
[PATCH] Specify signature algorithm during server hostkeys prove
Hello,
I've found that when using the ssh agent and sshd together, there is an issue
when using multiple host keys. Specifically, after the key exchange phase,
when a client requests proof of ownership for the host keys via the
"hostkeys-prove-00 at openssh.com" request, the server prepares the response
without specifying the signature algoorithm in case of non-RSA keys.
This leads
2020 Apr 26
5
[Bug 3155] New: openssh support hostkey encrypt
https://bugzilla.mindrot.org/show_bug.cgi?id=3155
Bug ID: 3155
Summary: openssh support hostkey encrypt
Product: Portable OpenSSH
Version: 8.2p1
Hardware: ARM64
OS: Linux
Status: NEW
Severity: security
Priority: P5
Component: ssh-keygen
Assignee: unassigned-bugs at mindrot.org
2005 Oct 15
1
help with openssh
Can anybody help me with this : ?
I first generated rsa key with this :
ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
then I went on to generate the DSA key too....(just incase my SSHD does not
like RSA).
ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
and then I ran
root at 00_00_09_PECA_NP1:/usr/bin# sshd -d -d -d -d -d -d -d -d -d
debug3: RNG is ready, skipping seeding
debug2:
2002 Feb 26
2
problem running ssh-keygen in Solaris 8 x86
Hi,
I encountered the following when i run the below command on my Solaris 8 x86
box:
#ssh-keygen -t rsa1 -f /usr/local/etc/ssh_host_key -N ""
I got the following error:
Segmentation fault - core dumped
Does anyone have any idea what is wrong? I am using pre-compiled packages
downloaded from sunfreeware.com.
Regards,
Matthew
This communication contains confidential or privileged
2024 Sep 23
1
[PATCH] sshd: Add pkcs11 support for HostKey.
Hello,
OpenSSH supports PKCS#11 on the client side, but that does not extend to
the server side. I would like to bring PKCS#11 support to sshd.
I am working on embedded Linux systems with integrated HSM. The sshd
host key is stored on the HSM. To have sshd using that key, we rely on
the following chain:
sshd -> OpenSSL -> OpenSSL Engine -> HSM Having
PKCS#11 support in sshd, would
2011 Sep 20
5
Different HostKeys for different hostnames or IPs in the same sshd?..
Hello!
Like many organizations, we have "disaster-recovery" location, where separate
servers are running ready to take up important services should the primary
location fail.
Some of the services provided involve accepting files over scp (and sftp), and
here is the problem... The primary and the secondary hosts use different
host-keys... If the hosts were accessed as