similar to: Any Crypto Types Around?

The defaults for HostKeyAlgorithms option are: ecdsa-sha2-nistp256-cert-v01 at openssh.com, ecdsa-sha2-nistp384-cert-v01 at openssh.com, ecdsa-sha2-nistp521-cert-v01 at openssh.com, ssh-ed25519-cert-v01 at openssh.com, ssh-rsa-cert-v01 at openssh.com, ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, ssh-ed25519,ssh-rsa Why does OpenSSH prefer older and less secure

Am Di, 20. Feb 2018, 23:13:16 -0800 schrieb Dan Kaminsky: > Date: Tue, 20 Feb 2018 23:13:16 -0800 > From: Dan Kaminsky <dan at doxpara.com> > To: J? Fahlke <jorrit at jorrit.de> > Cc: openssh-unix-dev at mindrot.org > Subject: Re: Is there socksify script for dynamics forwardings to unix > domain sockets? > > Whoa. That's pretty cool. > >

I'm using OpenSSH's ssh and scp to back up some remote machines, roughly as follows : ssh remote-host "tar up a few dirs" scp remote-host:tarfile local-repository On the whole, as I'd expect, this works just fine. But .. sometimes the link is a bit dodgey (for lack of a more explicit term, this being a polite list :) ) Can anyone tell me how ssh and scp timeout and retry,

We are using openssh with backup software to transport data back and force between clients and backup server. Common sense and some testing suggest that the data transfer rate is significantly slower when the ssh native encryption is used. For the backup applications it's probably OK to use ssh without encryption. Unfortunately, it looks like the recent versions including 3.0.2p1 do not

Hello, I'm trying to find very indepth documentation of OpenSSH, so far I have found nothing of much use, if anyone could direct me to some advance texts on openssh it would be greatly appreciated.

On Tue, 24 Mar 2015, Dan Kaminsky wrote: > Hmm. Feels a little aggressive for ssh client. Support heartily for sshd. People who need it can build their own, or OS vendors might supply a non-default v.1 capable client binary themselves. IMO it's time to apply some selection pressure to a protocol that can't be secured. -d

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> <br> </div> <blockquote type="cite"> <div> On 18/03/2020 00:06 Rupert Gallagher <ruga@protonmail.com> wrote: </div> <div> <br> </div> <div> <br>

Was there any reason for this message to be HTML-only? On Wed, Mar 18, 2020 at 07:13:12AM +0200, Aki Tuomi wrote: > <!doctype html> > <html> > <head> > <meta charset="UTF-8"> > </head> > <body> > <div> > <br> > </div> > <blockquote type="cite"> > <div> >

It is nice to see that the development of openssh suddenly seems to have a boost of activity. However I am fairly dissapointed to see that nobody is actually trying to fix the ssh hanging problem which I am mainly seeing on Solaris and AIX in conjunction with rsync. Has anybody from the development team got an ETA of the official fix for this problem? Regards Hubba

Perhaps someone will help me on this :- I have read a lot of examples of syn flood protect on the INPUT chain. That I have no question at all. I wonder if it make sense to perform syn flood protection at the FORWARD chain ? If packets are originated from a LAN worm, and are not targetted at the firewall itself, but rather at hosts in the internet, will it cause problem with the firewall itself,

That's a good point. DHCP allows you to set DNS search parameters. So as long as each location sets different search, "ssh fishbowl" will in fact resolve to the proper local FQDN. On Monday, December 22, 2014, Nico Kadel-Garcia <nkadel at gmail.com> wrote: > On Mon, Dec 22, 2014 at 4:26 AM, martin f krafft <madduck at madduck.net > <javascript:;>> wrote:

Dear all, I am a new member to the list - and to the analysis that I am attempting. I have the following case A group of us have been monitoring (over a period of a few years) a number of paired plots that were flooded and / or burnt. The plots are located in two topographical settings, some were burnt, some were flooded, some were burnt & flooded and some were not affected at all. At

Protocols and ciphers are sunsetted all the time, this is a regular thing, but there are announcements before breaking changes are inserted. You assume people are slow to update anyway; some are, some aren't, what you're doing is wildly rewarding the slow updaters and punishing the fast ones. That has negative effects elsewhere. What would it hurt to announce the release in 3-6 months

Hi, I have noticed the 'ssl_cipher_list' directive in the 1.0-test snapshots which is not in 0.99. It's default value seems to be "all:!low". However, this would not be compatible with openssl's cipher listing format. Thus, I would vote to change it's format to be openssl compatible. To be compatible, it has to be changed to "ALL:!LOW" (just upercased in

Dear libvirt team, we a currently in a pci-dss certification process and our security scanner found weak ciphers in the vlc_tls service on our centos6 box: When I scan using sslscan I can see that sslv3 and rc4 is accepted: inf0rmix@tardis:~$ sslscan myhost:16514 | grep Accepted Accepted SSLv3 256 bits DHE-RSA-AES256-SHA Accepted SSLv3 256 bits AES256-SHA Accepted SSLv3 128

> On April 27, 2017 at 8:12 AM Poliman - Serwis <serwis at poliman.pl> wrote: > > > Hi, > To default dovecot.conf file I added (based on found documentation): > ssl = required > disable_plaintext_auth = yes #change default 'no' to 'yes' > ssl_prefer_server_ciphers = yes > ssl_options = no_compression > ssl_dh_parameters_length = 2048 >

my ERROR.log show: [2020-06-28 07:54:24] INFO main/main.c Icecast 2.4.4 server started [2020-06-28 07:54:24] DBUG yp/yp.c Updating YP configuration [2020-06-28 07:54:24] INFO yp/yp.c YP update thread started [2020-06-28 07:54:24] INFO connection/connection.c SSL certificate found at icecast.pem [2020-06-28 07:54:24] INFO connection/connection.c SSL using ciphers

Running a pretty basic setup of imap +pop3 on version 2.1.10 Users are able to create folders in imap that contain "&" the folder on the backend reflects "&-" as it should, you can list folder, but then when you relog into imap then decides it can no longer subscribe to this folder due to invalid UTF characters. Essentially allowing users to lock themselves out by

> On April 27, 2017 at 10:55 AM Poliman - Serwis <serwis at poliman.pl> wrote: > > > Thank You for answers. But: > 1. How should be properly configured ssl_cipher_list? ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH To disable non-EC DH, use: ssl_cipher_list =

ml at ruggedinbox.com writes: > Our smtp server is postfix, can you please suggest a better > 'ssl_protocols' and 'ssl_cipher_list' configuration ? > We are running Debian 7 Wheezy A useful command to know is "openssl ciphers" run on the server that will tell you the ciphers available given a protocol and cipher list spec. If it comes out to empty, your client