similar to: SSH1 security with Kerb5

Displaying 20 results from an estimated 1000 matches similar to: "SSH1 security with Kerb5"

2002 Jul 31
2
privsep+kerb5+ssh1
please test Olaf Kirch's patch. it looks fine to me, but i don't to K5. i'd like to see this in the next release. thx -m -------------- next part -------------- --- openssh-3.4p1/auth-krb5.c.krb Sun Jun 9 21:41:48 2002 +++ openssh-3.4p1/auth-krb5.c Tue Jul 23 15:15:43 2002 @@ -73,18 +73,17 @@ * from the ticket */ int -auth_krb5(Authctxt *authctxt, krb5_data *auth, char
2001 Feb 15
1
Kerb5 Support?
Hey, I just subscribed to this list, so apologies in advance if this has been asked already (although I haven't found mention in the archives after a cursory search). I notice that there's no Kerb5 support in 2.3.0p1. Is anyone working on getting support in there for v1 and v2 connections, or is this something I'm going to have to do myself? Also, I've just
2001 Jan 09
1
sshd: DES in SSH1 ?
I see that commercial SSH version it is possible to run sshd in SSH1 using DES (i.e, accepting SSH-DES clients). I understand from Damien Miller that Cisco routers also run in only SSH1 DES mode. Is it possible in openSSH to configure sshd (compile-time/runtime) to run sshd in SSH1 or SSH2 mode and accept SSH1 or SSH2 DES clients ? [I would like to be able to run sshd in SSH1/DES mode ] Is
2015 Mar 24
7
FYI: SSH1 now disabled at compile-time by default
Hi, OpenSSH git master now disabled SSH protocol 1 at compile time by default. If you want it back, then you'll need to pass --with-ssh1 to configure before you build. We expect to ship this configuration for openssh-6.9 in a few months. -d
2015 Mar 26
2
FYI: SSH1 now disabled at compile-time by default
No, I just think 15 years or so is more than enough time to have addressed the issue. On Thu, Mar 26, 2015 at 14:05:08 -0700, Dan Kaminsky wrote: > So, this isn't your problem and you don't respect the people's whose > problem it is. > > On Thu, Mar 26, 2015 at 12:43 PM, Iain Morgan <imorgan at nas.nasa.gov> wrote: > > > On Thu, Mar 26, 2015 at 11:55:18
2011 Jan 31
1
Generate SSH1 host key by default?
Hi, the OpenSSH installation script for Cygwin still creates a SSH1 host key by default. My question is, wouldn't it make more sense to drop all auto-generation of SSH1 keys from the default installation procedure? I mean, nobody should use SSH1 anymore, right? Or should the script stick to it for some reason? Corinna -- Corinna Vinschen Cygwin Project Co-Leader Red Hat
2015 Mar 26
4
FYI: SSH1 now disabled at compile-time by default
On Thu, Mar 26, 2015 at 11:55:18 -0700, Dan Kaminsky wrote: > You're right. My argument the is the next build of OpenSSH should be > OpenSSH 7, and the one after that 8, then 9, then 10. No minor releases? > Sure, go ahead. Deprecate the point, > > Do you manage any machines running SSHv1? > If by "running" you mean accepting SSH1, of course not. From a
2015 Mar 26
2
FYI: SSH1 now disabled at compile-time by default
On Thu, Mar 26, 2015 at 10:19:05 -0700, Dan Kaminsky wrote: > Communication is a two way street. If OpenSSH wants to go down the route > of single releases, like the browsers did, it can remove its minor numbers, > like the browsers did. > There's no question of "going down the route." This has been the practice with OpenSSH for many years -- if not from the beginning.
2003 Nov 06
3
SSH1 vs. SSH2 - compression level
Hello, I was searching for this information virtually everywhere, but as I couldn't find it - I'm asking here. I was wondering, why setting the Compression Level was removed in SSH2, and if on, is always set to 6. In SSH1 it was possible to set the Compression Level from 1 to 9. I have made some tests with Compression Levels using scp: SSH1, compression 9 (highest available for
2002 May 15
3
ssh3 with ssh1
On Solaris 8, I have ssh 3.1.0 and on other box Sol 7 I have 1.2.26 (min version for comtable with ssh 3), I checked also /etc/ssh2/sshd2_config file ## SSH1 compatibility # Ssh1Compatibility <set by configure by default> # Sshd1Path <set by configure by default 2) generate key for ssh3 # ssh-keygen2 -P /etc/ssh2/hostkey
2015 Jan 23
9
[Bug 2343] New: test_fuzz.c won't compile if ssh1 support is disabled
https://bugzilla.mindrot.org/show_bug.cgi?id=2343 Bug ID: 2343 Summary: test_fuzz.c won't compile if ssh1 support is disabled Product: Portable OpenSSH Version: 6.7p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: Build system Assignee:
2003 Mar 31
1
resource leak in ssh1 challenge-response authentication
If an ssh1 client initiates challenge-response authentication but does not submit a response to the challenge, and instead switches to some other authentication method, verify_response() will never run, and the kbdint device context will never be freed. In some cases (such as when the FreeBSD PAM authentication code is being used) this may cause a resource leak leading to a denial of service.
2006 Sep 14
6
sshd audit not happy with ssh1 and scp
I think I've found a bug with sshd handling audit events for commands (like scp) over ssh1 connections. Specifically, after updating to a recent FreeBSD 6.x with audit support, I'm getting log messages like these when using scp over ssh1: Sep 12 14:13:16 <auth.info> bm55 sshd[12335]: Accepted rsa for xxx from A.B.C.D port 2981 Sep 12 14:13:16 <auth.crit> bm55 sshd[12335]:
2016 Aug 03
2
Configure option '--with-ssh1' breaks openssh-7.3p1
OK, with this additional information I can now reproduce it. Based on some quick experiments it seems to be triggered when sshd is built --with-ssh1 and the config does not *load* a Protocol 1 host key. Works: Protocol=1,2 + Hostkey not specified Protocol=1,2 + Hostkeys for both protocols specified. Doesn't work: Protocol=2 + Hostkey not specified. Protocol=1,2 + Hostkeys specified only for
2015 Mar 25
3
FYI: SSH1 now disabled at compile-time by default
On Tue, Mar 24, 2015 at 10:37 PM, Dan Kaminsky <dan at doxpara.com> wrote: > On Tuesday, March 24, 2015, Damien Miller <djm at mindrot.org> wrote: > >> On Tue, 24 Mar 2015, Dan Kaminsky wrote: >> >> > Hmm. Feels a little aggressive for ssh client. Support heartily for >> sshd. >> >> People who need it can build their own, or OS vendors
2001 Apr 16
1
openssh-2.3.0p1, Krb5 and rdist
Krb5-authentication and Kerb5-TGT-passing is working well with openssh-2.3.0p1. Question: Is there a solution using rdist -P "/usr/local/bin/ssh" without the need for RhostRSAAuthentication, RSAAuthentication or using the Kerberos r-command set? The objective is to do away with ".rhosts/.shost" and private-key authentication when Kerberos authentication is already in
2002 Jun 27
2
[Bug 297] sshd version 3.3 incompatible with pre-3.3 clients in ssh1 mode
http://bugzilla.mindrot.org/show_bug.cgi?id=297 ------- Additional Comments From mindrot at downhill.at.eu.org 2002-06-28 00:15 ------- OpenSSH >= 3 does not work well with openssl 0.9.5, recompile against 0.9.6 and your Problem is gone (Fetch src.rpm from RH7.3, compile and install it (--nodeps) temporarily, and rebuild ssh with %define static_libcrypto 1 reinstall the old ssl Version
2015 Mar 25
3
FYI: SSH1 now disabled at compile-time by default
On Wed, 2015-03-25 at 18:48 +1100, Damien Miller wrote: > Our ability to influence people who run truly obsolete software is > extremely limited. +1, mostly because those who still use something that outdated in their products are either dead, or simply don't care about their customer's security (which is typical in the embedded devices area). Just by us (or anyone else) saying
2015 Apr 01
2
FYI: SSH1 now disabled at compile-time by default
I mentioned extensions because I had a few and saw them die. the 40-bit ssl is the web interface for power5 (the so-called ASMI https interface). These ports have no access to "outside", on a separate lan segment. my desktop, not acting as router, can connect to non-Natted and NATted segments. re: use of a stunnel - how does this turn 40-bit https into >40-bit https. Sounds like a
2015 Mar 22
5
[Bug 2369] New: `ssh-keygen -A` errors on RSA1 when building with SSH1 disabled
https://bugzilla.mindrot.org/show_bug.cgi?id=2369 Bug ID: 2369 Summary: `ssh-keygen -A` errors on RSA1 when building with SSH1 disabled Product: Portable OpenSSH Version: 6.9p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: ssh-keygen