similar to: Re-using RSA1 keys as RSA

mdb-bsd is a FreeBSD 4.2-STABLE box morpheus is a Red Hat Linux 6.2 box with openssl 0.9.6 on it. Attempts to use SSHv2 fail. Using SSHv1 succeeds. sshd from OpenSSH2.5.1p1 is getting a fatal: xfree: NULL pointer given as argument Full client and server interaction given below. -- Mark Script started on Mon Feb 19 10:47:01 2001 1:mdb at mdb-bsd$ ssh -v -v -v -2 -x morpheus date SSH Version

Anyone ever come across a linux server host key changing with out a reboot, sshd restart, change in negotiating (SSHv1, SSHv2), and different DNS name or IP address? I have a server on RHEL4.4 that changed its host key. Red Hat Enterprise Linux ES release 4 (Nahant Update 4) openssh-server-3.9p1-8.RHEL4.15 2.6.9-42.ELsmp uptime 944 days Started getting the eavesdropping message from a login

Hi, On Fri, Mar 27, 2015 at 12:53:05PM +0100, Hubert Kario wrote: > On Thursday 26 March 2015 11:19:28 Michael Felt wrote: > > Experience: I have some hardware, on an internal network - that only > > supports 40-bit ssl. I am forced to continue to use FF v17 because that was > > the last browser to provide SSL40-bit support. My security is weakened > > because I cannot

Hi, On Fri, Mar 27, 2015 at 02:36:50PM +0100, Hubert Kario wrote: > > Same thing with needing sshv1 to access old network gear where even sshv1 > > was an achievement. "Throw away gear that does its job perfectly well, > > but has no sshv2 for *management*" or "keep around an ssh v1 capable > > client"? > > If you depend on hardware like this,

Hi, I am having a problem on some systems that use RSA1 I am asked for a password even though I am in the authorized_keys file. If I use the "-1" option then I can log in password-free. How can this be enabled as the default? Thanks Andrew

2017-02-05 23:12 GMT+01:00 Michael Stone <mstone at mathom.us>: > > It was probably because of this commit: > > http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd.c.diff?r1=1.472&r2=1.473 > Yes here the combination cr and lf is removed. > Which removed support for protocols older than 2 but perhaps failed to > account for the fact that newline had been

On Fri, 29 Dec 2017, Daniel Kahn Gillmor wrote: > On Thu 2017-12-28 21:31:28 -0800, Dan Mahoney (Gushi) wrote: > > Why not make minimum key length a tunable, just as the other options are? > > Because the goal of building secure software is to make it easy to > answer the question "are you using it securely?" This is a nice summation of our approach. It's the

On Thu, Mar 26, 2015 at 11:55:18 -0700, Dan Kaminsky wrote: > You're right. My argument the is the next build of OpenSSH should be > OpenSSH 7, and the one after that 8, then 9, then 10. No minor releases? > Sure, go ahead. Deprecate the point, > > Do you manage any machines running SSHv1? > If by "running" you mean accepting SSH1, of course not. From a

http://bugzilla.mindrot.org/show_bug.cgi?id=747 Summary: host authentication requires RSA1 keys Product: Portable OpenSSH Version: 3.7.1p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Documentation AssignedTo: openssh-bugs at mindrot.org ReportedBy:

https://bugzilla.mindrot.org/show_bug.cgi?id=2686 Bug ID: 2686 Summary: SSHD segfaults when trying to load RSA1 host keys Product: Portable OpenSSH Version: 7.4p1 Hardware: Other OS: Linux Status: NEW Keywords: patch Severity: enhancement Priority: P5 Component: sshd

http://bugzilla.mindrot.org/show_bug.cgi?id=843 Summary: sshd_config.5: add warning to PasswordAuthentication Product: Portable OpenSSH Version: 3.8p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Documentation AssignedTo: openssh-bugs at mindrot.org

According to documentation for a switch which I'm getting SSH enabled, I need to convert my openssh public key to an ascii string to be compatible with the switch. The switch uses sshV1. Is there a way to do this? I've found nothing in the man pages or FAQ and have tried the -x -X (-i -e) arguments without success but I think they relate to a different translation anyway. Regards Al

Hello, I think I found a problem that should not happen: An OpenSSH client v3.0.2 on Solaris and an OpenSSH server 2.3.0p1 on HP- UX had a problem when authenticating: Password login worked fine, but a password for an existing and configured RSA1 key was never asked, the key never tried. It always fell back to plain password authentication. After fiddling with the client configuration

maybe this is a silly question ;-) But why is it possible to login on a machine with a locked account (passwd -l ) via pubkey-authentication (authorized_keys) ? I use OpenSSH3.01p1on Solaris8 with PAM support so I thought this should not happen. If this is the normal behaviour and built in intentionally what would be the easiest way to lock an account without deleting the users authorized_keys ?

I see that: SSH uses the following ciphers for encryption: Cipher SSH1 SSH2 DES yes no 3DES yes yes IDEA yes no Blowfish yes yes Twofish no yes Arcfour no yes Cast128-cbc no yes Two ques re: sshd: 1) Using openssh, how do I configure which

http://bugzilla.mindrot.org/show_bug.cgi?id=744 Summary: Login Problems Product: Portable OpenSSH Version: 3.7p1 Platform: Sparc OS/Version: All Status: NEW Severity: normal Priority: P2 Component: scp AssignedTo: openssh-bugs at mindrot.org ReportedBy: Frank.Beckmann at vodafone.com

Hi, I encountered the following when i run the below command on my Solaris 8 x86 box: #ssh-keygen -t rsa1 -f /usr/local/etc/ssh_host_key -N "" I got the following error: Segmentation fault - core dumped Does anyone have any idea what is wrong? I am using pre-compiled packages downloaded from sunfreeware.com. Regards, Matthew This communication contains confidential or privileged

https://bugzilla.mindrot.org/show_bug.cgi?id=2513 Bug ID: 2513 Summary: Do not mention rsa1 key type in ssh-keygen usage & in manual pages Product: Portable OpenSSH Version: 7.1p1 Hardware: Other OS: Linux Status: NEW Keywords: patch Severity: enhancement

https://bugzilla.mindrot.org/show_bug.cgi?id=1835 Summary: sftp should fallback to sshv1 if server doesn't support sshv2 Product: Portable OpenSSH Version: 5.6p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sftp AssignedTo:

My two-cents removing v1 from the server - excellent. removing it from the client - admirable, but there are many potential operational concerns as mentioned above. I'll chat a bit about personal experience with removal of something as being "more secure" when it's effect is actually lessen "security" Possible solution - even for beyond ? Create a new client that