Displaying 20 results from an estimated 1000 matches similar to: "Updated moduli file in OpenSSH 3.8"
2002 Apr 18
1
xxx_kex possible memory leak?
Howdy,
I'm working on porting the portable version of OpenSSH to the Nucleus RTOS.
So far I've had a great deal of success. However, I've run into a possible
memory leak, and I'm not sure whether I need to write my own cleanup
function for it or not. The xxx_kex global (defined in sshd.c) seems to not
get freed. I've had difficulty finding a cleanup routine for it. I've
2005 Feb 07
1
moduli(5) changes
Hi folks,
This applies to src/share/man/man5/moduli.5 in the OpenBSD source
tree, and doesn't seem to apply to the portable OpenSSH, so I've
sent this change here instead of via Bugzilla.
The wording of moduli(5) implies that sshd puts more thought about which
modulus it selects than it really does. The following patch corrects
this.
Simon.
--
Simon Burge
2014 Jan 24
1
Openssh, moduli and ssh-keygen
Hi,
my question is related to the kex algorithm
diffie-hellman-group-exchange-sha256 and moduli generation. I've seen that
through ssh-keygen, I'm able to re-generate my moduli file used by DH but
I'm note sure to understand one point in the ssh-keygen manpage :
"Screened DH groups may be installed in /etc/ssh/moduli. It is important
that this file contains moduli of a range of
2007 Oct 03
4
[Bug 1372] New: sshd(8) and ssh-keygen(1) refer to non-existent moduli(5)
http://bugzilla.mindrot.org/show_bug.cgi?id=1372
Summary: sshd(8) and ssh-keygen(1) refer to non-existent
moduli(5)
Product: Portable OpenSSH
Version: 4.7p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: Documentation
AssignedTo: bitbucket at
2019 Feb 15
4
Can we disable diffie-hellman-group-exchange-sha1 by default?
Also, how are default moduli shipped with OpenSSH for use in
diffie-hellman-group-exchange-sha1/sha256 chosen? Are they chosen
randomly by developers or are they chosen for security properties? If
they are random, why not use moduli from RFC 7919 instead, like
Mozilla recommends?
On Fri, Feb 15, 2019 at 3:48 AM Mark D. Baushke <mdb at juniper.net> wrote:
>
> Yegor Ievlev <koops1997
2007 Mar 01
1
Proposed patch: ssh-keygen allows writing to stdout for moduli generation
Hello all,
I propose the following patch to ssh-keygen.c for openssh version 4.5.
It allows to redirect output of the moduli operations to stdout, to do
something like e.g.:
$ ssh-keygen -G - -b 2048 | ssh-keygen -T - -f - >moduli
Best regards,
Christian
--- ssh/ssh-keygen.c.old 2007-03-01 12:43:06.000000000 +0100
+++ ssh/ssh-keygen.c 2007-03-01 12:47:32.000000000 +0100
@@ -1270,13
2003 Jul 02
2
[Bug 612] moduli.5 documentation doesn't match ssh code (off by 1)
http://bugzilla.mindrot.org/show_bug.cgi?id=612
Summary: moduli.5 documentation doesn't match ssh code (off by 1)
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: All
Status: NEW
Severity: trivial
Priority: P2
Component: sshd
AssignedTo: openssh-bugs at mindrot.org
2016 Mar 30
6
[Bug 2559] New: Warnings from reading moduli file, refer to primes file
https://bugzilla.mindrot.org/show_bug.cgi?id=2559
Bug ID: 2559
Summary: Warnings from reading moduli file, refer to primes
file
Product: Portable OpenSSH
Version: 7.2p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
2016 Sep 11
5
[Bug 2614] New: ssh-keygen: Moduli generation not accepting start line and count options
https://bugzilla.mindrot.org/show_bug.cgi?id=2614
Bug ID: 2614
Summary: ssh-keygen: Moduli generation not accepting start line
and count options
Product: Portable OpenSSH
Version: 7.2p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component:
2014 Sep 16
8
[Bug 2277] New: config: add option to customize moduli file location
https://bugzilla.mindrot.org/show_bug.cgi?id=2277
Bug ID: 2277
Summary: config: add option to customize moduli file location
Product: Portable OpenSSH
Version: 6.6p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee:
2014 Oct 28
22
[Bug 2302] New: ssh (and sshd) should not fall back to deselected KEX algos
https://bugzilla.mindrot.org/show_bug.cgi?id=2302
Bug ID: 2302
Summary: ssh (and sshd) should not fall back to deselected KEX
algos
Product: Portable OpenSSH
Version: 6.7p1
Hardware: All
OS: All
Status: NEW
Severity: security
Priority: P5
Component: ssh
2014 Oct 28
22
[Bug 2302] New: ssh (and sshd) should not fall back to deselected KEX algos
https://bugzilla.mindrot.org/show_bug.cgi?id=2302
Bug ID: 2302
Summary: ssh (and sshd) should not fall back to deselected KEX
algos
Product: Portable OpenSSH
Version: 6.7p1
Hardware: All
OS: All
Status: NEW
Severity: security
Priority: P5
Component: ssh
2011 Sep 16
2
weird make errors on portable snapshots
When doing a make with the portable developer version,
I came across this error:
ssh/ssh_host_ecdsa_key|/opt/etc/ssh_host_ecdsa_key|g' -e
's|/etc/ssh/ssh_host_dsa_key|/opt/etc/ssh_host_dsa_key|g' -e
's|/etc/ssh/ssh_host_rsa_key|/opt/etc/ssh_host_rsa_key|g' -e
's|/var/run/sshd.pid|/var/run/sshd.pid|g' -e
's|/etc/moduli|/opt/etc/moduli|g' -e
2012 Nov 05
2
[Bug 2047] New: Definition of Sophie Germain primes is wrong in manual moduli.5
https://bugzilla.mindrot.org/show_bug.cgi?id=2047
Priority: P5
Bug ID: 2047
Assignee: unassigned-bugs at mindrot.org
Summary: Definition of Sophie Germain primes is wrong in manual
moduli.5
Severity: normal
Classification: Unclassified
OS: Linux
Reporter: plautrba at redhat.com
2002 Nov 11
0
Why is 'moduli' installed where it is?
[ OS: Solaris 2.8 ]
Curious why 'moduli' is installed in the "--sysconfdir' directory?
Isn't this machine-independent and therefore should go in the
"--datadir" directory?
Also, it seems to me that the datadir/sysconfdir/sharedstatedir/
localstatedir would be more useful if they were set up (or further
expanded) to better support packaging of OpenSSH.
For
2019 Feb 15
4
Can we disable diffie-hellman-group-exchange-sha1 by default?
I'm not nearly knowledgeable enough in crypto to fully understand your
answer, but I will try. I wonder why moduli are not automatically
generated the first time sshd is started though. That would make much
more sense than shipping a default moduli file but also asking
everyone to replace it with their own.
On Fri, Feb 15, 2019 at 5:50 AM Mark D. Baushke <mdb at juniper.net> wrote:
>
2015 Jul 01
4
[PATCH 1/1] update error messages about moduli and primes files
From: Christian Hesse <mail at eworm.de>
Both files can be used, so mention both in error messages.
Signed-off-by: Christian Hesse <mail at eworm.de>
---
dh.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/dh.c b/dh.c
index 4c639ac..450f5c4 100644
--- a/dh.c
+++ b/dh.c
@@ -153,8 +153,8 @@ choose_dh(int min, int wantbits, int max)
if ((f =
2019 Feb 15
2
Can we disable diffie-hellman-group-exchange-sha1 by default?
On Fri, 2019-02-15 at 15:57 +1100, Darren Tucker wrote:
> That was the original intent (and it's mentioned in RFC4419) however
> each moduli file we ship (70-80 instances of 6 sizes) takes about 1
> cpu-month to generate on a lowish-power x86-64 machine. Most of it
> is
> parallelizable, but even then it'd likely take a few hours to
> generate
> one of each size. I
2002 Apr 10
1
problem with making solaris package (openssh)
if [ ! -f
/opt/sldx/slwo/openssh-3.1p1/openssh-3.1p1/contrib/solaris/package/usr/local/etc/moduli
]; then \
if [ -f
/opt/sldx/slwo/openssh-3.1p1/openssh-3.1p1/contrib/solaris/package/usr/local/etc/primes
]; then \
echo "moving
/opt/sldx/slwo/openssh-3.1p1/openssh-3.1p1/contrib/solaris/package/usr/local/etc/primes
to /opt/sldx/
2014 Dec 28
2
[Bug 2330] New: Moduli Generation - Generator 3 not possible at all!
https://bugzilla.mindrot.org/show_bug.cgi?id=2330
Bug ID: 2330
Summary: Moduli Generation - Generator 3 not possible at all!
Product: Portable OpenSSH
Version: 6.7p1
Hardware: Other
OS: Other
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh-keygen
Assignee: