similar to: Compiling 3.8p1 on AIX with IBM OpenSSL RPMs

> Portable OpenSSH is also available via [...] Github: https://github.com/openssh/openssh-portable > > Running the regression tests supplied with Portable OpenSSH does not require installation and is a simply: > > $ ./configure && make tests I was going to try this on Kali Linux (latest version), but ran into trouble right away. No "configure" script exists

Hello All. Portable OpenSSH version 3.8.1p1 nearing release. This is primarily a bug fix release and we're asking for interested parties to try a snapshot [1]. A reminder: we rely on community feedback to find out about problems, particularly as there are many platforms any configurations that we don't have access to and can't test. In most cases, running the built-in tests is

Hi, In a recent security review some systems I manage were flagged due to supporting "weak" ciphers, specifically the ones listed below. So first question is are people generally modifying the list of ciphers supported by the ssh client and sshd? On CentOS 6 currently it looks like if I remove all the ciphers they are concerned about then I am left with Ciphers

Hi, I'm having a problem when I add "HostKeyAlgorithms +ssh-dss" to the ssh_config file the host key will always negotiate to a wrong one. In my case it will negotiate to "ecdsa-sha2-nistp256". The client was already configured with the servers rsa public key, before the change I added to the ssh_config file I could see from the debug that server and client will negotiate

Ok.. I'm starting official testing calls early this release. I'd like to have more feedback and more time for handling fixes. If people could test snapshots (http://www.openssh.org/portable.html, pick your favorate mirror and select snapshots directory) and report failures it would be useful. For those with pmake install there is regress/ which you can try out. It may help any platform

https://bugzilla.mindrot.org/show_bug.cgi?id=2729 Bug ID: 2729 Summary: Can connect with MAC hmac-sha1 even though it's not configured on the server Product: Portable OpenSSH Version: 7.5p1 Hardware: All OS: Linux Status: NEW Severity: security Priority: P5

Hello, I'm looking for your insight about the log below. We have an SFTP server (IBM Sterling File Gateway) and we're connecting from an OpenSSH SFTP client but something fails during KEX. Complete client-side debug output is below, but I believe the relevant part is: debug1: kex: server->client cipher: aes192-cbc MAC: hmac-sha1 compression: none debug1: kex: client->server

Darren Tucker <dtucker at zip.com.au> writes: > On Tue, Nov 8, 2016 at 1:02 PM, Harry Putnam <reader at newsguy.com> wrote: > [...] >> gv harry> ssh -vv 2x >> >> OpenSSH_7.3p1-hpn14v11, OpenSSL 1.0.2j 26 Sep 2016 > > this is a third-party modified version of OpenSSH. Can you reproduce > the problem with a stock OpenSSH from the source from

After upgrading a Linux system from OpenSSH 6.7 to 6.9, Cisco switches/routers can no longer scp config files to/from the system. The last debug entry before the Cisco device closes the connection is "debug1: server_input_channel_open: confirm session". The next line is "Connection closed by x.x.x.x". Anyone else seen this or know of a fix? The Cisco device gives

Why are legacy MACs (like md5-96), and legacy Ciphers (anything in cbc-mode, arcfour*(?)) enabled by default? My proposal would be to change the defaults for ssh_config and sshd_config to contain: MACs hmac-sha2-256,hmac-sha2-512,hmac-sha1 Ciphers aes128-ctr,aes192-ctr,aes256-ctr ...removing md5, truncated versions of sha1, umac64 (for which I can find barely any review), any cipher in cbc

On 25.01.24 14:09, Kaushal Shriyan wrote: > I am running the below servers on Red Hat Enterprise Linux release 8.7 > How do I enable strong KexAlgorithms, Ciphers and MACs On RHEL 8, you need to be aware that there are "crypto policies" modifying sshd's behaviour, and it would likely be the *preferred* method to inject your intended config changes *there* (unless they

Hi, Sorry to bother you on this mailing list, however I tried everything else and I am desperate to get this running. Please send me any hints you can think of. I have installed openssh-3.7.1p2 on a ppc target and trying to connect to an sshd running on a redhat 9 with openssh-3.5p1. I keep getting the error "Disconnecting: Corrupted check bytes on input" no matter what I tried. I

Get the following error: root at x065:[/data/prj/openbsd/openssh/openssh-7.7p1/openbsd-compat]make ??????? xlc_r -I/opt/include -O2 -qmaxmem=-1 -qarch=pwr5 -q64 -I. -I.. -I../../src/openssh-7.7p1/openbsd-compat -I../../src/openssh-7.7p1/openbsd-compat/.. -I/opt/include -DHAVE_CONFIG_H -c ../../src/openssh-7.7p1/openbsd-compat/strndup.c

https://bugzilla.mindrot.org/show_bug.cgi?id=2727 Bug ID: 2727 Summary: ssh_dispatch_run_fatal: Connection to 127.0.0.1 port 8002: message authentication code incorrect Product: Portable OpenSSH Version: 7.5p1 Hardware: ix86 OS: Linux Status: NEW Severity: major Priority: P5

https://bugzilla.mindrot.org/show_bug.cgi?id=2089 Bug ID: 2089 Summary: filter out bad host key algorithms Classification: Unclassified Product: Portable OpenSSH Version: 6.1p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: Miscellaneous

On 23/04/2018 11:49, Michael Felt wrote: > On 21/04/2018 16:21, Michael Felt wrote: > > > Question: I have not dug into the tests yet. Will copy to a "local" > directory, and not build out of tree and see if that fixes it (as it > does for many other packages). However, just in case it does not - how > can I fast-forward the tests to the "agent" tests?

Hi All. OpenSSH 4.1 will be released in the next couple of weeks and we invite interested parties to test a snapshot. The changes since 4.0 are mostly bugfixes, for a detailed list see http://bugzilla.mindrot.org/show_bug.cgi?id=994 Running the regression tests supplied with Portable does not require installation and is a simply: $ ./configure && make tests Testing on suitable

Hi, OpenSSH 8.0p1 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available via git using the instructions at

https://bugzilla.mindrot.org/show_bug.cgi?id=1801 Summary: cipher_spec section of ssh man page needs update Product: Portable OpenSSH Version: 5.5p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Documentation AssignedTo: unassigned-bugs at mindrot.org

Darren Tucker <dtucker at zip.com.au> writes: > On Tue, Nov 8, 2016 at 2:43 PM, Harry Putnam <reader at newsguy.com> wrote: >> Darren Tucker <dtucker at zip.com.au> writes: >> >>> On Tue, Nov 8, 2016 at 1:02 PM, Harry Putnam <reader at newsguy.com> wrote: >>> [...] >>>> gv harry> ssh -vv 2x >>>> >>>>