Displaying 20 results from an estimated 2000 matches similar to: "man pages (20060116)"
2008 Dec 16
3
Patch for OpenSSH for Windows to allow authentication through certificates
Hi all,
Does anyone know if it exists a patch for OpenSSH for Windows to allow
authentication through certificates?
Is it possible to make one if it doesn't exists?
Using OpenSSH for Windows 3.8p1-1 20040709 Build.
I know there is Roumen Petrov patch, but is for unix machines if i'm
not mistaken.
I need a similar one for Windows that work with the Roumen Petrov
patch so i can have
2011 Sep 08
2
Announce: X.509 certificates support v7.0 for OpenSSH version 5.9p1
Hi All,
Version 7.0 of "X.509 certificates support in OpenSSH" is ready for
immediate download.
This version allow client to use certificates and keys stored into
external devices. The implementation is based on openssl dynamic engines.
For instance E_NSS engine ( http://developer.berlios.de/projects/enss )
will allow you to
use certificates and keys from Firefox, SeaMonkey,
2015 Dec 07
2
OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
Thanks Roumen.
I have few more questions below:
1. What version of OpenSSH can the patch be applied to? What branch should
I check out the patch?
2.
>Impact is not only for source code. Build process has to be updated as
well. Red Hat is based on "fipscheck".
What build process should be changed? What is fipscheck?
3. My understanding any application (such as OpenSSH) which need
2015 Mar 03
2
configure and have crypt or DES_crypt
Hello,
With current portable master source tree HAVE_CRYPT and HAVE_DES_CRYPT
are not defined.
It seems to me this is regression introduced with implementation of
configure options --with-openssl.
Impacted code is in xcrypt.c:
...
# if defined(WITH_OPENSSL) && !defined(HAVE_CRYPT) &&
defined(HAVE_DES_CRYPT)
# include <openssl/des.h>
# define crypt DES_crypt
# endif
...
2006 Sep 30
1
Announce: X.509 certificates support version 5.5.1 in OpenSSH 4.4p1
Hi All,
The version 5.5.1 of "X.509 certificates support in OpenSSH" is ready for download.
On download page http://roumenpetrov.info.localhost/openssh/download.html#get_-5.5.1
you can found diff for OpenSSH versions 4.4p1.
What's new:
* specific diff of 5.5 for OpenSSH 4.4p1
Because of OpenSSH source code changes, like include statements and new server
option
2015 Dec 07
2
OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
Thanks Roumen.
>Lets assume that application use OpenSSL FIPS validated module. FIPS mode
is activated in openssl command if environment variable OPENSSL_FIPS is
set. Similarly I use OPENSSL_FIPS environment variable to activate FIPS
mode. Code will call FIPS_mode_set(1) if crypto module is not FIPS mode.
Did you mean the FIPS patched OpenSSH server and client (such as
ssh-keygen) always
2000 Dec 21
2
Réf. : configure.in: Someone please show me a better way :)
If I remove all the export and change all the ' in ", it does work on SCO
3.2v5.0.4
|--------+----------------------------->
| | Roumen Petrov |
| | <Roumen.Petrov at skal|
| | asoft.com> |
| | |
| | 21/12/00 13:10 |
| | |
2023 Mar 10
1
OpenSSH FIPS support
Hi Joel,
Joel GUITTET wrote:
> Hi,
> We currently work on a project that require SSH server with FIPS and using OpenSSL v3.
There is no way to work with OpenSSL v3 due to many reasons.
If you like to get FIPS capable secsh implementation compatible with OpenSSL FIPS validated modules 1.2 and 2.0 , RedHat ES, or Oracle Solaris you could use PKIX-SSH.
Regards,
Roumen Petrov
--
Advanced
2012 May 25
2
Announce: X.509 certificates support v7.2 for OpenSSH version 6.0p1
Dear All,
X.509 certificates support for OpenSSH version 6.0p1 was published.
I brief new version include :
- support for Android platform;
- engine implementation is now considered stable;
- various regression test improvements including fixes for OpenSSL FIPS
enabled 1.0.1 stable release and korn shell
Yours sincerely,
Roumen Petrov
--
Get X.509 certificates support in OpenSSH:
2008 Mar 10
1
Benefits of OpenSSH X.509 over key based authentication?
Hi,
I have some observations regarding the X.509 patch developed by Roumen
Petrov for OpenSSH available at http://roumenpetrov.info/openssh/ , I don't
understand some things here like
1. When certificate based authentication of the client is desired,
shouldn't it be something like what mod_ssl does in Apache where u have a CA
certificate at the server, and then the client
2008 Jan 16
4
x509 patch for SSH
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi guys,
been trying the x509 patch for ssh from Roumen, it works great.
However, I can't figure out couple of things, and been trying to solve
it for couple of days already.
I'am using OpenSSH_4.7p1-hpn12v19, OpenSSL 0.9.8g
with 6.1 version of your patch.
The serverside hostkey is configured correctly, to present x509v3-sign-rsa
dynowork
2008 Mar 13
0
[Fwd: Re: OpenSSH and X.509 Certificate Support]
Hi Roumen,
I discovered that the need of appending the .pub part of id_rsa(client
key+cert) on the server can be eliminated by adding the Certificate Blob
to authorized_keys which could look something like this:
x509v3-sign-rsa subject=
/C=FR/ST=PARIS/L=DESEl/O=SSL/OU=VLSI/CN=10.244.82.83/emailAddress=client at company.com
This is extracted from the client certificate using openssl as
2007 Jul 29
38
[Bug 1346] New: PAM environment takes precedence over SendEnv
http://bugzilla.mindrot.org/show_bug.cgi?id=1346
Summary: PAM environment takes precedence over SendEnv
Product: Portable OpenSSH
Version: 4.6p1
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: bitbucket at mindrot.org
ReportedBy:
2006 Jan 13
1
recent(20060106) ssh.1 manual page
Now ssh.1 contain following statement:
Public key authentication works as follows: The scheme is based on public-key
cryptography, ... using either the RSA or DSA algorithms. Protocol 1 is restricted
to using only RSA keys, but protocol 2 may use either.
The HISTORY section of ssl(8) contains a brief discussion of the two algorithms.
Manual page ssl(8) is OpenBSD specific.
Any suggestion how to
2015 Mar 03
2
openssh-SNAP-20150304 issues
Damien Miller wrote:
>
> On Tue, 3 Mar 2015, The Doctor wrote:
>
>> regress/unittests/test_helper/test_helper.c: In function `test_data_file':
>> regress/unittests/test_helper/test_helper.c:177: warning: implicit declaration of function `strlcpy'
>> regress/unittests/test_helper/test_helper.c: At top level:
>>
2003 Jun 30
2
experimental DNS fingerprint
Please find attached file "configure.ac+dns.patch".
This patch allow to compile current (30 Jun 2003) with options
--with-dns on my platform.
Output from "ssh -v -o VerifyHostKeyDNS=yes ..." follow:
...
debug1: found 1 fingerprints in DNS
debug1: matching host key fingerprint found in DNS
...
-------------- next part --------------
An embedded and charset-unspecified text
2002 Sep 05
7
sshd and SIGKILL
On command:
#kill -9 `cat /var/run/sshd.pid`
sshd leave pid file !
sshd.c code:
===============
....
/*
* Arrange to restart on SIGHUP. The handler needs
* listen_sock.
*/
signal(SIGHUP, sighup_handler);
signal(SIGTERM, sigterm_handler);
signal(SIGQUIT, sigterm_handler);
....
===============
Missing line is :
signal(SIGKILL, sigterm_handler);
2015 Dec 04
6
OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
Hi All:
I tried to rebuild openssl with the FIPS modules, and then install the new
openssl libs (lib crypto.so to be specific) on my Ubuntu 12.04 box.
After that I noticed it seemed to break OpenSSH: I couldn't login to the
box using ssh, and couldn't run the client command like ssh-keygen either.
My questions are:
1. Does OpenSSH support FIPS mode?
2. Or does OpenSSH support with
2001 Jan 23
11
cc & no 64bit int patches
Here are a couple of patches against the CVS (Jan 22 18:41 PST)
Some C++ comments found their way into ssh.h
The no64.patch puts ifdefs around buffer_get_int64()
now in bufaux.[c,h]
--
Tim Rice Multitalents (707) 887-1469
tim at multitalents.net
-------------- next part --------------
--- ssh.h.old Mon Jan 22 18:40:58 2001
+++ ssh.h Mon Jan 22 19:02:02 2001
@@ -25,8 +25,10 @@
# include
2001 Feb 06
16
sftp client
As of Sunday evening, OpenSSH has an interactive sftp client. It should
be in the more recent snapshots.
It would be appreciated if you could test new client and find all the
bugs :) Please also have a read of the manpage and ensure that it
matches what is implemented.
I am working on fixing the ones that I know about, so please try to
stay up to date with the snapshots.
Thanks,
Damien