similar to: HostKey checking and DNS finger print verification

Steps to reproduce: 1. Run a SSH server with default configuration and point a domain to it. 2. Add SSHFP record to the domain, but only for Ed25519 key. 3. Attempt to connect with VerifyHostKeyDNS set to yes, but the rest of settings set to defaults. 4. OpenSSH defaults to ECDSA instead of Ed25519 and refuses connection because there is no ECDSA fingerprint in SSHFP records. A stopgap solution

Hello list, I'm not sure whether this is bug worthy or just my own insanity. I'm using 6.4p1 packages from Debian jessie and wheezy-backports. I like VisualHostKey, although it may not add any protection (other than not trusting ones own known_hosts file?), I've become accustomed to it as it seems that extra neurons fire when I log into a host and get a visual cue of what looks like

Hello All, The changing of group for the root results in the following message with OpenSSH 3.9p1 "permanently_set_uid: was able to restore old [e]gid" The following change in uidswap.c fixes me the problem. /* Try restoration of GID if changed (test clearing of saved gid) */ - if (old_gid != pw->pw_gid && + if(getgid() != pw->pw_gid && (setgid(old_gid)

https://bugzilla.mindrot.org/show_bug.cgi?id=2040 Priority: P5 Bug ID: 2040 Assignee: unassigned-bugs at mindrot.org Summary: Downgrade attack vulnerability when checking SSHFP records Severity: minor Classification: Unclassified OS: All Reporter: ondrej at caletka.cz Hardware: All

Hello All, Im using OpenSSH 4.2p1 statically linked with OpenSSL 0.9.7i. It looks now that a fips certified OpenSSL is now available at http://www.openssl.org/source/OpenSSL-fips-1.0.tar.gz . I like to know of any patches applicable for OpenSSH versions to make it fips compliant. Is there any idea for OpenSSH core team to make OpenSSH as fips compliant? What amount of work it needs at this

Hi! Is it somehow possible to disable the known_hosts checking for some hosts? The StrictHostKeyChecking affects only the asking about new computers, but doesn't affect the changed ones. I need it for the test computers, which are reinstalled twice/hour and I really don't like editing .ssh/known_hosts each time :-( Thanks Michal

On 27 Oct 2015, at 09:48, Senthil Kumar <senthil.thecoder at gmail.com> wrote: > > Haven't worked on this yet, but I work on the gcc AVR backend (and binutils), and I'm very interested in this - I intend to work on it in my spare time. And do you have any comments / objections to Dylan becoming the code owner? David

https://bugzilla.mindrot.org/show_bug.cgi?id=2169 Bug ID: 2169 Summary: command to remove outdated hostkey from known_hosts file wrong Product: Portable OpenSSH Version: 6.2p1 Hardware: Other OS: Linux Status: NEW Severity: minor Priority: P5 Component: ssh

Y'all, Currently (OpenSSH_7.1p1) no distinction is made between when an SSHFP RR is missing from the result set (rather then being empty), which can lead to confusing error messages, (the "normal" warn_changed_key() blurb is emitted) e.g. when the presented host key and known hosts both match but there is no matching RR. Further, if VerifyHostKeyDNS and StrictHostKeyChecking are

Hi All, Can anybody suggests how can I disable netfilter for bridged traffic in linux-2.4.27 kernel ? Thanks and Regards, Senthil

https://bugzilla.mindrot.org/show_bug.cgi?id=2501 Bug ID: 2501 Summary: VerifyHostKeyDNS & StrictHostKeyChecking Product: Portable OpenSSH Version: 7.1p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org

On Sun, 4 Oct 2020, Christoph Anton Mitterer wrote: > On Sun, 2020-10-04 at 14:02 +1100, Damien Miller wrote: > > This is strictly no worse than continuing to use the old key, so I > > don't consider it a problem. > > Well but in reality it will lead to people never again replace their > key by proper means. Well, first I disagree that this method is improper. The

in our lab we have a kerberos + ldap server to authenticate the gnu/linux users and we have configured samba to work as a PDC authenticating the windows users. samba stores the password in encrypted format in /etc/samba/smbpasswd. The problem is when the password is changed by windows users we need to change the password of kerberos credentials. Is there a way in samba in to do that i.e to

Hello All, As the release notes of SSH-4.7 version says that a new MAC algorithm (UMAC-64 - RFC4418) was introduced with OpenSSH-4.7 which gives much better performance, I was tempted to check out the enhanced speed provided with new version. So I downloaded OpenSSH-5.1p1 and build it on Solaris 10 with Sun Compiler CC. My test setup:- 1. Two Sunfire 440 with 2 CPU (1281 MHz) and 4GB RAM. 2.

Hi, I have the following data: > Myvalues Gene ES MEF Embryo ESHyp 1 GeneA -0.38509507 0.00 1.6250 1.7039921 2 GeneB 0.06262914 0.00 1.6250 -0.272033 and so on... I want to plot the expression values of GeneA and GeneB in the different cell/embryo/conditions (columns 2:5 above). Now, if I do: >library(ggplot2) > qplot(x=Gene, Embryo, geom =

Please find attached file "configure.ac+dns.patch". This patch allow to compile current (30 Jun 2003) with options --with-dns on my platform. Output from "ssh -v -o VerifyHostKeyDNS=yes ..." follow: ... debug1: found 1 fingerprints in DNS debug1: matching host key fingerprint found in DNS ... -------------- next part -------------- An embedded and charset-unspecified text

https://bugzilla.mindrot.org/show_bug.cgi?id=3221 Bug ID: 3221 Summary: hostkey preference ordering is broken in some situations Product: Portable OpenSSH Version: 8.4p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh

Hi, We are using samba-3.0.28a on linux-2-6-18 with which WinVista, as CIFS client, see the soft limit as hard limit and doesn't allow data transfer. Is there a fix already available for this? If not, could you pls gimme some pointers to fix this issue? Thanks, Senthil M Please do not print this email unless it is absolutely necessary. The information contained in this electronic message

Hello, I am calculating 'Betweenness' of a large network using R. Currently, I have the node-node information (City1-City2) in an excel file, present in two columns where column A has City1 and column B has City2 that city1 is connected to. These are the steps that I go through to calculate betweenness of my network. a) Convert the City1-City2 (text) into Number1-Number2 in the excel

Hi All, Sorry for asking the most repeated question again. Just because I could not get a proper guide for doing this. Can anyone please tell me how to make a linux system running samba server and client to connect ( log on to ) to a windows2000 based domain and act as a part of it ? Any useful link also would do. thanks in advance :-) senthil -------------- next part -------------- HTML