Displaying 20 results from an estimated 6000 matches similar to: "your mail"
2020 Sep 24
3
dovecot TSL 1.3 config option 'ssl_ciphersuites' causes fatal error on launch. not supported, bad config, or bug?
I've installed
grep PRETTY /etc/os-release
PRETTY_NAME="Fedora 32 (Server Edition)"
dovecot --version
2.3.10.1 (a3d0e1171)
openssl version
OpenSSL 1.1.1g FIPS 21 Apr 2020
iiuc, Dovecot has apparently had support for setting TLS 1.3 ciphersuites since v2.3.9, per this commit
lib-ssl-iostream: Support TLSv1.3 ciphersuites
2019 Feb 15
4
Can we disable diffie-hellman-group-exchange-sha1 by default?
Also, how are default moduli shipped with OpenSSH for use in
diffie-hellman-group-exchange-sha1/sha256 chosen? Are they chosen
randomly by developers or are they chosen for security properties? If
they are random, why not use moduli from RFC 7919 instead, like
Mozilla recommends?
On Fri, Feb 15, 2019 at 3:48 AM Mark D. Baushke <mdb at juniper.net> wrote:
>
> Yegor Ievlev <koops1997
2020 Jul 24
2
Openssl 3
Anyone trying openssl 3 against openssh?
--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
https://www.empire.kred/ROOTNK?t=94a1f39b
Put more trust in nobility of character than in an oath. -Solon
2019 Jan 19
4
Can we disable diffie-hellman-group14-sha1 by default?
I'm not sure if collision resistance is required for DH key
derivation, but generally, SHA-1 is on its way out. If it's possible
(if there's not a very large percentage of servers that do not support
anything newer), it should be disabled.
2013 Jul 20
7
Failure to Launch (was override -q option)
Attached is the very verbose ssh output. Just to be perverse, this time two
nodes lost connectivity. The only thing I see is lines saying that the two
connections are lost, although being honest I have no idea what everything
else means. For reference, 8 ssh cinnections were being made at the same
time for a 8x8mpi task.
N.B., since the OS I am using does not have rsh, I am currently using the
2023 Jun 30
1
Subsystem sftp invoked even though forced command created
On 30/06/2023 09:56, Damien Miller wrote:
> It's very hard to figure out what is happening here without a debug log.
>
> You can get one by stopping the listening sshd and running it manually
> in debug mode, e.g. "/usr/sbin/sshd -ddd"
Or starting one in debug mode on a different port, e.g. "-p99 -ddd"
2024 Jan 26
1
enable strong KexAlgorithms, Ciphers and MACs in /etc/ssh/sshd_config file on RHEL 8.x Linux OS
On 25.01.24 14:09, Kaushal Shriyan wrote:
> I am running the below servers on Red Hat Enterprise Linux release 8.7
> How do I enable strong KexAlgorithms, Ciphers and MACs
On RHEL 8, you need to be aware that there are "crypto policies"
modifying sshd's behaviour, and it would likely be the *preferred*
method to inject your intended config changes *there* (unless they
2015 Feb 09
3
Connection stalls at debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
Trying to connect from Fedora 21 to CentOS 6.6, OpenSSH on both ends.
Connection is via a VPN.
Initially the connection seems good, but OpenSSH stalls at
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP.
Software version on servers:
openssh-server-5.3p1-104.el6_6.1.x86_64
openssh-5.3p1-104.el6_6.1.x86_64
Software version on client:
openssh-6.6.1p1-11.1.fc21.x86_64
also duplicated problem using
2020 Jan 13
4
ssh failure from CentOS7 to Centos6
Hi,
I have a strange problem with a freshly installed Centos7 desktop
(most8pc25). I can't ssh to 2 CentOS6 servers, even with firewall
disabled on the client and on the server. But I can connect from the
server to the client, all in the same VLAN. I can also ssh from this
desktop to centos7 servers in the same VLAN or in another VLAN.
No idea about this problem.
On the server kareline
2017 Jun 13
7
[Bug 2729] New: Can connect with MAC hmac-sha1 even though it's not configured on the server
https://bugzilla.mindrot.org/show_bug.cgi?id=2729
Bug ID: 2729
Summary: Can connect with MAC hmac-sha1 even though it's not
configured on the server
Product: Portable OpenSSH
Version: 7.5p1
Hardware: All
OS: Linux
Status: NEW
Severity: security
Priority: P5
2023 Apr 18
3
FIPS compliance efforts in Fedora and RHEL
Hi OpenSSH mailing list,
I would like to announce the newly introduced patch in Fedora rawhide [0]
for
FIPS compliance efforts. The change will be introduced in an upcoming RHEL 9
version.
The patch targets OpenSSL support of OpenSSH, specifically the usage of
old low level API. The new OpenSSL version 3.0 introduces a FIPS
module (going through FIPS 140-2 validation and to be FIPS 140-3
2010 Dec 31
2
happy new years ssh key problem :)
Hi List,
Happy New Years and I was hoping to get some help on an ssh issue
that I am having. For some reason I am unable to scp to hosts on this
network using RSA keys. Here is what I am doing/what is going on;
scp the public key to remote host
[amandabackup at VIRTCENT18 ~]$ scp ~/.ssh/id_rsa_amdump.pub amandabackup at lb1:~
amandabackup at lb1's password:
id_rsa_amdump.pub
2013 Oct 01
1
[bug] ssl-params hangs when FIPS is enabled
Hi,
we found a bug in ssl-params. It calls openssl DH generator for 512 and
1024 bits, but in FIPS mode, openssl won't generate anything for less
than 1024, so it fails with:
error:0506A06E:Diffie-Hellman routines:DH_BUILTIN_GENPARAMS:key size too
small
but when DH generator fails, ssl-params hangs forever in io_loop_run:
__epoll_wait_nocancel()
io_loop_handler_run(..) at
2015 May 23
2
X11 forwarding not working.
Hi!
I'm having a difficult time getting X11 forwarding to work.
Since I've read the docs completely about this, this must be an SSH bug
which is likely because I'm using Gentoo as the SSH server.
When trying to forward X11 connections, I get
X11 connection rejected because of wrong authentication.
kwrite: cannot connect to X server XXXXXXXXX:10.0
Using command
ssh -Y -p 1111 -4
2017 Jan 20
2
^C doesnt work on ssh session
Thanks Darren, will check on your response.
I am attaching sshd, ssh logs with debug flags. Please see if it gives any
hint:
when I press ^C in ssh session, no log gets printed in both server/client
side.
Best Regards,
On Wed, Jan 18, 2017 at 3:09 AM, Darren Tucker <dtucker at zip.com.au> wrote:
> On Wed, Jan 18, 2017 at 5:10 AM, Sudarshan Soma <sudarshan12s at gmail.com>
2007 Sep 21
4
Diffie Hellman key exchange algorithms
A few questions regarding the OpenSSH support for the Diffie Hellman key exchange algorithms:
(1) Are the diffie-hellman-group-exchange-sha256",
"diffie-hellman-group-exchange-sha1"
, "diffie-hellman-group14-sha1" "diffie-hellman-group1-sha1" (as
defined in RFCs 4253 and RFC 4419) the complete list of key exchange
algorithms supported by OpenSSH?
(2) Is there a
2016 Nov 08
4
one host only: ssh_dispatch_run_fatal
Darren Tucker <dtucker at zip.com.au> writes:
> On Tue, Nov 8, 2016 at 1:02 PM, Harry Putnam <reader at newsguy.com> wrote:
> [...]
>> gv harry> ssh -vv 2x
>>
>> OpenSSH_7.3p1-hpn14v11, OpenSSL 1.0.2j 26 Sep 2016
>
> this is a third-party modified version of OpenSSH. Can you reproduce
> the problem with a stock OpenSSH from the source from
2018 Mar 06
2
Failed connections 7.6 to 5.2
Trying to connect to a Dell iDRAC 6. The iDRAC reports it is running
OpenSSH 5.2.
From Fedora Linux 20 with OpenSSH 6.4p1, connections succeed.
From Fedora Linux 23 with OpenSSH 7.2p2, connections succeed.
From Fedora Linux 27 with OpenSSH 7.6p1, connections fail prior to
prompting for a password. The message is, "Received disconnect from (IP
address) port 22:11: Logged out." Trying
2019 Feb 14
2
Can we disable diffie-hellman-group-exchange-sha1 by default?
I ask because the removal of diffie-hellman-group-exchange-sha1 happened
accidently in 7.8 due to a mistake in a change to readconf.c. I noticed
this and filed a bug about it along with a patch to fix readconf.c to use
KEX_CLIENT_* like it used to:
https://github.com/openssh/openssh-portable/commit/1b9dd4aa
https://bugzilla.mindrot.org/show_bug.cgi?id=2967
Its clear the removal was unintentional
2015 May 22
3
Weak DH primes and openssh
On Fri, May 22, 2015 at 12:27:01, Darren Tucker <dtucker at zip.com.au> wrote:
> Note that PuTTY does do Diffie-Hellman Group Exchange, but until very
> recently (ie after their 0.64 release) they didn't do the one that was
> actually standardized in RFC4419. OpenSSH recently removed support for
> that non-standard one and as a result we don't offer DHGEX to PuTTY
>