similar to: your mail

I've installed grep PRETTY /etc/os-release PRETTY_NAME="Fedora 32 (Server Edition)" dovecot --version 2.3.10.1 (a3d0e1171) openssl version OpenSSL 1.1.1g FIPS 21 Apr 2020 iiuc, Dovecot has apparently had support for setting TLS 1.3 ciphersuites since v2.3.9, per this commit lib-ssl-iostream: Support TLSv1.3 ciphersuites

Also, how are default moduli shipped with OpenSSH for use in diffie-hellman-group-exchange-sha1/sha256 chosen? Are they chosen randomly by developers or are they chosen for security properties? If they are random, why not use moduli from RFC 7919 instead, like Mozilla recommends? On Fri, Feb 15, 2019 at 3:48 AM Mark D. Baushke <mdb at juniper.net> wrote: > > Yegor Ievlev <koops1997

Anyone trying openssl 3 against openssh? -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising! https://www.empire.kred/ROOTNK?t=94a1f39b Put more trust in nobility of character than in an oath. -Solon

I'm not sure if collision resistance is required for DH key derivation, but generally, SHA-1 is on its way out. If it's possible (if there's not a very large percentage of servers that do not support anything newer), it should be disabled.

Attached is the very verbose ssh output. Just to be perverse, this time two nodes lost connectivity. The only thing I see is lines saying that the two connections are lost, although being honest I have no idea what everything else means. For reference, 8 ssh cinnections were being made at the same time for a 8x8mpi task. N.B., since the OS I am using does not have rsh, I am currently using the

On 30/06/2023 09:56, Damien Miller wrote: > It's very hard to figure out what is happening here without a debug log. > > You can get one by stopping the listening sshd and running it manually > in debug mode, e.g. "/usr/sbin/sshd -ddd" Or starting one in debug mode on a different port, e.g. "-p99 -ddd"

On 25.01.24 14:09, Kaushal Shriyan wrote: > I am running the below servers on Red Hat Enterprise Linux release 8.7 > How do I enable strong KexAlgorithms, Ciphers and MACs On RHEL 8, you need to be aware that there are "crypto policies" modifying sshd's behaviour, and it would likely be the *preferred* method to inject your intended config changes *there* (unless they

Trying to connect from Fedora 21 to CentOS 6.6, OpenSSH on both ends. Connection is via a VPN. Initially the connection seems good, but OpenSSH stalls at debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP. Software version on servers: openssh-server-5.3p1-104.el6_6.1.x86_64 openssh-5.3p1-104.el6_6.1.x86_64 Software version on client: openssh-6.6.1p1-11.1.fc21.x86_64 also duplicated problem using

Hi, I have a strange problem with a freshly installed Centos7 desktop (most8pc25). I can't ssh to 2 CentOS6 servers, even with firewall disabled on the client and on the server. But I can connect from the server to the client, all in the same VLAN. I can also ssh from this desktop to centos7 servers in the same VLAN or in another VLAN. No idea about this problem. On the server kareline

https://bugzilla.mindrot.org/show_bug.cgi?id=2729 Bug ID: 2729 Summary: Can connect with MAC hmac-sha1 even though it's not configured on the server Product: Portable OpenSSH Version: 7.5p1 Hardware: All OS: Linux Status: NEW Severity: security Priority: P5

Hi OpenSSH mailing list, I would like to announce the newly introduced patch in Fedora rawhide [0] for FIPS compliance efforts. The change will be introduced in an upcoming RHEL 9 version. The patch targets OpenSSL support of OpenSSH, specifically the usage of old low level API. The new OpenSSL version 3.0 introduces a FIPS module (going through FIPS 140-2 validation and to be FIPS 140-3

Hi List, Happy New Years and I was hoping to get some help on an ssh issue that I am having. For some reason I am unable to scp to hosts on this network using RSA keys. Here is what I am doing/what is going on; scp the public key to remote host [amandabackup at VIRTCENT18 ~]$ scp ~/.ssh/id_rsa_amdump.pub amandabackup at lb1:~ amandabackup at lb1's password: id_rsa_amdump.pub

Hi, we found a bug in ssl-params. It calls openssl DH generator for 512 and 1024 bits, but in FIPS mode, openssl won't generate anything for less than 1024, so it fails with: error:0506A06E:Diffie-Hellman routines:DH_BUILTIN_GENPARAMS:key size too small but when DH generator fails, ssl-params hangs forever in io_loop_run: __epoll_wait_nocancel() io_loop_handler_run(..) at

Hi! I'm having a difficult time getting X11 forwarding to work. Since I've read the docs completely about this, this must be an SSH bug which is likely because I'm using Gentoo as the SSH server. When trying to forward X11 connections, I get X11 connection rejected because of wrong authentication. kwrite: cannot connect to X server XXXXXXXXX:10.0 Using command ssh -Y -p 1111 -4

Thanks Darren, will check on your response. I am attaching sshd, ssh logs with debug flags. Please see if it gives any hint: when I press ^C in ssh session, no log gets printed in both server/client side. Best Regards, On Wed, Jan 18, 2017 at 3:09 AM, Darren Tucker <dtucker at zip.com.au> wrote: > On Wed, Jan 18, 2017 at 5:10 AM, Sudarshan Soma <sudarshan12s at gmail.com>

A few questions regarding the OpenSSH support for the Diffie Hellman key exchange algorithms: (1) Are the diffie-hellman-group-exchange-sha256", "diffie-hellman-group-exchange-sha1" , "diffie-hellman-group14-sha1" "diffie-hellman-group1-sha1" (as defined in RFCs 4253 and RFC 4419) the complete list of key exchange algorithms supported by OpenSSH? (2) Is there a

Darren Tucker <dtucker at zip.com.au> writes: > On Tue, Nov 8, 2016 at 1:02 PM, Harry Putnam <reader at newsguy.com> wrote: > [...] >> gv harry> ssh -vv 2x >> >> OpenSSH_7.3p1-hpn14v11, OpenSSL 1.0.2j 26 Sep 2016 > > this is a third-party modified version of OpenSSH. Can you reproduce > the problem with a stock OpenSSH from the source from

Trying to connect to a Dell iDRAC 6. The iDRAC reports it is running OpenSSH 5.2. From Fedora Linux 20 with OpenSSH 6.4p1, connections succeed. From Fedora Linux 23 with OpenSSH 7.2p2, connections succeed. From Fedora Linux 27 with OpenSSH 7.6p1, connections fail prior to prompting for a password. The message is, "Received disconnect from (IP address) port 22:11: Logged out." Trying

I ask because the removal of diffie-hellman-group-exchange-sha1 happened accidently in 7.8 due to a mistake in a change to readconf.c. I noticed this and filed a bug about it along with a patch to fix readconf.c to use KEX_CLIENT_* like it used to: https://github.com/openssh/openssh-portable/commit/1b9dd4aa https://bugzilla.mindrot.org/show_bug.cgi?id=2967 Its clear the removal was unintentional

On Fri, May 22, 2015 at 12:27:01, Darren Tucker <dtucker at zip.com.au> wrote: > Note that PuTTY does do Diffie-Hellman Group Exchange, but until very > recently (ie after their 0.64 release) they didn't do the one that was > actually standardized in RFC4419. OpenSSH recently removed support for > that non-standard one and as a result we don't offer DHGEX to PuTTY >