Displaying 20 results from an estimated 500 matches similar to: "Computing window sizes and adjustments"
2003 Aug 06
1
Reg. openssh-3.51p1/packet.c (function packet_send2())
Hi,
Will really appreciate for any comments on the below:
1. According to draft-ietf-secsh-transport-16.txt (section 4), each packet
must be of the following format:
uint32 packet_length
byte padding_length
byte[n1] payload; n1 = packet_length - padding_length - 1
byte[n2] random padding; n2 = padding_length
byte[m] mac (message authentication code); m = mac_length
However, since
2011 Jan 26
1
Packets Sizes and Information Leakage
This message is a few years old so I cannot reply to the original, but
it is still of current research interest.
> So one of my coworkers is doing a little research on SSH usage in the
> wild using netflow data. One of the things he's trying to do is
> determine a way to differentiate between data transfers and interactive
> sessions. We thought of a couple of ways but we wanted
2007 Apr 18
7
[Bridge] Passing vlan tagged packets through linux bridge
> Use an Intel pro/100 or pro/1000 driver..they are known to
> work with VLANs.
>
> I guess it's also possible that it's a problem in the
> bridging code, so try the latest kernel
> as well...
I compiled the latest 2.6.19 kernel and tested it with two
3COM 3c905c fast ethernet interfaces which work fine with
vlan 802.1q tagging, but when I have added the eth0 and eth1
2006 Mar 02
33
Patch to allow for the ATM "cell tax"
I have been trying to optimise my ADSL connections for VOIP.
Funny things were happening - for example increasing the ping
packet size by 50% had no effect, but then adding one byte
had a major effect. It took me a while to figure out that I
was seeing the effects of the fixed ATM cell size.
This is probably obvious to some of you. For the rest: ADSL
uses ATM as its transport. An ATM
2010 May 11
2
Problems plotting date and time column from excel using R
I am using R to read from an excel(csv) file. Within the excel file is a column with the date set that looks likes this:
53:40.2
and in the Insert function box it looks likes this:
9/21/2006 4:53:40 PM
I tired separating the time and date using the function below and then plotting again which fail to read properly
=TEXT(B2,"hh:mm:ss") and =TEXT(B9,"mm/dd/yyyy")
The
2015 Mar 27
2
FYI: SSH1 now disabled at compile-time by default
Hi,
On Fri, Mar 27, 2015 at 02:36:50PM +0100, Hubert Kario wrote:
> > Same thing with needing sshv1 to access old network gear where even sshv1
> > was an achievement. "Throw away gear that does its job perfectly well,
> > but has no sshv2 for *management*" or "keep around an ssh v1 capable
> > client"?
>
> If you depend on hardware like this,
2001 Oct 26
2
SSHv2 sshd exit criteria
When should sshd disconnect an SSHv2 connection?
Markus Friedl says "for protocol v2 the client decides when to close the
connection."
In principle, I agree, because SSHv2 supports multiple sessions over the
same connection, with the client able to launch new sessions anytime
then it should be upto the client.
But this would be a major cultural change for most users, and would
break
2002 May 17
2
[Fwd: Re: X-windows security in Gnome]
The "integration" of SSH with apps is already there.
Read the OpenSSH [or other SSH implementation's] man pages and the SSHv2 specs. RTFM!
Essentially SSH supports tunneling of X11 traffic. The SSH daemon is responsible for creating a local X11 display endpoint and setting the DISPLAY environment variable appropriately, then the apps you run in SSH sessions with X11 forwarding do
2018 Jan 02
3
Legacy option for key length?
On Fri, 29 Dec 2017, Daniel Kahn Gillmor wrote:
> On Thu 2017-12-28 21:31:28 -0800, Dan Mahoney (Gushi) wrote:
> > Why not make minimum key length a tunable, just as the other options are?
>
> Because the goal of building secure software is to make it easy to
> answer the question "are you using it securely?"
This is a nice summation of our approach. It's the
2007 Sep 11
11
[Bug 1360] New: Connection aborted on large data -R transfer
http://bugzilla.mindrot.org/show_bug.cgi?id=1360
Summary: Connection aborted on large data -R transfer
Product: Portable OpenSSH
Version: 4.7p1
Platform: Other
OS/Version: Linux
Status: NEW
Severity: major
Priority: P2
Component: ssh
AssignedTo: bitbucket at mindrot.org
ReportedBy: t8m at
2015 Mar 27
3
FYI: SSH1 now disabled at compile-time by default
Hi,
On Fri, Mar 27, 2015 at 12:53:05PM +0100, Hubert Kario wrote:
> On Thursday 26 March 2015 11:19:28 Michael Felt wrote:
> > Experience: I have some hardware, on an internal network - that only
> > supports 40-bit ssl. I am forced to continue to use FF v17 because that was
> > the last browser to provide SSL40-bit support. My security is weakened
> > because I cannot
2004 Aug 23
1
OOB packets and port forwarding
I have an application that uses a 1-byte OOB packet
for a heartbeat signal. It appears that openssh blocks
these packets when I use it to forward to a remote
port.
The application works fine when connected to the
server
using the port forward, but all heartbeat packets are
stripped out from the socket data.
Is this intentional? Is it a bug? I've tried several
versions of openssh without
2024 Mar 05
6
Call for testing: OpenSSH 9.7
Hi,
OpenSSH 9.7p1 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This is a bugfix release.
Snapshot releases for portable OpenSSH are available from
http://www.mindrot.org/openssh_snap/
The OpenBSD version is available in CVS HEAD:
http://www.openbsd.org/anoncvs.html
Portable OpenSSH is also available via git using the
instructions at
2019 Feb 15
2
Can we disable diffie-hellman-group-exchange-sha1 by default?
I referred to the fact that there is no value for 4096-bit groups at
all. For higher strengths than 128 bits one should probably not use
non-EC crypto at all, as the document suggests.
On Fri, Feb 15, 2019 at 9:19 AM Darren Tucker <dtucker at dtucker.net> wrote:
>
> On Fri, 15 Feb 2019 at 16:45, Yegor Ievlev <koops1997 at gmail.com> wrote:
> > That doesn't seem to be
2003 Oct 12
4
[PATCH]: Call pam_chauthtok from keyboard-interactive.
Hi All.
This patch calls pam_chauthtok() to change an expired password via PAM
during keyboard-interactive authentication (SSHv2 only). It is tested on
Redhat 8 and Solaris 8.
In theory, it should have simply been a matter of calling pam_chauthtok
with the PAM_CHANGE_EXPIRED_AUTHTOK flag, it'd only change the password is
if it's expired, right? From the Solaris pam_chauthtok man page:
2003 Aug 22
2
Re-using RSA1 keys as RSA
Is there a security issue with turning an RSA1 key into an RSA key? One
might want to do this, e.g., to move to protocol 2 without having to
update authorized_keys files.
I thought there was a problem with this, but Google doesn't find anything.
thanks
/fc
2017 Feb 06
2
Greeter openssh 7.4 is not according rfc4253.
2017-02-05 23:12 GMT+01:00 Michael Stone <mstone at mathom.us>:
>
> It was probably because of this commit:
>
> http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd.c.diff?r1=1.472&r2=1.473
>
Yes here the combination cr and lf is removed.
> Which removed support for protocols older than 2 but perhaps failed to
> account for the fact that newline had been
2001 Jan 08
2
openSSH: configure ciphers.
I see that:
SSH uses the following ciphers for encryption:
Cipher SSH1 SSH2
DES yes no
3DES yes yes
IDEA yes no
Blowfish yes yes
Twofish no yes
Arcfour no yes
Cast128-cbc no yes
Two ques re: sshd:
1) Using openssh, how do I configure which
2014 Jun 18
15
[Bug 2246] New: PAM enhancements for OpenSSH server
https://bugzilla.mindrot.org/show_bug.cgi?id=2246
Bug ID: 2246
Summary: PAM enhancements for OpenSSH server
Product: Portable OpenSSH
Version: 6.6p1
Hardware: Sparc
OS: Solaris
Status: NEW
Severity: enhancement
Priority: P5
Component: PAM support
Assignee: unassigned-bugs at
2019 Jan 24
3
sftp Vs scp
I almost never use bare 'scp' or 'sftp' anymore; I start with either 'rsync' or, if 'rsync' is not present and not installable on one end or the other, the "tar-over-bare-ssh" approach:
```
tar cf - localpath | ssh remote.host 'cd remotepath && tar xvf -'
```
I'd be in favor of one of the following:
1. 'scp' goes away, and