similar to: Size of data packets in SSH connection

Displaying 20 results from an estimated 30000 matches similar to: "Size of data packets in SSH connection"

2023 Mar 24
1
ChaCha20 Rekey Frequency
I'm wondering why the ChaCha20 cipher rekeys so frequently. At speed I'm seeing rekeys every second or two. So I'm spending a large amount of time in the rekey process. From what I've read about ChaCha20 it shouldn't need to be rekeyed quite so frequently. Am I missing something obvious? Just curious more than anything else. Chris
2023 Mar 29
1
ChaCha20 Rekey Frequency
I was wondering if there was something specific to the internal chacha20 cipher as opposed to OpenSSL implementation. I can't just change the block size because it breaks compatibility. I can do something like as a hack (though it would probably be better to do it with the compat function): if (strstr(enc->name, "chacha")) *max_blocks = (u_int64_t)1 << (16*2);
2023 Mar 29
2
ChaCha20 Rekey Frequency
On Wed, 29 Mar 2023, Chris Rapier wrote: > I was wondering if there was something specific to the internal chacha20 > cipher as opposed to OpenSSL implementation. > > I can't just change the block size because it breaks compatibility. I can do > something like as a hack (though it would probably be better to do it with the > compat function): > > if
2023 Mar 29
1
[EXTERNAL] Re: ChaCha20 Rekey Frequency
I'm hardly an expert on this, but if I remember correctly, the rekey rate for good security is mostly dependent on the cipher block size. I left my reference books at home; so, I can't come up with a reference for you, but I would take Chris' "I'm deeply unsure of what impact that would have on the security of the cipher" comment seriously and switch to a cipher with a
2023 Mar 29
1
[EXTERNAL] Re: ChaCha20 Rekey Frequency
That's true for block ciphers, but ChaCha20+poly1305 is a stream cipher. On Wed, 29 Mar 2023, Robinson, Herbie wrote: > > I?m hardly an expert on this, but if I remember correctly, the rekey rate > for good security is mostly dependent on the cipher block size.? I left my > reference books at home; so, I can?t come up with a reference for you, but I > would take Chris?
2017 Sep 23
3
Call for testing: OpenSSH 7.6
> Portable OpenSSH is also available via [...] Github: https://github.com/openssh/openssh-portable > > Running the regression tests supplied with Portable OpenSSH does not require installation and is a simply: > > $ ./configure && make tests I was going to try this on Kali Linux (latest version), but ran into trouble right away. No "configure" script exists
2004 Apr 13
8
OpenSSH 3.8.1p1: call for testing
Hello All. Portable OpenSSH version 3.8.1p1 nearing release. This is primarily a bug fix release and we're asking for interested parties to try a snapshot [1]. A reminder: we rely on community feedback to find out about problems, particularly as there are many platforms any configurations that we don't have access to and can't test. In most cases, running the built-in tests is
2023 Mar 29
1
ChaCha20 Rekey Frequency
Hi Damien, >This is what I'm playing with at the moment: if you?re playing with this currently anyway, shouldn?t? >+ /* >+ * Otherwise, use the RFC4344 s3.2 recommendation of 2**(L/4) blocks >+ * before rekeying where L is the blocksize in bits. >+ * Most other ciphers have a 128 bit blocksize, so this equates to >+ * 2**32 blocks / 64GB data. >+ */ >+ return
2016 Jan 05
14
[Bug 2521] New: subtract buffer size from computed rekey limit to avoid exceeding it
https://bugzilla.mindrot.org/show_bug.cgi?id=2521 Bug ID: 2521 Summary: subtract buffer size from computed rekey limit to avoid exceeding it Product: Portable OpenSSH Version: 6.8p1 Hardware: amd64 OS: Linux Status: NEW Severity: minor Priority: P5 Component: sshd
2017 Jun 01
11
[Bug 2726] New: Uploading of large files (1GB+) fails when using SFTP in chrooted configuration
https://bugzilla.mindrot.org/show_bug.cgi?id=2726 Bug ID: 2726 Summary: Uploading of large files (1GB+) fails when using SFTP in chrooted configuration Product: Portable OpenSSH Version: 7.3p1 Hardware: amd64 OS: Linux Status: NEW Severity: normal Priority: P5
2017 Jan 23
2
Open SSH public key setup not working on windows 2012
Hi, I downloaded setupssh-7.3p1-2.exe for Windows x64. I created private public keys and set it up accordingly. After entering the passphrase, I see authentication succeeded message but then the connection to the remote host gets closed immediately. Some of the Client output: ************************ ... Enter passphrase for key '/home/user2/.ssh/id_rsa': debug1: Authentication
2004 Apr 20
2
Compiling 3.8p1 on AIX with IBM OpenSSL RPMs
Folks, I've just updated a machine to the latest IBM supplied OpenSSL RPMS: openssl-0.9.6m-1 openssl-devel-0.9.6m-1 (this is a power4 running AIX 5.1) and Tried to upgrade to the latest OpenSSH (3.8p1 - both the release and a snapshot from about a week ago) I'm using: ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-ssl-dir=/opt/freeware and the compilation seems OK: OpenSSH
2016 Sep 21
2
Where to look next?
Hello, I'm looking for your insight about the log below. We have an SFTP server (IBM Sterling File Gateway) and we're connecting from an OpenSSH SFTP client but something fails during KEX. Complete client-side debug output is below, but I believe the relevant part is: debug1: kex: server->client cipher: aes192-cbc MAC: hmac-sha1 compression: none debug1: kex: client->server
2023 Jun 10
1
Question About Dynamic Remote Forwarding
On Fri, 9 Jun 2023, Chris Rapier wrote: > Hi all, > > When a client requests dynamic remote forwarding with -R it delays forking > into the background. In ssh.c we see > > if (options.fork_after_authentication) { > if (options.exit_on_forward_failure && > options.num_remote_forwards > 0) { > debug("deferring postauth fork until
2009 Feb 11
1
Configure re-keying in sftp server
Hello, I'm trying to configure the openssh sftp server to perform re-keying. On the client side I've found the RekeyLimit parameter. But I am unable to find an equivalent for the server side. Is it currently not possible to configure the sftp server to perform re-keying? Or have I overlooked something. -- R _________________________________________________________________ Snygga till
2016 Sep 21
3
Where to look next?
Thanks for your suggestion! It seems to have gone a little further this time, but isn't accepting the key and is failing back on password-based auth. We're double-checking that the public key was correctly configured with the account, and also trying a DSA key to see if it behaves differently. Is there anything you'd suggest we look at or try at this point, and thank you very much
2023 Mar 30
1
ChaCha20 Rekey Frequency
On Thu, 30 Mar 2023, Damien Miller wrote: >> >+ return (uint64_t)1 << (c->block_size * 2); >> >> ? this get an upper bound? This is UB for 256-bit blocksizes >> at least? > >block sizes in struct sshcipher are in bytes, not bits Yes, exactly. 256 bit = 32 bytes; 32*2 = 64; (uint64_t)1 << 64 is UB. bye, //mirabilos -- Infrastrukturexperte ?
2003 Apr 11
2
How often should an encrypted session be rekeyed?
Using OpenSSL, is there a preferred/recommended rate of rekeying an encrypted stream of data? Does OpenSSL handle this for developers behind the scenes? Does it even need to be rekeyed? Thanks in advance. -sc -- Sean Chittenden -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 202 bytes Desc: not available
2003 Nov 20
11
Problem running SSH on IBM PPC440 processor, help appreciated
Hi, Sorry to bother you on this mailing list, however I tried everything else and I am desperate to get this running. Please send me any hints you can think of. I have installed openssh-3.7.1p2 on a ppc target and trying to connect to an sshd running on a redhat 9 with openssh-3.5p1. I keep getting the error "Disconnecting: Corrupted check bytes on input" no matter what I tried. I
2004 Jul 13
1
Runnin SSH on slow CPU (386 40Mhz 8Mb RAM)
Hello everybody, I'd like to use OpenSSH (client & server, for shell & sftp) on an embedded PC with limited resources (processor 386 SX 40Mhz 8Mb RAM). I have Linux running on it. In the past, I tried to use OpenSSH on it just to see if it could work but each connection required an incredible long time to start. I suppose that the key generation is too expensive for that processor.