Displaying 20 results from an estimated 2000 matches similar to: "Odd Size SSH data frame"
2010 Sep 23
2
OpenSSH developers @ FOSDEM 2011
Hello,
I'm writing from OpenSC project (OpenSSH used to include OpenSC support for smart cards, it has been removed now and PKCS#11 is used instead, whish is nice), we're planning to have a "Security / hardware crypto keys" themed devroom at FOSDEM next year. Are people on this list interested in participating, and trying to tackle the problem of "Why OpenSSH does not work
2010 Aug 20
2
SSH Sequence diagrams
Hello, Dear SSH developers. I'm currently studying Business Information
Technologies at the University of Applied Sciences in Oulu, Finland. I'm
about to start my own online computer security related magazine. I would
like to make an article about the helpful ssh protocol for security
professionals. I have made sequence diagrams on how the SSH 2.0 protocol
works, however i'm not sure
2010 Jan 05
9
OpenSSH daemon security bug?
A co-worker argues we can login using only password to a "ssh-key restricted
host (PasswordAuthentication no)", without being asked by any passphase; just
by putting a key (no need to be the private key) on another password-based
host.
It that true? I do not think so. I would name that as an "important OpenSSH
daemon security bug". That is because I think it is not true.
2013 Sep 24
9
[PATCH] curve25519-sha256@libssh.org key exchange proposal
Dear OpenSSH developers,
I've worked this week on an alternative key exchange mechanism, in
reaction to the whole NSA leaks and claims over cryptographic backdoors
and/or cracking advances. The key exchange is in my opinion the most
critical defense against passive eavesdropping attacks.
I believe Curve25519 from DJB can give users a secure alternative to
classical Diffie-Hellman (with fixed
2013 Nov 02
2
[PATCH] curve25519-sha256@libssh.org key exchange proposal
Am 02.11.2013 um 11:38 schrieb Aris Adamantiadis <aris at 0xbadc0de.be>:
> RFC4251 describes mpint to be multi-size and with positive values having
> MSB clear, so it's clearly incompatible with raw string.
>
> Since you both agreed on the curve25519 implementation to use, I'll work
> today on Markus' patch to make the changes Damien wanted.
What do you want to
2016 Aug 24
3
kex protocol error: type 7 seq xxx error message
Hi,
mancha and me debugged a problem with OpenSSH 7.3p1 that was reported on
the #openssh freenode channel. Symptoms were that this message was
popping on the console during a busy X11 session:
kex protocol error: type 7 seq 1234
I managed to reproduce the problem, it is related to the SSH_EXT_INFO
packet that is send by the server every time it is sending an
SSH_NEWKEYS packet, hence after
2016 Aug 29
2
[PATCH] Add ssh_config option ExecRemoteCommand which is equivalent to -N
Dear OpenSSH developers,
I hope you don't mind that I resubmit my patch for OpenSSH.
This patch adds a new ssh_config option "ExecRemoteCommand", which is
the missing equivalent to the "-N" command line option.
For implementation notes, please have a look at the top of the patch.
Regards,
Volker
--
Volker Diels-Grabsch
----<<<((()))>>>----
2013 Oct 28
1
LZ4 compression in openssh
Also nice to know that zlib at openssh.com enables the compression only
after authentication, mitigating the known problems with compression
and passwords. It is also very hard to do chosen-plaintext attacks on
the client to server side (in opposite to HTTPS where that's trivial).
And most passwords that are typed after authentications are entered
character by character, making them fall under
2015 Jun 16
2
OpenSSH and CBC
Hi Gerhard,
This is not exactly true. CTR modes have the length field encrypted. etm
MAC modes and AES-GCM have the length field in cleartext.
CBC is dangerous because the length field is encrypted with CBC.
aes128-ctr + hmac-sha256 doesn't have any known vulnerability and
encrypts the packet length, but uses the bad practice of e&m.
chacha20-poly1305 encrypts both payload and packet
2005 Feb 23
2
CentOS-3.1 updates dir. on ftp.belnet.be empty
Hello,
I noticed that since a couple of hours, this following directory on
belnet is empty ...
ftp://ftp.belnet.be/packages/caosity/centos/3.1/updates/i386/RPMS/
can i do something ?
--
Martin
2011 May 23
4
Security of OpenSSL ECDSA signatures
Dear OpenSSH devs,
I came accross this paper yesterday. http://eprint.iacr.org/2011/232
It states that they were able to recover ECDSA keys from TLS servers by
using timing attacks agains OpenSSL's ECDSA implementation.
Is that known to be exploitable by OpenSSH ? (In my understanding, it's
easy to get a payload signed by ECDSA during the key exchange so my
opinion is that it is).
2016 Jan 15
4
Proposal: always handle keys in separate process
How about using the existing OpenSSH client's PKCS#11 support to
isolate keying material in a dedicated process?
A similar approach, "Practical key privilege separation using Caml
Crush", was discussed at FOSDEM'15 with a focus on
Heatbleed [1][2] but the ideas and principles are the same.
Now this is easily done using the following available components:
- SoftHSM to store
2015 Jul 06
2
[PATCH 1/1] paint visual host key with unicode box-drawing characters
Le 06/07/15 12:33, Alex Bligh a ?crit :
> On 6 Jul 2015, at 11:05, Christian Hesse <list at eworm.de> wrote:
>
>> +#ifdef HAVE_LOCALE_H
>> + char *locale;
>> + char *border_utf8[] = { "?", "?", "?", "?", "?", "?" };
>> +#endif
>> + char *border_ascii[] = { "+", "-",
2015 Jun 10
7
curve25519
I have developed a compact at the same time high performance library for
curve25519/ed25519 and I have placed it in the public domain. It support DH
key exchange as well as ed25519 keygen, sign and verify. The implementation
is constant-time, supports blinding, bulk-verify and more.
The library is available as portable-C as well as ASM for Intel-x64 CPUs.
It outperforms curve25519-donna by a
2011 Dec 07
5
Help to install horde
Hello,
I have install Horde rpm with webmin:
Instalando paquete(s) con el comando yum -y install yun grouinstall horde ...
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: centos.intergenia.de
* epel: ftp-stud.hs-esslingen.de
* extras: centos.intergenia.de
* updates: ftp.belnet.be
Setting up Install Process
No package yun available.
No package grouinstall
2007 Jan 31
1
how to exclude a pkg in yum .conf
Hi all,
I want to know how to exclude a pkg in yum .conf.
below is my yum.conf .
I have excluded asterisk-sounds. but I does not work.
Why , Can you rectify me?
[dries]
name=Extra Fedora rpms dries - $releasever - $basearch
baseurl=
http://ftp.belnet.be/packages/dries.ulyssis.org/redhat/el4/en/i386/dries/RPMS
--exclude=[asterisk-sounds]
dries.repo (END)
--
Thank you
Indunil Jayasooriya
2013 Nov 01
1
[PATCH] curve25519-sha256@libssh.org key exchange proposal
Here are three versions (patch against openbsd cvs)
1) repace nacl w/libsodium, so i could test
2) curve25519-donna
3) Matthew's public domain reference implementation.
i'd vote for #3
-------------- next part --------------
Am 30.10.2013 um 07:27 schrieb Damien Miller <djm at mindrot.org>:
> On Tue, 24 Sep 2013, Aris Adamantiadis wrote:
>
>> Dear OpenSSH
2013 Sep 24
2
Multiple keys/methods per key exchange (e.g. multi-md5-sha1-md4@libssh.org) Re: [PATCH] curve25519-sha256@libssh.org key exchange proposal
On Tue, Sep 24, 2013 at 10:21 PM, Aris Adamantiadis <aris at 0xbadc0de.be> wrote:
[snip]
> I've worked this week on an alternative key exchange mechanism, in
> reaction to the whole NSA leaks and claims over cryptographic backdoors
> and/or cracking advances. The key exchange is in my opinion the most
> critical defense against passive eavesdropping attacks.
> I believe
2005 Nov 17
1
How to properly install VLC?
Hi all,
My colleagues and friends from time to time send me .wmv files and I'd
like to be able to view them under CentOS.
VLC was recommended to me, and AFAIR about a half year ago I tried
installing it. I don't remember the exact details, but I do remember
that the Red Hat and Fedora binary distributions didn't work without
giving all sorts of errors. I _think_ I then did a
2006 Jul 06
1
Yum Update
Why is it when i do a "yum list all kernel*" I only get 4 packages
returned from the centosplus repo when in fact there are many many
more if I go look in the RPMS folder where it's pulling the packages
from?
I'm trying to install the basic unsupported kernel (smp) to get XFS
support but it doesn't appear when i do a yum list nor can i seem to
get it to install when i