similar to: choice of fingerprint display upon new host access

https://bugzilla.mindrot.org/show_bug.cgi?id=1759 Summary: allow display of bubblebabble fingerprint when connecting Product: Portable OpenSSH Version: -current Platform: All URL: http://bugs.debian.org/578422 OS/Version: Linux Status: NEW Severity: enhancement Priority: P2

Hi, Here is a patch that adds the possibility of displaying key fingerprints in the bubblebabble format used by ssh.com ssh implementations. I hope it makes its way into the source. --- ./openssh-2.5.1/key_original.h Sun Mar 4 00:47:55 2001 +++ ./openssh-2.5.1/key.h Sun Mar 4 00:57:57 2001 @@ -36,6 +36,17 @@ KEY_DSA, KEY_UNSPEC }; + +enum digest_type { + DIGEST_TYPE_SHA1, +

I have published the preview of a "hints and tips" article for the upcoming print edition of Secure Computing Magazine (Australia) on OpenSSH Public/Private Key Fingerprinting, including "BubbleBabble" encoding and the ASCII ?randomart image?, at http://cmlh.id.au/tagged/openssh -- Regards, Christian Heinrich http://cmlh.id.au/contact

https://bugzilla.mindrot.org/show_bug.cgi?id=1611 Summary: ssh-keygen prints wrong randomart if bubblebabble is also printed Product: Portable OpenSSH Version: 5.2p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh-keygen AssignedTo:

https://bugzilla.mindrot.org/show_bug.cgi?id=1659 Summary: VisualHostKey and host key fingerprint aren't displayed when host's IP address is changed Product: Portable OpenSSH Version: 5.2p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: ssh

https://bugzilla.mindrot.org/show_bug.cgi?id=1872 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #2007|0 |1 is obsolete| | Attachment #2429|0 |1 is

Hello, a moment ago i got this: : @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ : @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ : @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ : IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! : Someone could be eavesdropping on you right now (man-in-the-middle attack)! : It is also possible that the RSA host key

This patch is against 3.0.2p1. It produces output like the first line in the example below for both v1 and v2 logins. Logging is turned on by sticking ``LogFingerprint yes'' in sshd_conf. It would be nice if something like this would make it into OpenSSH. Dec 4 14:21:09 lizzy.bugworks.com sshd[7774]: [ID 800047 auth.info] Found matching RSA1 key:

https://bugzilla.mindrot.org/show_bug.cgi?id=1863 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED CC| |djm at mindrot.org Status|NEW

This patch allows the OpenSSH client to make connections over SCTP, and allows the OpenSSH server to listen for connections over SCTP. SCTP is a robust transport-layer protocol which supports, amongst other things, the changing of endpoint IPs without breaking the connection. To connect via SCTP, pass -H or set "ConnectViaSCTP yes". To listen via SCTP as well as TCP, set

From: Christian Hesse <mail at eworm.de> Signed-off-by: Christian Hesse <mail at eworm.de> --- ssh_config.5 | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/ssh_config.5 b/ssh_config.5 index 5b0975f..28f7714 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -649,9 +649,13 @@ The default is .It Cm FingerprintHash Specifies the hash algorithm used when

https://bugzilla.mindrot.org/show_bug.cgi?id=2555 Bug ID: 2555 Summary: [patch] Add FingerprintHashEncoding keyword Product: Portable OpenSSH Version: 7.1p1 Hardware: Other OS: All Status: NEW Severity: enhancement Priority: P5 Component: Miscellaneous Assignee:

It would be useful to allow matching HostName entries against Host entries. That's to say, I would find it very convenient to have an ssh_config like: Host zeus HostName zeus.greek.gods User hades Host hera HostName hera.greek.gods # [ ... ] Host *.greek.gods User poseidon UserKnownHostsFile ~/.ssh/known_hosts.d/athens # [ Default settings for *.greek.gods ] where I

My keys are secured with a passphrase. That's good for security, but having to type the passphrase either at every login or at every invocation of ssh(1) is annoying. I know I could invoke ssh-add(1) just before invoking ssh(1), if I keep track of whether I invoked it already, or write some hacky scripts; but the rest of OpenSSH is wonderfully usable without any hacks. Hence, this patch.

Hi all, there''s an interesting citaton on kerneltrap.org, mentioning the addition of passive OS fingerprinting to the OpenBSD firewall (http://www.kerneltrap.org/node/view/770 for those interested) This new feature enables the possibility of triggering customized firewall rules according to the (detected) incoming OS, in a fully passive way. I was wondering if the above would be

I was looking through the RSA fingerprinting code from a few releases back, with an eye to being able to close <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=111598>. While it works fine with SSH2, the fingerprint log message goes missing with SSH1. I eventually realized that this is because auth_rsa() is called in the unprivileged child, and so can't write syslog messages. Am I

On Mon, June 27, 2016 12:29, Gordon Messmer wrote: > On 06/26/2016 01:50 PM, James B. Byrne wrote: >> However, all I am seeking is knowledge on how to handle this using >> iptables. I am sure that this defect/anomaly has already been >> solved wherever it is an issue. Does anyone have an example on >> how to do this? > > > I think the bit you're missing is

Since we talked about this before, I might as well announce that we've released our song fingerprinting library under the GPL. You can grab the source at http://sourceforge.net/projects/freetantrum/. Sorry for the spam everyone. Back to vorbis talk. Jon p.s. you only get one copy of this message this time ;) --- >8 ---- List archives: http://www.xiph.org/archives/ Ogg project

On Fri, June 24, 2016 12:24, John R Pierce wrote: > On 6/24/2016 9:20 AM, James B. Byrne wrote: >> We received a notice from our pci-dss auditors respecting this: >> >> CVE-2002-0510 The UDP implementation in Linux 2.4.x kernels keeps >> the >> IP Identification field at 0 for all non-fragmented packets, which >> could allow remote attackers to determine that

Hello, My usage of ProxyCommand just calls the nc utility with various parameters. That in turn after the initial setup just copies copies the data from the network socket to stdin/stdout. This useless coping can be avoided if ssh has an option to receive the socket from the proxy command. I suppose it can improve network error reporting as ssh would talk directly to the network socket rather