Displaying 20 results from an estimated 1000 matches similar to: "OpenSSH security advisory: legacy certificate signing in 5.6/5.7"
2011 Feb 04
0
OpenSSH security advisory: legacy certificate signing in 5.6/5.7
OpenSSH Security Advisory: legacy-certs.adv
This document may be found at: http://www.openssh.com/txt/legacy-cert.adv
1. Vulnerability
Legacy certificates generated by OpenSSH might contain data
from the stack thus leaking confidential information.
2. Affected configurations
OpenSSH 5.6 and OpenSSH 5.7 only when generating legacy
certificates. These must be
2003 Oct 08
4
OS/390 openssh
Hello Steve, Hello OpenSSH-portable developers,
I am building OpenSSH for our (EBCDIC-based) BS2000 mainframe
operating system, and I noticed you do the same for OS/390.
Because my initial ssh port was based on IBM's OSS port (ssh-1.2.2
or some such), I thought it was fair enough to help with a little
co-operation; we might come up with a unified EBCDIC patch which could
be contributed to
2002 Jan 31
7
x509 for hostkeys.
This (very quick) patch allows you to connect with the commercial
ssh.com windows client and use x509 certs for hostkeys. You have
to import your CA cert (ca.crt) in the windows client and certify
your hostkey:
$ cat << 'EOF' > x509v3.cnf
CERTPATHLEN = 1
CERTUSAGE = digitalSignature,keyCertSign
CERTIP = 0.0.0.0
[x509v3_CA]
2019 Mar 16
0
[ANNOUNCE] libXdmcp 1.1.3
libXdmcp is the X Display Manager Control Protocol library, used by both
X servers and display managers to handle both ends of the XDMCP connection.
This release provides a fix for CVE-2017-2625 for platforms which don't have
arc4random_buf() in their default libraries but do have getentropy(), such
as Linux platforms with a kernel version of 3.17 or newer and a glibc version
of 2.25 or
2019 Jul 14
0
[ANNOUNCE] libICE 1.0.10
libICE provides the API for the Inter-Client Exchange protocol.
This release provides a fix for CVE-2017-2626 for platforms which don't have
arc4random_buf() in their default libraries but do have getentropy(), such
as Linux platforms with a kernel version of 3.17 or newer and a glibc version
of 2.25 or newer. (libICE 1.0.9 already ensured that arc4random_buf()
is used on platforms that
2011 Feb 04
1
Announce: OpenSSH 5.8 released
OpenSSH 5.8 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.
Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches,
[Bug 2465] New: openssh portable does not check if arc4random_buf is declared in the system headers?
2015 Sep 12
6
[Bug 2465] New: openssh portable does not check if arc4random_buf is declared in the system headers?
https://bugzilla.mindrot.org/show_bug.cgi?id=2465
Bug ID: 2465
Summary: openssh portable does not check if arc4random_buf is
declared in the system headers?
Product: Portable OpenSSH
Version: 7.1p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: normal
Priority: P5
2006 Nov 15
11
OpenSSH Certkey (PKI)
This patch against OpenBSD -current adds a simple form of PKI to
OpenSSH. We'll be using it at work. See README.certkey (the first chunk
of the patch) for details.
Everything below is BSD licensed, sponsored by Allamanda Networks AG.
Daniel
--- /dev/null Wed Nov 15 15:14:20 2006
+++ README.certkey Wed Nov 15 15:13:45 2006
@@ -0,0 +1,176 @@
+OpenSSH Certkey
+
+INTRODUCTION
+
+Certkey allows
2017 Mar 02
1
[ANNOUNCE] xorg-server 1.19.2
A collection of stability fixes here across glamor, Xwayland, input,
and Prime support. Also a security fix for CVE-2017-2624, a timing
attack which can brute-force MIT-MAGIC-COOKIE authentication. Everybody
is encouraged to upgrade. Thanks to all who contributed fixes!
Adam Jackson (5):
xserver 1.19.2
Revert "xserver 1.19.2"
os: Squash missing declaration warning for
2016 Jul 23
2
Call for testing: OpenSSH 7.3
On Fri, 22 Jul 2016, Hisashi T Fujinaka wrote:
> regress/unittests/test_helper/test_helper.c:162
> (gdb) p key
> $1 = (struct sshkey *) 0x7037f9b120c0
> (gdb) p key->cert
> $2 = (struct sshkey_cert *) 0x7037f9b1b080
> (gdb) p *key->cert
> $3 = {certblob = 0x7037f9b162a0, type = 2, serial = 5, key_id = 0x7037f9b18090
> "julius", nprincipals = 1,
>
2016 Feb 17
3
Call for testing: OpenSSH 7.2
On Tue, 16 Feb 2016, Hisashi T Fujinaka wrote:
> On Wed, 17 Feb 2016, Damien Miller wrote:
>
> > > Core was generated by `test_sshkey'.
> > > Program terminated with signal SIGSEGV, Segmentation fault.
> > > #0 0x000000000041273e in cert_parse (key=0x7f7ff7b120c0,
> > > certbuf=0x7f7ff7b16200, b=0x7f7ff7b161b0) at sshkey.c:1896
> > > 1896
2008 Sep 15
0
No subject
hello..
i am running openssh-3.7.1p2. on linux.It is working successfully..and daemon is running &client also connecting.But the problem is with the mips architecture when i connecting this server from remote syytem.?i got an error of buufer_get:trying to get more bytes 1 than buffer0.And client is not connecting from remote system.My out is as follows on my server
?in sshd main
before
2008 Sep 18
2
SSHD_PROBLEM
hello..
i am running openssh-3.7.1p2. on linux.It is working
successfully.and daemon is running &client also connecting.But the
problem is with the mips architecture when i connecting this server
from remote syytem. i got an error of buufer_get:trying to get more
bytes 1 than buffer0.And client is not connecting from remote system.My
out is as follows on my server
in sshd main
before
2002 Mar 22
1
[PATCH] --link-dest option
Please CC me. I'm not subscribed.
Attached is a patch against 2.5.4pre1 CVS current to add the
--link-dest option so rsync will create hardlinks for
unchanged regular files to a directory on the destination.
This is like --compare-dest except that the result is not a
sparse tree.
Also included is extension to --(ex|in)clude-from to allow -
for stdin.
Could one of the maintainers please add
2005 Jul 26
1
Linux in-kernel keys support
Hi all,
I recently made a patch to openssh 4.1p1 to allow it to use the
in-kernel key management provided by 2.6.12 or later Linux kernels.
I've attached the patch (which is still only a proof-of-concept, for
instance its very verbose right now) to this mail.
Now, my question is, is this a completely insane idea and would (a later
version of) the patch have a chance of making it into the
2015 Aug 21
0
Announce: OpenSSH 7.1 released
OpenSSH 7.1 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support. OpenSSH also includes
transitional support for the legacy SSH 1.3 and 1.5 protocols
that may be enabled at compile-time.
Once again, we would like to thank the OpenSSH community
2002 Jan 31
4
signal transmission in ssh2
does somebody like this?
Index: Makefile.inc
===================================================================
RCS file: /cvs/src/usr.bin/ssh/Makefile.inc,v
retrieving revision 1.21
diff -u -r1.21 Makefile.inc
--- Makefile.inc 30 Oct 2001 20:32:31 -0000 1.21
+++ Makefile.inc 16 Nov 2001 12:07:22 -0000
@@ -10,7 +10,7 @@
CDIAGFLAGS+= -Wmissing-prototypes
CDIAGFLAGS+= -Wunused
-#DEBUG=-g
2015 Aug 21
4
Announce: OpenSSH 7.1 released
OpenSSH 7.1 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support. OpenSSH also includes
transitional support for the legacy SSH 1.3 and 1.5 protocols
that may be enabled at compile-time.
Once again, we would like to thank the OpenSSH community
2006 Feb 16
2
PAM and passwd age warnings again.
Hi all,
This is a patch against 4.2p1 (compiling for a Linux --- an old, highly
customized 7.2 to be specific). When I compiled it from your original
source, installed it, and turned on PAM (for passwd aging), I couldn't
get the passwd expiration warnings as specified in /etc/shadow to work
at all (the message that is supposed to warn you as you're logging in
that your passwd will expire
2013 Nov 01
1
[PATCH] curve25519-sha256@libssh.org key exchange proposal
Here are three versions (patch against openbsd cvs)
1) repace nacl w/libsodium, so i could test
2) curve25519-donna
3) Matthew's public domain reference implementation.
i'd vote for #3
-------------- next part --------------
Am 30.10.2013 um 07:27 schrieb Damien Miller <djm at mindrot.org>:
> On Tue, 24 Sep 2013, Aris Adamantiadis wrote:
>
>> Dear OpenSSH