similar to: Announce: Portable OpenSSH 5.8p2 released

OpenSSH Security Advisory: portable-keysign-rand-helper.adv This document may be found at: http://www.openssh.com/txt/portable-keysign-rand-helper.adv 1. Vulnerability Portable OpenSSH's ssh-keysign utility may allow unauthorised local access to host keys on platforms if ssh-rand-helper is used. 2. Affected configurations Portable OpenSSH prior to version

OpenSSH Security Advisory: portable-keysign-rand-helper.adv This document may be found at: http://www.openssh.com/txt/portable-keysign-rand-helper.adv 1. Vulnerability Portable OpenSSH's ssh-keysign utility may allow unauthorised local access to host keys on platforms if ssh-rand-helper is used. 2. Affected configurations Portable OpenSSH prior to version

OpenSSH 5.9 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches,

OpenSSH 5.9 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches,

https://bugzilla.mindrot.org/show_bug.cgi?id=1781 Summary: Document how to use Solaris 10 /dev/random Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Documentation AssignedTo: unassigned-bugs at mindrot.org

Over the holidays, I intend to finally rid portable OpenSSH of the builtin entropy collection code. Here's what I intend to do: When init_rng is called, we'll check OpenSSL's RAND_status(). If this indicates that their PRNG is already seeded, we'll do nothing. This effectively detects platforms which have /dev/urandom (or similar) configured into OpenSSL. If OpenSSL isn't

Now that ssh-rand-helper has been segregated into a separate program, I'd like to revisit an old question about its entropy gathering. - would it be desirable to make it possible for ssh-rand-helper to fall back to external commands if PRNGD cannot be reached, instead of choosing one or the other at compile time? - When using PRNGD, the program gets 48 bytes of entropy from PRNGD,

Hello all, I was finally able to create the OpenSSH package for Solaris 8 10/01. The problem I have now is that I will still need to have entropy ready prior to openssh-3.1p1 package installation. Otherwise there is no entropy pool available (with the new servers) and key generation fails. With the previous versions of openssh, I used SUN's "makeOpenSSHPackage.ksh" script and was

Hi. I recently snookered myself: I build OpenSSH on an old box that didn't have /dev/random, but happened to be running prngd at the time for other reasons. Because I wanted to use commands, I configured --with-rand-helper, however configure found the prngd socket and built ssh-rand-helper to use it exclusively. Next reboot: no prngd, no random seed, no sshd. Do not log in, do not

Hi, I've seen that openssh will have different function names for des, I think thats great. As kerberos4 nor kerbero5 from KTH in Sweden support those new calls yet, I thought it would be best for me to switch back to the old behaviour, i.e. have kerberized libkrb and other libs with disabled support for openssl (which means libdes is compiled). Then, compile openssh-3.5p1 with kerberos4

I am running openssh 3.4p1 and had everything working fine, but then we had to upgrde the openssl. So did the same steps now openssh is not seeing prngd. We configure openssh with : --with-prngd-socket=/var/spool/prngd/pool this is what we saw with openssl-0.9.6g when I configured it: OpenSSH has been configured with the following options: User binaries: /usr/local/bin

Hi, First checking out http://www.openbsd.org/errata.html Following is output and error from trying to compile the latest openssh on SGI IRIX (using cc). Previous versions of openssh have compiled cleanly on this system using the following configure options. Is there a quick fix for this? Cheers, Lachlan. ------------------------------------------------------- For SGI IRIX 6.5x 10151453

On Thu, 27 Sep 2001 20:41:05 EDT, Damien Miller writes: > On Thu, 27 Sep 2001, Dan Astoorian wrote: > > > > > It would (IMHO) be useful if there were a way to optionally configure > > that code to fall back to the internal entropy gathering routines in the > > event that EGD was not available; as it is, the routines simply fail if > > EGD is unavailable at the

On Sun, 19 Mar 2023 at 12:25, Nathan Wagner <nw at hydaspes.if.org> wrote: > I'm trying to compile openssh with openssl 3.1 on a linux machine with > kernel 4.15.10. I seem to get stuck at: > > configure: error: OpenSSH has no source of random numbers. Please > configure OpenSSL with an entropy source or re-run configure using one > of the --with-prngd-port or

this patch adds a LogFile option to sshd_config. it just logs messages directly to a file instead of stderr or syslog. the largest change is an additional argument to log_init() in log.c for the log file name (and then changes to the rest of the tools to add a NULL arg). galt -------------- next part -------------- diff -urN openssh-3.5p1-orig/log.c openssh-3.5p1/log.c ---

http://bugzilla.mindrot.org/show_bug.cgi?id=721 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED ------- Additional Comments From dtucker at zip.com.au 2004-02-10 14:17 ------- I think your OpenSSL has found the prngd

On Sun, Mar 19, 2023 at 12:57:23PM +1100, Darren Tucker wrote: > On Sun, 19 Mar 2023 at 12:25, Nathan Wagner <nw at hydaspes.if.org> wrote: > Does the OpenSSL self-test ("make tests") pass? Does its basic RNG > function work (eg "openssl rand -base64 9")? And if "openssl rand" > doesn't work, if you strace it what is it trying to do? make

http://bugzilla.mindrot.org/show_bug.cgi?id=422 Summary: /bin/sh: ./ssh-keygen: file or directory not found Product: Portable OpenSSH Version: 3.5p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: openssh-unix-dev at mindrot.org

http://bugzilla.mindrot.org/show_bug.cgi?id=526 Summary: potential ssh-keysign segfault if pktype == KEY_UNSPEC Product: Portable OpenSSH Version: 3.6p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Miscellaneous AssignedTo: openssh-unix-dev at mindrot.org

http://bugzilla.mindrot.org/show_bug.cgi?id=371 Summary: OpenSSH fails to build on Alpha True64 in cipher.c Product: Portable OpenSSH Version: -current Platform: Alpha OS/Version: OSF/1 Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: openssh-unix-dev at mindrot.org