Displaying 20 results from an estimated 1000 matches similar to: "Announce: X.509 certificates support v7.0 for OpenSSH version 5.9p1"
2008 Feb 20
4
OpenSSH and X.509 Certificate Support
Hi,
I need to add X.509 Certificate support to OpenSSH.
I came across the following post on the openssh-unix-dev mailing list
that is very useful:
http://marc.info/?l=openssh-unix-dev&m=120298135706959&w=2
<http://marc.info/?l=openssh-unix-dev&m=120298135706959&w=2>
And also, http://marc.info/?l=openssh-unix-dev&m=104395024824680&w=2
2006 Sep 30
1
Announce: X.509 certificates support version 5.5.1 in OpenSSH 4.4p1
Hi All,
The version 5.5.1 of "X.509 certificates support in OpenSSH" is ready for download.
On download page http://roumenpetrov.info.localhost/openssh/download.html#get_-5.5.1
you can found diff for OpenSSH versions 4.4p1.
What's new:
* specific diff of 5.5 for OpenSSH 4.4p1
Because of OpenSSH source code changes, like include statements and new server
option
2008 Jan 16
4
x509 patch for SSH
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi guys,
been trying the x509 patch for ssh from Roumen, it works great.
However, I can't figure out couple of things, and been trying to solve
it for couple of days already.
I'am using OpenSSH_4.7p1-hpn12v19, OpenSSL 0.9.8g
with 6.1 version of your patch.
The serverside hostkey is configured correctly, to present x509v3-sign-rsa
dynowork
2015 Dec 07
2
OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
Thanks Roumen.
I have few more questions below:
1. What version of OpenSSH can the patch be applied to? What branch should
I check out the patch?
2.
>Impact is not only for source code. Build process has to be updated as
well. Red Hat is based on "fipscheck".
What build process should be changed? What is fipscheck?
3. My understanding any application (such as OpenSSH) which need
2012 May 25
2
Announce: X.509 certificates support v7.2 for OpenSSH version 6.0p1
Dear All,
X.509 certificates support for OpenSSH version 6.0p1 was published.
I brief new version include :
- support for Android platform;
- engine implementation is now considered stable;
- various regression test improvements including fixes for OpenSSL FIPS
enabled 1.0.1 stable release and korn shell
Yours sincerely,
Roumen Petrov
--
Get X.509 certificates support in OpenSSH:
2007 Jul 29
38
[Bug 1346] New: PAM environment takes precedence over SendEnv
http://bugzilla.mindrot.org/show_bug.cgi?id=1346
Summary: PAM environment takes precedence over SendEnv
Product: Portable OpenSSH
Version: 4.6p1
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: bitbucket at mindrot.org
ReportedBy:
2018 May 25
4
Suggestion: Deprecate SSH certificates and move to X.509 certificates
I suggest deprecating proprietary SSH certificates and move to X.509
certificates. The reasons why I suggest this change are: X.509
certificates are the standard on the web, SSH certificates provide no
way to revoke compromised certificates, and SSH certificates haven't
seen significant adoption, It's also a bad idea to roll your own
crypto, and own certificate format seems like an example
2008 Mar 10
1
Benefits of OpenSSH X.509 over key based authentication?
Hi,
I have some observations regarding the X.509 patch developed by Roumen
Petrov for OpenSSH available at http://roumenpetrov.info/openssh/ , I don't
understand some things here like
1. When certificate based authentication of the client is desired,
shouldn't it be something like what mod_ssl does in Apache where u have a CA
certificate at the server, and then the client
2015 Dec 07
2
OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
Thanks Roumen.
>Lets assume that application use OpenSSL FIPS validated module. FIPS mode
is activated in openssl command if environment variable OPENSSL_FIPS is
set. Similarly I use OPENSSL_FIPS environment variable to activate FIPS
mode. Code will call FIPS_mode_set(1) if crypto module is not FIPS mode.
Did you mean the FIPS patched OpenSSH server and client (such as
ssh-keygen) always
2015 Mar 03
2
configure and have crypt or DES_crypt
Hello,
With current portable master source tree HAVE_CRYPT and HAVE_DES_CRYPT
are not defined.
It seems to me this is regression introduced with implementation of
configure options --with-openssl.
Impacted code is in xcrypt.c:
...
# if defined(WITH_OPENSSL) && !defined(HAVE_CRYPT) &&
defined(HAVE_DES_CRYPT)
# include <openssl/des.h>
# define crypt DES_crypt
# endif
...
2008 Dec 16
3
Patch for OpenSSH for Windows to allow authentication through certificates
Hi all,
Does anyone know if it exists a patch for OpenSSH for Windows to allow
authentication through certificates?
Is it possible to make one if it doesn't exists?
Using OpenSSH for Windows 3.8p1-1 20040709 Build.
I know there is Roumen Petrov patch, but is for unix machines if i'm
not mistaken.
I need a similar one for Windows that work with the Roumen Petrov
patch so i can have
2015 Dec 04
6
OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
Hi All:
I tried to rebuild openssl with the FIPS modules, and then install the new
openssl libs (lib crypto.so to be specific) on my Ubuntu 12.04 box.
After that I noticed it seemed to break OpenSSH: I couldn't login to the
box using ssh, and couldn't run the client command like ssh-keygen either.
My questions are:
1. Does OpenSSH support FIPS mode?
2. Or does OpenSSH support with
2003 Jun 30
2
experimental DNS fingerprint
Please find attached file "configure.ac+dns.patch".
This patch allow to compile current (30 Jun 2003) with options
--with-dns on my platform.
Output from "ssh -v -o VerifyHostKeyDNS=yes ..." follow:
...
debug1: found 1 fingerprints in DNS
debug1: matching host key fingerprint found in DNS
...
-------------- next part --------------
An embedded and charset-unspecified text
2018 Mar 16
3
using sshd in fips mode
Hi,
We would like to use openssh in fips mode. It looks it is not provided as a
configurable option through sshd_config, Are there plans to do incorporate
such change.
Do we have to change openssh code for now until the option is provided.
If sshd is operating in fipsmode, does it provide additional errors/audits
to indicate failures such as pair wise consistency failed during on of the
sshd
2023 Aug 17
21
[Bug 3603] New: ssh clients can't communicate with server with default cipher when fips is enabled at server end
https://bugzilla.mindrot.org/show_bug.cgi?id=3603
Bug ID: 3603
Summary: ssh clients can't communicate with server with default
cipher when fips is enabled at server end
Product: Portable OpenSSH
Version: 9.4p1
Hardware: All
OS: Linux
Status: NEW
Severity: critical
2003 Jun 26
7
[Bug 606] sshd [-t] should warn when cannot create pid file
http://bugzilla.mindrot.org/show_bug.cgi?id=606
Summary: sshd [-t] should warn when cannot create pid file
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: Linux
Status: NEW
Severity: enhancement
Priority: P2
Component: sshd
AssignedTo: openssh-bugs at mindrot.org
2020 Apr 23
6
[Bug 3153] New: Prefer user specified keys to avoid the agent overloading MaxAuthTries before even trying the key that was specified
https://bugzilla.mindrot.org/show_bug.cgi?id=3153
Bug ID: 3153
Summary: Prefer user specified keys to avoid the agent
overloading MaxAuthTries before even trying the key
that was specified
Product: Portable OpenSSH
Version: 8.2p1
Hardware: Other
OS: Linux
Status: NEW
2010 Mar 15
1
5.4p1 and FIPS 140-2
My office is working with government contracts, and it appears that they
are wanting FIPS enabled OpenSSL and OpenSSH is coming in the next year.
We have been able to compile OpenSSL to create the container, but all
the diffs to enable FIPS 140-2 in OpenSSH are for 5.3p1. Will the diffs
from:
https://bugzilla.mindrot.org/attachment.cgi?id=1789&action=edit
build in 5.4p1 will a little
2013 Jan 29
1
[PATCH] Android port
Hi all.
I am experimenting with building OpenSSH server for Android. The
attached patch makes OpenSSH successfully build (at least) using Android
NDK with libldns. The patch is mostly trivial. The biggest change
perhaps is disabling password authentication code.
I would like to receive feedback and hopefully get it accepted into the
mainline eventually.
Regards,
Dmitry
-------------- next
2004 Jul 15
1
I ask about a openSSH
Hello,
Since which version of OPENSSH the authentification by certificates x509V3
accepts.
Thankyou,
_________________________________________________________________
MSN Messenger : discutez en direct avec vos amis !
http://www.msn.fr/msger/default.asp