similar to: Compiling 2.2.8a with SSL support on Solaris 7

Jan, maybe I should check the /afs information that you pointed me at in a subsequent email first, but I wanted to update you on what happened following this path: I did get some mileage out of both of your suggestions below, but still did not make it through (now working with openssh-2.9p2): gcc -o ssh ssh.o sshconnect.o sshconnect1.o sshconnect2.o sshtty.o readconf.o clientloop.o -L.

Hi list, I have no idea if Damien Miller had the time to work on that. I have an initial patch to authenticate using PKCS#11 and ECDSA keys. This requires OpenSSL 1.0.2, prior OpenSSL versions do not expose the required interfaces to override the signature function pointer for ECDSA. The only limitation is that the OpenSSL API misses some cleanup function (finish, for instance), hence I have yet

> On 1 Mar 2018, at 5:56 pm, Aki Tuomi <aki.tuomi at dovecot.fi <mailto:aki.tuomi at dovecot.fi>> wrote: > > > > On 01.03.2018 07:34, James Brown wrote: >> On 1 Mar 2018, at 4:09 pm, Aki Tuomi <aki.tuomi at dovecot.fi <mailto:aki.tuomi at dovecot.fi>> wrote: >>> >>> >>> What SSL library and version? >>> ---

Hi, I've installed openssl-0.9.7 and now am testing current openssh-cvs. The kerberosIV installation has it's own libdes.a. I'm quite please openssh built successfully, congratulations! Unfortunately, kerberos autentication is not tried at all. As far as I remeber, Ja Iven who wrote some patch, which as he said got into 3.5p1 also removed the ifdef's that --with-privsep no longer

Hello, I am getting errors when doing a make clean under /usr/src, I have always done this before doing a make world, and never a problem. I have tried deleting all of /usr/src and re cvsuped, but the problem persists. FreeBSD 4.7-STABLE #0: Fri Feb 14 13:49:58 EST 2003 ===> secure/usr.bin/openssl rm -f buildinf.h openssl/opensslconf.h openssl/evp.h xopenssl app_rand.o apps.o asn1pars.o ca.o

Dear All, X.509 certificates support for OpenSSH version 6.0p1 was published. I brief new version include : - support for Android platform; - engine implementation is now considered stable; - various regression test improvements including fixes for OpenSSL FIPS enabled 1.0.1 stable release and korn shell Yours sincerely, Roumen Petrov -- Get X.509 certificates support in OpenSSH:

Hello, I'm experiencing a weird problem doing "make clean" in "/usr/src". It happens on a couple of FreeBSD 4.8-RELEASE machines (RELENG_4_8 to be precise). Cvsup, build & install phases all went fine, just "make clean" went wrong. I tried rm-ing the incriminated subdirectory and even rm-ing the checkout.cvs:RELENG_4_8 file and re-cvsupping but nothing

Hello everybody, First a big thanks for tinc-vpn I am still using it next to wireguard and openvpn. I am having a setup where the tinc debian appliance is at 100% cpu load doing about 7.5MB/s. Compression = 9 PMTU = 1400 PMTUDiscovery = yes Cipher = aes-128-cbc How can I pick a cipher that is the fasted for my CPU and don't create a CPU bottleneck at 100%. Kind regards, Jelle de Jong

Hi Guys I need to implement ssh server daemon on OLD installations of real time OS, which uses flash memory and every program gets loaded in flash mem, once the device is booted. I have very limited space in flash memory of this device. SO what we are trying to do is reducing the size of sshd by taking out least common used things. Can someone give me input what features, version and crypto

Hi, The 4.4p1 release is approaching now, so we are now asking people to actively test snapshots or CVS and report back to the mailing list. Snapshots are available from http://www.mindrot.org/openssh_snap or from any of the mirrors listed on http://www.openssh.org/portable.html The latter page also includes instructions for checking out portable OpenSSH via anonymous CVS. This release

When compiling the software it breaks with an error on the cipher.c file. Lot's of warnings and error of undeclared stuff. Snippet follows: gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I. -I. -I/usr/local/ssl/include -Iyes -I/usr/local/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\"

Dear Damien, On Wed, Apr 19, 2023 at 9:55?AM Damien Miller <djm at mindrot.org> wrote: > > On Wed, 19 Apr 2023, Dmitry Belyavskiy wrote: > > > > While I'm sure this is good for RHEL/rawhide users who care about FIPS, > > > Portable OpenSSH won't be able to merge this. We explictly aim to support > > > LibreSSL's libcrypto as well as

This patch protects against redefinitions of size_t. There are currently at least two different definitions provided with klibc: unistd.h -> stddef.h -> bits32/bitsize/stddef.h sys/times.h -> linux/times.h -> linux/types.h both define size_t, causing gcc to complain. I suspect ptrdiff_t has a similar problem; not covered by this patch. Regards, Erik diff -urN

This (very quick) patch allows you to connect with the commercial ssh.com windows client and use x509 certs for hostkeys. You have to import your CA cert (ca.crt) in the windows client and certify your hostkey: $ cat << 'EOF' > x509v3.cnf CERTPATHLEN = 1 CERTUSAGE = digitalSignature,keyCertSign CERTIP = 0.0.0.0 [x509v3_CA]

I''m trying to run puppetmasterd the first time with --mkusers. It fails with the following error message: 001 # /usr/bin/puppetmasterd --mkusers Could not configure for running; got 1 failure(s) Adding --verbose and --debug does nothing to improve the output. How do I begin to debug this? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are

Hi, already asked in the openssl mailing list, but just in case you already went through this... I need a little help with Certificate Revocation Lists. I did setup client certificates filtering with apache and it seem to work fine so far (used a tutorial on http://www.adone.info/?p=4, down right now). I have a "CA" that is signing a "CA SSL". Then, the "CA SSL" is

> I?ve spent some time (together with Christian and Thomas) hacking on > U2F support in OpenSSH, and I?m happy to provide a first patch ? it?s > not complete, but it should be good enough to get the discussion going > :). Please see the two attached files for the patch. This is great - I'm looking forward to it! :) I've implemented U2F into another (C-based) application these

Hi all, attached is a patch that enables using hardware crypto accelerators available through OpenSSL library for SSH operations. Especially in ssh/sshd it can bring a significant speed improvement. OTOH if no crypto engine is available, nothing bad happens and default software crypto routines are used. This patch is used in SUSE Linux OpenSSH package and proved to work (at least it didn't

Hi, I am trying to set up OpenSSH with x509 certs and I'm getting nowhere. I've been at this on and off for days and doing all the googling I can but I'm still not making progress so any help would be very much appreciated. I believe the latest OpenSSH builds support x509 certificates - I'm running 5.5 on Ubuntu 10.04. What I want to do is have users on Windows boxes using

Thanks a lot to Demitris for a prompt answer some minutes ago on another tread (see below). To avoid excess mails on the list, I move onto next question: I have another small plotting problem that confuses me. I want to plot results from a field trial series, using the numbers of the trials as symbols in the plot. pch = as.character(trial_no) works fine, but truncates the trial number to the