Displaying 20 results from an estimated 10000 matches similar to: "Max Packet Size in sshd server and negotiation with client"
2013 Apr 19
0
OpenSSH_6.1p1 sends a SSH packet bigger than 32K
The full SSH_MSG_CHANNEL_DATA packet looks like this:
uint32 packet length
byte SSH_MSG_CHANNEL_DATA
uint32 recipient channel
uint32 nr data bytes
byte[] data
OpenSSH_6.1p1 considers that the 'maximum packet size' from SSH_MSG_CHANNEL_OPEN or SSH_MSG_CHANNEL_OPEN_CONFIRMATION impacts only the 'byte[] data' field and not the entire message (headers included).
2013 May 07
2
SSH key exchange algorithm negotiation payload growth
Howdy-
TL;DR
An SSH daemon for a memory-constrained embedded platform didn't work with a recent OpenSSH client because it couldn't handle the payload size during key exchange. In general, what should SSH implementors in such limited environments do to ensure forwards compatibility with future OpenSSH releases?
I am unable to SSH to any of my HP servers' iLO2 interfaces using
2017 Feb 04
4
Greeter openssh 7.4 is not according rfc4253.
Hi,
I discovered when using my fuse fs for connecting to a remote host
using sftp that the new
server version 7.4 sends a greeter which is not according the format desribed in
https://tools.ietf.org/html/rfc4253#section-4
There is written that the greeter "MUST be terminated by a single
Carriage Return (CR) and a single Line Feed (LF) character (ASCII 13
and 10, respectively)."
Now
2010 Aug 09
0
[SIP/H.264] Codec negotiation problem ?
Hi,
I've a problem configuring my Asterisk. What I try to reach is to
interconnect a Tandberg Visioconference (SIP) world with my Asterisk (SIP)
with 1 constraint I can't change : "every RTP flow needs to pass THROUGH
Asterisk, and are NOT nated"
What I observe :
- a call made from a SIP Phone registred in Asterisk to Tandberg works
(voice and video bidirectionnal)
- a call
2024 Feb 05
0
Server-side algorithms selection
Hi,
according to RFC 4253
https://www.rfc-editor.org/rfc/rfc4253#section-7.1
for the selection of algorithms (ciphers, KEX, MAC etc.), the leftmost
matching client algorithm is picked.
While this is fine in most cases, there are cases where it is not
desirable, for example:
1) for compatibility with a single old client you enable an old cipher,
say aes128-cbc, server side. A modern client
2024 Jan 11
0
Announce: timeline to remove DSA support in OpenSSH
Hi,
OpenSSH plans to remove support for DSA keys in the near future. This
message describes our rationale, process and proposed timeline.
Rationale
---------
DSA, as specified in the SSHv2 protocol, is inherently weak - being
limited to a 160 bit private key and use of the SHA1 digest. Its
estimated security level is <=80 bits symmetric equivalent[1][2].
OpenSSH has disabled DSA keys by
2024 Jan 11
0
Announce: timeline to remove DSA support in OpenSSH
Hi,
OpenSSH plans to remove support for DSA keys in the near future. This
message describes our rationale, process and proposed timeline.
Rationale
---------
DSA, as specified in the SSHv2 protocol, is inherently weak - being
limited to a 160 bit private key and use of the SHA1 digest. Its
estimated security level is <=80 bits symmetric equivalent[1][2].
OpenSSH has disabled DSA keys by
2013 May 15
1
key rotation on ssh servers
hi OpenSSH folks--
I have several OpenSSH sshd servers that i've maintained for a long
time. Some of them have keys that are considered short by today's
standards (e.g. 1024-bit RSA keys).
On these servers, I would like to be able to do a key rotation such that
multiple keys are valid during a time window so that users can learn the
new key before i remove the old one. I don't
2009 Nov 06
0
SSL vulnerability and SSH
Hi,
This is just a quick note to state that the recently reported SSL/TLS
MITM attack[1] *does not* affect SSH. Like SSL/TLS, SSH supports
key and parameter renegotiation, but it is not vulnerable because a
session identifier is carried over from the first key exchange into all
subsequent key exchanges.
Technical details:
In SSL, key exchanges and subsequent renegotiations are completely
2011 Jan 26
1
Packets Sizes and Information Leakage
This message is a few years old so I cannot reply to the original, but
it is still of current research interest.
> So one of my coworkers is doing a little research on SSH usage in the
> wild using netflow data. One of the things he's trying to do is
> determine a way to differentiate between data transfers and interactive
> sessions. We thought of a couple of ways but we wanted
2012 Dec 27
3
[PATCH] hostfile: list known names (if any) for new hostkeys
When connecting to a host for which there's no known hostkey, check if the
relevant key has been accepted for other hostnames. This is useful when
connecting to a host with a dymamic IP address or multiple names.
---
auth.c | 4 ++--
hostfile.c | 42 ++++++++++++++++++++++++++++--------------
hostfile.h | 8 ++++++--
sshconnect.c | 39 +++++++++++++++++++++++++++++++++------
2014 Mar 06
1
Encryption
Am I correct in assuming that the user and host public/private keys used
in openSSH are only used for authentication (is the remote server known to
be X, is this Harry trying to login), and have no role in the encryption?
I was under the assumption that each connection used a newly generated
key (using DH for key exchange) so each session was unique.
(I believe this because the transport layer
2023 Nov 10
1
Question about stderr output containing carriage return External
Hi all,
I have recently only discovered that openssh prints lines to stderr
separated by CLRF pairs, and am trying to understand where this
behavior comes from.
This behavior can be seen here:
--snip--
$ ssh u at u 2>&1 | sed -n l
ssh: Could not resolve hostname u: Name or service not known\r$
--snip--
I have seen section 11.3 from rfc4253, but am unsure whether that is
the origin of
1997 Sep 02
1
R-alpha: Re: What are objects?
[I do think
this discussion belongs to R-devel rather than anywhere else .. MM]
>>>>> "Kurt" == Kurt Hornik <Kurt.Hornik@ci.tuwien.ac.at> writes:
>>>>> Peter Dalgaard BSA writes:
>> Kurt Hornik <Kurt.Hornik@ci.tuwien.ac.at> writes:
KH>>> While trying to write documentation for data.class(), I came
1997 Apr 22
1
R-alpha: contributed packages -- Yes, use library/<package>/.. !
>>>>> "Kurt" == Kurt Hornik <Kurt.Hornik@ci.tuwien.ac.at> writes:
>>>>> Paul Gilbert writes:
>> Friedrich
>> Regarding the location of data for libraries it might be easier if
>> everything for one library is included in one subdirectory. At least
>> it would certainly be easier to clean-up, which I like to do
2000 Aug 26
0
smbsh - Samba 2.0.7 - Solaris 2.6? Thanks!
Hi Oka,
It worked! All works fine in the tcsh.
Thanks!
Kurt
----- Original Message -----
From: Stam, Kurt
To: 'kurt@oneheartbreak.com'
Sent: Friday, August 25, 2000 4:33 PM
Subject: FW: smbsh - Samba 2.0.7 - Solaris 2.6
-----Original Message-----
From: Oka Setiawan [mailto:oka@indigopool.com]
Sent: Friday, August 25, 2000 4:37 PM
To: Stam Kurt
Subject: RE: smbsh - Samba 2.0.7 -
2012 Nov 07
0
Listener Stats getting wrong IP
Ok Kurt, thank you !!
El mar, 06-11-2012 a las 10:38 -0700, Kurt escribi?:
> Sorry for the slow response. Today, I am swamped, hope to be able
> to help you tomorrow
>
> Kurt
> LSDcode.com
> 801.599.1227
>
>
> On 11/5/2012 8:45 PM, Jos? Luis Artuch wrote:
>
> >
> > Kurt, I have retested the Icecast server on port 8000 and it works
> >
2001 Jul 16
0
forwarded message from Inge Monika
--Hipsgkxbeg
Content-Type: text/plain; charset=us-ascii
Content-Description: message body text
Content-Transfer-Encoding: 7bit
This one was sent privately to me.
--Hipsgkxbeg
Content-Type: message/rfc822
Content-Description: forwarded message
Content-Transfer-Encoding: 7bit
Received: from tuvok.kom.tuwien.ac.at (tuvok.kom.tuwien.ac.at [192.35.241.66])
by fangorn.ci.tuwien.ac.at (8.9.3/8.8.5)
1997 Apr 22
3
R-beta: library(splines) in version 0.50 alpha
I am using the 0.50 alpha version of R packaged (in 3 parts) by Kurt
for Debian Linux.
Package: r-base
Status: install ok installed
Priority: optional
Section: local
Maintainer: Kurt Hornik <Kurt.Hornik at ci.tuwien.ac.at>
Version: 0.50b7-1
Depends: libc5, xlib6, libreadline2
Description: R, a language not entirely unlike the language S.
Package: r-contrib
Status: install ok
2014 Jul 30
0
checking for "dh_gen_key: group too small" errors
On Ubuntu 12.04 / OpenSSH_5.9p1 Debian-5ubuntu1 trying to initiate a
connection with hmac-sha2-512 and diffie-hellman-group1-sha1 results in
OpenSSH killing the connection after the SSH_MSG_KEXINIT packet is sent.
The OpenSSH error logs state the following:
debug2: mac_setup: found hmac-sha2-512 [preauth]
debug1: kex: server->client arcfour256 hmac-sha2-512 none [preauth]
dh_gen_key: group too