Displaying 20 results from an estimated 8000 matches similar to: "[Bug 1972] ssh-keygen fails to generate SSHFP for ECDSA but exits with 0 code"
2015 Aug 11
0
[Bug 1972] ssh-keygen fails to generate SSHFP for ECDSA but exits with 0 code
https://bugzilla.mindrot.org/show_bug.cgi?id=1972
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #4 from Damien Miller <djm at mindrot.org> ---
Set all RESOLVED bugs to CLOSED with release
2012 Aug 31
6
[Bug 2039] New: Give proper credits for ECDSA patch
https://bugzilla.mindrot.org/show_bug.cgi?id=2039
Priority: P5
Bug ID: 2039
Assignee: unassigned-bugs at mindrot.org
Summary: Give proper credits for ECDSA patch
Severity: normal
Classification: Unclassified
OS: All
Reporter: ondrej at sury.org
Hardware: All
Status: NEW
Version:
2011 Nov 21
3
ssh-keygen -r should support SSHFP records for ECDSA (or at least return non-zero error code on failure)
hi folks:
it looks like ssh-keygen -r can''t export SSHFP records for ECDSA keys:
0 dkg@pip:/tmp/cdtemp.oiRYAS$ ssh-keygen -f foobar -t ecdsa -q -P ''''
0 dkg@pip:/tmp/cdtemp.oiRYAS$ ssh-keygen -r foobar -f foobar.pub
export_dns_rr: unsupported algorithm
0 dkg@pip:/tmp/cdtemp.oiRYAS$
the first number in my prompt is the return code of the last command;
note that
2011 Jul 28
1
Support for ECDSA and SHA-2 (SHA-256) in the SSHFP record
Hi,
I was sure I sent this to openssh at openssh.com, but cannot find that email now in my Sent mailbox, so I am sending it to the developers list.
I took a liberty and wrote an I-D with accompanying patch (with contributions from Ondrej Caletka) to support ECDSA in the SSHFP DNS resource record.
The I-D is here: https://tools.ietf.org/html/draft-os-ietf-sshfp-ecdsa-sha2 (and the source XML
2014 Apr 07
4
[Bug 2223] New: Ed25519 support in SSHFP DNS resource records
https://bugzilla.mindrot.org/show_bug.cgi?id=2223
Bug ID: 2223
Summary: Ed25519 support in SSHFP DNS resource records
Product: Portable OpenSSH
Version: -current
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs at
2012 Jan 04
0
ECDSA, SSHFP, and "Error calculating host key fingerprint."
When connecting to a host that provides an ECDSA host key and the
client has "VerifyHostKeyDNS" set to 'yes' or 'ask' SSH outputs a
mysterious and undocumented message "Error calculating host key
fingerprint." This error actually seems to be generated by
verify_host_key_dns(const char *hostname, struct sockaddr *address,
Key *hostkey, int *flags) in dns.c, but
2012 Feb 07
11
[Bug 1978] New: ECDSA & SHA256 support in SSHFS DNS records
https://bugzilla.mindrot.org/show_bug.cgi?id=1978
Bug #: 1978
Summary: ECDSA & SHA256 support in SSHFS DNS records
Classification: Unclassified
Product: Portable OpenSSH
Version: 5.9p1
Platform: All
URL: https://tools.ietf.org/html/draft-os-ietf-sshfp-ecdsa-
sha2-07
OS/Version: All
2012 Aug 29
0
Announce: OpenSSH 6.1 released
OpenSSH 6.1 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.
Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches,
2012 Aug 29
0
Announce: OpenSSH 6.1 released
OpenSSH 6.1 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.
Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches,
2011 Jan 24
1
ECDSA and first connection; bug?
Folks,
I read the 5.7 release announcement and updated, to try out ECDSA. Most
parts worked very smoothly. The inability to create SSHFP records is
understandable, since IANA haven't allocated a code yet.
One apparent bug: I think StrictHostKeyChecking=ask is broken for ECDSA.
% ssh -o HostKeyAlgorithms=ecdsa-sha2-nistp256 localhost
2014 Apr 07
1
Ed25519 keys in SSHFP RRs
Hello.
Subramanian Moonesamy has gotten the ball rolling to include Ed25519 in
IANA's registry for SSHFP key types [1].
I've opened a bug report [2] that includes a patch that adds the needed
support code and provisionally assigns Ed25519 a value of 4 (values
1,2,3 reserved for RSA, DSA, and ECDA, respectively) [3].
The enhancement request/bug is meant to keep the issue on the radar.
2014 May 14
1
Update on sshfp 4
The IANA has pre-allocated id 4 for ed25519.
If waiting on the IANA were a reason to delay applying the
SSHFP_KEY_ED25519 patch, it needn't be any longer.
I've proposed un-reserving hash type 0 to be a "NULL hash",
for those who'd rather publish the public key unhashed. Even
if zero for unhashed fails to gain traction, I hope to see
something allocated for that.
But
2015 Aug 11
0
[Bug 1978] ECDSA & SHA256 support in SSHFP DNS records
https://bugzilla.mindrot.org/show_bug.cgi?id=1978
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #8 from Damien Miller <djm at mindrot.org> ---
Set all RESOLVED bugs to CLOSED with release
2012 Aug 31
9
[Bug 2040] New: Downgrade attack vulnerability when checking SSHFP records
https://bugzilla.mindrot.org/show_bug.cgi?id=2040
Priority: P5
Bug ID: 2040
Assignee: unassigned-bugs at mindrot.org
Summary: Downgrade attack vulnerability when checking SSHFP
records
Severity: minor
Classification: Unclassified
OS: All
Reporter: ondrej at caletka.cz
Hardware: All
2019 Feb 22
4
Possible bug: SSH doesn't prefer host keys listed in SSHFP records while connecting.
Steps to reproduce:
1. Run a SSH server with default configuration and point a domain to it.
2. Add SSHFP record to the domain, but only for Ed25519 key.
3. Attempt to connect with VerifyHostKeyDNS set to yes, but the rest
of settings set to defaults.
4. OpenSSH defaults to ECDSA instead of Ed25519 and refuses connection
because there is no ECDSA fingerprint in SSHFP records.
A stopgap solution
2019 Feb 23
2
Possible bug: SSH doesn't prefer host keys listed in SSHFP records while connecting.
The reason why this is a bug is, for example, that if the server was
updated and it re-generated the ECDSA key you deleted, you would have
to do some non-obvious steps for your client to ignore it.
On Sat, Feb 23, 2019 at 11:49 AM Damien Miller <djm at mindrot.org> wrote:
>
> On Fri, 22 Feb 2019, Yegor Ievlev wrote:
>
> > Steps to reproduce:
> > 1. Run a SSH server with
2012 Aug 21
5
Call for testing: OpenSSH 6.1
Hi,
OpenSSH 6.1 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This release contains a
couple of new features and bug fixes.
Snapshot releases for portable OpenSSH are available from
http://www.mindrot.org/openssh_snap/
The OpenBSD version is available in CVS HEAD:
http://www.openbsd.org/anoncvs.html
Portable OpenSSH is also available
2018 Jan 10
4
sshfp/ldns still having issues in 7.6
I have been running openSSH 7.4p1 for a while now. When I upgraded to 7.5 a
year or so ago I ran into the problem listed in this bug report:
Bug report: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=218472
The release notes for 7.6 release notes indicate that the fix patch was
included: https://www.openssh.com/txt/release-7.6
I tried 7.6 and I still cannot connect without a prompt wondering
2011 Feb 19
2
[Bug 1862] New: document ECDSA within the "-b" option of the ssh-keygen manpage
https://bugzilla.mindrot.org/show_bug.cgi?id=1862
Summary: document ECDSA within the "-b" option of the
ssh-keygen manpage
Product: Portable OpenSSH
Version: 5.8p1
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P2
Component: Documentation
2013 Oct 08
3
[Bug 2157] New: [man] ssh-keygen page says ECDSA keys can be 521 bits
https://bugzilla.mindrot.org/show_bug.cgi?id=2157
Bug ID: 2157
Summary: [man] ssh-keygen page says ECDSA keys can be 521 bits
Product: Portable OpenSSH
Version: 6.2p1
Hardware: All
OS: All
Status: NEW
Severity: minor
Priority: P5
Component: Documentation
Assignee: