similar to: X.509 certificates and OpenSSH

Displaying 20 results from an estimated 5000 matches similar to: "X.509 certificates and OpenSSH"

2018 May 25
4
Suggestion: Deprecate SSH certificates and move to X.509 certificates
I suggest deprecating proprietary SSH certificates and move to X.509 certificates. The reasons why I suggest this change are: X.509 certificates are the standard on the web, SSH certificates provide no way to revoke compromised certificates, and SSH certificates haven't seen significant adoption, It's also a bad idea to roll your own crypto, and own certificate format seems like an example
2011 Sep 08
2
Announce: X.509 certificates support v7.0 for OpenSSH version 5.9p1
Hi All, Version 7.0 of "X.509 certificates support in OpenSSH" is ready for immediate download. This version allow client to use certificates and keys stored into external devices. The implementation is based on openssl dynamic engines. For instance E_NSS engine ( http://developer.berlios.de/projects/enss ) will allow you to use certificates and keys from Firefox, SeaMonkey,
2010 Jan 11
2
/etc/nologin must be world-readable which is not totally clear
hi, the man page for sshd(1) says about /etc/nologin: "The file should be world-readable". However, nologin has no effect if it's not readable by the connecting user: if (pw->pw_uid) f = fopen(_PATH_NOLOGIN, "r"); if (f) { /* /etc/nologin exists. Print its contents and exit. */ ... ... return(254) if root has a
2006 Sep 30
1
Announce: X.509 certificates support version 5.5.1 in OpenSSH 4.4p1
Hi All, The version 5.5.1 of "X.509 certificates support in OpenSSH" is ready for download. On download page http://roumenpetrov.info.localhost/openssh/download.html#get_-5.5.1 you can found diff for OpenSSH versions 4.4p1. What's new: * specific diff of 5.5 for OpenSSH 4.4p1 Because of OpenSSH source code changes, like include statements and new server option
2008 Jan 26
8
[Bug 1432] New: MaxAuthTries is not used correctly
https://bugzilla.mindrot.org/show_bug.cgi?id=1432 Summary: MaxAuthTries is not used correctly Classification: Unclassified Product: Portable OpenSSH Version: 4.7p1 Platform: All OS/Version: Solaris Status: NEW Severity: normal Priority: P3 Component: sshd AssignedTo: bitbucket at mindrot.org
2012 May 25
2
Announce: X.509 certificates support v7.2 for OpenSSH version 6.0p1
Dear All, X.509 certificates support for OpenSSH version 6.0p1 was published. I brief new version include : - support for Android platform; - engine implementation is now considered stable; - various regression test improvements including fixes for OpenSSL FIPS enabled 1.0.1 stable release and korn shell Yours sincerely, Roumen Petrov -- Get X.509 certificates support in OpenSSH:
2008 Feb 20
4
OpenSSH and X.509 Certificate Support
Hi, I need to add X.509 Certificate support to OpenSSH. I came across the following post on the openssh-unix-dev mailing list that is very useful: http://marc.info/?l=openssh-unix-dev&m=120298135706959&w=2 <http://marc.info/?l=openssh-unix-dev&m=120298135706959&w=2> And also, http://marc.info/?l=openssh-unix-dev&m=104395024824680&w=2
2009 Mar 23
4
OpenSSH GSoC Project
Hello, I apologize if this isn't the right place to post about the Google Summer of Code; if so, I would appreciate guidance toward the correct list. If this is the correct list, I would appreciate answers to the message below. Thanks. -----Original Message----- From: Jawaad Ahmad <jawaadahmad32 at webster.edu> To: djm at openssh.com Subject: OpenSSH GSoC Project Date: Thu, 19 Mar
2008 Dec 16
3
Patch for OpenSSH for Windows to allow authentication through certificates
Hi all, Does anyone know if it exists a patch for OpenSSH for Windows to allow authentication through certificates? Is it possible to make one if it doesn't exists? Using OpenSSH for Windows 3.8p1-1 20040709 Build. I know there is Roumen Petrov patch, but is for unix machines if i'm not mistaken. I need a similar one for Windows that work with the Roumen Petrov patch so i can have
2007 Oct 05
3
[Bug 1373] New: native support for X.509 v3 certificates
http://bugzilla.mindrot.org/show_bug.cgi?id=1373 Summary: native support for X.509 v3 certificates Product: Portable OpenSSH Version: 4.7p1 Platform: Other OS/Version: Other Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org ReportedBy: mindrot at
2018 May 25
2
Suggestion: Deprecate SSH certificates and move to X.509 certificates
Can you implement revocation support? On Fri, May 25, 2018 at 6:55 AM, Damien Miller <djm at mindrot.org> wrote: > No way, sorry. > > The OpenSSH certificate format was significantly motivated by X.509's > syntactic and semantic complexity, and the consequent attack surface in > the sensitive pre-authentication paths of our code. We're very happy to > be able to
2008 Mar 10
1
Benefits of OpenSSH X.509 over key based authentication?
Hi, I have some observations regarding the X.509 patch developed by Roumen Petrov for OpenSSH available at http://roumenpetrov.info/openssh/ , I don't understand some things here like 1. When certificate based authentication of the client is desired, shouldn't it be something like what mod_ssl does in Apache where u have a CA certificate at the server, and then the client
2019 Jun 25
5
About rsync over SSH and compression
Rsync supports the capability of compressing data before sending. So does OpenSSH. It would be probably be a waste of resources and time to enable both compression capabilities at the same time, but it is not clear to me whether, in general, it makes better sense to enable rsync compression or SSH compression. My first thought would be that SSH compression might yield better results, on the
2009 Apr 20
3
support of openSSH + Certificates
Hi, We want to use openSSH for one of our project. But we need certificate exchange support. I have gone through the documentation. It says openSSH support key management but no mention of certificates. I have seen some people outside openSSH giving patches for supporting X.509 but not sure how stable are those patches. Is there a way that openSSH support certificates? Your guidance will help a
2018 Nov 28
3
Dovecot crash
Thanks. Assuming that the IMAP mail directory for the account affected is under /home/xyz/mail, are you talking about the contents of the index directory, excluding the log file therein? On Wed, Nov 28, 2018 at 2:29 PM Thomas Durand <tom at rezoo.org> wrote: > Hi, > > I had the similar messages after an upgrade then downgrade. I was able to > fix by removing all indexes files.
2019 Jun 25
2
About rsync over SSH and compression
Thanks; I did not think of that. I have just run a few basic tests with both rsync and OpenSSH in their default settings, when it comes to compression. SSH compression seems to have a very slight edge. However, I surmise that, given the number of knobs available on both sides (OpenSSH, in particular) one can tinker with settings almost endlessly in either side, probably being able to end up with
2018 Nov 30
1
Dovecot crash
Thanks. Unfortunately, that made no difference. On Fri, Nov 30, 2018 at 1:20 PM Thomas Durand <tom at rezoo.org> wrote: > Exactly - I removed then with > *find* . -name "dovecot.index*" -type f -delete > > There is no need to restart dovecot. IMAP client will be forced to resync > all the emails from the server. > > > Le 28 nov. 2018 ? 23:20, JCA
2010 Jun 07
3
X509 based certificate authentication in OpenSSH
Hello, I would like to know whether OpenSSH supports x509 certificate based authentication. It looks like OpenSSH has dependency on OpenSSL so does this mean that OpeSSH also supports x509 certificate based authentication. If it does support, can you please point me to the necessary documentation. Thanks Naitik
2007 Oct 22
3
[Bug 1379] New: memory leak in process_cmdline()
https://bugzilla.mindrot.org/show_bug.cgi?id=1379 Summary: memory leak in process_cmdline() Classification: Unclassified Product: Portable OpenSSH Version: 4.7p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P3 Component: ssh AssignedTo: bitbucket at mindrot.org
2007 Oct 22
15
[Bug 1380] New: incorrect check for strlen(fwd->connect_host) in parse_forward()
https://bugzilla.mindrot.org/show_bug.cgi?id=1380 Summary: incorrect check for strlen(fwd->connect_host) in parse_forward() Classification: Unclassified Product: Portable OpenSSH Version: 4.7p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P3 Component: ssh