Displaying 20 results from an estimated 5000 matches similar to: "X.509 certificates and OpenSSH"
2018 May 25
4
Suggestion: Deprecate SSH certificates and move to X.509 certificates
I suggest deprecating proprietary SSH certificates and move to X.509
certificates. The reasons why I suggest this change are: X.509
certificates are the standard on the web, SSH certificates provide no
way to revoke compromised certificates, and SSH certificates haven't
seen significant adoption, It's also a bad idea to roll your own
crypto, and own certificate format seems like an example
2011 Sep 08
2
Announce: X.509 certificates support v7.0 for OpenSSH version 5.9p1
Hi All,
Version 7.0 of "X.509 certificates support in OpenSSH" is ready for
immediate download.
This version allow client to use certificates and keys stored into
external devices. The implementation is based on openssl dynamic engines.
For instance E_NSS engine ( http://developer.berlios.de/projects/enss )
will allow you to
use certificates and keys from Firefox, SeaMonkey,
2010 Jan 11
2
/etc/nologin must be world-readable which is not totally clear
hi, the man page for sshd(1) says about /etc/nologin: "The file
should be world-readable". However, nologin has no effect if it's not
readable by the connecting user:
if (pw->pw_uid)
f = fopen(_PATH_NOLOGIN, "r");
if (f) {
/* /etc/nologin exists. Print its contents and exit. */
...
...
return(254)
if root has a
2006 Sep 30
1
Announce: X.509 certificates support version 5.5.1 in OpenSSH 4.4p1
Hi All,
The version 5.5.1 of "X.509 certificates support in OpenSSH" is ready for download.
On download page http://roumenpetrov.info.localhost/openssh/download.html#get_-5.5.1
you can found diff for OpenSSH versions 4.4p1.
What's new:
* specific diff of 5.5 for OpenSSH 4.4p1
Because of OpenSSH source code changes, like include statements and new server
option
2008 Jan 26
8
[Bug 1432] New: MaxAuthTries is not used correctly
https://bugzilla.mindrot.org/show_bug.cgi?id=1432
Summary: MaxAuthTries is not used correctly
Classification: Unclassified
Product: Portable OpenSSH
Version: 4.7p1
Platform: All
OS/Version: Solaris
Status: NEW
Severity: normal
Priority: P3
Component: sshd
AssignedTo: bitbucket at mindrot.org
2012 May 25
2
Announce: X.509 certificates support v7.2 for OpenSSH version 6.0p1
Dear All,
X.509 certificates support for OpenSSH version 6.0p1 was published.
I brief new version include :
- support for Android platform;
- engine implementation is now considered stable;
- various regression test improvements including fixes for OpenSSL FIPS
enabled 1.0.1 stable release and korn shell
Yours sincerely,
Roumen Petrov
--
Get X.509 certificates support in OpenSSH:
2008 Feb 20
4
OpenSSH and X.509 Certificate Support
Hi,
I need to add X.509 Certificate support to OpenSSH.
I came across the following post on the openssh-unix-dev mailing list
that is very useful:
http://marc.info/?l=openssh-unix-dev&m=120298135706959&w=2
<http://marc.info/?l=openssh-unix-dev&m=120298135706959&w=2>
And also, http://marc.info/?l=openssh-unix-dev&m=104395024824680&w=2
2009 Mar 23
4
OpenSSH GSoC Project
Hello,
I apologize if this isn't the right place to post about the Google
Summer of Code; if so, I would appreciate guidance toward the correct
list.
If this is the correct list, I would appreciate answers to the message
below.
Thanks.
-----Original Message-----
From: Jawaad Ahmad <jawaadahmad32 at webster.edu>
To: djm at openssh.com
Subject: OpenSSH GSoC Project
Date: Thu, 19 Mar
2008 Dec 16
3
Patch for OpenSSH for Windows to allow authentication through certificates
Hi all,
Does anyone know if it exists a patch for OpenSSH for Windows to allow
authentication through certificates?
Is it possible to make one if it doesn't exists?
Using OpenSSH for Windows 3.8p1-1 20040709 Build.
I know there is Roumen Petrov patch, but is for unix machines if i'm
not mistaken.
I need a similar one for Windows that work with the Roumen Petrov
patch so i can have
2007 Oct 05
3
[Bug 1373] New: native support for X.509 v3 certificates
http://bugzilla.mindrot.org/show_bug.cgi?id=1373
Summary: native support for X.509 v3 certificates
Product: Portable OpenSSH
Version: 4.7p1
Platform: Other
OS/Version: Other
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: bitbucket at mindrot.org
ReportedBy: mindrot at
2018 May 25
2
Suggestion: Deprecate SSH certificates and move to X.509 certificates
Can you implement revocation support?
On Fri, May 25, 2018 at 6:55 AM, Damien Miller <djm at mindrot.org> wrote:
> No way, sorry.
>
> The OpenSSH certificate format was significantly motivated by X.509's
> syntactic and semantic complexity, and the consequent attack surface in
> the sensitive pre-authentication paths of our code. We're very happy to
> be able to
2008 Mar 10
1
Benefits of OpenSSH X.509 over key based authentication?
Hi,
I have some observations regarding the X.509 patch developed by Roumen
Petrov for OpenSSH available at http://roumenpetrov.info/openssh/ , I don't
understand some things here like
1. When certificate based authentication of the client is desired,
shouldn't it be something like what mod_ssl does in Apache where u have a CA
certificate at the server, and then the client
2019 Jun 25
5
About rsync over SSH and compression
Rsync supports the capability of compressing data before sending. So does
OpenSSH. It would be probably be a waste of resources and time to enable
both compression capabilities at the same time, but it is not clear to me
whether, in general, it makes better sense to enable rsync compression or
SSH compression.
My first thought would be that SSH compression might yield better results,
on the
2009 Apr 20
3
support of openSSH + Certificates
Hi,
We want to use openSSH for one of our project. But we need certificate exchange support. I have gone through the documentation. It says openSSH support key management but no mention of certificates. I have seen some people outside openSSH giving patches for supporting X.509 but not sure how stable are those patches.
Is there a way that openSSH support certificates? Your guidance will help a
2018 Nov 28
3
Dovecot crash
Thanks. Assuming that the IMAP mail directory for the account affected is
under /home/xyz/mail, are you talking about the contents of the index
directory, excluding the log file therein?
On Wed, Nov 28, 2018 at 2:29 PM Thomas Durand <tom at rezoo.org> wrote:
> Hi,
>
> I had the similar messages after an upgrade then downgrade. I was able to
> fix by removing all indexes files.
2019 Jun 25
2
About rsync over SSH and compression
Thanks; I did not think of that. I have just run a few basic tests with
both rsync and OpenSSH in their default settings, when it comes to
compression. SSH compression seems to have a very slight edge. However, I
surmise that, given the number of knobs available on both sides (OpenSSH,
in particular) one can tinker with settings almost endlessly in either
side, probably being able to end up with
2018 Nov 30
1
Dovecot crash
Thanks. Unfortunately, that made no difference.
On Fri, Nov 30, 2018 at 1:20 PM Thomas Durand <tom at rezoo.org> wrote:
> Exactly - I removed then with
> *find* . -name "dovecot.index*" -type f -delete
>
> There is no need to restart dovecot. IMAP client will be forced to resync
> all the emails from the server.
>
>
> Le 28 nov. 2018 ? 23:20, JCA
2010 Jun 07
3
X509 based certificate authentication in OpenSSH
Hello,
I would like to know whether OpenSSH supports x509 certificate based
authentication.
It looks like OpenSSH has dependency on OpenSSL so does this mean that
OpeSSH also supports x509 certificate based authentication.
If it does support, can you please point me to the necessary
documentation.
Thanks
Naitik
2007 Oct 22
3
[Bug 1379] New: memory leak in process_cmdline()
https://bugzilla.mindrot.org/show_bug.cgi?id=1379
Summary: memory leak in process_cmdline()
Classification: Unclassified
Product: Portable OpenSSH
Version: 4.7p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P3
Component: ssh
AssignedTo: bitbucket at mindrot.org
2007 Oct 22
15
[Bug 1380] New: incorrect check for strlen(fwd->connect_host) in parse_forward()
https://bugzilla.mindrot.org/show_bug.cgi?id=1380
Summary: incorrect check for strlen(fwd->connect_host) in
parse_forward()
Classification: Unclassified
Product: Portable OpenSSH
Version: 4.7p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P3
Component: ssh