similar to: [SUSPECTED SPAM] default change in 6.2 breaks sslh

Hello Guus. I've reading mailing list archives threads about it at http://www.tinc-vpn.org/pipermail/tinc/2011-July/thread.html#2757 and http://rutschle.net/pipermail/sslh/2011-July/thread.html and now trying to hide tinc server behind sslh multiplexer but without luck. First of all directly it works fine. Initiator (instance of tincd with ConnectTo statement) successfully establishes

Hi all, few days ago I have installed sslh on my server and I discover that recently OpenVPN support was added. Reading the code I found that sslh use the first few bytes of the new connection to decide what kind of connection it is, than it muxes the connection on the appropriate deamon. There is a "sign" for the tinc connection?

I know that this has been discussed before and I know that you should avoid it, and use a real VPN solution. I would like to move from port-forwarding via ssh to VPN and I have only the ssh port open. What is the current state of the art if you want to create VPN over ssh? Regards, Thomas -- Thomas Guettler http://www.thomas-guettler.de/ I am looking for feedback:

Hi. Looks like every ~2 Years raises someone the question about SNI support in the openssh client. 2015: https://marc.info/?l=openssh-unix-dev&m=143248436518985&w=2 2017: https://marc.info/?l=openssh-unix-dev&m=150204655205911&w=2 I have read the docs and haven't seen anything about that this feature is already available in SSH. https://man.openbsd.org/ssh.1

With pleasure we announce the release of tinc version 1.0.23. Here is a summary of the changes: * Start authentication immediately on outgoing connections (useful for sslh). * Fixed segfault when Name = $HOST but $HOST is not set. * Updated the build system and the documentation. * Clean up child processes left over from Proxy = exec. This version of tinc is compatible with 1.0pre8, 1.0

With pleasure we announce the release of tinc version 1.0.23. Here is a summary of the changes: * Start authentication immediately on outgoing connections (useful for sslh). * Fixed segfault when Name = $HOST but $HOST is not set. * Updated the build system and the documentation. * Clean up child processes left over from Proxy = exec. This version of tinc is compatible with 1.0pre8, 1.0

Why are legacy MACs (like md5-96), and legacy Ciphers (anything in cbc-mode, arcfour*(?)) enabled by default? My proposal would be to change the defaults for ssh_config and sshd_config to contain: MACs hmac-sha2-256,hmac-sha2-512,hmac-sha1 Ciphers aes128-ctr,aes192-ctr,aes256-ctr ...removing md5, truncated versions of sha1, umac64 (for which I can find barely any review), any cipher in cbc

Any tips or guidance on improving the probability of being able to connect to a Tinc daemon. I am currently on a guest wifi at a hospital for my in-laws family. Wanting to pass time and be semi productive, I tried to VPN back to my private networks but it appears the default port Tinc users is blocked. Here is what I know about their firewall:

https://bugzilla.mindrot.org/show_bug.cgi?id=2568 Bug ID: 2568 Summary: ssh fails to authenticate using RSA keys when agent does not support sha256/512 signatures Product: Portable OpenSSH Version: -current Hardware: Other URL: https://github.com/connectbot/connectbot/issues/397 OS: Linux

Jochen Bern wrote: >[scratches head] If JuiceSSH's forwarded agent reliably refuses to >serve, why not simply tell it to stop doing such a forward ... ? Well, JuiceSSH is an Android app. I don't have the source and there are almost no configuration options. >On another note, the fact that you apparently do not need an agent to >authenticate the SSH connections from the

Hi all, I am behind a firewall which only let UDP 80 go through. In order to connect to an outside public node by UDP, I can set ... Port = 80 ... However, an httpd is running on the public node, occupying TCP 80. How can I configure tinc to bind on TCP 8080 but listen to UDP 80? Redirecting UDP 80 to UDP 8080 on the public node is one method. Is there a more elegant way to

I'm up for a cell phone contract renewal and am considering upgrading my handset. I looked at some devices at my local AT&T store but nothing really jumped out at me. I'm particularly interested in a cell phone that has a reliable ssh client, with ssh-agent and public key authentication abilities. Those of you who administer systems remotely, what mobile ssh client do you recommend?

I need a new pda/smart phone that allows me to do some remote admin. Anyone know of anything that I can run a vpn and cli/ssh with? Thanks! jlc

Hi all, sorry if the subject is a bit confusing, but I just couldn?t think of a good way of better describing the situation? Basically, I travel a lot and have several SIM cards for my phone from local carriers. What I?d like to do now is to setup Asterisk, so that people who want to reach me just have to dial one number which forwards the call to all my cellphone numbers in turn. I?m still

Hi guys, the SUPER codec by Erightsoft http://www.erightsoft.net/SUPER.html contains lots of GPL and LGPL code: mplayer, ffmpeg, x264, musepack, theora, which they admit and give credit for. Still, their product is proprietary, and they insist on it. I tried to get the source through their forum, but they of course won't give it: http://www.erightsoft.net/Supforum.html I'll forward

What is the canonical link to Reference of "ServerAliveInterval"? Background: I want to write an answer at serverfault (Q-A Site). I want to avoid copy+pasting. I would like to lead the new comer to the canonical reference. Regards, Thomas G?ttler -- Thomas Guettler http://www.thomas-guettler.de/

On (05/17/19 15:13), Sergey Senozhatsky wrote: > 5.1.0-next-20190517 > > I'm looking at quite a lot of kmemleak reports coming from > drm/nouveau/core/memory, all of which are: > > unreferenced object 0xffff8deec27c4ac0 (size 16): > comm "Web Content", pid 5309, jiffies 4309675011 (age 68.076s) > hex dump (first 16 bytes): > 00 00

On (05/17/19 15:13), Sergey Senozhatsky wrote: > ... but most likely it's utterly wrong. > JFI, I removed kmemleak annotation and added the following thing: @@ -360,6 +360,7 @@ gp100_vmm_valid(struct nvkm_vmm *vmm, void *argv, u32 argc, return -EINVAL; } + kfree(map->tags); ret = nvkm_memory_tags_get(memory,

JohnG <mcsjgs@cox.net> wrote: > I run OS X 10.3.7 on a PowerMac MDD G4 on a cable broadband connection. > I have reason to think my system has been tampered with. Security > features in Mac OS X have been left unlocked (Preference Pane - Users) OSX is substantially different from FreeBSD (even without netinfo) despite having some of the same source code. I doubt you'll find

On Wed, 9 May 2001 andreas.krause@pharma.novartis.com wrote: > Is the following a known issue, in particular in terms of message clarity of the latter two? Yes, bug PR#929. It's a bug in asInteger, an internal C routine which using (int) on a double. coerce.c has better routines used to corce vectors, and the comment /* This section of code handles type conversion for elements */ /* of