similar to: tinc1.1pre10 for Windows

With pleasure we announce the release of tinc version 1.1pre10. Here is a summary of the changes: * Added a benchmark tool (sptps_speed) for the new protocol. * Fixed a crash when using Name = $HOST while $HOST is not set. * Use AES-256-GCM for the new protocol. * Updated support for Solaris. * Allow running tincd without a private ECDSA key present when ExperimentalProtocol is not

With pleasure we announce the release of tinc version 1.1pre10. Here is a summary of the changes: * Added a benchmark tool (sptps_speed) for the new protocol. * Fixed a crash when using Name = $HOST while $HOST is not set. * Use AES-256-GCM for the new protocol. * Updated support for Solaris. * Allow running tincd without a private ECDSA key present when ExperimentalProtocol is not

I use OpenSSH server on an embedded arm using GCC7 cross toolchain. I found that spamming connection attempts sometimes causes aborts in sshd. Upon getting this up in gdb I found that the pointer subtraction inside openbsd-compat/{strlcat.c,strlcpy.c} (and maybe elsewhere) causes the 32 bit pointer difference to wrap which triggers the abort because of the -ftrapv option. This example illustrates

https://bugzilla.mindrot.org/show_bug.cgi?id=3221 Bug ID: 3221 Summary: hostkey preference ordering is broken in some situations Product: Portable OpenSSH Version: 8.4p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh

Hi. I'm in desperate need of some good advice. I have a tinc network with 16 nodes. It's a star topology where all nodes are connecting to the one node (Node1) that have a static IP. Node 1 accepts incomming connections Node 2 through 16 connects to Node1 One of the nodes (Node5) stopped working a while ago (2 - 3 weeks or so), other than that everything was working fine. Today I

Thread split from my previous communication. Here is the integrity logs on the platform. I had to cut this should due to the length of the logs (5Mb). ***************** failed-regress.log ************ trace: test integrity: hmac-sha1 @2900 FAIL: unexpected error mac hmac-sha1 at 2900: Bytes per second: sent 65665.7, received 55994.0. trace: test integrity: hmac-sha1 @2901 FAIL:

PubkeyAcceptedKeyTypes=+ssh-dss You also need that ^^ in their client if they are running on el8 machine as well .. i needed to put it in my ~/.ssh/config when connecting FROM an el8 machine to somewhere else. On 10/17/19 9:27 AM, Gianluca Cecchi wrote: > Hello, > I have some users that connect to a server with their DSA key that is of > type ssh-dss. > I'm migrating (installing

Thread split from my previous communication. Here is the key-commands logs on the platform. ***************** failed-regress.log ************ trace: AuthorizedKeysCommand with arguments FAIL: connect failed trace: AuthorizedKeysCommand without arguments FAIL: connect failed ***************** failed-ssh.log ************ trace: AuthorizedKeysCommand with arguments

Here you go: OpenSSH_7.9p1, OpenSSL 1.1.1d 10 Sep 2019 debug1: Reading configuration data /home/ryantm/.ssh/config debug1: /home/ryantm/.ssh/config line 4: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 13: Applying options for * debug2: resolving "{REDACTED}" port 22 debug2: ssh_connect_direct debug1: Connecting to

Hello, I have some users that connect to a server with their DSA key that is of type ssh-dss. I'm migrating (installing as new) the server where they connect to CentOS 8 + updates. I was not able to connect with the keys to this new server even after having added, as found in several internet pages, this directive at the end of /etc/ssh/sshd_config of the CentOS 8 server: # Accept also DSA

This patch removes the various keys and support files created during make tests. It might not be as compact as it could be, and I'd be happy to get comments on that, but it does work. diff --git a/Makefile.in b/Makefile.in index 70287f51f..0f1ef844d 100644 --- a/Makefile.in +++ b/Makefile.in @@ -296,6 +296,45 @@ clean: regressclean rm -f regress/misc/sk-dummy/*.o rm -f

https://bugzilla.mindrot.org/show_bug.cgi?id=3253 Bug ID: 3253 Summary: ssh-keygen man page still lists deprecated key types for -t Product: Portable OpenSSH Version: 8.4p1 Hardware: Other OS: Linux Status: NEW Severity: minor Priority: P5 Component: ssh-keygen

Hi, dbus on centos 7 lxc won't work. So I'm unable to start or query status units with systemd, for example: systemctl status Failed to get D-Bus connection: No such file or directory I have no issues with centos 8 container (debian 10 ones work fine too) This is the output of ps aux on centos 7: USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root

Hello, Maybe I'm asking an already answered question, if yes I'm sorry to bother you. Why in default HostKeyAlgorithms settings is ecdsa-sha2-nistp256-cert-v01 at openssh.com preferred over ssh-ed25519-cert-v01 at openssh.com ? For example in default settings for KexAlgorithms the curve25519-sha256 at libssh.org is preferred over ecdh-sha2-nistp256. Fedor Defaults in openssh-6.6p1

On 23/04/2018 11:49, Michael Felt wrote: > On 21/04/2018 16:21, Michael Felt wrote: > > > Question: I have not dug into the tests yet. Will copy to a "local" > directory, and not build out of tree and see if that fixes it (as it > does for many other packages). However, just in case it does not - how > can I fast-forward the tests to the "agent" tests?

Hi, One of our users who is running an OS (I think it's the latest beta macOS 10.14.1) with ssh version "OpenSSH_7.8p1, LibreSSL 2.7.3" is unable to use our user SSH RSA certificates to authenticate to our servers (which are running "OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017"). We see this error on the client side: debug1: kex_input_ext_info:

Steps to reproduce: 1. Run a SSH server with default configuration and point a domain to it. 2. Add SSHFP record to the domain, but only for Ed25519 key. 3. Attempt to connect with VerifyHostKeyDNS set to yes, but the rest of settings set to defaults. 4. OpenSSH defaults to ECDSA instead of Ed25519 and refuses connection because there is no ECDSA fingerprint in SSHFP records. A stopgap solution

Hi OpenSSH, I'm working on updating Guix's openssh package definition to the latest release. So far, I have only changed the version (and checksum) and left the build/test/install recipe the same. However, the test suite now fails. I could use some pointers to find out what exactly is going wrong with the failing test or how to fix it. I'm happy to provide more information about

On Sun, 4 Oct 2020, Matthieu Herrb wrote: > Hi, > > on OpenBSD-current I now get this when connecting to an existing > machine for which I have both ecdsa an ed25519 keys in my existing > known_hosts (but apparently ed25519 keys where added only for the name > previsously by ssh): > > Warning: the ED25519 host key for 'freedom' differs from the key for > the

Il giorno gio 22 nov 2018 alle ore 21:24 Stuart Henderson <stu at spacehopper.org> ha scritto: > > On 2018/11/22 19:55, owl700 at gmail.com wrote: > > Hi, I have compatibility issues with the latest version of > > openssh-server and an old dropbear client, the dopbear client stops at > > preauth > > > > ov 22 14:34:03 myhostname sshd[3905]: debug1: Client