Displaying 20 results from an estimated 5000 matches similar to: "double length prefix in ssh-keygen certificates (values of critical options)"
2015 Apr 24
2
[Bug 2389] New: update the PROTOCOL.certkeys spec to avoid confusion regarding encoding of critical options fields
https://bugzilla.mindrot.org/show_bug.cgi?id=2389
Bug ID: 2389
Summary: update the PROTOCOL.certkeys spec to avoid confusion
regarding encoding of critical options fields
Product: Portable OpenSSH
Version: 6.8p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
2017 Oct 26
3
[RFC 0/2] add engine based keys
Engine keys are private key files which are only understood by openssl
external engines. ?The problem is they can't be loaded with the usual
openssl methods, they have to be loaded via ENGINE_load_private_key().
?Because they're files, they fit well into openssh pub/private file
structure, so they're not very appropriately handled by the pkcs11
interface because it assumes the private
2020 Jun 09
3
[PATCH v2 0/2] Add openssl engine keys with provider upgrade path
I've architected this in a way that looks future proof at least to the
openssl provider transition. What will happen in openssl 3.0.0 is
that providers become active and will accept keys via URI. The
current file mechanisms will still be available but internally it will
become a file URI. To support the provider interface, openssl will
have to accept keys by URI instead of file and may
2019 May 21
2
OpenSSH Certificate Extensions
Hello:
I am working to implement certificate-based authentication for some
internal applications. It would be very helpful to be able to pass
information server-side by specifying some custom options via the
Extensions of the signed certificate, allowing the authenticity of the
options to be verified readily. However, I have not been able to find too
much for specifying behaviors, etc.
2018 Dec 10
2
[PATCH] cleanup of global variables server/client_version_string in sshconnect.c
In sshconnect.c there are two global variables for server_version_string
client_version_string.
These are used just in a few functions and can easily be passed as
parameters.
Also, there is a strange construct, where their memory is allocated to
the global pointers, then copies of these pointers are assigned to the
kex structure. The kex_free finally frees them via cleanup of the kex
2024 Oct 21
1
Security of ssh across a LAN, public key versus password
Hi David,
> hmm, what I'm finding doesn't seem to use the FIDO challenge/response to the
> server, instead it looks like a public/private key that's unlocked with a touch,
> possibly storing the private key on the hardware dongle (but it seems like
> there's still a key you need to put on the client system)
>
> Quoting from the yubikey website:
> OpenSSH
2018 Jan 12
2
SSH cert extensions and authz key options
HI!
I'm looking at sshd(8), section AUTHORIZED_KEYS FILE FORMAT and
description for CLI arg -O in ssh-keygen(1).
It seems to me that there could be a 1:1 mapping between SSH cert
extensions and authz key options by just adding prefix "permit-" to the
key option.
But the man pages differ regarding case of "permit-x11-forwarding" and
"X11-forwarding". [1] also
2024 Oct 21
2
Security of ssh across a LAN, public key versus password
Stuart Henderson wrote:
>> This is why I push for challenge/response tokens, not simply
>> cert authentication, and really wish that FIDO (such as yubikey)
>> was an option, but the discussions I've seen about suporting
>> that have not been encouraging.
>
> hmm? That works pretty well in OpenSSH.
hmm, what I'm finding doesn't seem to use the FIDO
2016 Jun 02
2
[PATCH] Link count attribute extension
Hello,
This patch adds client and server support for transmitting the st_nlink field
across SSH2_FXP_NAME and SSH2_FXP_ATTRS responses.
Please let me know if there anything I can do to improve this patch. I am
not subscribed to list so please CC me.
Index: sftp-common.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/sftp-common.c,v
retrieving
2020 Jul 27
7
[Bug 3198] New: Custom critical options are not lexically ordered
https://bugzilla.mindrot.org/show_bug.cgi?id=3198
Bug ID: 3198
Summary: Custom critical options are not lexically ordered
Product: Portable OpenSSH
Version: -current
Hardware: amd64
OS: Mac OS X
Status: NEW
Severity: normal
Priority: P5
Component: ssh-keygen
Assignee:
2006 Feb 14
24
[Bug 1157] ssh-keygen doesn't handle DOS line breaks
http://bugzilla.mindrot.org/show_bug.cgi?id=1157
Summary: ssh-keygen doesn't handle DOS line breaks
Product: Portable OpenSSH
Version: 3.8.1p1
Platform: All
URL: http://openssh.org/txt/draft-ietf-secsh-publickeyfile-
02.txt
OS/Version: All
Status: NEW
Severity: normal
2020 Sep 04
3
Incomplete attestation data for FIDO2 SKs?
I was recently looking at verifying the attestation data
(ssh-sk-attest-v00) for a SK key, but I believe the data saved in this
structure is insufficient for completing verification of the attestation.
While the structure has enough information for U2F devices, FIDO2 devices
sign their attestation over a richer "authData" blob [1] (concatenated with
the challenge hash). The authData blob
2015 Sep 28
33
[Bug 2474] New: Enabling ECDSA in PKCS#11 support for ssh-agent
https://bugzilla.mindrot.org/show_bug.cgi?id=2474
Bug ID: 2474
Summary: Enabling ECDSA in PKCS#11 support for ssh-agent
Product: Portable OpenSSH
Version: 7.1p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh-agent
Assignee: unassigned-bugs
2010 Jun 19
3
[Bug 1784] New: ssh-keygen fails when filename of key file contains multiple slashes
https://bugzilla.mindrot.org/show_bug.cgi?id=1784
Summary: ssh-keygen fails when filename of key file contains
multiple slashes
Product: Portable OpenSSH
Version: 5.2p1
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: ssh-keygen
AssignedTo:
2015 Apr 23
16
[Bug 2388] New: build fixups for --without-openssl
https://bugzilla.mindrot.org/show_bug.cgi?id=2388
Bug ID: 2388
Summary: build fixups for --without-openssl
Product: Portable OpenSSH
Version: 6.8p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: Build system
Assignee: unassigned-bugs at
2020 Sep 29
12
Human readable .ssh/known_hosts?
Hi list members,
just tried to get some old records out of my known_hosts, which is 'HashKnownHosts yes'. Is there a way to unhash host names and/or IPs?
Google tells about, how to add hosts, but not the opposite, may be I miss some thing.
Is this does not work at all, is there a best practice for cleaning old hosts and keys out?
Thanks, Martin!
--
Martin
GnuPG Key Fingerprint, KeyID
2020 Jun 28
2
get contents of a storage volume in bytes
Hi, i have two machines with libvirt installed. I want to move a storage
volume from the 1st machine to 2nd machine with code.
I'm thinking of reading a storage volume into a byte array/stream then
uploading through my own/custom handler (written in go) to the 2nd
machine's custom handler which will then be writing the byte stream to
libvirt storage volume.
Is there a libvirt function to
2004 Feb 24
2
Updated moduli file in OpenSSH 3.8
Hi,
Can anybody briefly explain the significance of the updated moduli file?
Is this a critical update? Should all existing installations update
their moduli file?
Thanks in advance,
-- Dan
2012 Apr 19
2
OpenSSL ASN.1 vulnerability: sshd not affected
Hi,
Tavis Ormandy found some bugs in OpenSSL's ASN.1 and buffer code that
can be exploited to cause a heap overflow:
http://lists.grok.org.uk/pipermail/full-disclosure/2012-April/086585.html
Fortunately OpenSSH's sshd is not vulnerable - it has avoided the use
of ASN.1 parsing since 2002 when Markus wrote a custom RSA verification
function (openssh_RSA_verify):
2010 Feb 27
24
Call for testing: OpenSSH-5.4
Hi,
OpenSSH 5.4 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This is a big release,
with a number of major new features and many bug fixes.
Snapshot releases for portable OpenSSH are available from
http://www.mindrot.org/openssh_snap/
The OpenBSD version is available in CVS HEAD:
http://www.openbsd.org/anoncvs.html
Portable OpenSSH