similar to: double length prefix in ssh-keygen certificates (values of critical options)

Displaying 20 results from an estimated 5000 matches similar to: "double length prefix in ssh-keygen certificates (values of critical options)"

2015 Apr 24
2
[Bug 2389] New: update the PROTOCOL.certkeys spec to avoid confusion regarding encoding of critical options fields
https://bugzilla.mindrot.org/show_bug.cgi?id=2389 Bug ID: 2389 Summary: update the PROTOCOL.certkeys spec to avoid confusion regarding encoding of critical options fields Product: Portable OpenSSH Version: 6.8p1 Hardware: All OS: All Status: NEW Severity: enhancement
2017 Oct 26
3
[RFC 0/2] add engine based keys
Engine keys are private key files which are only understood by openssl external engines. ?The problem is they can't be loaded with the usual openssl methods, they have to be loaded via ENGINE_load_private_key(). ?Because they're files, they fit well into openssh pub/private file structure, so they're not very appropriately handled by the pkcs11 interface because it assumes the private
2020 Jun 09
3
[PATCH v2 0/2] Add openssl engine keys with provider upgrade path
I've architected this in a way that looks future proof at least to the openssl provider transition. What will happen in openssl 3.0.0 is that providers become active and will accept keys via URI. The current file mechanisms will still be available but internally it will become a file URI. To support the provider interface, openssl will have to accept keys by URI instead of file and may
2019 May 21
2
OpenSSH Certificate Extensions
Hello: I am working to implement certificate-based authentication for some internal applications. It would be very helpful to be able to pass information server-side by specifying some custom options via the Extensions of the signed certificate, allowing the authenticity of the options to be verified readily. However, I have not been able to find too much for specifying behaviors, etc.
2018 Dec 10
2
[PATCH] cleanup of global variables server/client_version_string in sshconnect.c
In sshconnect.c there are two global variables for server_version_string client_version_string. These are used just in a few functions and can easily be passed as parameters. Also, there is a strange construct, where their memory is allocated to the global pointers, then copies of these pointers are assigned to the kex structure. The kex_free finally frees them via cleanup of the kex
2024 Oct 21
1
Security of ssh across a LAN, public key versus password
Hi David, > hmm, what I'm finding doesn't seem to use the FIDO challenge/response to the > server, instead it looks like a public/private key that's unlocked with a touch, > possibly storing the private key on the hardware dongle (but it seems like > there's still a key you need to put on the client system) > > Quoting from the yubikey website: > OpenSSH
2018 Jan 12
2
SSH cert extensions and authz key options
HI! I'm looking at sshd(8), section AUTHORIZED_KEYS FILE FORMAT and description for CLI arg -O in ssh-keygen(1). It seems to me that there could be a 1:1 mapping between SSH cert extensions and authz key options by just adding prefix "permit-" to the key option. But the man pages differ regarding case of "permit-x11-forwarding" and "X11-forwarding". [1] also
2024 Oct 21
2
Security of ssh across a LAN, public key versus password
Stuart Henderson wrote: >> This is why I push for challenge/response tokens, not simply >> cert authentication, and really wish that FIDO (such as yubikey) >> was an option, but the discussions I've seen about suporting >> that have not been encouraging. > > hmm? That works pretty well in OpenSSH. hmm, what I'm finding doesn't seem to use the FIDO
2016 Jun 02
2
[PATCH] Link count attribute extension
Hello, This patch adds client and server support for transmitting the st_nlink field across SSH2_FXP_NAME and SSH2_FXP_ATTRS responses. Please let me know if there anything I can do to improve this patch. I am not subscribed to list so please CC me. Index: sftp-common.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/sftp-common.c,v retrieving
2020 Jul 27
7
[Bug 3198] New: Custom critical options are not lexically ordered
https://bugzilla.mindrot.org/show_bug.cgi?id=3198 Bug ID: 3198 Summary: Custom critical options are not lexically ordered Product: Portable OpenSSH Version: -current Hardware: amd64 OS: Mac OS X Status: NEW Severity: normal Priority: P5 Component: ssh-keygen Assignee:
2006 Feb 14
24
[Bug 1157] ssh-keygen doesn't handle DOS line breaks
http://bugzilla.mindrot.org/show_bug.cgi?id=1157 Summary: ssh-keygen doesn't handle DOS line breaks Product: Portable OpenSSH Version: 3.8.1p1 Platform: All URL: http://openssh.org/txt/draft-ietf-secsh-publickeyfile- 02.txt OS/Version: All Status: NEW Severity: normal
2020 Sep 04
3
Incomplete attestation data for FIDO2 SKs?
I was recently looking at verifying the attestation data (ssh-sk-attest-v00) for a SK key, but I believe the data saved in this structure is insufficient for completing verification of the attestation. While the structure has enough information for U2F devices, FIDO2 devices sign their attestation over a richer "authData" blob [1] (concatenated with the challenge hash). The authData blob
2015 Sep 28
33
[Bug 2474] New: Enabling ECDSA in PKCS#11 support for ssh-agent
https://bugzilla.mindrot.org/show_bug.cgi?id=2474 Bug ID: 2474 Summary: Enabling ECDSA in PKCS#11 support for ssh-agent Product: Portable OpenSSH Version: 7.1p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: ssh-agent Assignee: unassigned-bugs
2010 Jun 19
3
[Bug 1784] New: ssh-keygen fails when filename of key file contains multiple slashes
https://bugzilla.mindrot.org/show_bug.cgi?id=1784 Summary: ssh-keygen fails when filename of key file contains multiple slashes Product: Portable OpenSSH Version: 5.2p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: ssh-keygen AssignedTo:
2015 Apr 23
16
[Bug 2388] New: build fixups for --without-openssl
https://bugzilla.mindrot.org/show_bug.cgi?id=2388 Bug ID: 2388 Summary: build fixups for --without-openssl Product: Portable OpenSSH Version: 6.8p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: Build system Assignee: unassigned-bugs at
2020 Sep 29
12
Human readable .ssh/known_hosts?
Hi list members, just tried to get some old records out of my known_hosts, which is 'HashKnownHosts yes'. Is there a way to unhash host names and/or IPs? Google tells about, how to add hosts, but not the opposite, may be I miss some thing. Is this does not work at all, is there a best practice for cleaning old hosts and keys out? Thanks, Martin! -- Martin GnuPG Key Fingerprint, KeyID
2020 Jun 28
2
get contents of a storage volume in bytes
Hi, i have two machines with libvirt installed. I want to move a storage volume from the 1st machine to 2nd machine with code. I'm thinking of reading a storage volume into a byte array/stream then uploading through my own/custom handler (written in go) to the 2nd machine's custom handler which will then be writing the byte stream to libvirt storage volume. Is there a libvirt function to
2004 Feb 24
2
Updated moduli file in OpenSSH 3.8
Hi, Can anybody briefly explain the significance of the updated moduli file? Is this a critical update? Should all existing installations update their moduli file? Thanks in advance, -- Dan
2012 Apr 19
2
OpenSSL ASN.1 vulnerability: sshd not affected
Hi, Tavis Ormandy found some bugs in OpenSSL's ASN.1 and buffer code that can be exploited to cause a heap overflow: http://lists.grok.org.uk/pipermail/full-disclosure/2012-April/086585.html Fortunately OpenSSH's sshd is not vulnerable - it has avoided the use of ASN.1 parsing since 2002 when Markus wrote a custom RSA verification function (openssh_RSA_verify):
2010 Feb 27
24
Call for testing: OpenSSH-5.4
Hi, OpenSSH 5.4 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a big release, with a number of major new features and many bug fixes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH