similar to: Legacy option for key length?

Displaying 20 results from an estimated 5000 matches similar to: "Legacy option for key length?"

2018 Jan 02
3
Legacy option for key length?
On Fri, 29 Dec 2017, Daniel Kahn Gillmor wrote: > On Thu 2017-12-28 21:31:28 -0800, Dan Mahoney (Gushi) wrote: > > Why not make minimum key length a tunable, just as the other options are? > > Because the goal of building secure software is to make it easy to > answer the question "are you using it securely?" This is a nice summation of our approach. It's the
2017 Dec 31
2
Legacy option for key length?
Hello, On Sat, Dec 30, 2017 at 12:16 AM, Daniel Kahn Gillmor <dkg at fifthhorseman.net > wrote: > On Thu 2017-12-28 21:31:28 -0800, Dan Mahoney (Gushi) wrote: > > > > Perhaps if you're dead-set on this being so dangerous, > > It's not the developers who are dead-set on weak-keyed RSA being > insecure, it's the cryptanalysts who have shown that to be the
2009 Oct 08
1
Drop Call on ICMP Port Unreachable?
One of our users recently had a powerfail while connected to our meetme gateway. (Asterisk 1.4.17 on debian 4.0) Through the course of it, asterisk never hung up. His system came back up, and started sending ICMP port unreachables, but the stream went on, flooding him with "silence" media stream packets (there was nobody else in the conference). Is asterisk aware of ICMP
2015 Oct 16
3
Is there any solution, or even work on, limiting which keys gets forwarded where?
On Thu, Oct 15, 2015 at 04:15:03PM -0400, Daniel Kahn Gillmor wrote: > if the intermediary machine (the "jumphost") is jumphost.example, and > you are trying to reach bar.example.com (which is behind the firewall), > you would do: > ssh -oProxyCommand='ssh jumphost.example -W %h:%p' bar.example.com We use jump host, but there are literally hundreds of hosts behind
2017 Dec 31
2
Legacy option for key length?
On 30/12/17 09:46, Daniel Kahn Gillmor wrote > On Thu 2017-12-28 21:31:28 -0800, Dan Mahoney (Gushi) wrote: >> Why not make minimum key length a tunable, just as the other options >> are? > Because the goal of building secure software is to make it easy to > answer the question "are you using it securely?" > That answer is wrong.? The suggestion, which allowed
2013 May 24
5
Utility to scan for unpassworded SSH privkeys?
Hey all, Let's make an assumption: 1) I am a root user on a system. 2) I don't want said system being used as a jumping-off point if either a user account or the root account is compromised. Given an unencrypted private key, plus a known_hosts file, plus bash_history, it's a pretty easy avenue of attack once you're in the front door. And it's happened before*. Thus,
2015 Oct 20
3
Is there any solution, or even work on, limiting which keys gets forwarded where?
On Tue, Oct 20, 2015 at 01:31:46AM +0200, ?ngel Gonz?lez wrote: > On 16/10/15 12:46, hubert depesz lubaczewski wrote: > >On Thu, Oct 15, 2015 at 04:15:03PM -0400, Daniel Kahn Gillmor wrote: > >>> if the intermediary machine (the "jumphost") is jumphost.example, and > >>> you are trying to reach bar.example.com (which is behind the firewall), >
2007 Oct 10
2
Homedir Access without exposing whole Homedir.
Hello All, Dovecot 1.0.3 I am coming from UW IMAP, and I'm finding for some reason that mail is getting stored in a variety of places (which I believe, is because by default UW imap allowed access to the entire home directory). All files are mbox. My default delivery location is ~/.mail Thus: * At least a couple of my users have mail in ~/INBOX, as well as ~/INBOX.drafts (not many
2004 Sep 01
1
Odd PRI Behavior
When using a PRI, after the remote party hangs up, asterisk tries to spawn a call to the "h" extension. Is this normal behavior for a pri to try to call the "h" extension to try to clean things up? Call Comes In: -- Executing Dial("Zap/1-1", "SIP/16464436000@AST-237.65") in new stack -- Called 16464436000@AST-237.65 -- Accepting call from
2004 Aug 17
1
BroadVOX
Guys, For what it's worth, after months of trying to troubleshoot issues with them, and after paying them around $2500 for setup and a down payment (it's unclear what of that will be refunded, if any) BroadVox -- http://www.broadvox.net/ -- decided to terminate our contract without any valid reason, and the only explanation they could cite was "it's because of the software
2008 Jan 17
3
tool that records and plots graphs of UPS load over time?
Hi I'm looking for a tool that records and plots graphs of UPS load over time? Any suggestions? JonB
2008 Aug 16
21
[Bug 1506] New: rationalize agent behavior on smartcard removal/reattachment
https://bugzilla.mindrot.org/show_bug.cgi?id=1506 Summary: rationalize agent behavior on smartcard removal/reattachment Product: Portable OpenSSH Version: 5.1p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Smartcard AssignedTo:
2023 Mar 30
0
Legacy Options
Hey there all, I'm mentioning this as a "dev" issue because it's "Docs and Website", not as a general "usage" question. A few years back, I started a thread about RSA768 not being available in SSH client any more, because I had lost access to my APC power strips (which are on a NAT'd network, inside a data center, as a result). I argued that
2007 Nov 15
2
Is there any way to query a secure imap server for certificate details
? -- ==== Stewart Dean, Unix System Admin, Henderson Computer Resources Center of Bard College, Annandale-on-Hudson, New York 12504 sdean at bard.edu voice: 845-758-7475, fax: 845-758-7035
2016 Mar 29
3
request: add IP address to a log message to allow blocking
On Tue 2016-03-29 18:10:00 -0400, Damien Miller wrote: > On Tue, 29 Mar 2016, IMAP List Administration wrote: >> If you haven't already, an you please add the IP address to this message, and >> any similar messages? I'm using version 6.7p1. > > I actually added that recently. It will be in openssh-7.3, due in a > couple of months. Will it be configurable? There
2012 Feb 22
1
[Bug 1984] New: Add Unix Domain Socket Forwarding
https://bugzilla.mindrot.org/show_bug.cgi?id=1984 Bug #: 1984 Summary: Add Unix Domain Socket Forwarding Classification: Unclassified Product: Portable OpenSSH Version: 5.9p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: ssh AssignedTo:
2006 Dec 21
2
Specs for Powercom Kingpro UPSes!
Hey all, I found a pinout of powercom's Kingpro UPSes in their manual. http://www.powercom-ups.com/manuals/kingpro.pdf Page 11. Unfortunately, this doesn't give PROTOCOL details. Does anyone have a "first step" at how to decode that? (for example, how to gauge line speed, how to "snoop" the serial port under windows? (for which the only software exists right
2010 Sep 26
1
Reversing milking machine (console server)
Hi. I have a box (a net5501 with a Perle serial octal RS-232 card in it) that I want to use as a console server for a bunch of headless computers. I was wondering if there's a trivial app that I can run as the shell that ssh (or telnet) would run, example: #!/bin/bash port=$(echo "$SSH_CONNECT" | cut -d' ' -f4) let -i tty=$port-2000 ttyname=$(printf
2015 May 26
8
Weak DH primes and openssh
On Tue 2015-05-26 14:02:07 -0400, Hubert Kario wrote: > On Tuesday 26 May 2015 13:43:13 Daniel Kahn Gillmor wrote: >> On Tue 2015-05-26 12:57:05 -0400, Hubert Kario wrote: >> > creating composites that will pass even 100000 rounds of Miller-Rabin is >> > relatively simple.... >> > (assuming the values for M-R tests are picked randomly) >> >> Can you
2011 May 09
3
ssh-agent subprocess parentage
I regularly use ssh-agent with a subcommand; my X11 session is spawned through ssh-agent, and sometimes i'll run a special agent for a certain subset of commands, like this: ssh-agent bash ... and then do work within that shell. From the man page: > If a commandline is given, this is executed as a subprocess of the agent. > When the command dies, so does the agent. But