similar to: Legacy option for key length?

On Fri, 29 Dec 2017, Daniel Kahn Gillmor wrote: > On Thu 2017-12-28 21:31:28 -0800, Dan Mahoney (Gushi) wrote: > > Why not make minimum key length a tunable, just as the other options are? > > Because the goal of building secure software is to make it easy to > answer the question "are you using it securely?" This is a nice summation of our approach. It's the

Hello, On Sat, Dec 30, 2017 at 12:16 AM, Daniel Kahn Gillmor <dkg at fifthhorseman.net > wrote: > On Thu 2017-12-28 21:31:28 -0800, Dan Mahoney (Gushi) wrote: > > > > Perhaps if you're dead-set on this being so dangerous, > > It's not the developers who are dead-set on weak-keyed RSA being > insecure, it's the cryptanalysts who have shown that to be the

One of our users recently had a powerfail while connected to our meetme gateway. (Asterisk 1.4.17 on debian 4.0) Through the course of it, asterisk never hung up. His system came back up, and started sending ICMP port unreachables, but the stream went on, flooding him with "silence" media stream packets (there was nobody else in the conference). Is asterisk aware of ICMP

On Thu, Oct 15, 2015 at 04:15:03PM -0400, Daniel Kahn Gillmor wrote: > if the intermediary machine (the "jumphost") is jumphost.example, and > you are trying to reach bar.example.com (which is behind the firewall), > you would do: > ssh -oProxyCommand='ssh jumphost.example -W %h:%p' bar.example.com We use jump host, but there are literally hundreds of hosts behind

On 30/12/17 09:46, Daniel Kahn Gillmor wrote > On Thu 2017-12-28 21:31:28 -0800, Dan Mahoney (Gushi) wrote: >> Why not make minimum key length a tunable, just as the other options >> are? > Because the goal of building secure software is to make it easy to > answer the question "are you using it securely?" > That answer is wrong.? The suggestion, which allowed

Hey all, Let's make an assumption: 1) I am a root user on a system. 2) I don't want said system being used as a jumping-off point if either a user account or the root account is compromised. Given an unencrypted private key, plus a known_hosts file, plus bash_history, it's a pretty easy avenue of attack once you're in the front door. And it's happened before*. Thus,

On Tue, Oct 20, 2015 at 01:31:46AM +0200, ?ngel Gonz?lez wrote: > On 16/10/15 12:46, hubert depesz lubaczewski wrote: > >On Thu, Oct 15, 2015 at 04:15:03PM -0400, Daniel Kahn Gillmor wrote: > >>> if the intermediary machine (the "jumphost") is jumphost.example, and > >>> you are trying to reach bar.example.com (which is behind the firewall), >

Hello All, Dovecot 1.0.3 I am coming from UW IMAP, and I'm finding for some reason that mail is getting stored in a variety of places (which I believe, is because by default UW imap allowed access to the entire home directory). All files are mbox. My default delivery location is ~/.mail Thus: * At least a couple of my users have mail in ~/INBOX, as well as ~/INBOX.drafts (not many

When using a PRI, after the remote party hangs up, asterisk tries to spawn a call to the "h" extension. Is this normal behavior for a pri to try to call the "h" extension to try to clean things up? Call Comes In: -- Executing Dial("Zap/1-1", "SIP/16464436000@AST-237.65") in new stack -- Called 16464436000@AST-237.65 -- Accepting call from

Guys, For what it's worth, after months of trying to troubleshoot issues with them, and after paying them around $2500 for setup and a down payment (it's unclear what of that will be refunded, if any) BroadVox -- http://www.broadvox.net/ -- decided to terminate our contract without any valid reason, and the only explanation they could cite was "it's because of the software

Hi I'm looking for a tool that records and plots graphs of UPS load over time? Any suggestions? JonB

https://bugzilla.mindrot.org/show_bug.cgi?id=1506 Summary: rationalize agent behavior on smartcard removal/reattachment Product: Portable OpenSSH Version: 5.1p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Smartcard AssignedTo:

Hey there all, I'm mentioning this as a "dev" issue because it's "Docs and Website", not as a general "usage" question. A few years back, I started a thread about RSA768 not being available in SSH client any more, because I had lost access to my APC power strips (which are on a NAT'd network, inside a data center, as a result). I argued that

? -- ==== Stewart Dean, Unix System Admin, Henderson Computer Resources Center of Bard College, Annandale-on-Hudson, New York 12504 sdean at bard.edu voice: 845-758-7475, fax: 845-758-7035

On Tue 2016-03-29 18:10:00 -0400, Damien Miller wrote: > On Tue, 29 Mar 2016, IMAP List Administration wrote: >> If you haven't already, an you please add the IP address to this message, and >> any similar messages? I'm using version 6.7p1. > > I actually added that recently. It will be in openssh-7.3, due in a > couple of months. Will it be configurable? There

https://bugzilla.mindrot.org/show_bug.cgi?id=1984 Bug #: 1984 Summary: Add Unix Domain Socket Forwarding Classification: Unclassified Product: Portable OpenSSH Version: 5.9p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: ssh AssignedTo:

Hey all, I found a pinout of powercom's Kingpro UPSes in their manual. http://www.powercom-ups.com/manuals/kingpro.pdf Page 11. Unfortunately, this doesn't give PROTOCOL details. Does anyone have a "first step" at how to decode that? (for example, how to gauge line speed, how to "snoop" the serial port under windows? (for which the only software exists right

Hi. I have a box (a net5501 with a Perle serial octal RS-232 card in it) that I want to use as a console server for a bunch of headless computers. I was wondering if there's a trivial app that I can run as the shell that ssh (or telnet) would run, example: #!/bin/bash port=$(echo "$SSH_CONNECT" | cut -d' ' -f4) let -i tty=$port-2000 ttyname=$(printf

On Tue 2015-05-26 14:02:07 -0400, Hubert Kario wrote: > On Tuesday 26 May 2015 13:43:13 Daniel Kahn Gillmor wrote: >> On Tue 2015-05-26 12:57:05 -0400, Hubert Kario wrote: >> > creating composites that will pass even 100000 rounds of Miller-Rabin is >> > relatively simple.... >> > (assuming the values for M-R tests are picked randomly) >> >> Can you

I regularly use ssh-agent with a subcommand; my X11 session is spawned through ssh-agent, and sometimes i'll run a special agent for a certain subset of commands, like this: ssh-agent bash ... and then do work within that shell. From the man page: > If a commandline is given, this is executed as a subprocess of the agent. > When the command dies, so does the agent. But