Displaying 20 results from an estimated 3000 matches similar to: "using sshd in fips mode"
2004 Jun 04
2
Patch for FIPS 140 mode - take 3
Greetings.
(Third try at sending this, the first two seemed to disappear without a
trace.
Perhaps use of MS Outlook was the problem, even though in plain text...? Or
attachment too big (22Kb)? Would like to know...)
The final source code and documentation package for a FIPS 140 validated
mode
of OpenSSL was recently submitted. Once the final certification is
awarded by
NIST, in a month or
2017 Jul 18
2
force port redirection for list of users
Thanks somuch. I am checking it.
Best Regards,
On Tue, Jul 18, 2017 at 9:08 PM, Reuti <reuti at staff.uni-marburg.de> wrote:
>
> > Am 08.07.2017 um 18:41 schrieb Sudarshan Soma <sudarshan12s at gmail.com>:
> >
> > Hi ,
> > I have the following requirement .
> > other than following users, any other user sshd connection should be
> > redirected
2018 Jan 03
3
SSHD and PAM
On Wed, 2018-01-03 at 13:50 +0530, Sudarshan Soma wrote:
> HI, I do see some refernce on it: but seems not closed
> https://marc.info/?l=secure-shell&m=115513863409952&w=2
>
> http://bugzilla.mindrot.org/show_bug.cgi?id=1215
>
>
> Is this patch available in latest versions, 7.6?
No. It never was.
The SSSD is using NSS (Name Service Switch) [1] way of getting
2017 Jan 19
4
Force sshd to prompt username
Hi, Can I send ssh request to sshd to prompt for username along with
password.
Ex:
cogan at localhost$ ssh myserver
Login:xyz
password:
Login is automatically taken as cogan, wanted to ignore this and
instead prompt login and take it from user, Please suggest.
Best Regards,
2017 Jan 30
2
sshd custom shell script for specifc user
+ added subject
On Mon, Jan 30, 2017 at 11:32 PM, Sudarshan Soma <sudarshan12s at gmail.com>
wrote:
> Hi,
> I am trying to give access to sshd port 22 to connect to different port
> 1023 by differentiating with special user, customuser. Following is how i
> tried, but it doesnt work, please suggest.
>
> outside, user issues command
> ssh customuser at ip, it fails
>
2017 Jul 08
4
force port redirection for list of users
Hi ,
I have the following requirement .
other than following users, any other user sshd connection should be
redirected to 2024 instead of port 22.
root, ftp, guest
So
ssh root at ip // should be sent to sshd running at port 22
ssh otheruser at ip // should be sent to sshd running at port 2024
I know that we can do something like this:
ssh -o ProxyCommand='ssh -W localhost:2024 cliuser
2023 Apr 19
3
FIPS compliance efforts in Fedora and RHEL
Dear Damien,
On Wed, Apr 19, 2023 at 9:55?AM Damien Miller <djm at mindrot.org> wrote:
>
> On Wed, 19 Apr 2023, Dmitry Belyavskiy wrote:
>
> > > While I'm sure this is good for RHEL/rawhide users who care about FIPS,
> > > Portable OpenSSH won't be able to merge this. We explictly aim to support
> > > LibreSSL's libcrypto as well as
2018 Jan 03
2
SSHD and PAM
Hi I am trying to write pam_radius module which talks to RADIUS server for
aaa.
I see sshd checks /etc/passwd for user list. Since RADIUS server has user
list, can sshd ignore this check for RADIUS/TACACS+ authentication, Please
suggest if there are any flags to control it.
I am using the following versions.
OpenSSH_6.6p1, OpenSSL 1.0.2n 7 Dec 2017
I see sssd (NAS) being used for such use
2017 Feb 21
1
second ssh connection for the first ssh request
Hi Darren, It is linux
3.10.40.cge-rt38 #1 SMP Fri Jul 22 12:59:33 PDT 2016 i686 GNU/Linux
On Tue, Feb 21, 2017 at 3:39 AM, Darren Tucker <dtucker at zip.com.au> wrote:
> On Tue, Feb 21, 2017 at 4:19 AM, Sudarshan Soma <sudarshan12s at gmail.com>
> wrote:
> > Hi I changed sshd_config to run script, .profile for user cliuser like
>
> What platform is this on? If
2023 Mar 10
2
OpenSSH FIPS support
Hi,
We currently work on a project that require SSH server with FIPS and using OpenSSL v3.
Patching OpenSSH for this looks to be a massive job. Is it something that is considered on your side?
Is it currently a work in progress by somebody else as far as you know? Or something that has been partially done and aborded in the past, that could be relevant?
We just started considering making this and
2015 Dec 07
2
OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
Thanks Roumen.
I have few more questions below:
1. What version of OpenSSH can the patch be applied to? What branch should
I check out the patch?
2.
>Impact is not only for source code. Build process has to be updated as
well. Red Hat is based on "fipscheck".
What build process should be changed? What is fipscheck?
3. My understanding any application (such as OpenSSH) which need
2017 Jan 31
2
sshd custom shell script for specifc user
Thanks Darren, the intention to do this :
allow users to access my own shell/CLI(including authentication) on port
22.
their firewall settings doesnt allow anything other than port 22, so I
would internally redirect to port 1023 when customuser is provided.
I will try enabling logs, thanks.
On Tue, Jan 31, 2017 at 5:10 AM, Darren Tucker <dtucker at zip.com.au> wrote:
> On Tue, Jan 31,
2023 Mar 10
2
OpenSSH FIPS support
On Fri, Mar 10, 2023 at 10:27?AM Joel GUITTET
<jguittet.opensource at witekio.com> wrote:
> We currently work on a project that require SSH server with FIPS and
> using OpenSSL v3.
Gently: this is meaningless. You probably mean one of the following:
1. The SSH server implementation is required to use only cryptographic
algorithms that are FIPS-approved.
2. The SSH server
2017 Jan 31
2
sshd custom shell script for specifc user
Hi Darren, the clients config would need customer to change firewall
settings to allow 1023 port.
my server is behind the firewall. firewall settings say that my server 1023
is not accessable from outside. So If user tries -p 1023, it is rejected.
hence user can only issue
ssh customuser at ip . I am trying to instead connect to 1023 from my server,
which doesnt go to firewall, hence from my
2015 Dec 04
6
OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
Hi All:
I tried to rebuild openssl with the FIPS modules, and then install the new
openssl libs (lib crypto.so to be specific) on my Ubuntu 12.04 box.
After that I noticed it seemed to break OpenSSH: I couldn't login to the
box using ssh, and couldn't run the client command like ssh-keygen either.
My questions are:
1. Does OpenSSH support FIPS mode?
2. Or does OpenSSH support with
2015 Dec 07
2
OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
Thanks Roumen.
>Lets assume that application use OpenSSL FIPS validated module. FIPS mode
is activated in openssl command if environment variable OPENSSL_FIPS is
set. Similarly I use OPENSSL_FIPS environment variable to activate FIPS
mode. Code will call FIPS_mode_set(1) if crypto module is not FIPS mode.
Did you mean the FIPS patched OpenSSH server and client (such as
ssh-keygen) always
2017 Jan 30
2
No subject
Hi,
I am trying to give access to sshd port 22 to connect to different port
1023 by differentiating with special user, customuser. Following is how i
tried, but it doesnt work, please suggest.
outside, user issues command
ssh customuser at ip, it fails
inside sshd_config, i wrote the following:
Match user customuser
ForceCommand . /etc/myscript
inside myscript, I do the following:
read
2023 Mar 10
1
OpenSSH FIPS support
Hi Joel,
Joel GUITTET wrote:
> Hi,
> We currently work on a project that require SSH server with FIPS and using OpenSSL v3.
There is no way to work with OpenSSL v3 due to many reasons.
If you like to get FIPS capable secsh implementation compatible with OpenSSL FIPS validated modules 1.2 and 2.0 , RedHat ES, or Oracle Solaris you could use PKIX-SSH.
Regards,
Roumen Petrov
--
Advanced
2017 Oct 13
8
Status of OpenSSL 1.1 support
Hi,
more or less a year ago Kurt Roeckx provided an initial port towards the
OpenSSL 1.1 API [0]. The patch has been left untouched [1] and it has
been complained about a missing compat layer of the new vs the old API
within the OpenSSL library [2].
This is how I reconstructed the situation as of today and I am not
aware of any progress in regard to the newer library within the OpenSSH
project.
2023 Aug 17
21
[Bug 3603] New: ssh clients can't communicate with server with default cipher when fips is enabled at server end
https://bugzilla.mindrot.org/show_bug.cgi?id=3603
Bug ID: 3603
Summary: ssh clients can't communicate with server with default
cipher when fips is enabled at server end
Product: Portable OpenSSH
Version: 9.4p1
Hardware: All
OS: Linux
Status: NEW
Severity: critical