similar to: OpenSSH private key format errors with LibreSSL 2.7

On 2018-04-07 11:24, Bernard Spil wrote: > On 2018-04-07 9:04, Joel Sing wrote: >> On Friday 06 April 2018 21:31:01 Bernard Spil wrote: >>> Hi, >>> >>> When using OpenSSH with LibreSSL 2.7.x it cannot read existing RSA >>> and >>> ECDSA private keys. >>> >>> Error loading key "./id_rsa": invalid format

I recently had to upgrade my version of OpenSSH from 4.7 to 5.0p1 on my MacBook (Darwin). I installed the latest 'portable' tarball and removed the system version: $ ssh -V OpenSSH_5.0p1, OpenSSL 0.9.7l 28 Sep 2006 $ which ssh /usr/bin/ssh sshd is the same version, installed in /usr/sbin/sshd. Now, things are a bit broken: I am able to ssh from another machine into my MacBook, so the

Hi, all. So, in reviewing my OpenSSH keypairs and evaluating the size my RSA keys should be, i realized that, if i update my 2048-bit keypairs to 4096 bits, it really doesn't matter that much, because they're still only encrypted with 3DES, which provides an effective 112 bits of symmetric encryption strength: $ head -4 ~/.ssh/id_rsa -----BEGIN RSA PRIVATE KEY----- Proc-Type:

Hi, Since updating to 2.3.1 on my FreeBSD mailserver mail delivery using lda is broken if I have sieve enabled. (Before updating this was 2.2 and pigeonhole 0.4) FreeBSD 11.1-p8 amd64 Dovecot 2.3.1 Pigeonhole 0.5.1 Mailflow is OpenSMTPd as MTA, using mda delivery to rspamc which utlimately delivers using dovecot-lda. smtpd.conf deliver to mda "rspamc -h scan --mime -e

Hello, I've got a problem with newer versions of ssh-agent not accepting all keys being forwarded to them. Example: LOCAL-WORKSTATION ssh-add -l 4096 SHA256:HFSzrozPapudofYJi8QvXQdA1/vNpFc2iPWH8CGVsEg (none) (RSA) 2048 SHA256:lbjpmHAYtUO+zaLaKvWVxGNYkXRkOumcoOpLdRSVX/U /home/matt/.ssh/id_rsa_embedded (RSA) ssh -V OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017 BROKEN-REMOTE ssh

http://bugzilla.mindrot.org/show_bug.cgi?id=887 Summary: Problem connecting OpenSSH Client to a F-Secure SSH Server Product: Portable OpenSSH Version: -current Platform: All OS/Version: other Status: NEW Severity: major Priority: P2 Component: sftp AssignedTo: openssh-bugs at

Howdy, I'm attempting to compile openssh-7.1p1 using libressl-2.2.4 for the ssl implementation. Unfortunately, this fails to work (tested on Debian Unstable and Gentoo): cd libressl-2.2.4 ./configure --prefix=/opt/libressl-2.2.4 && make -j8 && sudo make install cd ../openssh-7.1p1 ./configure --with-ssl-dir=/opt/libressl-2.2.4 fails with: checking OpenSSL header version...

On Mon, Nov 9, 2015 at 5:35 PM, Darren Tucker <dtucker at zip.com.au> wrote: > On Tue, Nov 10, 2015 at 9:22 AM, Austin English <austinenglish at gmail.com> wrote: >> Howdy, >> >> I'm attempting to compile openssh-7.1p1 using libressl-2.2.4 for the >> ssl implementation. Unfortunately, this fails to work (tested on >> Debian Unstable and Gentoo):

I would like to automatically deduce in a script if an ssh key is encrypted or not. Basically in a very particular application I want to be the BOFH and enforce that users place a passphrase on their id_rsa key. If they don't put a passphrase I want to send them back to ssh-keygen until they do. I have not been able to deduce a way to detect this yet. Any hints? Thanks Bob

Hi, Yesterday I tried to replace the system openssl in a gentoo system with libressl. With openssh an interesting issue popped up: * RAND_bytes in libressl calls arc4random * arc4random is a compat function both in openssh and libressl * arc4random from openssh uses RAND_bytes So what's happening is a recursion. arc4random wants to use RAND_bytes and RAND_bytes wants to use arc4random. The

Hi folks, I searched the list for LibreSSL and found only one mention of it! Has anyone gotten this working? I have it compiling no problem, but removing OpenSSL is another story of course. It seems to be compiled with FIPS support and of course there is no such thing in LibreSSL - that is something they tore out thanks, -Alan -- "Don't eat anything you've ever seen advertised

https://github.com/libressl-portable/portable/issues/278

https://bugzilla.mindrot.org/show_bug.cgi?id=2699 Bug ID: 2699 Summary: PKCS#8 private keys with AES-128-CBC stopped working Product: Portable OpenSSH Version: 7.5p1 Hardware: amd64 OS: Linux Status: NEW Severity: normal Priority: P5 Component: ssh-keygen Assignee:

Hi All, mail/dovecot build fails when linked against LibreSSL. This is due to LibreSSL no longer including comp.h from ssl.h/ssl3.h. See https://wiki.freebsd.org/LibreSSL as well. This patch fixes the build failure. Build log attached as well (not any more, too large! Get it via link just above). Please commit this fix to the 1.2 branch (2.1 branch is not affected) Kind regards, Bernard

With 2.2.2 release http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.2.2-relnotes.txt is there a paln to provide a drop-in replacement of OpenSSL? -- Ciao, luigi / +--[Luigi Rosa]-- \ Furious activity is no substitute for understanding. --H. H. Williams

On 5 Feb 2017, at 19.49, Timo Sirainen <tss at iki.fi> wrote: > > On 4 Feb 2017, at 20.03, Ruga <ruga at protonmail.com> wrote: >> >> https://github.com/libressl-portable/portable/issues/278 > > I've no idea why that would happen. The only idea I had got rejected by someone. Oh, that's with OSX. I think that's the reason. Nothing to do with

Hi, We carry some compat code for old OpenSSL <1.1.1 and LibreSSL <3.1.0. OpenSSL 1.0.x is no longer supported upstream and AFAIK LibreSSL do not support old versions at all. I'd like to retire this config code, which would mean that users on platforms that include the versions of libcrypto would have to either bring their own libcrypto or compile OpenSSH --without-openssl (and accept

Timo, re: What OS is this? OS 10.12.3 with Xcode 8.2.1 and the official clang 3.9.0 re: test-time-util.c t_strftime and variants now .......................................... : ok Info: 'Thu, 08 Dec 2016 18:42:16 +0100' test-time-util.c:124: Assert failed: strcmp(t_strftime(RFC2822_FMT, gmtime(&ts)), exp) == 0 Info: 'Thu, 08 Dec 2016 18:42:16 +0100'

Hi Stephan, Shared the message to you in person only via separate mail. With to Return-Path, I've not seen any difference in failures, all messages were consistently failing with the same error. Thank you! Bernard. 2018-04-10 2:54 GMT+02:00 Stephan Bosch <stephan at rename-it.nl>: > Op 4/8/2018 om 8:10 PM schreef Bernard Spil: >> Hi, >> >> Since updating to 2.3.1

t_strftime and variants now .......................................... : ok test-time-util.c:123: Assert failed: strcmp(t_strftime(RFC2822_FMT, gmtime(&ts)), exp) == 0 test-time-util.c:124: Assert failed: strcmp(t_strfgmtime(RFC2822_FMT, ts), exp) == 0 t_strftime and variants fixed timestamp .............................. : FAILED timings 0