Displaying 20 results from an estimated 4000 matches similar to: "Strange crypto choices"
2018 May 27
2
Strange crypto choices
there are more implications to changing key algorithms than KEX
algorithms. If a change is made to the specification, then it might
invalidate all the keys that are out there, this isn't the case with
any other negotiated algorithm,
On Sun, 27 May 2018, Yegor Ievlev wrote:
> I don't think we should wait for a RFC in order to use stronger
> crypto. We already prefer Curve25519 for
2018 May 27
2
Strange crypto choices
On Sat, 26 May 2018, Christian Weisgerber wrote:
> On 2018-05-25, Yegor Ievlev <koops1997 at gmail.com> wrote:
>
> > The defaults for HostKeyAlgorithms option are: [...]
> > Why does OpenSSH prefer older and less secure
> > (https://safecurves.cr.yp.to/) ECDSA with NIST curves over Ed25519?
>
> I asked Markus and Damien about this in the past but honestly
2020 Sep 16
2
ssh-ed25519 and ecdsa-sha2-nistp256 host keys
Here you go:
OpenSSH_7.9p1, OpenSSL 1.1.1d 10 Sep 2019
debug1: Reading configuration data /home/ryantm/.ssh/config
debug1: /home/ryantm/.ssh/config line 4: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 13: Applying options for *
debug2: resolving "{REDACTED}" port 22
debug2: ssh_connect_direct
debug1: Connecting to
2018 May 27
2
Strange crypto choices
On Mon, 28 May 2018, Yegor Ievlev wrote:
> Can we prefer RSA to ECDSA? For example:
> HostKeyAlgorithms
> ssh-rsa,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256
not without a good reason
2018 Nov 23
2
Debian Stretch 9.6: openssh-server and old dropbear client don't work togheter
Il giorno gio 22 nov 2018 alle ore 21:24 Stuart Henderson
<stu at spacehopper.org> ha scritto:
>
> On 2018/11/22 19:55, owl700 at gmail.com wrote:
> > Hi, I have compatibility issues with the latest version of
> > openssh-server and an old dropbear client, the dopbear client stops at
> > preauth
> >
> > ov 22 14:34:03 myhostname sshd[3905]: debug1: Client
2016 Oct 24
2
SSH fail to login due to hang over after authenticated.
Hi OpenSSH,
I encountered that SSH will hang over after I input the password.
Could you help show me how to resolve this problem? Thanks for your
help.
Please find the ssh debug info and my ssh version as below.
$ ssh -vvv user1 at remote_host
OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data /Users/user1/.ssh/config
debug1: /Users/user1/.ssh/config line 36: Applying options for
2016 Nov 08
4
one host only: ssh_dispatch_run_fatal
Darren Tucker <dtucker at zip.com.au> writes:
> On Tue, Nov 8, 2016 at 2:43 PM, Harry Putnam <reader at newsguy.com> wrote:
>> Darren Tucker <dtucker at zip.com.au> writes:
>>
>>> On Tue, Nov 8, 2016 at 1:02 PM, Harry Putnam <reader at newsguy.com> wrote:
>>> [...]
>>>> gv harry> ssh -vv 2x
>>>>
>>>>
2016 Oct 24
1
SSH fail to login due to hang over after authenticated.
Can you confirm if the problem is specific to the ssh client, or the ssh
server? (Try to ssh into the same server from different client, and to some
different server from the same client)
On Mon, Oct 24, 2016 at 9:41 PM, Jin Li <lijin.abc at gmail.com> wrote:
> Hi OpenSSH,
>
> I encountered that SSH will hang over after I input the password.
> Could you help show me how to
2019 Oct 17
2
DSA key not accepted on CentOS even after enabling
Hello,
I have some users that connect to a server with their DSA key that is of
type ssh-dss.
I'm migrating (installing as new) the server where they connect to CentOS 8
+ updates.
I was not able to connect with the keys to this new server even after
having added, as found in several internet pages, this directive at the end
of /etc/ssh/sshd_config of the CentOS 8 server:
# Accept also DSA
2018 Apr 24
2
AIX make checks issue
On 23/04/2018 11:49, Michael Felt wrote:
> On 21/04/2018 16:21, Michael Felt wrote:
>
>
> Question: I have not dug into the tests yet. Will copy to a "local"
> directory, and not build out of tree and see if that fixes it (as it
> does for many other packages). However, just in case it does not - how
> can I fast-forward the tests to the "agent" tests?
2019 Jan 19
3
Can we disable diffie-hellman-group14-sha1 by default?
e.g. can we make it throw warnings etc. rsa-sha2-256 and rsa-sha2-512
are fine, they use PSS.
On Sun, Jan 20, 2019 at 1:55 AM Yegor Ievlev <koops1997 at gmail.com> wrote:
>
> Also can we do anything with ssh-rsa? It uses both SHA-1 and
> deprecated PKCS#1 padding. If it's used to sign certificates, there's
> no additional protection of SHA-2 hashing before SHA-1
2019 Jan 19
4
Can we disable diffie-hellman-group14-sha1 by default?
I'm not sure if collision resistance is required for DH key
derivation, but generally, SHA-1 is on its way out. If it's possible
(if there's not a very large percentage of servers that do not support
anything newer), it should be disabled.
2020 Mar 02
3
Question about host key algorithms
When I do ssh -Q key, where ssh is the OpenSSH 7.4p1 client, I get the
following output:
ssh-ed25519
ssh-ed25519-cert-v01 at openssh.com
ssh-rsa
ssh-dss
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
ssh-rsa-cert-v01 at openssh.com
ssh-dss-cert-v01 at openssh.com
ecdsa-sha2-nistp256-cert-v01 at openssh.com
ecdsa-sha2-nistp384-cert-v01 at openssh.com
ecdsa-sha2-nistp521-cert-v01 at
2020 Mar 02
4
Question about host key algorithms
$ ssh -Q HostKeyAlgorithms
Unsupported query "HostKeyAlgorithms"
$ ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2u 20 Dec 2019
On Mon, Mar 2, 2020 at 2:24 PM Christian Hesse <list at eworm.de> wrote:
> Luveh Keraph <1.41421 at gmail.com> on Mon, 2020/03/02 14:07:
> > When I do ssh -Q key, where ssh is the OpenSSH 7.4p1 client, I get the
> > following output:
> >
2016 Oct 24
2
SSH fail to login due to hang over after authenticated.
I don't think it will be easy to identify the problem remotely. You can try
logging in with password (if not disabled), or sshing with some other key,
or logging into some other user. If you are able to get access to the
machine, post the server's error log here.
On Mon, Oct 24, 2016 at 9:55 PM, Jin Li <lijin.abc at gmail.com> wrote:
> Hi Tanmay,
>
> The server is not
2017 Nov 01
2
Winbind, Kerberos, SSH and Single Sign On
Hi,
at first I'm not sure if this is the correct list to ask this question.
But since I'm using winbind I hope you can help me.
I try to realize a kerberized ssh from one client to another. Both
clients are member of subdom2.subdom1.example.de and joined to it. The
users are from example.de, where subdom1.example.de is a subdomain
(bidirectional trust) of example.de and
2014 Mar 27
1
AIX SFTP with chroot : conection closed without error message
Hello,
I'm trying to setup a chroot for one user on my AIX 5.2 system
I have tried with openssh 5.0 (don't know where it comes from) and as it
didn't work, I have downloaded and compiled the current version (6.6p1)
When I connect, password is checked, chroot is done, sftp subsystem is
accepted, but I get disconnected without any error
Below is all can say about my config (after
2016 Sep 21
2
Where to look next?
Hello,
I'm looking for your insight about the log below. We have an SFTP server (IBM Sterling File Gateway) and we're connecting from an OpenSSH SFTP client but something fails during KEX.
Complete client-side debug output is below, but I believe the relevant part is:
debug1: kex: server->client cipher: aes192-cbc MAC: hmac-sha1 compression: none
debug1: kex: client->server
2019 Feb 15
2
Can we disable diffie-hellman-group-exchange-sha1 by default?
I referred to the fact that there is no value for 4096-bit groups at
all. For higher strengths than 128 bits one should probably not use
non-EC crypto at all, as the document suggests.
On Fri, Feb 15, 2019 at 9:19 AM Darren Tucker <dtucker at dtucker.net> wrote:
>
> On Fri, 15 Feb 2019 at 16:45, Yegor Ievlev <koops1997 at gmail.com> wrote:
> > That doesn't seem to be
2015 Feb 09
3
Connection stalls at debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
Trying to connect from Fedora 21 to CentOS 6.6, OpenSSH on both ends.
Connection is via a VPN.
Initially the connection seems good, but OpenSSH stalls at
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP.
Software version on servers:
openssh-server-5.3p1-104.el6_6.1.x86_64
openssh-5.3p1-104.el6_6.1.x86_64
Software version on client:
openssh-6.6.1p1-11.1.fc21.x86_64
also duplicated problem using