Displaying 20 results from an estimated 400 matches similar to: "Signing KRLs?"
2015 Dec 29
2
Bug in KRL signature verification
I believe there has been a bug in KRL signature verification that has been
present since the KRL feature was first introduced. It prevents signed KRLs
from being loaded by OpenSSH [0]. I believe this bug applies to all
versions of OpenSSH, although the majority of my effort has been devoted to
(and all of my code snippets come from) openssl-portable.
The bug is that an offset is incorrectly
2018 Sep 06
4
Some wishes regarding revoked keys
Hello.
I am trying to play through the following test scenario about
certificate revocation on Ubuntu 18.04, which has OpenSSH of this version:
OpenSSH_7.6p1 Ubuntu-4, OpenSSL 1.0.2n? 7 Dec 2017
1. A CA key is created
ssh-keygen -t ed25519 -f ca
2. The CA public key is added to ~/.ssh/authorized_keys on some server:
cert-authority ssh-ed25519 AAAA...e ca at yoga
3. A user key is created on a
2023 Jul 31
5
Call for testing: OpenSSH 9.4
Hi,
OpenSSH 9.4 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This is a bugfix release.
Snapshot releases for portable OpenSSH are available from
http://www.mindrot.org/openssh_snap/
The OpenBSD version is available in CVS HEAD:
http://www.openbsd.org/anoncvs.html
Portable OpenSSH is also available via git using the
instructions at
2023 Aug 10
1
Announce: OpenSSH 9.4 released
OpenSSH 9.4 has just been released. It will be available from the
mirrors listed at https://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support.
Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested
2023 Aug 09
1
Call for testing: OpenSSH 9.4
Compiled on OpenIndiana using GCC 11
:; SunOS 5.11 illumos-2e79e00041 illumos
Although snapshot was downloaded, it shows 9.3 version:
:; ssh -V
OpenSSH_9.3p1-snap20230809, OpenSSL 1.1.1v? 1 Aug 2023
Thanks and regards.
On 31.07.2023 08:12, Damien Miller wrote:
> Hi,
>
> OpenSSH 9.4 is almost ready for release, so we would appreciate testing
> on as many platforms and systems as
2024 Jan 24
1
[Bug 3659] New: Certificates are ignored when listing revoked items in a (binary) revocation list
https://bugzilla.mindrot.org/show_bug.cgi?id=3659
Bug ID: 3659
Summary: Certificates are ignored when listing revoked items in
a (binary) revocation list
Product: Portable OpenSSH
Version: 9.2p1
Hardware: All
OS: All
Status: NEW
Severity: minor
Priority: P5
2015 Feb 19
34
Call for testing: OpenSSH 6.8
Hi,
OpenSSH 6.8 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This release contains
some substantial new features and a number of bugfixes.
Snapshot releases for portable OpenSSH are available from
http://www.mindrot.org/openssh_snap/
The OpenBSD version is available in CVS HEAD:
http://www.openbsd.org/anoncvs.html
Portable OpenSSH is
2014 Nov 14
2
[Bug 2313] New: Corrupt KRL file when using multiple CA.
https://bugzilla.mindrot.org/show_bug.cgi?id=2313
Bug ID: 2313
Summary: Corrupt KRL file when using multiple CA.
Product: Portable OpenSSH
Version: 6.5p1
Hardware: Other
OS: Linux
Status: NEW
Severity: major
Priority: P5
Component: ssh-keygen
Assignee: unassigned-bugs at
2019 Sep 16
2
revoking ssh-cert.pub with serial revokes also younger certs
Hi Daminan!
Hmmm... thought about a little...
when i use -vvv with ssh-keygen -Qf i see "debug1:..." So i think, debug
is compiled in.
ssh-keygen --help gives me
ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number] file ...
so... option -z is not the serial of the certificate, it is the
version-number of the KRL-File...
My openssh-Verision from Debian is
2013 Feb 26
16
Call for testing: OpenSSH-6.2
Hi,
It's that time again...
OpenSSH 6.2 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This release contains
some substantial new features and a number of bugfixes.
Snapshot releases for portable OpenSSH are available from
http://www.mindrot.org/openssh_snap/
The OpenBSD version is available in CVS HEAD:
2013 Jan 27
1
null pointer dereference in krl.c?
Hi,
In ssh_krl_from_blob(), krl.c:984,
/* Record keys used to sign the KRL */
xrealloc(ca_used, nca_used + 1, sizeof(*ca_used));
ca_used[nca_used++] = key;
The result of `xrealloc' is never assigned to `ca_used', which remains
a null pointer. Will ca_used[...] crash?. Did I miss anything?
Thanks.
- xi
2014 Dec 09
2
build problems on the latest portable tree
Hello,
I've hit 2 build issues on rhel-7 using the latest portable tree - HEAD
3dfd8d93dfcc69261f5af99df56f3ff598581979
- rijndael.c:1104:7: error: ?Td4? undeclared (first use in this function)
(Td4[(t0 >> 24) ] << 24) ^
^
introduced in commit a1f8110cd5ed818d59b3a2964fab7de76e92c18e
- ./libssh.a(krl.o): In function `ssh_krl_from_blob':
2015 Mar 18
0
Announce: OpenSSH 6.8 released
OpenSSH 6.8 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.
Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches,
2017 Mar 02
64
[Bug 2687] New: Coverity scan fixes
https://bugzilla.mindrot.org/show_bug.cgi?id=2687
Bug ID: 2687
Summary: Coverity scan fixes
Product: Portable OpenSSH
Version: 7.4p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: Miscellaneous
Assignee: unassigned-bugs at mindrot.org
2013 Feb 06
0
Miscellaneous compiler warnings
Hi,
On RHEL 6.3 with gcc 4.4.6, a number of compiler warnings are emitted
when building recent snapshots:
These all seem to be harmless, but annoying.
readpassphrase.c:127: warning: ignoring return value of ?write?, declared with attribute warn_unused_result
readpassphrase.c:146: warning: ignoring return value of ?write?, declared with attribute warn_unused_result
make[1]: Leaving directory
2013 Apr 01
0
Format warnings in krl.c
Compiling krl.c with clang results in a slew of warnings like this one:
/usr/src/secure/lib/libssh/../../../crypto/openssh/krl.c:505:37: warning:
format specifies type 'unsigned long long' but the argument has type
'u_int64_t' (aka 'unsigned long') [-Wformat]
This comes from incorrectly assuming that u_int64_t is defined as
unsigned long long, whereas on
2014 Aug 18
15
Call for testing: OpenSSH 6.7
Hi,
OpenSSH 6.7 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This is a big release
containing a number of features, a lot of internal refactoring and some
potentially-incompatible changes.
Snapshot releases for portable OpenSSH are available from
http://www.mindrot.org/openssh_snap/
The OpenBSD version is available in CVS HEAD:
2007 Apr 16
0
[LLVMdev] "Name that compiler"
[Apologies in advance for the train of thought prose, but it is
brainstorming after all…]
I'm going to focus on self-descriptive names rather than literary or
fantasy references…
Advanced Compiler Kit, affectionately known as “ACK!”? It has an ill-
deserved nod to NeXT, even. (Completely the wrong language, after all.)
Core Compiler? Heh, I don't think that'd get past certain
2005 Dec 10
2
known_hosts and multiple hosts through a NAT router
The .ssh/known_hosts table cannot handle reaching different sshd
servers behind a NAT router. The machines are selected by having
the SSHDs respond to differnt ports.
A second request would be to allow known_hosts checking solely on
the dns name, wildcarding the IP address. This would be useful
to avoid continuously warning the user every time you connect
to a machine with a changing IP address
2019 Sep 13
2
revoking ssh-cert.pub with serial revokes also younger certs
Hi there!
What am I doing wrong?
I created a ssh-certificate
id_user_rsa-cert.pub with this dump:
id_user_rsa-cert.pub:
root at host # ssh-keygen -Lf id_user_rsa-cert.pub
??????? Type: ssh-rsa-cert-v01 at openssh.com user certificate
??????? Public key: RSA-CERT SHA256:kPitwgxblaUH4viBoFoozSPq9Pblubbedk
??????? Signing CA: ED25519 SHA256:8p2foobarQo3Tfcblubb5+I5cboeckvpnktiHdUs
??????? Key ID: