similar to: OpenSSH forcing the signature to SHA1.

Hi, Following the fix [1] being released on 7.5, now SHA2 RSA signature methods work properly. On the other hand it is still not possible to disable SHA1 RSA alone (as an example, as SHA2-256 or SHA2-512 could also potentially be not desirable), where it is considered insecure or undesirable. I am proposing to add a mechanism, and happy to submit a patch, to enable selection of the Hashes

https://bugzilla.mindrot.org/show_bug.cgi?id=2746 Bug ID: 2746 Summary: RFE: Allow to disable SHA1 signatures for RSA Product: Portable OpenSSH Version: 7.5p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at

[EDIT]: Sorry about the second mail. ignore the first one - it had try & and error mistakes in. Problem is still the very same as explaned below. Thanks a lot. Hi, since days I'm trying to substitude my SQL based Postfix/Dovecot mail server by a LDAP based setup. Everything seems to go smooth so far - thanks to the many how to and Dovecot wiki. Unfortunately I'm struggeling,

Hi All, I have two servers, one is centos 4.3 (new) and other is rh9 (old). Both of them run mysql as the primary database server. I installed mysql via the rpms available in mysql.com downloads. Recently when i do "pstree", i noticed that RH9 server shows many mysql children while centos shows only one. Here is the pstree result. (Both of them runs the same version of mysql)

Hi, I am turning crazy. I try to integrate Asterisk 11.5.1 into Samba4 LDAP, but when I import the ldif file from contrib directory I get this error. ldbmodify -H /usr/local/samba/private/sam.ldb asterisk.ldif --option="dsdb:schema update allowed"=true ERR: (No such object) "objectclass: Cannot add cn=asterisk,cn=schema,cn=config, parent does not exist!" on DN

I am trying to understand the details of the deprecation notice. Because I am getting people asking me questions. And I don't know the answer. Therefore I am pushing the boulder uphill and asking here. :-) Damien Miller wrote: > Future deprecation notice > ========================= > > It is now possible[1] to perform chosen-prefix attacks against the > SHA-1 algorithm for

This morning's log review revealed this sshd log entry on one of our web services hosts: Received disconnect: 11: disconnected by user : 2 Time(s) 3: com.jcraft.jsch.JSchException: reject HostKey: 216.185.71.170 : 1 Time(s) The IP address used is that of a public facing database query page for our freight transit information. It is itself a virtual IP address hosted on the system

Hello, part of a usual OpenSSH installation are quite some files containing key material, like private keys (id_rsa, id_dsa, id_ecdsa) and the corresponding public keys (id_rsa.pub, id_dsa.pub, id_ecdsa.pub). Inspired by a recent question on Stack Overflow [1], I had a look at the OpenSSH documentation to see what format these key files have. The sshd man page [2] contains some paragraphs about

Hi, I've come across some messages from sshd (OpenSSH 6.7) in my auth.log that I hadn't noticed before: sshd[32008]: error: Received disconnect from x.x.x.x: 3: \ com.jcraft.jsch.JSchException: Auth fail [preauth] I was kinda puzzled why sshd would emit some JCraft[0] messages and the best explanation I found was this Serverfault[1] answer, quoting a snippet from packet.c:1965

Hello, I have some users that connect to a server with their DSA key that is of type ssh-dss. I'm migrating (installing as new) the server where they connect to CentOS 8 + updates. I was not able to connect with the keys to this new server even after having added, as found in several internet pages, this directive at the end of /etc/ssh/sshd_config of the CentOS 8 server: # Accept also DSA

Hi, I have to implement SFTP using a Java program. I am looking for a package that implements a SFTP Client(preferably with sample code on usage). I need this in order to do SFTP file upload from my Java program. Any help would be appreciated. Thanks in advance. Regards, Preetha.

On Wed, 5 Apr 2017, Jakub Jelen wrote: > Disabling SHA-1 for signatures sounds like a good idea these days (and was the > main reason why the extension created if I read it right [1]). > This leaves me confused if the use case without SHA1 was missed from the draft > or it was left as an implementation detail, that was not implemented in > OpenSSH. The reasons we didn't

https://bugzilla.mindrot.org/show_bug.cgi?id=3213 Bug ID: 3213 Summary: openssh 8.3p1 will not use any type of RSA key for legacy servers if ssh-rsa is not in PubkeyAcceptedKeyTypes Product: Portable OpenSSH Version: 8.3p1 Hardware: Other OS: Linux Status: NEW

On Mon, 2006-01-09 at 14:29 +0100, Jean Lee wrote: > Hi all, Please start a new thread with a new message rather than hijacking an existing one with a reply/change-subject. > Does anybody knows where I can found an eclipse 3.1 package for Centos ? Doesn't seem likely. I had a crack at rebuilding the latest FC4 package from source and the build-dep requirements seem daunting...

I'm trying to set up my LDAP in preparation to configure my Samba PDC. In the Official Samba-3 HOWTO and Reference Guide it give instructions on howto setup slapd.conf (section 10.4.4.3) After modifying the file it instructs to run /sbin/splapindex -f /splapd.conf When I run this I get the following error: /etc/openldap/schema/samba.schema: line 423: AttributeType not found:

I'm not sure if collision resistance is required for DH key derivation, but generally, SHA-1 is on its way out. If it's possible (if there's not a very large percentage of servers that do not support anything newer), it should be disabled.

Hi all, We've run into a curious issue. We run CentOS 6.5 with openssh installed (OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013 by default). We connect to this server through sftp (Subsystem sftp internal-sftp) using the java JSch library. When opening many sftp channels on a single ssh session OpenSsh does not seem to release the sftp channels closed from the client side when there are

Hi, Back in 2003 the developer of JSch, a Java SSH2 implementation, posted a thread regarding support for sending signals to remote processes here: http://marc.info/?l=openssh-unix-dev&m=104295745607575&w=2 The thread culminated in a patch provided by Markus Friedl, which Atsuhiko Yamanaka tested and reported as working (unofficially), which added support for this capability in the

Hi, I've some arch linux systems running on two rasp pi's as server. I've been able to loging always, since a year or so, and since a week or two this is not the case anymore. I've enabled public key auth explicit: PubkeyAcceptedKeyTypes ssh-rsa PubkeyAuthentication yes The server is running version 7.9p1 It looks like there has been introduced: - a new required flag which I

e.g. can we make it throw warnings etc. rsa-sha2-256 and rsa-sha2-512 are fine, they use PSS. On Sun, Jan 20, 2019 at 1:55 AM Yegor Ievlev <koops1997 at gmail.com> wrote: > > Also can we do anything with ssh-rsa? It uses both SHA-1 and > deprecated PKCS#1 padding. If it's used to sign certificates, there's > no additional protection of SHA-2 hashing before SHA-1