similar to: Settable minimum RSA key sizes on the client end for legacy devices.

On 12/26/19 6:35 AM, Stuart Henderson wrote: > On 2019/12/25 21:02, Steve Sether wrote: >> Basically I've had to turn on telnet access again, lowering security. > Does it really lower security? The very old embedded OS is not going to > be secure anyway, this type of device should only be used on a trusted > private network. (New embedded OS are often not much better so

> I fully agree with Steve here, and dislike developers' attitude of "We > know what's good for you, and since you don't/can't have a clue - we > won't trust you with decisions". Well, I'm on the developers' side. They need to produce a product that _now_ gets installed in some embedded device and is expected to be still secure in 15 years and longer

Unix was not designed to stop you from doing stupid things, because that would also stop you from doing clever things. - Doug Gwyn, in Introducing Regular Expressions (2012) by Michael Fitzgerald Get Outlook for iOS<https://aka.ms/o0ukef> ________________________________ From: openssh-unix-dev <openssh-unix-dev-bounces+j.mccanta=f5.com at mindrot.org> on behalf of Steve Sether

https://bugzilla.mindrot.org/show_bug.cgi?id=2523 Bug ID: 2523 Summary: An RSA private key file consistently gives "Badd Passphrase" errors, but worked before Product: Portable OpenSSH Version: 7.1p1 Hardware: Other OS: Linux Status: NEW Severity: normal Priority:

https://bugzilla.mindrot.org/show_bug.cgi?id=2666 Bug ID: 2666 Summary: Ability to specify minimum RSA key size for user keys Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee:

https://bugzilla.mindrot.org/show_bug.cgi?id=2699 Bug ID: 2699 Summary: PKCS#8 private keys with AES-128-CBC stopped working Product: Portable OpenSSH Version: 7.5p1 Hardware: amd64 OS: Linux Status: NEW Severity: normal Priority: P5 Component: ssh-keygen Assignee:

Hello... to openssh-unix-dev at mindrot.org cc djm at ibs.com.au devel platform: linux intel redhat 6.2beta http://violet.ibs.com.au/openssh/files/openssh-1.2.2.tar.gz from rpm at same. I am NOT subscribed to the openssh-unix-dev list. I ran into a problem using openssh-1.2.2 with openssl-0.9.5. With openssl 0.9.5 you can now compile shared libraries without idea, rc5 and rsa. openssl

Hi eveyone, Is there a way to set the minimum size accepted by sshd as an RSA public key? I want to restrict users to using RSA keys that are generated with ssh-keygen -b 2048 or greater. I didn't see any option in sshd_config. There is a ServerKeyBits option, but that seems to apply only for SSHv1. Please help me and provide your response.Thanks in advance. Regards Ravi Pratap

Debian GNU/Linux 2.2 (potato), openssh-2.2.0p1 Configured with: --prefix=/usr/local/openssh --enable-gnome-askpass --with-tcp-wrappers --with-ipv4-default --with-ipaddr-display My goal here is to, as root, forward a local privileged port over an ssh tunnel to another host using a normal user's login, i.e.: root:# ssh -2 -l jamesb -i ~jamesb/.ssh/id_dsa -L 26:localhost:25 remotehost So far,

https://bugzilla.mindrot.org/show_bug.cgi?id=2646 Bug ID: 2646 Summary: zombie processes when using privilege separation Product: Portable OpenSSH Version: 7.2p2 Hardware: ix86 OS: Linux Status: NEW Severity: minor Priority: P5 Component: sshd Assignee: unassigned-bugs at

On 30/12/17 09:46, Daniel Kahn Gillmor wrote > On Thu 2017-12-28 21:31:28 -0800, Dan Mahoney (Gushi) wrote: >> Why not make minimum key length a tunable, just as the other options >> are? > Because the goal of building secure software is to make it easy to > answer the question "are you using it securely?" > That answer is wrong.? The suggestion, which allowed

Hi folks, (3rd time I am sending this message, none of the other appear to have made it through!) Using "OpenSSH_6.9p1 Ubuntu-2ubuntu0.1, OpenSSL 1.0.2d 9 Jul 2015" on the server, "OpenSSH_7.2p2, OpenSSL 1.0.2g 1 Mar 2016" on the client. I am trying to use sshtunnel with StreamLocal forwarding to enable me to connect back to the client's ssh port, without having to

Hi! I am trying to know which habitat variables most affect bird counts in a radius of 100m. I obtained bird counts in 2751 spatial points, and measured percentage of 21 habitat variables in these points. I applied a mixed model using the "lmer" function to these data, but I do not know how to select the best model using AIC here. Is there a way to do this automatically with R?

https://bugzilla.mindrot.org/show_bug.cgi?id=2690 Bug ID: 2690 Summary: Add command line "ssh --version" Product: Portable OpenSSH Version: 7.2p2 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at

On Thu, Mar 26, 2015 at 11:55:18 -0700, Dan Kaminsky wrote: > You're right. My argument the is the next build of OpenSSH should be > OpenSSH 7, and the one after that 8, then 9, then 10. No minor releases? > Sure, go ahead. Deprecate the point, > > Do you manage any machines running SSHv1? > If by "running" you mean accepting SSH1, of course not. From a

On 2018-04-07 11:24, Bernard Spil wrote: > On 2018-04-07 9:04, Joel Sing wrote: >> On Friday 06 April 2018 21:31:01 Bernard Spil wrote: >>> Hi, >>> >>> When using OpenSSH with LibreSSL 2.7.x it cannot read existing RSA >>> and >>> ECDSA private keys. >>> >>> Error loading key "./id_rsa": invalid format

All, I occasionally manage some APC PDU devices. I manage them via a VPN, which enforces super-heavy crypto, and their access is restricted to only jumphosts and the VPN. Basically, the only time you need to log into these is when you go to reboot something that's down. Their web UI with SSL doesn't work with modern browsers. Their CPU is...tiny, and their SSHd implementation

Hi, OpenSSH git master now disabled SSH protocol 1 at compile time by default. If you want it back, then you'll need to pass --with-ssh1 to configure before you build. We expect to ship this configuration for openssh-6.9 in a few months. -d

https://bugzilla.mindrot.org/show_bug.cgi?id=3213 Bug ID: 3213 Summary: openssh 8.3p1 will not use any type of RSA key for legacy servers if ssh-rsa is not in PubkeyAcceptedKeyTypes Product: Portable OpenSSH Version: 8.3p1 Hardware: Other OS: Linux Status: NEW

On Friday 06 April 2018 21:31:01 Bernard Spil wrote: > Hi, > > When using OpenSSH with LibreSSL 2.7.x it cannot read existing RSA and > ECDSA private keys. > > Error loading key "./id_rsa": invalid format > > Rebuilding OpenSSH with LibreSSL 2.6.x fixes the issue. I had fixed this > issue early on with LibreSSL 2.7 by converting the key to "new