similar to: [Bug 2322] New: please let the server enable/disable delayed compression on a per user basis

Compressing data before encryption may be dangerous, for example CRIME, BREACH and VORACLE. Can compression be disabled by default in OpenSSH, only being enabled if user requests it? Another scenario when SSH compression may be bad is use of commands like tar cz | ssh root at remote "tar xz", which seem pretty common. If SSH compression is enabled, data will be (wastefully) compressed

Hello. At work we collect logs (via ssh) from all kinds of hosts on one central node which has no connection to the internet and is tried to kept secure. The idea is, as you can imagine, that in case of a compromise we'd have at least all the logs up to the break without any forgeries. The logging is done continuously and compression is used. Now the following is not really that much

Hi, first of: my familiarity with OpenSSH/Pam code-base is very limited.. Please excuse me if some of this does not make any sense or seems stupid! I'm investigating if it is possible for a PAM module to find out which public key was accepted (when 'AuthenticationMethods publickey,keyboard-interactive' is used). From my digging in the source, it seems it is currently not. Would

You wrote: > I am writing a news article about the rulings in the cphack and DVD cases > and how they could impact reverse engineering in the United States. > It appears that new interpretations of fair use provisions in copyright law > could force reverse engineering offshore. [We can discuss this in detail in private email, which you may quote freely, but here's an overview

I don't see a way to do this currently (unless I am missing something) but I would like to be able to specify, that in order for a user to login, they need to use at least 1 public key from 2 separate key sources.? Specifically this would be when using "AuthenticationMethods publickey,publickey".? Right now requiring 2 public keys for authentication will allow 2 public keys from

Also nice to know that zlib at openssh.com enables the compression only after authentication, mitigating the known problems with compression and passwords. It is also very hard to do chosen-plaintext attacks on the client to server side (in opposite to HTTPS where that's trivial). And most passwords that are typed after authentications are entered character by character, making them fall under

I see. From reading that wikipedia article, I'm wondering what gets compressed when compression is enabled in openssh. Is it the ciphertext or the cleartext? Regards, Mark On Fri, 2013-10-25 at 15:47 -0400, Daniel Kahn Gillmor wrote: > On 10/25/2013 03:23 PM, Mark E. Lee wrote: > > Thanks for the response, what kind of problematic interactions would > > occur (other than

I'm writing a PAM module to do authentication through Signal (as in Open Whisper Systems) [1]. I would like to be able to offer (Public key AND Signal) or (Password AND Signal) for authentication. This suggests setting AuthenticationMethods to publickey,keyboard-interactive:pam password,keyboard-interactive:pam However, when PAM is enabled "password" means "show password

Hey everyone, Basically, I'm trying to figure out if I can configure sshd to require that the user has a key that has been signed by a trusted user CA *and* is listed separately as an authorised key (or the user has a signed key and a different authorised key)? The closest I've come is having an `authorized_keys` file have two entries consisting of the CA key and a normal key with

????? The ":::" operator doesn't work for me with "Ecdat:::Crime" on either macOS 10.15.3 or Windows 10. ????? A different but related issue is that "plm::Crime" says "Error: 'Crime' is not an exported object from 'namespace:plm'", even though "library(plm); data(Crime); Crime" works.? I would naively think a user should

Hello All, The attached patch allows openssh to specify which pam service name to authenticate users against by specifying the PAMServiceName attribute in the sshd_config file. Because the parameter can be included in the Match directive sections, it allows different authentication based on the Match directive. In our case, we use it to allow different levels of authentication based on the

On Tue, 2020-07-21 at 14:47 +1000, Damien Miller wrote: > On Mon, 20 Jul 2020, Jordan J wrote: [...] > > Firstly, would the following or some combination thereof be > > possible or is there an obvious impediment. Secondly, if it proved > > possible are the maintainers open to a patch providing it? > > > > 1. Update the SSH ecdsa-sk public key type to contain the

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi everyone, I just came across a contradiction between the man page of AuthenticationMethods and the accepted methods list. According to the sshd_config manual page: """ AuthenticationMethods Specifies the authentication methods that must be successfully completed for a user to be granted access. This option must be followed by one

On Thu, Dec 18, 2014 at 2:01 AM, Damien Miller <...> wrote: > On Wed, 17 Dec 2014, Dmt Ops wrote: > >> vi /etc/ssh/sshd_config >> ... >> - ChallengeResponseAuthentication no >> + ChallengeResponseAuthentication yes >> + KbdInteractiveAuthentication yes >>

Hello: I have a 4-column dataset: Crime, Education, Urbanization, Age. I want to construct a multiple linear regression to find the effect of Education, Urbanization, and Age on Crime" lm(Crime ~ Education + Urbanization + Age) If I use + in above statement, does it mean it will build a model to find the relationship between Crime and Education when Urbanization and Age are held constant?

https://bugzilla.mindrot.org/show_bug.cgi?id=2398 Bug ID: 2398 Summary: AuthenticationMethods doesn't have default value (inconsistency) and it accept empty value Product: Portable OpenSSH Version: 6.8p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement

WARNING: COMPLETELY OFF TOPIC -- Nothing to do with R. I thought readers of this list might enjoy the following. The link to the full article is at the bottom. I hope this is not "too" inappropriate. ------- Overconfidence in crime statistics doesn?t pay. In a new study, a team of criminologists makes the case that reported crime rates should acknowledge uncertainty in the data. The

Hello: I need to create a six barplots from data that looks pretty close to what appears below. There are two grouping variables (age and gender) and three dependent variables for each grouping variables. I'm not really familiar with trellis graphics, perhaps there is something that can do what I need there, i don't know. The thing is: I *need* these to appear on one row, with some way

https://bugzilla.mindrot.org/show_bug.cgi?id=983 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED Assignee|pgsery at swcp.com |djm at mindrot.org --- Comment #58 from Damien Miller

https://bugzilla.mindrot.org/show_bug.cgi?id=2320 Bug ID: 2320 Summary: end-of-line comments work in sshd_config but not in ssh_config Product: Portable OpenSSH Version: 6.7p1 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5 Component: ssh