Displaying 20 results from an estimated 1000 matches similar to: "[Bug 2650] New: UpdateHostKeys ignores RSA keys if HostKeyAlgorithms=rsa-sha2-256"
2020 Oct 21
2
Future deprecation of ssh-rsa
I've expressed several concerns with enabling UpdateHostKeys by default,
none of which were even commented on, so this topic seems to not be in
any way open for discussion, but I'll still add one more thing here.
Peter Stuge wrote:
> Subject: Re: UpdateHostkeys now enabled by default
> Date: Mon, 5 Oct 2020 11:22:29 +0000
..
> I do not disagree with progressive key management, we
2016 Oct 26
2
[Bug 2631] New: Hostkey update and rotation - No IP entries added to known_hosts
https://bugzilla.mindrot.org/show_bug.cgi?id=2631
Bug ID: 2631
Summary: Hostkey update and rotation - No IP entries added to
known_hosts
Product: Portable OpenSSH
Version: 7.3p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
2020 Oct 04
2
UpdateHostkeys now enabled by default
On Sun, 4 Oct 2020, Christoph Anton Mitterer wrote:
> On Sun, 2020-10-04 at 14:02 +1100, Damien Miller wrote:
> > This is strictly no worse than continuing to use the old key, so I
> > don't consider it a problem.
>
> Well but in reality it will lead to people never again replace their
> key by proper means.
Well, first I disagree that this method is improper. The
2017 Jul 05
9
[Bug 2738] New: UpdateHostKeys does not check keys in secondary known_hosts files
https://bugzilla.mindrot.org/show_bug.cgi?id=2738
Bug ID: 2738
Summary: UpdateHostKeys does not check keys in secondary
known_hosts files
Product: Portable OpenSSH
Version: 7.4p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: minor
Priority: P5
Component: ssh
2018 Aug 11
21
[Bug 2894] New: Set UpdateHostKeys for interactive sessions to 'ask' (or consider defaulting to 'yes')
https://bugzilla.mindrot.org/show_bug.cgi?id=2894
Bug ID: 2894
Summary: Set UpdateHostKeys for interactive sessions to 'ask'
(or consider defaulting to 'yes')
Product: Portable OpenSSH
Version: 7.7p1
Hardware: Other
OS: Other
Status: NEW
Severity: enhancement
2020 Oct 03
6
UpdateHostkeys now enabled by default
Hi,
I just fixed a couple of corner-cases relating to UpdateHostkeys in git
HEAD and have enabled the option by default. IMO this protocol extension
is important because it allows ssh clients to automatically migrate to
the best available signature algorithms available on the server and
supports our goal of deprecating RSA/SHA1 in the future.
We would really appreciate your feedback on this
2016 Jun 20
2
[Bug 2593] New: List of forwarded connections not updated after cancellation
https://bugzilla.mindrot.org/show_bug.cgi?id=2593
Bug ID: 2593
Summary: List of forwarded connections not updated after
cancellation
Product: Portable OpenSSH
Version: 7.2p1
Hardware: Other
OS: Linux
Status: NEW
Severity: trivial
Priority: P5
Component: ssh
2017 Mar 31
10
[Bug 2702] New: ssh compiled with --with-ldns segfaults during known_hosts parsing
https://bugzilla.mindrot.org/show_bug.cgi?id=2702
Bug ID: 2702
Summary: ssh compiled with --with-ldns segfaults during
known_hosts parsing
Product: Portable OpenSSH
Version: 7.5p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: ssh
2020 Oct 21
4
Future deprecation of ssh-rsa
For the last few releases, there has been a notice that ssh-rsa will be deprecated in a near-future release. Is there a target release for this deprecation to take effect? I saw in the 8.4 release notes that?UpdateHostKeys is going to be default enabled in the next release to prepare for this. Is it likely that 8.6 will deprecate ssh-rsa after a release cycle of UpdateHostKeys being default or are
2020 May 03
10
[Bug 3157] New: known_hosts @cert-authority with legacy plain key entry drops incorrect set of HostKeyAlgorithms
https://bugzilla.mindrot.org/show_bug.cgi?id=3157
Bug ID: 3157
Summary: known_hosts @cert-authority with legacy plain key
entry drops incorrect set of HostKeyAlgorithms
Product: Portable OpenSSH
Version: 8.1p1
Hardware: All
OS: Mac OS X
Status: NEW
Severity: normal
Priority:
2017 Mar 20
0
Announce: OpenSSH 7.5 released
OpenSSH 7.5 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support. OpenSSH also includes
transitional support for the legacy SSH 1.3 and 1.5 protocols
that may be enabled at compile-time.
Once again, we would like to thank the OpenSSH community
2017 Mar 14
5
Call for testing: OpenSSH 7.5p1
Hi,
OpenSSH 7.5p1 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This is a bugfix release.
Snapshot releases for portable OpenSSH are available from
http://www.mindrot.org/openssh_snap/
The OpenBSD version is available in CVS HEAD:
http://www.openbsd.org/anoncvs.html
Portable OpenSSH is also available via git using the
instructions at
2017 Jan 26
4
Server accepts key: pkalg rsa-sha2-512 vs ssh-rsa
Hi,
I'm doing some test with a pkcs11 token that can only sign short messages.
When connecting to one server, that reports pkalg rsa-sha2-512 blen
151, it fails to sign the pubkey because it is 83 bytes long. (sshd:
OpenSSH_7.3p1)
A older server that reports pkalg ssh-rsa blen 151, works perfectly as
the pubkey signature required is only 35 bytes long. (sshd:
OpenSSH_6.7p1)
I am not sure
2020 Sep 16
2
ssh-ed25519 and ecdsa-sha2-nistp256 host keys
Hello.
I am running OpenSSH 7.9p1 on my client and server. ssh-keyscan shows
the server has ssh-rsa, ssh-ed25519, and ecdsa-sha2-nistp256 host
keys. My /etc/ssh/ssh_known_hosts file contains the server's
ssh-ed25519 host key. When I try to SSH to the server I get this
error:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!
2020 Sep 16
2
ssh-ed25519 and ecdsa-sha2-nistp256 host keys
Here you go:
OpenSSH_7.9p1, OpenSSL 1.1.1d 10 Sep 2019
debug1: Reading configuration data /home/ryantm/.ssh/config
debug1: /home/ryantm/.ssh/config line 4: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 13: Applying options for *
debug2: resolving "{REDACTED}" port 22
debug2: ssh_connect_direct
debug1: Connecting to
2018 Nov 01
8
[Bug 2924] New: Order a limited host keys list in client based on the known hosts
https://bugzilla.mindrot.org/show_bug.cgi?id=2924
Bug ID: 2924
Summary: Order a limited host keys list in client based on the
known hosts
Product: Portable OpenSSH
Version: 7.7p1
Hardware: Other
OS: Linux
Status: NEW
Keywords: patch
Severity: enhancement
Priority:
2020 Oct 04
2
UpdateHostkeys now enabled by default
On Sun, 4 Oct 2020, Matthieu Herrb wrote:
> Hi,
>
> on OpenBSD-current I now get this when connecting to an existing
> machine for which I have both ecdsa an ed25519 keys in my existing
> known_hosts (but apparently ed25519 keys where added only for the name
> previsously by ssh):
>
> Warning: the ED25519 host key for 'freedom' differs from the key for
> the
2020 Oct 04
2
UpdateHostkeys now enabled by default
On Sun, Oct 04, 2020 at 09:24:12PM +1100, Damien Miller wrote:
> On Sun, 4 Oct 2020, Damien Miller wrote:
>
> > No - I think you've stumbled on a corner case I hadn't anticipated.
> > Does your configuration override CheckHostIP at all?
No.
> >
> > What are the known_hosts entries for the hostname and IP?
>
> Also, do you use HashKnownHosts? or do
2023 Oct 10
17
[Bug 3627] New: openssh 9.4p1 does not see RSA keys in know_hosts file.
https://bugzilla.mindrot.org/show_bug.cgi?id=3627
Bug ID: 3627
Summary: openssh 9.4p1 does not see RSA keys in know_hosts
file.
Product: Portable OpenSSH
Version: 9.4p1
Hardware: SPARC
OS: Solaris
Status: NEW
Severity: major
Priority: P5
Component: ssh
2020 Oct 04
3
UpdateHostkeys now enabled by default
On Sun, Oct 04, 2020 at 10:50:32PM +1100, Damien Miller wrote:
> On Sun, 4 Oct 2020, Matthieu Herrb wrote:
>
> > On Sun, Oct 04, 2020 at 09:24:12PM +1100, Damien Miller wrote:
> > > On Sun, 4 Oct 2020, Damien Miller wrote:
> > >
> > > > No - I think you've stumbled on a corner case I hadn't anticipated.
> > > > Does your configuration