similar to: [Bug 2662] New: Does it still make sense to use DSA host keys by default?

https://bugzilla.mindrot.org/show_bug.cgi?id=1469 Summary: Should sshd detect and reject vulnerable SSH keys (re: Debian DSA-1571 and DSA-1576) Classification: Unclassified Product: Portable OpenSSH Version: 5.0p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2

Hello, Here's the situation I'm facing : I'm running OpenSSH on a server. On a gateway, I forward TCP:22 to the server TCP:22. So far, so good. I can log in from inside the lan by connecting using standard SSH port, or from the other network through the gateway. Now, I'd like a different configuration for connections from the outside. I start another SSHd on the

hello.. i am running openssh-3.7.1p2. on linux.It is working successfully..and daemon is running &client also connecting.But the problem is with the mips architecture when i connecting this server from remote syytem.?i got an error of buufer_get:trying to get more bytes 1 than buffer0.And client is not connecting from remote system.My out is as follows on my server ?in sshd main before

Hello there! I have made a patch against OpenSSH 3.0.2p1 which allows the fingerprint of the accepted key to be printed in the log message. It works with SSH1-RSA and SSH2 pubkey (DSA+RSA) authentication. This feature is controllable by the LogKeyFingerprint config option (turned off by default). Michal Kara -------------- next part -------------- diff -u5

hello.. i am running openssh-3.7.1p2. on linux.It is working successfully.and daemon is running &client also connecting.But the problem is with the mips architecture when i connecting this server from remote syytem. i got an error of buufer_get:trying to get more bytes 1 than buffer0.And client is not connecting from remote system.My out is as follows on my server in sshd main before

https://bugzilla.mindrot.org/show_bug.cgi?id=1469 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |WONTFIX Status|NEW |RESOLVED CC|

https://bugzilla.mindrot.org/show_bug.cgi?id=1469 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #10 from Damien Miller <djm at mindrot.org> --- Set all RESOLVED bugs to CLOSED with

On Wed, Apr 20, 2011 at 11:24 AM, Csaba Raduly <rcsaba at gmail.com> wrote: > On Wed, Apr 20, 2011 at 10:44 AM, Joe Armstrong  wrote: >> >> It seems very strange to me that the ansi standard says "XXX is >> undefined" and that both clang and gcc >> can detect that something is undefined and that by default they >> compile the offending code without

Hi, Why is there still a limit on the length of a DSA key generated by ssh-keygen? I mean that ssh-keygen only expects 1024 as key length, or fails. Here is the code excerpt that enforces the limitation: if (type == KEY_DSA && *bitsp != 1024) fatal("DSA keys must be 1024 bits"); Commenting these two lines allows the generation of, say, 2048 bit DSA keys that work just fine

I just found that trying to specify a DSA identity file with '-i' doesn't work. Although the man page doesn't indicate that this is supported for DSA keys, it also doesn't indicate very clearly that its _not_. Indeed, in ssh.c:main(), the "-i" only increments and sets: options.options.num_identity_files options.identity_files where it would need to modify:

When I try to create a dsa set of key files with -b 999, the key appears to be created with the default of 1024. This does not happen for type rsa or rsa1 keys. They get created with the number of bits I specified. I can't find this problem in the archives. DSA key generation: SY1 97 /SYSTEM/tmp> ssh-keygen -b 999 -t dsa Generating public/private dsa key pair. Enter file in which to

http://bugzilla.mindrot.org/show_bug.cgi?id=884 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #663 is|0 |1 obsolete| | ------- Additional Comments From dtucker at zip.com.au 2004-10-29 22:03 -------

https://bugzilla.mindrot.org/show_bug.cgi?id=1647 Summary: Implement FIPS 186-3 for DSA keys Product: Portable OpenSSH Version: 5.2p1 Platform: Other OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: ssh-keygen AssignedTo: unassigned-bugs at mindrot.org ReportedBy:

CentOS Errata and Bugfix Advisory 2020:2662 Upstream details at : https://access.redhat.com/errata/RHBA-2020:2662 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 7565ffd1f3418c04442b5eb731eeccc4cc52f2089938035d4dc04e777568b2b0 selinux-policy-3.13.1-266.el7_8.1.noarch.rpm

Hi, I believe I may have found a bug with OpenSSH 2.5.2p2 My guess would be that it exists with 2.5.x, though my only experience so far has been ONLY with Red Hat's RPMS openssh-2.5.2p2-1.7.i386.rpm and openssh-2.5.2p2-1.7.2.i386.rpm It seems that ssh-keygen can generate a large DSA identity key easily (ssh-keygen -t dsa -b 2048), but that ssh itself cannot handle such a large key and

http://bugzilla.mindrot.org/show_bug.cgi?id=884 Summary: DSA keys (id_dsa.pub) with 8192 bytes or more aren't correctly recognized Product: Portable OpenSSH Version: 3.8.1p1 Platform: All OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: ssh

https://bugzilla.mindrot.org/show_bug.cgi?id=1647 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |WONTFIX CC|

Ok... I just kludged dsa key support into the ssh-agent that comes with openssh-2.1.1p4. Its ugly and conforms to no standard (I could find no signifigant mention of it in the IETF drafts) but it does seem to work. If anybodys interested in it, I'll clean up the code and post. For now I'm going to sleep. Oh yeah.. thanks Damien Miller for pointing out that SSL add_all_algorithms bit,

http://bugzilla.mindrot.org/show_bug.cgi?id=566 Summary: ssh-keygen -l does not print key comment for rsa/dsa keys Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: trivial Priority: P2 Component: ssh-keygen AssignedTo:

http://bugzilla.mindrot.org/show_bug.cgi?id=884 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED ------- Additional Comments From dtucker at zip.com.au 2004-12-06