Displaying 20 results from an estimated 2000 matches similar to: "[Bug 3171] New: Error in time conversion"
2015 Jul 30
3
Feature Request: Invalid sshd port fallback
I see your point and that makes valid sense;I even change default port.
"It would be better to let you know the port is wrong and fail to start
until you fixed the problem and selected a valid non-standard port."
Is there any reason something like this isn't implemented already? Could it
be implemented?
On Thu, Jul 30, 2015 at 2:02 PM Ron Frederick <ronf at timeheart.net>
2015 Mar 14
6
[Bug 2366] New: ssh-keygen doesn't correctly decode new format GCM-encrypted keys
https://bugzilla.mindrot.org/show_bug.cgi?id=2366
Bug ID: 2366
Summary: ssh-keygen doesn't correctly decode new format
GCM-encrypted keys
Product: Portable OpenSSH
Version: 6.7p1
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5
Component:
2020 Feb 18
2
Resident keys?
On Feb 17, 2020, at 9:45 PM, Damien Miller <djm at mindrot.org> wrote:
> On Mon, 17 Feb 2020, Ron Frederick wrote:
>> I?m trying out the ?resident key? functionality in OpenSSH 8.2, and
>> I?m having trouble getting it to find keys that I?ve created.
>>
>> I?m trying to create a new resident key using:
>>
>> ssh-keygen -O resident -t ed25519-sk -f
2017 Nov 15
2
OpenSSH 7.6p1 ssh-agent exiting if passed an invalid key blob
On Nov 14, 2017, at 4:11 PM, Damien Miller <djm at mindrot.org> wrote:
> On Mon, 13 Nov 2017, Ron Frederick wrote:
>> I noticed a problem recently when running some test code against
>> the OpenSSH 7.6p1 ssh-agent. These tests ran fine against OpenSSH
>> 7.5p1 and earlier, but with OpenSSH 7.6p1, they were suddenly causing
>> ssh-agent to exit.
>
> Sorry,
2017 Jan 16
2
Question on Kerberos (GSSAPI) auth
I?m working on an implementation of ?gssapi-with-mic? authentication for my AsyncSSH package and trying to get it to interoperate with OpenSSH. I?ve gotten it working, but there seems to be a discrepancy between the OpenSSH implementation and RFC 4462. Specifically, RFC 4462 says the following in section 3.4:
Since the user authentication process by its nature authenticates
only the client,
2020 Feb 17
2
Use of "no-touch-required" with "cert-authority"
Hello,
In testing security key support in OpenSSH 8.2, I had some trouble making the ?no-touch-required? option in the authorized_keys file work in conjunction with OpenSSH certificates. I think I?ve figured it out, but I think there may be a bug in ssh-keygen related to this.
To make ?no-touch-required? work with certificates, I actually had to do three things:
Generate the security key with
2020 Feb 18
2
Resident keys?
Hello,
I?m trying out the ?resident key? functionality in OpenSSH 8.2, and I?m having trouble getting it to find keys that I?ve created.
I?m trying to create a new resident key using:
ssh-keygen -O resident -t ed25519-sk -f <filename>
This creates a key, but I?m not actually sure it is creating a ?resident? key, as when I try to dump out the resident keys with either ?ssh-keygen -K?
2020 Feb 06
2
Building libsk-libfido2.so?
I updated to the latest versions of libfido2 and openssh-portable tonight, with an intention to test out the security key functionality and look closely at the changes over the last couple of months to see if I need to change anything in my AsyncSSH implementation to stay in sync. However, it seems that libfido2 no longer provides the ?libsk-libfido2.so? library that it used to. That was something
2015 May 31
2
Call for testing: OpenSSH 6.9
On Sun, May 31, 2015 at 3:37 AM, Ron Frederick <ronf at timeheart.net> wrote:
> On May 29, 2015, at 12:12 AM, Damien Miller <djm at mindrot.org> wrote:
> > OpenSSH 6.9 is almost ready for release, so we would appreciate testing
> > on as many platforms and systems as possible. This release contains
> > some substantial new features and a number of bug fixes.
>
2013 Aug 31
11
[Bug 2147] New: OpenSSH remote forwarding of dynamic ports doesn't work when you create more than one
https://bugzilla.mindrot.org/show_bug.cgi?id=2147
Bug ID: 2147
Summary: OpenSSH remote forwarding of dynamic ports doesn't
work when you create more than one
Product: Portable OpenSSH
Version: -current
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5
2014 Aug 25
1
Cipher Order in sshd_config
On Aug 25, 2014, at 9:52 AM, Damien Miller <djm at mindrot.org> wrote:
> On Wed, 20 Aug 2014, HAROUAT, KARIM (KARIM) wrote:
>> Sorry to disturb you but I am looking for a question I have, but I don't find any clue for it on the archive list, neither Internet (google search).
>> Id like to know in sshd_config file, if the order given for cipher key word has an impact
2017 Nov 14
2
OpenSSH 7.6p1 ssh-agent exiting if passed an invalid key blob
Hello,
I noticed a problem recently when running some test code against the OpenSSH 7.6p1 ssh-agent. These tests ran fine against OpenSSH 7.5p1 and earlier, but with OpenSSH 7.6p1, they were suddenly causing ssh-agent to exit. The request being made was a ?sign? request, and the point of the test was to have the sign operation fail. To trigger this, I was passing in an invalid key blob
2015 Jul 22
2
Keyboard Interactive Attack?
You need to disable ?ChallengeResponse? (aka keyboard-interactive) authentication, not password authentication, to protect against this attack.
On Jul 22, 2015, at 1:56 PM, Bostjan Skufca <bostjan at a2o.si> wrote:
>
> And to answer your question about what to do, you have three options:
> - disable access to ssh with a firewall
> - disable password authentication
> -
2015 Jun 02
3
[Bug 2407] New: OpenSSH uses deprecated APIs on MacOS
https://bugzilla.mindrot.org/show_bug.cgi?id=2407
Bug ID: 2407
Summary: OpenSSH uses deprecated APIs on MacOS
Product: Portable OpenSSH
Version: -current
Hardware: All
OS: Mac OS X
Status: NEW
Severity: normal
Priority: P5
Component: Miscellaneous
Assignee: unassigned-bugs at
2015 Nov 27
2
[Bug 2509] New: Unexpected change in tcpip-forward reply message in OpenSSH 6.8
https://bugzilla.mindrot.org/show_bug.cgi?id=2509
Bug ID: 2509
Summary: Unexpected change in tcpip-forward reply message in
OpenSSH 6.8
Product: Portable OpenSSH
Version: 6.8p1
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: P5
Component: sshd
2017 Jan 17
2
Question on Kerberos (GSSAPI) auth
On Jan 17, 2017, at 9:57 AM, Douglas E Engert <deengert at gmail.com> wrote:
> On 1/16/2017 2:09 PM, Ron Frederick wrote:
>> I?m working on an implementation of ?gssapi-with-mic? authentication for my AsyncSSH package and trying to get it to interoperate with OpenSSH. I?ve gotten it working, but there seems to be a discrepancy between the OpenSSH implementation and RFC 4462.
2019 Dec 07
2
Another U2F documentation issue
Hello,
I forgot to mention one other issue in my previous e-mail about the ssh-agent documentation for U2F keys. Right now, https://raw.githubusercontent.com/openssh/openssh-portable/master/PROTOCOL.u2f <https://raw.githubusercontent.com/openssh/openssh-portable/master/PROTOCOL.u2f> has the following text:
> ssh-agent requires a protocol extension to support U2F keys. At
> present the
2013 Aug 08
1
Issue with OpenSSH remote forwarding of dynamic ports
I recently ran across a problem with remote port forwarding in OpenSSH when trying to use dynamic ports. While it is possible to use OpenSSH to request a dynamic port and the OpenSSH sshd handles it just fine, the OpenSSH client gets confused when multiple ports are opened this way, due to the information passed in the "forwarded-tcpip" SSH_MSG_CHANNEL_OPEN message which is sent back to
2016 Jan 22
6
[Bug 2529] New: direct-streamlocal channel open doesn't match PROTOCOL documentation
https://bugzilla.mindrot.org/show_bug.cgi?id=2529
Bug ID: 2529
Summary: direct-streamlocal channel open doesn't match PROTOCOL
documentation
Product: Portable OpenSSH
Version: -current
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5
Component: ssh
2019 Dec 07
2
Agent protocol changes related to U2F/FIDO2 keys
I spent some time today implementing support for loading U2F keys into the SSH agent from my AsyncSSH library. I got it working, but along the way I ran into a few issues I wanted to report:
First, it looks like the value of SSH_AGENT_CONSTRAIN_EXTENSION has changed from the value 3 defined at https://tools.ietf.org/html/draft-miller-ssh-agent-02