Displaying 20 results from an estimated 4000 matches similar to: "[Bug 3184] New: Unable to add deprecated KexAlgorithms back for host via config file"
2018 Nov 23
2
Debian Stretch 9.6: openssh-server and old dropbear client don't work togheter
Il giorno gio 22 nov 2018 alle ore 21:24 Stuart Henderson
<stu at spacehopper.org> ha scritto:
>
> On 2018/11/22 19:55, owl700 at gmail.com wrote:
> > Hi, I have compatibility issues with the latest version of
> > openssh-server and an old dropbear client, the dopbear client stops at
> > preauth
> >
> > ov 22 14:34:03 myhostname sshd[3905]: debug1: Client
2015 May 23
2
Weak DH primes and openssh
> Can this be addressed in ssh_config/sshd_config with the KexAlgorithms setting?
weakdh.org/sysadmin.html recommends adding:
KexAlgorithms curve25519-sha256 at libssh.org
But this thread makes it sound as if it's not necessary. Can anyone
confirm? Personally I'm on openssh-6.7.
- Grant
> You will be aware of https://weakdh.org/ by now, I presume; the take-home seems to be
2024 Jan 25
1
enable strong KexAlgorithms, Ciphers and MACs in /etc/ssh/sshd_config file on RHEL 8.x Linux OS
Hi Kaushal,
I maintain a set of SSH hardening guides for various platforms,
including RHEL 8. You can find them here:
https://ssh-audit.com/hardening_guides.html
- Joe
--
Joseph S. Testa II
Founder & Principal Security Consultant
Positron Security
On Thu, 2024-01-25 at 18:39 +0530, Kaushal Shriyan wrote:
> Hi,
>
> I am running the below servers on Red Hat Enterprise
2024 Jan 25
2
enable strong KexAlgorithms, Ciphers and MACs in /etc/ssh/sshd_config file on RHEL 8.x Linux OS
Hi,
I am running the below servers on Red Hat Enterprise Linux release 8.7
(Ootpa). The details are as follows.
# rpm -qa | grep openssh
openssh-8.0p1-16.el8.x86_64
openssh-askpass-8.0p1-16.el8.x86_64
openssh-server-8.0p1-16.el8.x86_64
openssh-clients-8.0p1-16.el8.x86_64
# cat /etc/redhat-release
Red Hat Enterprise Linux release 8.7 (Ootpa)
#
How do I enable strong KexAlgorithms, Ciphers and
2014 Jun 06
1
Patch: Ciphers, MACs and KexAlgorithms on Match
Hi all,
this is a patch to make Ciphers, MACs and KexAlgorithms available in
Match blocks. Now I can reach a -current machine with some Android
terminal app without changing the default ciphers for all clients:
Match Address 192.168.1.2
Ciphers aes128-cbc
MACs hmac-sha1
KexAlgorithms diffie-hellman-group-exchange-sha1
Index: servconf.c
2016 Nov 08
2
one host only: ssh_dispatch_run_fatal
Darren Tucker <dtucker at zip.com.au> writes:
> On Tue, Nov 8, 2016 at 3:30 PM, Harry Putnam <reader at newsguy.com> wrote:
> [...]
>> After having 7.3p1 & 6.8p1 fail with same wording... I tried 6.7p1 and
>> find it fails with what looks like the same problem but has slightly
>> different wording.
>
> I set up the same versions (server:OpenSSH_6.6p1,
2015 May 21
8
Weak DH primes and openssh
Hi,
You will be aware of https://weakdh.org/ by now, I presume; the
take-home seems to be that 1024-bit DH primes might well be too weak.
I'm wondering what (if anything!) you propose to do about this issue,
and what Debian might do for our users?
openssh already prefers ECDH, which must reduce the impact somewhat,
although the main Windows client (PuTTY) doesn't support ECDH yet. But
2016 Nov 08
4
one host only: ssh_dispatch_run_fatal
Darren Tucker <dtucker at zip.com.au> writes:
> On Tue, Nov 8, 2016 at 2:43 PM, Harry Putnam <reader at newsguy.com> wrote:
>> Darren Tucker <dtucker at zip.com.au> writes:
>>
>>> On Tue, Nov 8, 2016 at 1:02 PM, Harry Putnam <reader at newsguy.com> wrote:
>>> [...]
>>>> gv harry> ssh -vv 2x
>>>>
>>>>
2018 Mar 06
2
Failed connections 7.6 to 5.2
Trying to connect to a Dell iDRAC 6. The iDRAC reports it is running
OpenSSH 5.2.
From Fedora Linux 20 with OpenSSH 6.4p1, connections succeed.
From Fedora Linux 23 with OpenSSH 7.2p2, connections succeed.
From Fedora Linux 27 with OpenSSH 7.6p1, connections fail prior to
prompting for a password. The message is, "Received disconnect from (IP
address) port 22:11: Logged out." Trying
2018 Nov 22
2
Debian Stretch 9.6: openssh-server and old dropbear client don't work togheter
Hi, I have compatibility issues with the latest version of
openssh-server and an old dropbear client, the dopbear client stops at
preauth
ov 22 14:34:03 myhostname sshd[3905]: debug1: Client protocol version
2.0; client software version dropbear_0.46
Nov 22 14:34:03 myhostname sshd[3905]: debug1: no match: dropbear_0.46
Nov 22 14:34:03 myhostname sshd[3905]: debug1: Local version string
2024 Jan 26
1
enable strong KexAlgorithms, Ciphers and MACs in /etc/ssh/sshd_config file on RHEL 8.x Linux OS
On 25.01.24 14:09, Kaushal Shriyan wrote:
> I am running the below servers on Red Hat Enterprise Linux release 8.7
> How do I enable strong KexAlgorithms, Ciphers and MACs
On RHEL 8, you need to be aware that there are "crypto policies"
modifying sshd's behaviour, and it would likely be the *preferred*
method to inject your intended config changes *there* (unless they
2015 Jul 23
3
Cisco vs. 6.9
After upgrading a Linux system from OpenSSH 6.7 to 6.9, Cisco
switches/routers can no longer scp config files to/from the system. The
last debug entry before the Cisco device closes the connection is "debug1:
server_input_channel_open: confirm session". The next line is "Connection
closed by x.x.x.x". Anyone else seen this or know of a fix? The Cisco
device gives
2019 Jan 19
4
Can we disable diffie-hellman-group14-sha1 by default?
I'm not sure if collision resistance is required for DH key
derivation, but generally, SHA-1 is on its way out. If it's possible
(if there's not a very large percentage of servers that do not support
anything newer), it should be disabled.
2014 Mar 07
12
[Bug 2209] New: Problem logging into Cisco devices under 6.5p1 (kexgexc.c)
https://bugzilla.mindrot.org/show_bug.cgi?id=2209
Bug ID: 2209
Summary: Problem logging into Cisco devices under 6.5p1
(kexgexc.c)
Product: Portable OpenSSH
Version: 6.5p1
Hardware: amd64
OS: FreeBSD
Status: NEW
Severity: normal
Priority: P5
Component: ssh
2015 Sep 20
4
OpenSSH Always Hangs When Connecting to Remote
On 09/20/2015 03:25 AM, Darren Tucker wrote:
> I suspect a path mtu problem. The key exchange packet is one of the
> first large ones in an SSH connection so it tends to show up such problems.
>
> Seehttp://www.snailbook.com/faq/mtu-mismatch.auto.html
> <http://www.snailbook.com/faq/mtu-mismatch.auto.html>
Has this been changed? SSH used to work fine on my old machine. My
2015 Jul 02
8
[Bug 11378] New: Please add a '--line-buffered' option to rsync to make logging/output more friendly with pipes/syslog/CI systems/etc.
https://bugzilla.samba.org/show_bug.cgi?id=11378
Bug ID: 11378
Summary: Please add a '--line-buffered' option to rsync to make
logging/output more friendly with pipes/syslog/CI
systems/etc.
Product: rsync
Version: 3.1.1
Hardware: All
OS: All
Status: NEW
2015 Jan 07
4
[Bug 2333] New: forbid old Ciphers, KexAlgorithms and MACs by default
https://bugzilla.mindrot.org/show_bug.cgi?id=2333
Bug ID: 2333
Summary: forbid old Ciphers, KexAlgorithms and MACs by default
Product: Portable OpenSSH
Version: 6.6p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: Miscellaneous
Assignee:
2017 Sep 23
3
Call for testing: OpenSSH 7.6
> Portable OpenSSH is also available via [...] Github:
https://github.com/openssh/openssh-portable
>
> Running the regression tests supplied with Portable OpenSSH does not
require installation and is a simply:
>
> $ ./configure && make tests
I was going to try this on Kali Linux (latest version), but ran into
trouble right away. No "configure" script exists
2017 Oct 04
5
X11forwarding yes: how to debug/setup after xauth fix
I do not often use X11 - but when I do I prefer to enable X11forwarding,
and when finished - turn it off. This is preferable, imho, to having
"clear" X11 processing when local - and otherwise impossible when
working remote.
Working with openssh-7.5p2 I cannot figure out what (extra) I need to do
with sshd_config to get it working.
I know that there is a security-fix starting with
2017 May 29
5
[Bug 2725] New: can't login
https://bugzilla.mindrot.org/show_bug.cgi?id=2725
Bug ID: 2725
Summary: can't login
Product: Portable OpenSSH
Version: 7.4p1
Hardware: 68k
OS: Mac OS X
Status: NEW
Severity: normal
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: