similar to: [Bug 3191] New: Issues when authorized_keys contains more than one ecdsa-sk public key

https://bugzilla.mindrot.org/show_bug.cgi?id=3188 Bug ID: 3188 Summary: Problems creating a second ecdsa-sk key for a second Yubikey Product: Portable OpenSSH Version: 8.3p1 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5 Component: ssh-keygen

Hi, It seems that some versions of ssh-agent get confused by ECDSA-SK keys. >From my OpenBSD-current laptop, I'm trying to do remote system adminstration on a machine running Debian 8 with the stock ssh package (OpenSSH_6.7p1 Debian-5+deb8u8, OpenSSL 1.0.2l 25 May 2017). I need access to a remote gitlab server to fetch files with git, using an ED25519 key in my ssh-agent. Once connected

Greetings, I am using OpenSSH Signed Public Key authentication for servers ssh login. All of the servers are setup with below sshd_config options: TrustedUserCAKeys /etc/ssh/ca.pub # CA Public Keys RevokedKeys /etc/ssh/revoke.pub # User Public Keys When i started working on it, for ssh authentication i had to have CA Public Key in User ~/.ssh/authorized_keys, like: cert-authority ssh-rsa

https://bugzilla.mindrot.org/show_bug.cgi?id=3636 Bug ID: 3636 Summary: Public key authentication fails with incorrect message if authorized_keys is not UTF-8 encoded Product: Portable OpenSSH Version: 9.5p1 Hardware: Other OS: Other Status: NEW Severity: minor Priority: P5

https://bugzilla.mindrot.org/show_bug.cgi?id=2128 Bug ID: 2128 Summary: ssh-copy-id doesn't check if a public key already exists in a remote servers ~/.ssh/authorized_keys file Product: Portable OpenSSH Version: -current Hardware: Other OS: Other Status: NEW Severity: enhancement

http://bugzilla.mindrot.org/show_bug.cgi?id=1326 Summary: Allow non-public-key credentials in authorized_keys file (Kerberos, etc.) Product: Portable OpenSSH Version: 4.4p1 Platform: All OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: Kerberos support

Hi, As of this morning, OpenSSH now has experimental U2F/FIDO support, with U2F being added as a new key type "sk-ecdsa-sha2-nistp256 at openssh.com" or "ecdsa-sk" for short (the "sk" stands for "security key"). If you're not familiar with U2F, this is an open standard for making inexpensive hardware security tokens. These are easily the cheapest way

http://cvs-mirror.mozilla.org/webtools/bugzilla/show_bug.cgi?id=387 Summary: command="" in authorized_keys fails when sshd_config has "PermitRootLogon forced-commands-only" Product: Portable OpenSSH Version: -current Platform: All OS/Version: Linux Status: NEW Severity: major

Hello, I'm helping the Git for windows team and contributing in git-for-windows repository to help expand the OpenSSH support for fido2 devices on Windows. Currently we are using your internal implementation(sk-usbhic.c) however since Windows 10 version 1903 this requires administrator privileges. I'm trying to create a module for OpenSSH to use webauthn.dll instead of direct calling to

http://bugzilla.mindrot.org/show_bug.cgi?id=1084 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED ------- Comment #2 from dtucker at zip.com.au 2006-10-07 11:42 ------- Change all RESOLVED bug to CLOSED with the exception

https://bugzilla.mindrot.org/show_bug.cgi?id=1971 Bug #: 1971 Summary: ssh-keyscan should default to ecdsa or ecdsa,rsa Classification: Unclassified Product: Portable OpenSSH Version: 5.9p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh-keyscan

https://bugzilla.mindrot.org/show_bug.cgi?id=1971 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #2 from Damien Miller <djm at mindrot.org> --- Set all RESOLVED bugs to CLOSED with release

Hi, OpenSSH 8.2p1 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a feature release. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available via git using the instructions at

Hey *, I have more then one {Security Key,HSM}-FIDO2 device attached to my Linux machine (Arch Linux). With ``` # fido2-token -L /dev/hidraw7: vendor=0x1d50, product=0x60fc (CRYPTOTRUST ONLYKEY) /dev/hidraw5: vendor=0x20a0, product=0x42b2 (Nitrokey Nitrokey 3) ``` I am able to get the device paths of both SK, which I can use to generate an `ecdsa-sk` on a specific device: ``` $ ssh-keygen \ -t

Does the version of OpenSSL on Centos 6.5 support ECDSA keypairs? How do I test if this works? (though I should probably ask this on the OpenSSL list) The reason I suspect a problem is that HIPL for Centos (http://infrahip.hiit.fi/) is not creating the ECDSA Host Identity, whereas my Fedora installation IS creating the ECDSA HI.

Hi, for those who have adopted ECDSA, Are there still any commonly used IMAPS/POP3S clients that still can not handle ECDSA certificates? I know you can set up Dovecot dor dual cert, I am just trying to determine if there still is a real world need to.

On 12/16/18 7:52 AM, Tributh via dovecot wrote: > > > Am 16.12.18 um 12:13 schrieb Michael A. Peters: >> Hi, for those who have adopted ECDSA, >> >> Are there still any commonly used IMAPS/POP3S clients that still can not >> handle ECDSA certificates? >> >> I know you can set up Dovecot dor dual cert, I am just trying to >> determine if there

Folks, I read the 5.7 release announcement and updated, to try out ECDSA. Most parts worked very smoothly. The inability to create SSHFP records is understandable, since IANA haven't allocated a code yet. One apparent bug: I think StrictHostKeyChecking=ask is broken for ECDSA. % ssh -o HostKeyAlgorithms=ecdsa-sha2-nistp256 localhost

Hi, I was sure I sent this to openssh at openssh.com, but cannot find that email now in my Sent mailbox, so I am sending it to the developers list. I took a liberty and wrote an I-D with accompanying patch (with contributions from Ondrej Caletka) to support ECDSA in the SSHFP DNS resource record. The I-D is here: https://tools.ietf.org/html/draft-os-ietf-sshfp-ecdsa-sha2 (and the source XML

https://bugzilla.mindrot.org/show_bug.cgi?id=1961 Bug #: 1961 Summary: ECDSA memory leak Classification: Unclassified Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: unassigned-bugs at