Displaying 20 results from an estimated 6000 matches similar to: "ECDSA client question"
2018 Dec 17
1
ECDSA client question
On 12/16/18 7:52 AM, Tributh via dovecot wrote:
>
>
> Am 16.12.18 um 12:13 schrieb Michael A. Peters:
>> Hi, for those who have adopted ECDSA,
>>
>> Are there still any commonly used IMAPS/POP3S clients that still can not
>> handle ECDSA certificates?
>>
>> I know you can set up Dovecot dor dual cert, I am just trying to
>> determine if there
2014 Apr 25
2
Support for ECDSA in OpenSSL?
Does the version of OpenSSL on Centos 6.5 support ECDSA keypairs?
How do I test if this works? (though I should probably ask this on the
OpenSSL list)
The reason I suspect a problem is that HIPL for Centos
(http://infrahip.hiit.fi/) is not creating the ECDSA Host Identity,
whereas my Fedora installation IS creating the ECDSA HI.
2011 Jul 28
1
Support for ECDSA and SHA-2 (SHA-256) in the SSHFP record
Hi,
I was sure I sent this to openssh at openssh.com, but cannot find that email now in my Sent mailbox, so I am sending it to the developers list.
I took a liberty and wrote an I-D with accompanying patch (with contributions from Ondrej Caletka) to support ECDSA in the SSHFP DNS resource record.
The I-D is here: https://tools.ietf.org/html/draft-os-ietf-sshfp-ecdsa-sha2 (and the source XML
2011 Jan 24
1
ECDSA and first connection; bug?
Folks,
I read the 5.7 release announcement and updated, to try out ECDSA. Most
parts worked very smoothly. The inability to create SSHFP records is
understandable, since IANA haven't allocated a code yet.
One apparent bug: I think StrictHostKeyChecking=ask is broken for ECDSA.
% ssh -o HostKeyAlgorithms=ecdsa-sha2-nistp256 localhost
2024 Oct 29
5
[Bug 3748] New: "webauthn-sk-ecdsa-sha2-nistp256@openssh.com" signature type not supported from ssh agent
https://bugzilla.mindrot.org/show_bug.cgi?id=3748
Bug ID: 3748
Summary: "webauthn-sk-ecdsa-sha2-nistp256 at openssh.com"
signature type not supported from ssh agent
Product: Portable OpenSSH
Version: 9.7p1
Hardware: 68k
OS: Mac OS X
Status: NEW
Severity: enhancement
2020 Sep 16
2
ssh-ed25519 and ecdsa-sha2-nistp256 host keys
Hello.
I am running OpenSSH 7.9p1 on my client and server. ssh-keyscan shows
the server has ssh-rsa, ssh-ed25519, and ecdsa-sha2-nistp256 host
keys. My /etc/ssh/ssh_known_hosts file contains the server's
ssh-ed25519 host key. When I try to SSH to the server I get this
error:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!
2015 Apr 01
3
What did I miss when building openssh? cannot generate ecdsa key
I am assuming this is a user error (and the bug, if any is in configure not
telling me how to activate it).
I regularly see a message:
Could not load host key: /etc/ssh/ssh_host_ecdsa_key
And, obviously, I have never made the key before.
I tried the following:
./ssh-keygen -t ecdsa -fssh_host_esdsa_key -N ""
unknown key type ecdsa
However, the syntax says it is a known type
root at
2011 Nov 21
3
ssh-keygen -r should support SSHFP records for ECDSA (or at least return non-zero error code on failure)
hi folks:
it looks like ssh-keygen -r can''t export SSHFP records for ECDSA keys:
0 dkg@pip:/tmp/cdtemp.oiRYAS$ ssh-keygen -f foobar -t ecdsa -q -P ''''
0 dkg@pip:/tmp/cdtemp.oiRYAS$ ssh-keygen -r foobar -f foobar.pub
export_dns_rr: unsupported algorithm
0 dkg@pip:/tmp/cdtemp.oiRYAS$
the first number in my prompt is the return code of the last command;
note that
2020 Jan 11
2
interoperability issue with agent and ecdsa-sk keys
Hi,
It seems that some versions of ssh-agent get confused by ECDSA-SK
keys.
>From my OpenBSD-current laptop, I'm trying to do remote system
adminstration on a machine running Debian 8 with
the stock ssh package (OpenSSH_6.7p1 Debian-5+deb8u8, OpenSSL 1.0.2l
25 May 2017). I need access to a remote gitlab server to fetch files
with git, using an ED25519 key in my ssh-agent.
Once connected
2011 May 23
4
Security of OpenSSL ECDSA signatures
Dear OpenSSH devs,
I came accross this paper yesterday. http://eprint.iacr.org/2011/232
It states that they were able to recover ECDSA keys from TLS servers by
using timing attacks agains OpenSSL's ECDSA implementation.
Is that known to be exploitable by OpenSSH ? (In my understanding, it's
easy to get a payload signed by ECDSA during the key exchange so my
opinion is that it is).
2020 Sep 16
2
ssh-ed25519 and ecdsa-sha2-nistp256 host keys
Here you go:
OpenSSH_7.9p1, OpenSSL 1.1.1d 10 Sep 2019
debug1: Reading configuration data /home/ryantm/.ssh/config
debug1: /home/ryantm/.ssh/config line 4: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 13: Applying options for *
debug2: resolving "{REDACTED}" port 22
debug2: ssh_connect_direct
debug1: Connecting to
2012 Feb 07
11
[Bug 1978] New: ECDSA & SHA256 support in SSHFS DNS records
https://bugzilla.mindrot.org/show_bug.cgi?id=1978
Bug #: 1978
Summary: ECDSA & SHA256 support in SSHFS DNS records
Classification: Unclassified
Product: Portable OpenSSH
Version: 5.9p1
Platform: All
URL: https://tools.ietf.org/html/draft-os-ietf-sshfp-ecdsa-
sha2-07
OS/Version: All
2015 Sep 28
4
[PATCH] Enabling ECDSA in PKCS#11 support for ssh-agent
Hi,
I have made a patch for enabling the use of ECDSA keys in the PKCS#11
support of ssh-agent which will be of interest to other users.
I have tested it with P-256 keys. P-384 and P-521 should work
out-of-the box. The code is ready for non-FIPS curves (named or
explicit), but OpenSSH currently limits ECDSA to those 3 curves.
At high level it works like the support for RSA, but because of
2011 Jun 08
5
[Bug 1912] New: 5.8 ssh-keysign lacks ECDSA support
https://bugzilla.mindrot.org/show_bug.cgi?id=1912
Summary: 5.8 ssh-keysign lacks ECDSA support
Product: Portable OpenSSH
Version: 5.8p2
Platform: All
OS/Version: All
Status: NEW
Severity: critical
Priority: P2
Component: Miscellaneous
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy:
2011 Dec 17
3
[Bug 1961] New: ECDSA memory leak
https://bugzilla.mindrot.org/show_bug.cgi?id=1961
Bug #: 1961
Summary: ECDSA memory leak
Classification: Unclassified
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: ssh
AssignedTo: unassigned-bugs at
2014 Jan 31
1
Wanted: smartcard with ECDSA support
Hi,
I'm interested in extending OpenSSH's PKCS#11 code to support ECDSA
keys, but have so far been unable to find anyone who can sell me
a smartcard that supports it.
They certainly exist - AFAIK it's required by the US PIV standard,
but obtaining cards that support it in single digit quantities
seems all but impossible.
Can anybody on this list help? I'd want 2-6 cards/tokens
2011 Feb 19
2
[Bug 1862] New: document ECDSA within the "-b" option of the ssh-keygen manpage
https://bugzilla.mindrot.org/show_bug.cgi?id=1862
Summary: document ECDSA within the "-b" option of the
ssh-keygen manpage
Product: Portable OpenSSH
Version: 5.8p1
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P2
Component: Documentation
2015 Sep 28
33
[Bug 2474] New: Enabling ECDSA in PKCS#11 support for ssh-agent
https://bugzilla.mindrot.org/show_bug.cgi?id=2474
Bug ID: 2474
Summary: Enabling ECDSA in PKCS#11 support for ssh-agent
Product: Portable OpenSSH
Version: 7.1p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh-agent
Assignee: unassigned-bugs
2007 Dec 12
2
[virtio-net][PATCH] Don't arm tx hrtimer with a constant 500us each transmit
commit 763769621d271d92204ed27552d75448587c1ac0
Author: Dor Laor <dor.laor@qumranet.com>
Date: Wed Dec 12 14:52:00 2007 +0200
[virtio-net][PATCH] Don't arm tx hrtimer with a constant 50us each
transmit
The current start_xmit sets 500us hrtimer to kick the host.
The problem is that if another xmit happens before the timer was
fired then
the first xmit will have to
2007 Dec 12
2
[virtio-net][PATCH] Don't arm tx hrtimer with a constant 500us each transmit
commit 763769621d271d92204ed27552d75448587c1ac0
Author: Dor Laor <dor.laor@qumranet.com>
Date: Wed Dec 12 14:52:00 2007 +0200
[virtio-net][PATCH] Don't arm tx hrtimer with a constant 50us each
transmit
The current start_xmit sets 500us hrtimer to kick the host.
The problem is that if another xmit happens before the timer was
fired then
the first xmit will have to