similar to: [Bug 3577] New: CASignatureAlgorithms supports -cert alogrithms

https://bugzilla.mindrot.org/show_bug.cgi?id=3675 Bug ID: 3675 Summary: CASignatureAlgorithms should be verified before verifying signatures Product: Portable OpenSSH Version: 9.7p1 Hardware: Other OS: All Status: NEW Severity: enhancement Priority: P5 Component:

With the upcoming deprecation of ssh-rsa I was trying to see what keys my version of OpenSSH ( 7.8p1 ) supports. I noticed that "ssh -Q key" does not actually list the suggested algorithms to transition to ( rsa-sha2-256 and rsa-sha2-512 ) even though they are supported. Looking through the code, it looks like an issue with the arguments passed to sshkey_alg_list in ssh.c where it should

Hey, Can anyone answer this question. I am working with really large datasets and most of the programs I have been running take quite some time. I heard that R may be faster in Unix. I sthis true and if so can anyone reccomend which system and requirements may allow things to go faster for? Thanks!! Elizabeth Lawson --------------------------------- [[alternative

https://bugzilla.mindrot.org/show_bug.cgi?id=3572 Bug ID: 3572 Summary: ssh-agent refused operation when using FIDO2 with -O verify-required Product: Portable OpenSSH Version: 9.3p1 Hardware: Other OS: Linux Status: NEW Severity: minor Priority: P5 Component:

I am trying to understand the details of the deprecation notice. Because I am getting people asking me questions. And I don't know the answer. Therefore I am pushing the boulder uphill and asking here. :-) Damien Miller wrote: > Future deprecation notice > ========================= > > It is now possible[1] to perform chosen-prefix attacks against the > SHA-1 algorithm for

I use OpenSSH server on an embedded arm using GCC7 cross toolchain. I found that spamming connection attempts sometimes causes aborts in sshd. Upon getting this up in gdb I found that the pointer subtraction inside openbsd-compat/{strlcat.c,strlcpy.c} (and maybe elsewhere) causes the 32 bit pointer difference to wrap which triggers the abort because of the -ftrapv option. This example illustrates

Using these escapes, the include directive can be crafted to include differing, host-specific configuration. Ronan Pigott (2): Permit %L and %l percent escapes in Include Permit %L and %l percent escapes in server Include readconf.c | 16 +++++++++++++--- servconf.c | 21 ++++++++++++++++----- 2 files changed, 29 insertions(+), 8 deletions(-) base-commit:

PubkeyAcceptedKeyTypes=+ssh-dss You also need that ^^ in their client if they are running on el8 machine as well .. i needed to put it in my ~/.ssh/config when connecting FROM an el8 machine to somewhere else. On 10/17/19 9:27 AM, Gianluca Cecchi wrote: > Hello, > I have some users that connect to a server with their DSA key that is of > type ssh-dss. > I'm migrating (installing

Hi, dbus on centos 7 lxc won't work. So I'm unable to start or query status units with systemd, for example: systemctl status Failed to get D-Bus connection: No such file or directory I have no issues with centos 8 container (debian 10 ones work fine too) This is the output of ps aux on centos 7: USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root

Hi, OpenSSH 9.4 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a bugfix release. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available via git using the instructions at

Hi, One of our users who is running an OS (I think it's the latest beta macOS 10.14.1) with ssh version "OpenSSH_7.8p1, LibreSSL 2.7.3" is unable to use our user SSH RSA certificates to authenticate to our servers (which are running "OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017"). We see this error on the client side: debug1: kex_input_ext_info:

Hello, I have some users that connect to a server with their DSA key that is of type ssh-dss. I'm migrating (installing as new) the server where they connect to CentOS 8 + updates. I was not able to connect with the keys to this new server even after having added, as found in several internet pages, this directive at the end of /etc/ssh/sshd_config of the CentOS 8 server: # Accept also DSA

https://bugzilla.mindrot.org/show_bug.cgi?id=3691 Bug ID: 3691 Summary: Connection to localhost succeeds with disabled MAC Product: Portable OpenSSH Version: 9.7p1 Hardware: amd64 OS: Other Status: NEW Severity: normal Priority: P5 Component: sshd Assignee: unassigned-bugs at

Thread split from my previous communication. Here is the integrity logs on the platform. I had to cut this should due to the length of the logs (5Mb). ***************** failed-regress.log ************ trace: test integrity: hmac-sha1 @2900 FAIL: unexpected error mac hmac-sha1 at 2900: Bytes per second: sent 65665.7, received 55994.0. trace: test integrity: hmac-sha1 @2901 FAIL:

Hello, Maybe I'm asking an already answered question, if yes I'm sorry to bother you. Why in default HostKeyAlgorithms settings is ecdsa-sha2-nistp256-cert-v01 at openssh.com preferred over ssh-ed25519-cert-v01 at openssh.com ? For example in default settings for KexAlgorithms the curve25519-sha256 at libssh.org is preferred over ecdh-sha2-nistp256. Fedor Defaults in openssh-6.6p1

Thread split from my previous communication. Here is the key-commands logs on the platform. ***************** failed-regress.log ************ trace: AuthorizedKeysCommand with arguments FAIL: connect failed trace: AuthorizedKeysCommand without arguments FAIL: connect failed ***************** failed-ssh.log ************ trace: AuthorizedKeysCommand with arguments

Il giorno gio 22 nov 2018 alle ore 21:24 Stuart Henderson <stu at spacehopper.org> ha scritto: > > On 2018/11/22 19:55, owl700 at gmail.com wrote: > > Hi, I have compatibility issues with the latest version of > > openssh-server and an old dropbear client, the dopbear client stops at > > preauth > > > > ov 22 14:34:03 myhostname sshd[3905]: debug1: Client

Just upgraded to OpenSSH_6.4 with OpenSSL 1.0.1e and libz.so.1.2.8. Now some (but not all) Cisco router logins hang: kraken> ssh -vv -l noc XXX-mgmt.gw OpenSSH_6.4, OpenSSL 1.0.1e 11 Feb 2013 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 50: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to XXX-mgmt.gw [10.12.0.1] port 22.

Hello to everyone, and thank for your job. I am reporting here about a problem I am experiencing with portable SSH client, version 7.3p1. My client is an Archlinux system. I am connecting to an Ubuntu server, which provides SSH with some patches (see below). It worked until the upgrade to 7.3p1. This is the produced debug output. Command line: ssh -v -v -v -v -v -v username at 10.196.37.5

https://bugzilla.mindrot.org/show_bug.cgi?id=3253 Bug ID: 3253 Summary: ssh-keygen man page still lists deprecated key types for -t Product: Portable OpenSSH Version: 8.4p1 Hardware: Other OS: Linux Status: NEW Severity: minor Priority: P5 Component: ssh-keygen