Displaying 20 results from an estimated 7000 matches similar to: "[Bug 3603] New: ssh clients can't communicate with server with default cipher when fips is enabled at server end"
2023 Aug 05
11
[Bug 3599] New: How to scan for keys when sshd server has fips enabled?
https://bugzilla.mindrot.org/show_bug.cgi?id=3599
Bug ID: 3599
Summary: How to scan for keys when sshd server has fips
enabled?
Product: Portable OpenSSH
Version: 9.3p2
Hardware: All
OS: Linux
Status: NEW
Severity: critical
Priority: P5
Component: ssh-keyscan
2024 Mar 12
1
rsync segfaults when openssl fips is enabled
Hi All,
Any inputs on this issue?
--
Shedi
On Wed, Feb 21, 2024 at 5:12?PM Shreenidhi Shedi <
shreenidhi.shedi at broadcom.com> wrote:
> Hi All,
>
> Copying the content from the GH issue as is.
> Need your inputs on the same.
> FWIW, the coredump files generated in linux have xattr values which are >
> 32 bytes.
>
> https://github.com/WayneD/rsync/issues/569
2023 Apr 24
3
[Bug 3566] New: Password expiry warning is printed multiple times when UsePAM is set to yes
https://bugzilla.mindrot.org/show_bug.cgi?id=3566
Bug ID: 3566
Summary: Password expiry warning is printed multiple times when
UsePAM is set to yes
Product: Portable OpenSSH
Version: 8.8p1
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5
Component: PAM
2020 Aug 25
2
BUG: _presence_ of valid openssl.cnf Option = 'ServerPreference' causes Dovecot submission relay FAIL: "failed: Failed to initialize SSL: ..."
I've
dovecot --version
2.3.10.1 (a3d0e1171)
openssl version
OpenSSL 1.1.1g FIPS 21 Apr 2020
, atm on Fedora32.
I configure
/etc/pki/tls/openssl.cnf
to set preferences for apps' usage, e.g. Postfix etc; Typically, here
cat /etc/pki/tls/openssl.cnf
openssl_conf = default_conf
[default_conf]
ssl_conf = ssl_sect
[ssl_sect]
system_default = system_default_sect
2020 Jul 24
2
Openssl 3
Anyone trying openssl 3 against openssh?
--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
https://www.empire.kred/ROOTNK?t=94a1f39b
Put more trust in nobility of character than in an oath. -Solon
2008 Jun 12
2
FIPS mode OpenSSH suggestion
Hi OpenSSH team,
I find a url http://www.gossamer-threads.com/lists/openssh/dev/42808?do=post_view_threaded#42808, which provides unofficial patch for FIPS Capable OpenSSH. I try it and it seems working for some cases.
(BTW, I also find that aes128-ctr, aes192-ctr and aes256-ctr ciphers can't work in FIPS mode properly.
The fips mode sshd debug info is as following.
2004 Jun 04
2
Patch for FIPS 140 mode - take 3
Greetings.
(Third try at sending this, the first two seemed to disappear without a
trace.
Perhaps use of MS Outlook was the problem, even though in plain text...? Or
attachment too big (22Kb)? Would like to know...)
The final source code and documentation package for a FIPS 140 validated
mode
of OpenSSL was recently submitted. Once the final certification is
awarded by
NIST, in a month or
2017 Jun 13
7
[Bug 2729] New: Can connect with MAC hmac-sha1 even though it's not configured on the server
https://bugzilla.mindrot.org/show_bug.cgi?id=2729
Bug ID: 2729
Summary: Can connect with MAC hmac-sha1 even though it's not
configured on the server
Product: Portable OpenSSH
Version: 7.5p1
Hardware: All
OS: Linux
Status: NEW
Severity: security
Priority: P5
2023 Apr 19
3
FIPS compliance efforts in Fedora and RHEL
Dear Damien,
On Wed, Apr 19, 2023 at 9:55?AM Damien Miller <djm at mindrot.org> wrote:
>
> On Wed, 19 Apr 2023, Dmitry Belyavskiy wrote:
>
> > > While I'm sure this is good for RHEL/rawhide users who care about FIPS,
> > > Portable OpenSSH won't be able to merge this. We explictly aim to support
> > > LibreSSL's libcrypto as well as
2024 Jan 26
1
enable strong KexAlgorithms, Ciphers and MACs in /etc/ssh/sshd_config file on RHEL 8.x Linux OS
On 25.01.24 14:09, Kaushal Shriyan wrote:
> I am running the below servers on Red Hat Enterprise Linux release 8.7
> How do I enable strong KexAlgorithms, Ciphers and MACs
On RHEL 8, you need to be aware that there are "crypto policies"
modifying sshd's behaviour, and it would likely be the *preferred*
method to inject your intended config changes *there* (unless they
2020 Sep 24
3
dovecot TSL 1.3 config option 'ssl_ciphersuites' causes fatal error on launch. not supported, bad config, or bug?
I've installed
grep PRETTY /etc/os-release
PRETTY_NAME="Fedora 32 (Server Edition)"
dovecot --version
2.3.10.1 (a3d0e1171)
openssl version
OpenSSL 1.1.1g FIPS 21 Apr 2020
iiuc, Dovecot has apparently had support for setting TLS 1.3 ciphersuites since v2.3.9, per this commit
lib-ssl-iostream: Support TLSv1.3 ciphersuites
2017 Nov 01
2
Winbind, Kerberos, SSH and Single Sign On
Hi,
at first I'm not sure if this is the correct list to ask this question.
But since I'm using winbind I hope you can help me.
I try to realize a kerberized ssh from one client to another. Both
clients are member of subdom2.subdom1.example.de and joined to it. The
users are from example.de, where subdom1.example.de is a subdomain
(bidirectional trust) of example.de and
2013 Sep 10
4
[Bug 1647] Implement FIPS 186-3 for DSA keys
https://bugzilla.mindrot.org/show_bug.cgi?id=1647
mackyle at gmail.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |mackyle at gmail.com
--- Comment #2 from mackyle at gmail.com ---
RFC 6668 [1] (2012-07) updated RFC 4253 adding the SHA-256 data
2013 Sep 10
4
[Bug 1647] Implement FIPS 186-3 for DSA keys
https://bugzilla.mindrot.org/show_bug.cgi?id=1647
mackyle at gmail.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |mackyle at gmail.com
--- Comment #2 from mackyle at gmail.com ---
RFC 6668 [1] (2012-07) updated RFC 4253 adding the SHA-256 data
2016 Jul 20
1
Tinc and FIPS mode fails to connect.
Hello,
I am using the latest Tinc 1.1 from git (tinc version 1.1pre14-17-g2784a17
(built Jul 14 2016 14:18:09, protocol 17.7) on a CentOS 7.2 64bit with both
test servers set it FIPS mode (cat /proc/sys/crypto/fips_enabled to verify
or add fips=1 to your grub2 command line ). We need our test servers
running in FIPS mode due to a minimum requirement for our project. OpenSSL
in CentOS/RHEL has
2023 Jun 30
1
Subsystem sftp invoked even though forced command created
On 30/06/2023 09:56, Damien Miller wrote:
> It's very hard to figure out what is happening here without a debug log.
>
> You can get one by stopping the listening sshd and running it manually
> in debug mode, e.g. "/usr/sbin/sshd -ddd"
Or starting one in debug mode on a different port, e.g. "-p99 -ddd"
2006 Apr 07
1
your mail
> On Thu, 6 Apr 2006, Miller, Damien wrote:
>
> >
> > Does OpenSSH 4.3 support the use of the TLS ciphersuites that are
> > supported in OpenSSL?
> > If so, is this a compile time option or a run-time option?
> Or can sshd
> > support both the SSL and TLS ciphersuites at the same time?
>
> OpenSSH doesn't use SSL or TLS - the SSH protocol
2017 Sep 23
3
Call for testing: OpenSSH 7.6
> Portable OpenSSH is also available via [...] Github:
https://github.com/openssh/openssh-portable
>
> Running the regression tests supplied with Portable OpenSSH does not
require installation and is a simply:
>
> $ ./configure && make tests
I was going to try this on Kali Linux (latest version), but ran into
trouble right away. No "configure" script exists
2023 Mar 29
1
[EXTERNAL] Re: ChaCha20 Rekey Frequency
That's true for block ciphers, but ChaCha20+poly1305 is a stream cipher.
On Wed, 29 Mar 2023, Robinson, Herbie wrote:
>
> I?m hardly an expert on this, but if I remember correctly, the rekey rate
> for good security is mostly dependent on the cipher block size.? I left my
> reference books at home; so, I can?t come up with a reference for you, but I
> would take Chris?
2019 Oct 04
1
CentOS8 and crypto-policies
Hi,
I started playing with CentOS8 and I am trying to set default crypto
policies for openssh server/client. In CentOS7 I followed the guide
from https://infosec.mozilla.org/guidelines/openssh.html and set
KexAlgorithms /Ciphers/MACs in sshd_config.
In CentOS8 I can edit
/usr/share/crypto-policies/$POLICY/opensshserver.txt for the sshd
arguments, but editing openssh.txt or even changing default