similar to: Announce: timeline to remove DSA support in OpenSSH

Hi, OpenSSH plans to remove support for DSA keys in the near future. This message describes our rationale, process and proposed timeline. Rationale --------- DSA, as specified in the SSHv2 protocol, is inherently weak - being limited to a 160 bit private key and use of the SHA1 digest. Its estimated security level is <=80 bits symmetric equivalent[1][2]. OpenSSH has disabled DSA keys by

Hi, On Fri, Mar 27, 2015 at 02:36:50PM +0100, Hubert Kario wrote: > > Same thing with needing sshv1 to access old network gear where even sshv1 > > was an achievement. "Throw away gear that does its job perfectly well, > > but has no sshv2 for *management*" or "keep around an ssh v1 capable > > client"? > > If you depend on hardware like this,

https://bugzilla.mindrot.org/show_bug.cgi?id=1835 Summary: sftp should fallback to sshv1 if server doesn't support sshv2 Product: Portable OpenSSH Version: 5.6p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sftp AssignedTo:

https://bugzilla.mindrot.org/show_bug.cgi?id=2044 Priority: P5 Bug ID: 2044 Assignee: unassigned-bugs at mindrot.org Summary: error message is printed for SSHv1 when ssh is forced to allocate a pseudo-tty even when it does not have a one Severity: minor Classification: Unclassified OS:

Hi, On Fri, Mar 27, 2015 at 12:53:05PM +0100, Hubert Kario wrote: > On Thursday 26 March 2015 11:19:28 Michael Felt wrote: > > Experience: I have some hardware, on an internal network - that only > > supports 40-bit ssl. I am forced to continue to use FF v17 because that was > > the last browser to provide SSL40-bit support. My security is weakened > > because I cannot

http://bugzilla.mindrot.org/show_bug.cgi?id=667 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |INVALID ------- Additional Comments From dtucker at zip.com.au 2003-12-22

I referred to the fact that there is no value for 4096-bit groups at all. For higher strengths than 128 bits one should probably not use non-EC crypto at all, as the document suggests. On Fri, Feb 15, 2019 at 9:19 AM Darren Tucker <dtucker at dtucker.net> wrote: > > On Fri, 15 Feb 2019 at 16:45, Yegor Ievlev <koops1997 at gmail.com> wrote: > > That doesn't seem to be

Anyone ever come across a linux server host key changing with out a reboot, sshd restart, change in negotiating (SSHv1, SSHv2), and different DNS name or IP address? I have a server on RHEL4.4 that changed its host key. Red Hat Enterprise Linux ES release 4 (Nahant Update 4) openssh-server-3.9p1-8.RHEL4.15 2.6.9-42.ELsmp uptime 944 days Started getting the eavesdropping message from a login

Markus, How's this patch? - a chan_wont_read()/chan_wont_write() API is added that is very much like chan_read_failed()/chan_write_failed(), but for the debug messages and chan_wont_*() don't ever call error() The 3.0.2p1 channel_pre_x11_open() uses chan_*_failed() but looks like it ought to use chan_wont_*() instead :) - forkoff() no longer fakes EOF for SSHv2 (still

Hi, I have hard figuring out what I did wrong ... On HPUX 11 I have compiled OpenSSH 2.9.2p2 with gcc 2.9 (taken from hp opensource server) and zlib also downloaded from hp. As long as I do passwd authentication everything work fine (I have used --with-pam), but if I tried publickey either in sshv1 or sshv2 authentication fails. I have tried a bunch of things but none worked so all

OpenSSH 9.7 has just been released. It will be available from the mirrors listed at https://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested

OpenSSH 9.7 has just been released. It will be available from the mirrors listed at https://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested

mdb-bsd is a FreeBSD 4.2-STABLE box morpheus is a Red Hat Linux 6.2 box with openssl 0.9.6 on it. Attempts to use SSHv2 fail. Using SSHv1 succeeds. sshd from OpenSSH2.5.1p1 is getting a fatal: xfree: NULL pointer given as argument Full client and server interaction given below. -- Mark Script started on Mon Feb 19 10:47:01 2001 1:mdb at mdb-bsd$ ssh -v -v -v -2 -x morpheus date SSH Version

On Tue, Mar 05, 2024 at 11:24:28AM +1100, Damien Miller wrote: > > Hi, > > OpenSSH 9.7p1 is almost ready for release, so we would appreciate testing > on as many platforms and systems as possible. This is a bugfix release. > > Snapshot releases for portable OpenSSH are available from > http://www.mindrot.org/openssh_snap/ > > The OpenBSD version is available in

On my test systems: Ubuntu 22.04 with GCC 11.4 and OpenSSL 3.0.2 on AMD: PASS Fedora 39 with GCC 12.3.1 and OpenSSL 3.0.9 on Intel: PASS OS X 14.3.1 with clang 15.0.0 on Apple M2 (--without-openssl): FAIL The failure is with "make tests" specifically when it runs /Users/rapier/openssh-portable/ssh-keygen -if /Users/rapier/openssh-portable/regress/rsa_ssh2.prv | diff -

On Fri, 29 Dec 2017, Daniel Kahn Gillmor wrote: > On Thu 2017-12-28 21:31:28 -0800, Dan Mahoney (Gushi) wrote: > > Why not make minimum key length a tunable, just as the other options are? > > Because the goal of building secure software is to make it easy to > answer the question "are you using it securely?" This is a nice summation of our approach. It's the

OpenSSH 7.7 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested

That doesn't seem to be the case. See https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf (5.6.1 Comparable Algorithm Strengths) On Fri, Feb 15, 2019 at 8:28 AM Darren Tucker <dtucker at dtucker.net> wrote: > > On Fri, 15 Feb 2019 at 16:00, Yegor Ievlev <koops1997 at gmail.com> wrote: > > I don't think there is any point to generate so

2017-02-05 23:12 GMT+01:00 Michael Stone <mstone at mathom.us>: > > It was probably because of this commit: > > http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd.c.diff?r1=1.472&r2=1.473 > Yes here the combination cr and lf is removed. > Which removed support for protocols older than 2 but perhaps failed to > account for the fact that newline had been

Perhaps the man page should be fixed then, because neither rsh nor rlogin provide any kind of port forwarding, or X11 forwarding, etc... Also, the comparison between ssh and rsh is more appropriate if you're talking about SSHv1 and much less so if you're talking about SSHv2. Nico -- > -----Original Message----- > From: Eric Garff [mailto:egarff at omniture.com] > Sent: