similar to: SSH time increased significantly after upgrade to OpenSSH 9.6p1

On Sun, 28 Jul 2024 at 22:34, radiatejava <radiatejava at gmail.com> wrote: > We upgraded sshd in our product from OpenSSH 8.6 to OpenSSH 9,.6. > After the upgrade, clients are seeing significant increase in time to > do ssh to the listener. Normally, a single ssh does not matter much > but some of our workflows involve about 3000 to 4000 ssh connect and > close and this is

On Sun, 28 Jul 2024, Darren Tucker wrote: > OpenSSH 9.0 introduced a quantum resistant hybrid kex method as the > highest priority method. Quoting > https://www.openssh.com/releasenotes.html#9.0: > > * ssh(1), sshd(8): use the hybrid Streamlined NTRU Prime + x25519 key > exchange method by default ("sntrup761x25519-sha512 at openssh.com"). > The NTRU

I have an NXP i.MX6-based armv7l-dey-linux-gnueabihf system in which I am seeing some as-yet-unaccountable behavior in sshd when compiled with Arm/GCC 10/11/12. That is, when attempting to scp/slogin/ssh to 'root@<host>', where <host> is either a name or IPv4 or IPv6 address, the connection is quickly closed by the server without prompting for a password. The variable I can

I have a client host that I don't have access to now, which attempts to establish ssh connection back to my BSD server using the private key. Client runs this command: /usr/bin/ssh -i ~/.ssh/my_key_rsa -o "ExitOnForwardFailure yes" -p $HPORT $HUSER@$HOST -R $LPORT:localhost:$LPORT -N On the server debug log looks like this: Connection from NNN.NNN.NNN.NNN port 43567 debug1: HPN

On Sun, Dec 21, 2014 at 5:25 PM, Damien Miller <djm at mindrot.org> wrote: > On Fri, 19 Dec 2014, Dmt Ops wrote: > > > I added an EXPLICIT > > > > AuthenticationMethods publickey,keyboard-interactive > > + UsePam yes > > > > to sshd_config. Now, at connect attempt I get > > > > Password: > > Verification code: > >

https://bugzilla.mindrot.org/show_bug.cgi?id=3653 Bug ID: 3653 Summary: ConnectTimeout causes issue when connecting to an host via tsocks Product: Portable OpenSSH Version: 9.6p1 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5 Component: ssh

Greetings All, I have a ssh server which allows sftp connections from the Internet while ssh connections from within the local net, here is the config: Code: Port 11111 Port 11113 Protocol 2 LogLevel DEBUG

I have noticed that the EC public key sent in the SSH2_MSG_KEX_ECDH_INIT message is sent without point compression. Are there any plans to use point compression eventually? I imagine that, in part, you guys are not yet implementing it for patent reasons, right?

Hello, I'm trying to setup a chroot for one user on my AIX 5.2 system I have tried with openssh 5.0 (don't know where it comes from) and as it didn't work, I have downloaded and compiled the current version (6.6p1) When I connect, password is checked, chroot is done, sftp subsystem is accepted, but I get disconnected without any error Below is all can say about my config (after

Hello, I've developed a custom PAM module which only allows a user to authenticate to the server only if another user of the same machine also authenticates succesfully. It's currently a simple module which also works as a PAM aware application since it authenticates each user with PAM itself. Both the pamtester utility and su can use this module correctly. However, when I try to use

Hi, I downloaded setupssh-7.3p1-2.exe for Windows x64. I created private public keys and set it up accordingly. After entering the passphrase, I see authentication succeeded message but then the connection to the remote host gets closed immediately. Some of the Client output: ************************ ... Enter passphrase for key '/home/user2/.ssh/id_rsa': debug1: Authentication

Dear OpenSSH developers, I've worked this week on an alternative key exchange mechanism, in reaction to the whole NSA leaks and claims over cryptographic backdoors and/or cracking advances. The key exchange is in my opinion the most critical defense against passive eavesdropping attacks. I believe Curve25519 from DJB can give users a secure alternative to classical Diffie-Hellman (with fixed

Hello, I'm looking for your insight about the log below. We have an SFTP server (IBM Sterling File Gateway) and we're connecting from an OpenSSH SFTP client but something fails during KEX. Complete client-side debug output is below, but I believe the relevant part is: debug1: kex: server->client cipher: aes192-cbc MAC: hmac-sha1 compression: none debug1: kex: client->server

Installing xen on a fairly clean c7.2 system. I get a xen kernel panic. (XEN) Bad console= option 'tty' Xen 4.6.0-9.el7 (XEN) Xen version 4.6.0-9.el7 (mockbuild at centos.org) (gcc (GCC) 4.8.5 20150623 (Red Hat 4.8.5-4)) debug=n Wed Jan 20 12:25:53 UTC 2016 (XEN) Latest ChangeSet: Thu Jan 14 15:35:35 2016 +0000 git:6e8597a-dirty (XEN) Bootloader: GRUB 2.02~beta2 (XEN) Command line:

Hi, About a year and a half ago I brought up the topic of encrypted hostkeys and posted a patch (http://marc.info/?l=openssh-unix-dev&m=132774431906364&w=2), and while the general reaction seemed receptive to the idea, a few problems were pointed out with the implementation (UI issues, ssh-keysign breakage). I've finally had some spare time in which to get back to this, and I've

What does "getent passwd <username>@<domainname>" return on the server for the login shell. By default a samba AD DC sets the login shell for all Active Directory user accounts to /bin/false. The only way I've found to change this, is to override that globally with the "template shell = /bin/bash" option in smb.conf, which enables it globally for all Active

>Thank you! It worked and I finally got a working kernel. Here is the kernel boot log: Sound great ! Though I ended with error from log below. Had no chance to fix it yet: ? CPU: AMD QEMU Virtual CPU version 2.5+ (family: 0x6, model: 0x6, stepping: 0x3) Performance Events: PMU not available due to virtualization, using software events only. ..TIMER: vector=0x30 apic1=0 pin1=2 apic2=-1

Hi OpenSSH, I'm working on updating Guix's openssh package definition to the latest release. So far, I have only changed the version (and checksum) and left the build/test/install recipe the same. However, the test suite now fails. I could use some pointers to find out what exactly is going wrong with the failing test or how to fix it. I'm happy to provide more information about

?I wrote about this a couple months back.? George asked me to submit to the Xen developers list, but I never had the time due to work demands on getting the new server set up.? In my case, I had to use a different server.? The new motherboard/CPU had no issues with the second CPU.? If you turn off and unplug the second CPU, it will work. Check the archives for my e-mail address and see

On Thu, 21 Dec 2023 at 15:52, Jack Hill <jackhill at jackhill.us> wrote: [...] > /tmp/guix-build-openssh-9.6p1.drv-0/openssh-9.6p1/regress/ssh-rsa already exists. > Overwrite (y/n)? ssh-keygen for ssh-rsa failed The regression tests do this to regenerate the keys if either the keygen binary has changed: for t in ${SSH_KEYTYPES}; do # generate user key if [ ! -f