similar to: OpenSSH 9.9?

http://www.psc.edu/networking/projects/hpn-ssh There have been some changes to the command line switches which are detailed on the website. This is more of a stop gap release than anything else. This is still in the HPN-11 cycle of patches. We hope to have an update to HPN-12 out sometime in March (when I can get some freetime). This will conform more closely to the OpenSSH nomenclature and

I am newbie to OpenSSH and have a question on providing password during a client log in session. I am using OpenSSH for Windows(XP) version 3.81p1. Is this the latest version for windows? >From the archive list I gather that OpenSSH will not provide a password option while invoking ssh commands, is this true? or will this be included in the future releases? I read something about using

Howdy, As a note, we now have HPN patch for OpenSSH 4.2 at http://www.psc.edu/networking/projects/hpn-ssh/ Its still part of the last set of patches (HPN11) so there aren't any additional changes in the code. It patches, configures, compiles, and passes make tests without a problem. I've not done extensive testing for this version of openssh but I don't foresee any problems. I

This is a preliminary release and as such should be used at your own risk. In my testing the application builds under OS X and Linux, passes the regression tests, and file transfer tests on our test connections exhibited a 1600% increase in performance (1.4MB/s versus 20.9MB/s 46ms RTT). This patch (hpn12v10) is available from

The HPN patch set has been updated to work with OpenSSH4.6. This patch can help improve performance of bulk data transfers when using SSH, SCP, or SFTP. Please see http://www.psc.edu/networking/projects/hpn-ssh for more information. The patch is available from the above address or directly with http://www.psc.edu/networking/projects/hpn-ssh/openssh-4.6p1-hpn12v16.diff.gz If you have any

On Thu, Feb 8, 2024 at 1:18?PM Chris Rapier <rapier at psc.edu> wrote: > > I know that there are some methods to use federated identities (e.g. > OAuth2) with SSH authentication but, from what I've seen, they largely > seem clunky and require users to interact with web browsers to get one > time tokens. Which is sort of acceptable for occasional logins but > doesn't

HPN-SSH is a set of high performance patches which add dynamic window sizing, none cipher switching, enhanced server logging, and a multi-threaded cipher implementation to OpenSSH. We've just updated the patches to the OpenSSH 4.9 release and made them available from http://www.psc.edu/networking/projects/hpn-ssh/ Comments, questions, and criticisms are always welcome. Thanks for your

Howdy, It's been a while since I've made an announcement here but I wanted to mention that we've just released a set of HPN-SSH patches for OpenSSH6.2. The release marks the first time I've had the resources/help to actually do anything more than just forward port the patches in quite a while. http://www.psc.edu/index.php/hpn-ssh Items of note: 1) The multithreaded AES-CTR

Practically speaking, most popular IAM and SSO solutions offer OIDC SAML tokens but do not offer Kerberos tickets.? OpenID Connect is a standard which itself is based on RFC6749 (OAuth2). This provides a compelling reason to support it in addition to Kerberos.? I'll also note that OIDC tokens are easy to validate without a bidirectional trust relationship between the IdP and RP. SSH

Ah, with an internal block size [Is that what one calls it?] of 64 bytes. From: Damien Miller <djm at mindrot.org> Sent: Wednesday, March 29, 2023 3:08 PM To: Robinson, Herbie <Herbie.Robinson at stratus.com> Cc: Chris Rapier <rapier at psc.edu>; Christian Weisgerber <naddy at mips.inka.de>; openssh-unix-dev at mindrot.org Subject: RE: [EXTERNAL] Re: ChaCha20 Rekey

On my test systems: Ubuntu 22.04 with GCC 11.4 and OpenSSL 3.0.2 on AMD: PASS Fedora 39 with GCC 12.3.1 and OpenSSL 3.0.9 on Intel: PASS OS X 14.3.1 with clang 15.0.0 on Apple M2 (--without-openssl): FAIL The failure is with "make tests" specifically when it runs /Users/rapier/openssh-portable/ssh-keygen -if /Users/rapier/openssh-portable/regress/rsa_ssh2.prv | diff -

Ben Bennett and I (both researchers at the Pittsburgh Supercomputing Center) have released the HPN13v1 patch set for OpenSSH 4.7p1. Primarily this release incorporates the previously announced multi-threaded AES-CTR mode cipher which will allow users to make better use of multi-core environments. In our test environments we've seen upwards of a 100% improvement in throughput performance

That's true for block ciphers, but ChaCha20+poly1305 is a stream cipher. On Wed, 29 Mar 2023, Robinson, Herbie wrote: > > I?m hardly an expert on this, but if I remember correctly, the rekey rate > for good security is mostly dependent on the cipher block size.? I left my > reference books at home; so, I can?t come up with a reference for you, but I > would take Chris?

I know that there are some methods to use federated identities (e.g. OAuth2) with SSH authentication but, from what I've seen, they largely seem clunky and require users to interact with web browsers to get one time tokens. Which is sort of acceptable for occasional logins but doesn't work with automated/scripted actions. I'm just wondering if anyone has done any work on this or

On Thu, Aug 3, 2023 at 2:35?PM Chris Rapier <rapier at psc.edu> wrote: > > Howdy all, > > So, one night over beers I was telling a friend how you could use the > timing between key presses on a type writer to extract information. > Basically, you make some assumptions about the person typing (touch > typing at so many words per second and then fuzzing the parameters

On Tue, 18 Jun 2024, Chris Rapier wrote: > Just curious, has this been tested at scale? I see that there are, by > default, a maximum number of hosts it can track (default of 64k it > seems). At that point I think one of two things happen - sshd stops > allowing all connections until some of the banned IPs age out (with > the exception of those IPs on an approved list) or it drops

The results, for anyone interested, can be found here http://www.psc.edu/networking/projects/hpn-ssh/results.html Long story short, there doesn't seem to be any notable difference between the two anymore. I still have a few more test combinations to run (<.5ms rtts and against cygwin) so the conclusions might change but, at this point, I'm no longer seeing any sort of performance

http://www.psc.edu/networking/projects/hpn-ssh/ Mike Stevens and I just released a new set of high performance networking patches for OpenSSH 3.9p1, 4.0p1, and 4.1p1. These patches will provide the same set of functionality across all 3 revisions. New functionality includes 1) HPN performance even without both sides of the connection being HPN enabled. As long as the bulk data flow is in the

Howdy all, I know that the OpenSSH team has made a clear and well justified decision regarding interoperability with OpenSSL 1.1. I respect that entirely. That said, I've recently had to deal with a couple of users who had a specific set of requirements with building OpenSSH 7.7 using patches for OpenSSL 1.1 found in the slackware package.

On 6/17/2024 22:46, Damien Miller wrote: > This release contains mostly bugfixes. > > New features > ------------ > > * sshd(8): add the ability to penalise client addresses that, for > various reasons, do not successfully complete authentication. > sshd(8) will now identify situations where the session did not > authenticate as expected. These