Displaying 20 results from an estimated 1000 matches similar to: "[PATCH] Specify signature algorithm during server hostkeys prove"
2024 Nov 12
3
[PATCH 0/2] Specify signature algorithm during server hostkeys prove
From: Maxime Rey <maximejeanrey at gmail.com>
Hello,
I've discovered an issue with sshd when it's configured to use the SSH agent
alongside multiple host keys. Specifically, this problem happens during the
hostkeys-prove-00 at openssh.com request, when the server attempts to
demonstrate ownership of the host keys by calling the agent.
The issue occurs because, while processing the
2024 Oct 29
14
[Bug 3748] New: "webauthn-sk-ecdsa-sha2-nistp256@openssh.com" signature type not supported from ssh agent
https://bugzilla.mindrot.org/show_bug.cgi?id=3748
Bug ID: 3748
Summary: "webauthn-sk-ecdsa-sha2-nistp256 at openssh.com"
signature type not supported from ssh agent
Product: Portable OpenSSH
Version: 9.7p1
Hardware: 68k
OS: Mac OS X
Status: NEW
Severity: enhancement
2024 Nov 12
0
[PATCH 1/2] Add test to cover multiple server hostkeys with agent
From: Maxime Rey <maximejeanrey at gmail.com>
This tests the hostkey-prove mechanism in sshd when provided with multiple
host keys managed by the agent
---
regress/hostkey-agent.sh | 31 +++++++++++++++++++++++++++++++
1 file changed, 31 insertions(+)
diff --git a/regress/hostkey-agent.sh b/regress/hostkey-agent.sh
index 222d424bd..3fa80655e 100644
--- a/regress/hostkey-agent.sh
+++
2013 Jun 25
1
RFC: encrypted hostkeys patch
Hi,
About a year and a half ago I brought up the topic of encrypted hostkeys
and posted a patch
(http://marc.info/?l=openssh-unix-dev&m=132774431906364&w=2), and while the
general reaction seemed receptive to the idea, a few problems were pointed
out with the implementation (UI issues, ssh-keysign breakage).
I've finally had some spare time in which to get back to this, and I've
2019 Oct 21
2
Multiple Signatures on SSH-Hostkeys
Hello, OpenSSH-wizards.
In our company, we have looked into SSH-HostKey-signing in order to
realize automated access without the need to accept the server's
hostkey, manually.
I got it to work with the HostCertificate-directive inside the
sshd_config.
Now, I was wondering whether it is possible to have multiple
signatures, so I can, for example, sign the hostkey once with a
2017 Sep 22
2
Call for testing: OpenSSH 7.6
On Thu, Sep 21, 2017 at 02:22:10AM -0500, Zev Weiss wrote:
> test_kex: regress/unittests/kex/test_kex.c:91 test #1 "sshkey_generate"
> ASSERT_INT_EQ(sshkey_generate(keytype, bits, &private), 0) failed:
> sshkey_generate(keytype, bits, &private) = -56
That error code is:
$ grep -- -56 ssherr.h
#define SSH_ERR_KEY_LENGTH -56
Unfortunately there's lots of
2024 Sep 23
1
[PATCH] sshd: Add pkcs11 support for HostKey.
Hello,
OpenSSH supports PKCS#11 on the client side, but that does not extend to
the server side. I would like to bring PKCS#11 support to sshd.
I am working on embedded Linux systems with integrated HSM. The sshd
host key is stored on the HSM. To have sshd using that key, we rely on
the following chain:
sshd -> OpenSSL -> OpenSSL Engine -> HSM Having
PKCS#11 support in sshd, would
2002 Jun 05
1
Per-port hostkeys
My apologies if this has been covered already. My search of the archives
was unfruitful.
OpenSSH seems to be lacking a certain capability present in ssh.com's
client; namely, the ability to store remote hostkeys on a per-port basis.
I have various machines that, due to iptables port-forwarding, appear to
be running copies of (open)sshd on multiple ports. "Commercial" ssh
stores
2015 Dec 23
2
Why hostkeys-00@openssh.com is following user authentication?
Hello,
This hostkeys extension is great, reading[1]:
"""
OpenSSH supports a protocol extension allowing a server to inform a
client of all its protocol v.2 host keys after user-authentication has
completed.
"""
I wonder, why should user authentication be completed before this
functionality is available? This means that ssh-keyscan tool (for
example) cannot take
2007 Jan 30
3
[Bug 1279] Address- and/or port-specific HostKeys support
http://bugzilla.mindrot.org/show_bug.cgi?id=1279
Summary: Address- and/or port-specific HostKeys support
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P2
Component: sshd
AssignedTo: bitbucket at mindrot.org
ReportedBy:
2013 Jul 25
2
[Bug 2131] New: ssh: list known names (if any) for new hostkeys
https://bugzilla.mindrot.org/show_bug.cgi?id=2131
Bug ID: 2131
Summary: ssh: list known names (if any) for new hostkeys
Product: Portable OpenSSH
Version: 6.2p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs at
2002 Oct 17
0
[Bug 416] New: problems with sshd starting up and hostkeys
http://bugzilla.mindrot.org/show_bug.cgi?id=416
Summary: problems with sshd starting up and hostkeys
Product: Portable OpenSSH
Version: -current
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: major
Priority: P2
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
ReportedBy:
2003 Jun 20
1
[PATCH] accepting changed hostkeys
Hi,
I often change the machines (and thus the hostkeys) that are on a IP (a
service environment with a IP assinged for the machine to test).
So every time I want to connect to a new machine I have to delete the previous
key from the known_hosts file.
Since I got tired of running a remove script manually, I made this small patch
which adds the possibility to replace the real key with the
2002 Apr 15
0
[Bug 216] New: ssh-keygen vs. SSH Version 2.0.13 hostkeys
http://bugzilla.mindrot.org/show_bug.cgi?id=216
Summary: ssh-keygen vs. SSH Version 2.0.13 hostkeys
Product: Portable OpenSSH
Version: 3.1p1
Platform: UltraSparc
OS/Version: Solaris
Status: NEW
Severity: normal
Priority: P2
Component: ssh-keygen
AssignedTo: openssh-unix-dev at mindrot.org
2015 Feb 21
1
[Bug 2357] New: please add "vhosting" features respectively per-LocalAdress HostKeys/etc.
https://bugzilla.mindrot.org/show_bug.cgi?id=2357
Bug ID: 2357
Summary: please add "vhosting" features respectively
per-LocalAdress HostKeys/etc.
Product: Portable OpenSSH
Version: 6.7p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
2003 Jun 07
1
openssh reading only SOME ssh1 hostkeys from ssh.com ssh
Hey folks, I've asked this on the security focus mailing list, but no
one seems to know...
I'm in the process of moving my company from old crufty ssh.com ssh1 to
openssh.
On most of our hosts, we've created rsa and dsa keys but managed to KEEP
the old rsa1 key...
However, on a few hosts, openssh has been unable to read the old rsa1
key and has claimed:
debug1: Unsupported
2002 Apr 15
1
[Bug 216] ssh-keygen vs. SSH Version 2.0.13 hostkeys
http://bugzilla.mindrot.org/show_bug.cgi?id=216
------- Additional Comments From markus at openbsd.org 2002-04-16 02:34 -------
please test against latest snapshot.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
2002 Oct 17
0
[Bug 416] problems with sshd starting up and hostkeys
http://bugzilla.mindrot.org/show_bug.cgi?id=416
markus at openbsd.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |WORKSFORME
------- Additional Comments From markus at openbsd.org 2002-10-18
2024 Dec 23
4
[Bug 3768] New: Whether to add a switch to control whether to enable the hostkeys rotation mechanism.
https://bugzilla.mindrot.org/show_bug.cgi?id=3768
Bug ID: 3768
Summary: Whether to add a switch to control whether to enable
the hostkeys rotation mechanism.
Product: Portable OpenSSH
Version: 9.9p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
2012 Dec 27
3
[PATCH] hostfile: list known names (if any) for new hostkeys
When connecting to a host for which there's no known hostkey, check if the
relevant key has been accepted for other hostnames. This is useful when
connecting to a host with a dymamic IP address or multiple names.
---
auth.c | 4 ++--
hostfile.c | 42 ++++++++++++++++++++++++++++--------------
hostfile.h | 8 ++++++--
sshconnect.c | 39 +++++++++++++++++++++++++++++++++------