similar to: [PATCH] sshsig: check hashalg before selecting the RSA signature algorithm

Hi, I sent this patch back inn april and I still have a need for this. Would it be possible to get any pointers how we can have `hashalg` selectable by `ssh-keygen -Y`? -- Morten Linderud PGP: 9C02FF419FECBE16 On Thu, Apr 11, 2024 at 09:16:39PM +0200, Morten Linderud wrote: > `ssh-keygen -Y sign` only selects the signing algorithm `rsa-sha2-512` > and this prevents ssh-agent

There is no hash algorithm associated with SSH keys. The key format for RSA keys is always ?ssh-rsa?, and it is capable of being used with any of the available signature algorithms (ssh-rsa for SHA-1 and rsa-sha2-256 or rsa-sha2-512 for SHA-2). See section 3 in https://www.rfc-editor.org/rfc/rfc8332: rsa-sha2-256 RECOMMENDED sign Raw RSA key rsa-sha2-512 OPTIONAL

This patch removes the various keys and support files created during make tests. It might not be as compact as it could be, and I'd be happy to get comments on that, but it does work. diff --git a/Makefile.in b/Makefile.in index 70287f51f..0f1ef844d 100644 --- a/Makefile.in +++ b/Makefile.in @@ -296,6 +296,45 @@ clean: regressclean rm -f regress/misc/sk-dummy/*.o rm -f

folks, hi, after some quiet advice i've tracked down a method for compiling python2.5 using msvcr80 that _will_ actually work both under native win32 and also under wine, but it's a _bit_ dodgy, as i couldn't track down where you're supposed to put Microsoft.VC80.CRT, except in the path of the application where it's running from. so, instead, i put the _contents_ of

I am attempting to use wine to run a windows application called VideoReDo. I'm getting an error when I try to install the program, however, and I don't know how to proceed. The error is: fixme:actctx:parse_depend_manifests Could not find dependent assembly L"Microsoft.VC80.CRT" If I ignore the error, I get a further error: err:seh:setup_exception_record stack overflow 896

https://bugzilla.mindrot.org/show_bug.cgi?id=3748 Bug ID: 3748 Summary: "webauthn-sk-ecdsa-sha2-nistp256 at openssh.com" signature type not supported from ssh agent Product: Portable OpenSSH Version: 9.7p1 Hardware: 68k OS: Mac OS X Status: NEW Severity: enhancement

https://bugzilla.mindrot.org/show_bug.cgi?id=3753 Bug ID: 3753 Summary: ssh-keygen and ssh-keyscan prints SHA1 SSHFP digest by default Product: Portable OpenSSH Version: 9.9p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component:

i'm not sure if anything has changed since https://marc.info/?l=openbsd-misc&m=151233345723889&w=2 On Wed, Jun 26, 2024 at 9:32?AM Joseph S. Testa II <jtesta at positronsecurity.com> wrote: > > Has anyone done any initial research into how much effort it would take > to port OpenSSH to Rust? If not, I might find that interesting to > start. (Mind you, this would

--- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index 213041656..c9d4166a7 100644 --- a/.gitignore +++ b/.gitignore @@ -29,6 +29,8 @@ ssh-keysign ssh-pkcs11-helper ssh-sk-helper sshd +sshd-session +sshd-auth !regress/misc/fuzz-harness/Makefile !regress/unittests/sshsig/Makefile tags -- 2.45.2

Hi, OpenSSH 8.4p1 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a bugfix release. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available via git using the instructions at

I've architected this in a way that looks future proof at least to the openssl provider transition. What will happen in openssl 3.0.0 is that providers become active and will accept keys via URI. The current file mechanisms will still be available but internally it will become a file URI. To support the provider interface, openssl will have to accept keys by URI instead of file and may

OpenSSH 8.4 has just been released. It will be available from the mirrors listed at https://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested

On Mon, 21 Sep 2020 at 09:53, Hisashi T Fujinaka <htodd at twofifty.com> wrote: > OK, NetBSD-current amd64, NetBSD-9-amd64, and NetBSD-9-i386 all pass all > tests. MacOS, well, I always try it but it has problems. What's the problem on OS X? We test on it regularly (El Capitan and High Sierra) and the only problem I'm aware of is that the native libcrypto on High Sierra is

Add support to load additional certificates for already loaded private keys. Useful if the private key is on a PKCS#11 hardware token. The private keys inside ssh-agent are now using a refcount to share the private parts between "Identities". The reason for this change was that the PKCS#11 code might have redirected ("wrap") the RSA functions to a hardware token. We don't

Engine keys are keys whose file format is understood by a specific engine rather than by openssl itself. Since these keys are file based, the pkcs11 interface isn't appropriate for them because they don't actually represent tokens. The current most useful engine for openssh keys are the TPM engines, which allow all private keys to be stored in a form only the TPM hardware can decode,

Add private key protection information extraction to shh-keygen using -v option on top of -y option which is already parsing the private key. Technically, the passphrase isn't necessary to do this, but it is the most logical thing to do for me. Adding this to -l option is not appropriate because fingerprinting is using the .pub file when available. An other idea is to add a new option, I

Functionality request for supporting Digital Signatures for RSA and DSS Public Key Algorithms in alignment with NIST SP800-131A. I assume this has been asked before, but I could not find in the archives. Support of "ssh-rsa-sha256" and "ssh-dss-sha256" public key algorithms for OpenSSH? I know Suite B Algorithms and x509 SSH Extension Algorithms are supported, but not a

Hi, The main (and probably the only) use case of this PAM module is to let sudo authenticate users via their ssh-agent, therefore without having to type any password and without being tempted to use the NOPASSWD sudo option for such convenience. The principle is originally implemented by an existing module [0][1] and many pages that explain how to use it for such purpose can be found online.