similar to: Better reporting for signature algorithm mismatch?

On 04.12.24 19:47, Brian Candler wrote: > debug1: Offering public key: /Users/brian/.ssh/id_rsa RSA [...] > debug1: send_pubkey_test: no mutual signature algorithm <<<< *THIS* > > I wonder if there could there be some way to highlight the "no mutual > signature algorithm" message more prominently in normal operation? Wouldn't the extra output, even in

On 18/10/2024 11:38, Chris Green wrote: > chris$ ssh-add -l > 256 SHA256:4XDYbepg8zK43pofpQ8IGxMAXkej298a0XZHWjJTIQQ chris at q957 (ED25519) > 3072 SHA256:yeQw8xe9rrxHKLqICoXNwReZKKV9HI1UeTCf95QywXM chris at t470 (RSA) > 256 SHA256:dluRgJeTqJ32jKxRrSdjr/cibbIOZQeq8Inlna3+Sdw chris at q957 (ED25519) > 256 SHA256:gl9l9m/xnYpL9P7WkL60L+FcJ0+r2c5Ci770p9VEC08

Hi, One of our users who is running an OS (I think it's the latest beta macOS 10.14.1) with ssh version "OpenSSH_7.8p1, LibreSSL 2.7.3" is unable to use our user SSH RSA certificates to authenticate to our servers (which are running "OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017"). We see this error on the client side: debug1: kex_input_ext_info:

On Thu, Oct 11, 2018 at 10:41 AM Damien Miller <djm at mindrot.org> wrote: > On Wed, 10 Oct 2018, Adam Eijdenberg wrote: > > We see this error on the client side: > > > > debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512> > > ... > > debug1: Offering public key: RSA-CERT SHA256:xxx /path/to/key > > debug1: send_pubkey_test: no

I have a small LAN at home with nine or ten systems on it running various varieties of Linux. I 'do things' on the LAN either from my dekstop machine or from my laptop, both run Xubuntu 24.04 at the moment. There's a couple of headless systems on the LAN where login security is important to me and I've been thinking about the relative merits of password and public-key

Hello folks, I am new here, so please be gentle :), and any help will be appreciated. Essentially what I am trying to do is, to use Jsch ( the java implementation of SSH client). it has support for Public key based authentication. Since there is a requirement for FIPS enablement, we are trying to use the Algorithm SHA256withRSA, instead of SHA1withRSA. When the code tries to verify the

I'm confused by the following:- rcfg at q957$ ssh-add -l 256 SHA256:gl9l9m/xnYpL9P7WkL60L+FcJ0+r2c5Ci770p9VEC08 chris at q957 (ED25519) 256 SHA256:4XDYbepg8zK43pofpQ8IGxMAXkej298a0XZHWjJTIQQ chris at q957 (ED25519) 3072 SHA256:yeQw8xe9rrxHKLqICoXNwReZKKV9HI1UeTCf95QywXM chris at t470 (RSA) 256 SHA256:dluRgJeTqJ32jKxRrSdjr/cibbIOZQeq8Inlna3+Sdw chris at q957 (ED25519)

Hi, all. So, in reviewing my OpenSSH keypairs and evaluating the size my RSA keys should be, i realized that, if i update my 2048-bit keypairs to 4096 bits, it really doesn't matter that much, because they're still only encrypted with 3DES, which provides an effective 112 bits of symmetric encryption strength: $ head -4 ~/.ssh/id_rsa -----BEGIN RSA PRIVATE KEY----- Proc-Type:

As far as I can tell, there currently isn't a straightforward way to use password authentication for connecting to hosts where the host key changes frequently. I realize this is a fairly niche use case, but when developing software for devices that often get reimaged (resulting in a host key change), it can get pretty tedious to attempt to connect, get a warning, remove the old host key via

On Mon, Oct 21, 2024 at 08:50:44PM +0000, Tim Rice via openssh-unix-dev wrote: > Hi Chris, > > > What do you mean by "keypair authentication"? > > That's the authentication you use when you have ssh-keygen provide you > with a private key and a public key, and distribute the public key to all > the different authorized_keys files. > But he says not to

Hello, I am testing mail_crypt plugin with per account encryption and wanted to generate a new keypair for an account but noticed that I now end up with 2 keypairs where one is active and the other inactive as you can see below: $ doveadm mailbox cryptokey list -u email at domain.tld -U Folder Active Public ID yes 7b140b4f3d6d68eed2c59259ac5e6f6a280dc82990292dc415b4100d6c797f67

Has any thought toward a v3 protocol spec been discussed elsewhere, and if so what enhancements are being looked at. Is it too early to consider such things, or should we open the door to the new features a protocol update would bring? More specifically I have been investigating working toward a more enterprise-friendly hierichical authentication scheme, but I have quickly realized the

On Tue, Jan 02, 2024 at 03:52:29PM +1100, Damien Miller wrote: > On Mon, 1 Jan 2024, Christian Weisgerber wrote: > > > Chris Green: > > > > > Setting SSH_ASKPASS_REQUIRE=never in the environment on my xubuntu > > > 23.10 system doesn't seem to work. I have set it:- > > > > > > chris$ env | grep SSH > > >

Hello, For those who run tinc on Debian or Debian-based distributions like Ubuntu and Knoppix, be advised that the following security issue affects tinc as well: http://www.debian.org/security/2008/dsa-1571 In short, if you generated public/private keypairs for tinc between 2006 and May 7th of 2008 on a machine running Debian or a derivative, they may have been generated without a properly

Hello, For those who run tinc on Debian or Debian-based distributions like Ubuntu and Knoppix, be advised that the following security issue affects tinc as well: http://www.debian.org/security/2008/dsa-1571 In short, if you generated public/private keypairs for tinc between 2006 and May 7th of 2008 on a machine running Debian or a derivative, they may have been generated without a properly

Does the version of OpenSSL on Centos 6.5 support ECDSA keypairs? How do I test if this works? (though I should probably ask this on the OpenSSL list) The reason I suspect a problem is that HIPL for Centos (http://infrahip.hiit.fi/) is not creating the ECDSA Host Identity, whereas my Fedora installation IS creating the ECDSA HI.

--- Brian Willoughby <brianw at sounds.wa.com> wrote: My suggestion is to first gather more information, by learning how to confirm whether an MD5 Signature even exists in these files before continuing to determine the reason for the mismatch. Maybe someone else has more information. --- end of quote --- Thanks for the response. He sent me a link to the files here:

--- Brian Willoughby <brianw at sounds.wa.com> wrote: There are no uncompressed files here, so it's difficult to discover what you need to know. --- end of quote --- I've asked him for the uncompressed first track to see what the correct md5 should be --- Brian Willoughby <brianw at sounds.wa.com> wrote: This could be an uploading problem. There are still too many

2007/7/25, Josh Coalson <xflac@yahoo.com>: > > --- Harry Sack <tranzedude@gmail.com> wrote: > > 2007/7/25, Harry Sack <tranzedude@gmail.com>: > > > > > > Hi > > > > > > I have downloaded a FLAC file somewhere and when trying to decode > > it to > > > WAV it gives the error message: ERROR, MD5 signature mismatch >

--- Harry Sack <tranzedude@gmail.com> wrote: > 2007/7/27, Josh Coalson <xflac@yahoo.com>: > > > > > > > But how is it possible then the FLAC encoder allows files which > have > > > a bad > > > resulting MD5 to be encoded? Is it because of the bad ram, ... > this > > > incorrect MD5 is not detected during encoding? > > >