similar to: [Bug 3815] New: ssh-verify-attestation fails to check attestation

I was recently looking at verifying the attestation data (ssh-sk-attest-v00) for a SK key, but I believe the data saved in this structure is insufficient for completing verification of the attestation. While the structure has enough information for U2F devices, FIDO2 devices sign their attestation over a richer "authData" blob [1] (concatenated with the challenge hash). The authData blob

https://bugzilla.mindrot.org/show_bug.cgi?id=3761 Bug ID: 3761 Summary: ssh-keygen fails for security keys without attestation Product: Portable OpenSSH Version: 9.9p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: ssh-keygen Assignee:

Hi, I''ve been trying to boot from a RHEL4 install iso without much luck (the xen way). The Host is: RHEL 5.1 xen-3.0.3-41.el5 Here is my guest config: # -*- mode: python; -*- #============================================================================ # Python configuration setup for ''xm create''. # This script sets the parameters used when a domain is created using

Hi, I'm Yuuichi Ikeda from Japan User. OS:Solaris 10 9/10 s10x_u9wos_14a X86 Mem:8GB HDD:3TB gcc:gcc (GCC) 4.1.2 gcc-prefix:/unsupported/gcc Dovecot Version:2.0.15 configure:./configure --prefix=/opt/dovecot_2 --sysconfdir=/opt/dovecot_2/conf --mandir=/opt/man --enable-shared --with-mysql --with-zlib --with-sqlite --with-sql=plugin --with-ssldir=/opt/openssl --with-rundir=/var/run

In a few weeks, no SIP call is going to terminate unless they are signed properly, as mandated by law. We are in the business of Stir-Shaken, signing calls, as an FCC-approved provider. A big differentiator between our service and the rest: we are the only ones who don't need to receive the calls in our servers to sign them. We do this over a MySQL call, easily connectable to Asterisk via

I tested building the openSUSE Tumbleweed package locally with the 20250403 snapshot and doing a live test and it works fine. I then also did try "make tests" on the vanilla snapshot sources and at first they failed to even build but after a quick fix that I've submitted at https://bugzilla.mindrot.org/show_bug.cgi?id=3806 the tests run fine too. Thanks! El mi?, 2 abr 2025 a las

Hi all. OpenSSH 10.0p1 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is primarily a bugfix release, although one notable change is the introduction of the sshd-auth binary (see below). Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD:

On Fri, Aug 30, 2013 at 10:56:17AM +0100, Mark Ballard wrote: > > This is incredible, Mr Sandeen. You mean USB flash manufacturers > (what's their body - the USB Implementer's Forum?) have simply not > provided a means for software to query the underlying hardware in a > USB flash? Have software producers asked them for this? No, they haven't. And yes we have, since

https://wiki.asterisk.org/wiki/display/AST/STIR+and+SHAKEN The Wiki above is misleading in what Stir-Shaken means and how it works. End users cannot get a certificate, they cannot self-certify their calls. Somebody completely misunderstood the model. I am afraid the moment will come and thousands of Asterisk operators will be unable to terminate calls. To start with, the model is a hierarchical

Hi Damien, On Nov 14, 2019, at 3:26 PM, Damien Miller <djm at mindrot.org> wrote: > On Fri, 1 Nov 2019, Damien Miller wrote: >> As of this morning, OpenSSH now has experimental U2F/FIDO support, with >> U2F being added as a new key type "sk-ecdsa-sha2-nistp256 at openssh.com" >> or "ecdsa-sk" for short (the "sk" stands for "security

Hi, We are pleased to announce the call for presentations for this years Confidential Computing MC at the Linux Plumbers Conference. In this microconference we want to discuss ongoing developments around Linux support for memory encryption and support for confidential computing in general. Topics of interest include: * Support for unaccepted memory * Attestation workflows * Confidential

> From: David Hopwood <david@bl...> > [image removed] Re: trusted computing > 2004-10-18 19:24 > Tim Freeman wrote: > > > not about Xen in particular, but as a side note, because I think some > > people are interested in trusted computing and virtualization? If > > you"re not, sorry for the intrusion! > > > >

Hi, OpenSSH 8.2p1 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a feature release. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available via git using the instructions at

Hi, What I was trying to do (apart from toying with stuff) was to get a realiable, single, portable/importable credential that would be universally available whenever I need it but in normal operation would be either stored in or wrapped by Secure Enclave (this means EC keys), instead of provisioning 5 resident FIDO keys, one Secretive SE-wrapper key and a backup key. (I know, I could use

Hi folks, Since Docker can bind-mount every .ssh directory I am looking for some way to forbid unprotected private keys. AFAICS it is currently not possible on the sshd to verify that the peer's private key was protected by a passphrase. Can you confirm? Regards Harri

Hi, OpenSSH 8.4p1 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a bugfix release. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available via git using the instructions at

OpenSSH 8.2 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested

OpenSSH 8.2 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested

OpenSSH 8.2 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested

A few weeks... like in a year and a few weeks: https://transnexus.com/blog/2020/fcc-mandates-stir-shaken/ Some interesting bits in there as well, like: "These rules do not apply to providers that lack control of the network infrastructure necessary to implement STIR/SHAKEN." See also: https://wiki.asterisk.org/wiki/display/AST/STIR+and+SHAKEN *Jeff LaCoursiere* STRATUSTALK, INC.