similar to: [Bug 3829] New: SSH signature armor protocol documentation issue

`ssh-keygen -Y sign` only selects the signing algorithm `rsa-sha2-512` and this prevents ssh-agent implementations that can't support sha512 from signing messages. An example of this is TPMs which mostly only really supports sha256 widely. This change enables `ssh-keygen -Y sign` to honor the `hashalg` option for the signing algorithm. Signed-off-by: Morten Linderud <morten at

Hi, I sent this patch back inn april and I still have a need for this. Would it be possible to get any pointers how we can have `hashalg` selectable by `ssh-keygen -Y`? -- Morten Linderud PGP: 9C02FF419FECBE16 On Thu, Apr 11, 2024 at 09:16:39PM +0200, Morten Linderud wrote: > `ssh-keygen -Y sign` only selects the signing algorithm `rsa-sha2-512` > and this prevents ssh-agent

Sorry, this now been committed and will be in openssh-10.0 On Sat, 23 Nov 2024, Morten Linderud wrote: > Hi, > > I sent this patch back inn april and I still have a need for this. Would it be > possible to get any pointers how we can have `hashalg` selectable by `ssh-keygen -Y`? > > -- > Morten Linderud > PGP: 9C02FF419FECBE16 > > On Thu, Apr 11, 2024 at

Thank you! There is now two " XXX maybe make configurable " in the top of the file that is probably no longer relevant. Do you want a followup patch for that? Cheers, Morten Linderud On Wed, Nov 27, 2024 at 08:25:15AM +1100, Damien Miller wrote: > Sorry, this now been committed and will be in openssh-10.0 > > On Sat, 23 Nov 2024, Morten Linderud wrote: > > > Hi,

There is no hash algorithm associated with SSH keys. The key format for RSA keys is always ?ssh-rsa?, and it is capable of being used with any of the available signature algorithms (ssh-rsa for SHA-1 and rsa-sha2-256 or rsa-sha2-512 for SHA-2). See section 3 in https://www.rfc-editor.org/rfc/rfc8332: rsa-sha2-256 RECOMMENDED sign Raw RSA key rsa-sha2-512 OPTIONAL

https://bugzilla.mindrot.org/show_bug.cgi?id=3748 Bug ID: 3748 Summary: "webauthn-sk-ecdsa-sha2-nistp256 at openssh.com" signature type not supported from ssh agent Product: Portable OpenSSH Version: 9.7p1 Hardware: 68k OS: Mac OS X Status: NEW Severity: enhancement

Hi, I am stuck on something for a couple days, I am almost about to give up. This looks simple, but I can't figure out. I hope I can get some help here. I am trying to do some symbolic and numerical derivations. Let me explain the problem. Let's say, I have a matrix as follows: > load <- matrix(c(3,0,1,4,1,3),nrow=3,ncol=2,byrow=TRUE) > > load [,1] [,2] [1,] 3 0

On Wed, 23 Apr 2025, Wiktor Kwapisiewicz via openssh-unix-dev wrote: > Hello, > > I'm currently evaluating using `ssh-keygen -Y verify` to check OS artifacts > (e.g. packages) and I noticed that the `-f allowed_signers_file` option can be > passed only once. A side remark: technically it can be passed multiple times > without a warning but the last invocation overrides all

Hello world, I'm trying to do an anova on data in data.set, dependent variable is a column named "dep.var", grouping variable is in a column called "indep.var", and is.factor(indep.var) is TRUE... why can't I just do aov(dep.var ~ indep.var, data = data.set)? What have I done to deserve this?! What gives? Am I missing something totlly obvious? R-base-1.0.0-1,

Ok, I know this is a well known bug but I can't find a solution (if there is one). When you mount a horse outfitted with armor from the horse armor addon the game just crashes. Is there any way i could solve this? maybe by using njative windows dlls or playing around with winetricks?

I'm using specify.model for the sem package. I can't figure out how to represent the residual errors for the observed variables for a CFA model. (Once I get this working I need to add some further constraints.) Here is what I've tried: model.sa <- specify.model() F1 -> X1,l11, NA F1 -> X2,l21, NA F1 -> X3,l31, NA F1 -> X4,l41, NA F1 -> X5, NA, 0.20

This patch removes the various keys and support files created during make tests. It might not be as compact as it could be, and I'd be happy to get comments on that, but it does work. diff --git a/Makefile.in b/Makefile.in index 70287f51f..0f1ef844d 100644 --- a/Makefile.in +++ b/Makefile.in @@ -296,6 +296,45 @@ clean: regressclean rm -f regress/misc/sk-dummy/*.o rm -f

Hi, In sanitizer code we have two notions of stack unwinders: fast and slow. [1] In the context of sanitizers, stack unwinding is most often for printing error reports that include a stack trace. I am currently trying to fix an issue that is related to some platforms (Darwin) only supporting the fast unwinder, but calling code not being aware of that possibility. My mental model was that

https://bugzilla.samba.org/show_bug.cgi?id=3829 Summary: rsync loses access ACLs on transferred files Product: rsync Version: 2.6.9 Platform: All OS/Version: All Status: NEW Severity: minor Priority: P3 Component: core AssignedTo: wayned@samba.org ReportedBy: hashproduct+rsync@gmail.com

Hi What do you think about publishing PGP signed tarballs without the generated files such as the ./configure script? What I'm looking for is for some private key holder of the OpenSSH portable release key to run git checkout V_9_7_P1 git archive --prefix=openssh-portable-V_9_7_P1/ -o openssh-9.7p1-src.tar.gz HEAD gpg --detach-sign --armor openssh-9.7p1-src.tar.gz and then publish the

Hello, I'm currently evaluating using `ssh-keygen -Y verify` to check OS artifacts (e.g. packages) and I noticed that the `-f allowed_signers_file` option can be passed only once. A side remark: technically it can be passed multiple times without a warning but the last invocation overrides all previous ones. Tested using: $ ssh-keygen -Y verify -f allowed_signers -f /dev/null -n file -s

Thank you for the explanation, Ben! I realized I didn’t give enough context for my question: As you noted, the slow/fast unwinder can only do its work if there is enough (runtime) information. Otherwise stack printing usually does exactly what you suggested: printing the one frame corresponding to the recent pc. When I asked if “platforms are required to at least support one kind of unwinder” I

Jochen Bern <Jochen.Bern at binect.de> writes: > (And since you mention "port knocking", I'd like to repeat how fond I > am of upgrading that original concept to a single-packet > crypto-armored implementation like fwknop.) I am reluctantly considering to use some kind of port knocking mechanism on some machines, however I really don't want to carry around shared

https://bugzilla.mindrot.org/show_bug.cgi?id=2232 Bug ID: 2232 Summary: curve25519-sha256 at libssh.org Signature Failures When 'ssh' Used with Dropbear, libssh Servers Product: Portable OpenSSH Version: 6.6p1 Hardware: All OS: All Status: NEW Severity: major

I think we're going to check in the autoconf-generated files on the release branches instead. On Wed, 17 Apr 2024, Simon Josefsson wrote: > Hi > > What do you think about publishing PGP signed tarballs without the > generated files such as the ./configure script? > > What I'm looking for is for some private key holder of the OpenSSH > portable release key to run