Displaying 20 results from an estimated 30000 matches similar to: "[PATCH 0/4] xen: I/O Resource Accountant"
2024 Jan 24
1
[Bug 3659] New: Certificates are ignored when listing revoked items in a (binary) revocation list
https://bugzilla.mindrot.org/show_bug.cgi?id=3659
Bug ID: 3659
Summary: Certificates are ignored when listing revoked items in
a (binary) revocation list
Product: Portable OpenSSH
Version: 9.2p1
Hardware: All
OS: All
Status: NEW
Severity: minor
Priority: P5
2009 Nov 04
2
Certificates Revocation Lists and Apache...
Hi,
already asked in the openssl mailing list, but just in case you already went through this...
I need a little help with Certificate Revocation Lists.
I did setup client certificates filtering with apache and it seem to work fine so far (used a tutorial on http://www.adone.info/?p=4, down right now).
I have a "CA" that is signing a "CA SSL".
Then, the "CA SSL" is
2003 Nov 27
0
[Announce] GnuPG's ElGamal signing keys compromised
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
GnuPG's ElGamal signing keys compromised
==========================================
Summary
=======
Phong Nguyen identified a severe bug in the way GnuPG creates and uses
ElGamal keys for signing. This is a significant security failure
which can lead to a compromise of almost all ElGamal keys used for
signing. Note that
2014 Dec 22
4
[Bug 2328] New: Per-user certificate revocation list (CRL) in authorized_keys
https://bugzilla.mindrot.org/show_bug.cgi?id=2328
Bug ID: 2328
Summary: Per-user certificate revocation list (CRL) in
authorized_keys
Product: Portable OpenSSH
Version: 6.7p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
2020 Aug 28
2
[Bug 3204] New: Enable user-relative revoked keys files
https://bugzilla.mindrot.org/show_bug.cgi?id=3204
Bug ID: 3204
Summary: Enable user-relative revoked keys files
Product: Portable OpenSSH
Version: 8.1p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-bugs at
2013 Jan 16
2
HostKey Management
Hi,
As far as I can tell, when working in an environment with many servers,
there seem to be several ways for your client to authenticate the
HostKeys of each:
1) Set StrictHostKeyChecking=no, and hope you don't get MITM'd the first
time you connect to a server.
2) Use SSHFP records (which generally requires you to have DNSSEC fully
deployed to be meaningful compared to #1, I think?)
2017 Sep 21
2
Revocation with CRL doesn't work for smartcards
Hi,
I have a smartcard which is revoked in the Certificate Revocation List
(CRL) but I can still login. Seams like the CRL check is not performed. Any
known bug around this?
Server setup:
- Samba 4.4 on Debian as AD DC
- Created domain MYDOM
- smb.conf (extract):
tls enabled = yes
tls crlfile = tls/mycrl.pem (default is to look under private/ folder)
Client setup:
- Windows 7 machine as
2017 Sep 21
0
Revocation with CRL doesn't work for smartcards
On Thu, 21 Sep 2017 22:08:51 +0200
Peter L via samba <samba at lists.samba.org> wrote:
> Thanks but I've actually tried that too. Not sure I put it in [kdc]
> section though, I can try again.
>
> Den 21 sep. 2017 20:54 skrev "Andrew Bartlett" <abartlet at samba.org>:
>
> > On Thu, 2017-09-21 at 13:01 +0200, Peter L via samba wrote:
> > >
2017 Sep 21
2
Revocation with CRL doesn't work for smartcards
Thanks but I've actually tried that too. Not sure I put it in [kdc] section
though, I can try again.
Den 21 sep. 2017 20:54 skrev "Andrew Bartlett" <abartlet at samba.org>:
> On Thu, 2017-09-21 at 13:01 +0200, Peter L via samba wrote:
> > Hi,
> > I have a smartcard which is revoked in the Certificate Revocation List
> > (CRL) but I can still login. Seams
2018 Oct 19
0
Announce: OpenSSH 7.9 released
OpenSSH 7.9 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support.
Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested
2017 Sep 22
2
Revocation with CRL doesn't work for smartcards
Ah, thank you, obviously this is a bug. Last comment (Ćukasz Matyja
2016-04-01) says to have a fix, but how do I know if it has been added to
bitbucket/samba? And if so, in which version? Or does the problem remain
since the bugzilla case is still there? (Status: New)
On Thu, Sep 21, 2017 at 10:52 PM, Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Thu, 21 Sep 2017
2011 Feb 22
4
When running puppetd the cert goes straight up to revoked?
This is the first time is happening... and It happens consecutively
with all the hosts.
Fresh kickstarted host (never set up before the name so its not on the
revocation list), I just run puppetd -tv (we have autosign on), I just
get the output below:
[root@server182 puppet]# puppetd -tv
info: Creating a new SSL key for server182.domain.com
warning: peer certificate won''t be verified in
2018 May 25
3
Suggestion: Deprecate SSH certificates and move to X.509 certificates
Please tell me in technical details how current revocation support
works, or give links. Then I will be able to give an answer.
On Fri, May 25, 2018 at 7:16 AM, Damien Miller <djm at mindrot.org> wrote:
>
>
> On Fri, 25 May 2018, Yegor Ievlev wrote:
>
>> Can you implement revocation support?
>
> What do you want that the existing revocation support lacks?
2006 Dec 01
1
[PATCH 2/10] Add support for netfront/netback acceleration drivers
This set of patches adds the support for acceleration plugins to the
netfront/netback drivers. These plugins are intended to support
virtualisable network hardware that can be directly accessed from the
guest, bypassing dom0.
This is in response to the RFC we posted to xen-devel with an outline
of our approach at the end of September.
To follow will be another set of patches to provide our
2006 Jul 14
4
VMX status report 10680:f692a0a476c5
We have tested the latest xen on VT platform with Intel 915/E8500
chipset.
Here is the test summary:
Issues:
- Cannot boot Four VMX at same time on IA32 host
- Cannot boot Windows XP SP1/SP2 on IA32e host
- Create IA32-PAE VMX on IA32e host will make VMX kernel panic
- Create IA32 VMX on IA32e host will make VMX hang
- Destroying VMX with 4G memory may make xend hang on IA-32e
IA-32:
-
2018 May 25
2
Suggestion: Deprecate SSH certificates and move to X.509 certificates
Can you implement revocation support?
On Fri, May 25, 2018 at 6:55 AM, Damien Miller <djm at mindrot.org> wrote:
> No way, sorry.
>
> The OpenSSH certificate format was significantly motivated by X.509's
> syntactic and semantic complexity, and the consequent attack surface in
> the sensitive pre-authentication paths of our code. We're very happy to
> be able to
2018 May 25
4
Suggestion: Deprecate SSH certificates and move to X.509 certificates
Zero matches in both.
https://linux.die.net/man/5/sshd_config
https://linux.die.net/man/5/ssh_config
On Fri, May 25, 2018 at 7:48 AM, Damien Miller <djm at mindrot.org> wrote:
> On Fri, 25 May 2018, Yegor Ievlev wrote:
>
>> Please tell me in technical details how current revocation support
>> works, or give links. Then I will be able to give an answer.
>
> Please
2016 Jun 17
0
https and self signed
> yes and no, but faking a valid OCSP response that says good instead of
> revoked is also possible ...
Could you please provide any proof for that statement? If it were true
the whole PKI infrastructure should probably be thrown out of the
window. )
> the primary reason was to prevent problems for connection problems -
> or whatever problems - in connection with the OCSP
Sure.
2013 Mar 22
0
Announce: OpenSSH 6.2 released
Changes since OpenSSH 6.1
=========================
This release introduces a number of new features:
Features:
* ssh(1)/sshd(8): Added support for AES-GCM authenticated encryption in
SSH protocol 2. The new cipher is available as aes128-gcm at openssh.com
and aes256-gcm at openssh.com. It uses an identical packet format to the
AES-GCM mode specified in RFC 5647, but uses simpler and
2019 Sep 16
2
revoking ssh-cert.pub with serial revokes also younger certs
Hi Daminan!
Hmmm... thought about a little...
when i use -vvv with ssh-keygen -Qf i see "debug1:..." So i think, debug
is compiled in.
ssh-keygen --help gives me
ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number] file ...
so... option -z is not the serial of the certificate, it is the
version-number of the KRL-File...
My openssh-Verision from Debian is