data
is decrypted and it's not a problem in SSH since it does work with 8KB
data chunks. I don't see how it could corrupt just one bit before
writing the data to the disk.
J.
--
Jan Pechanec
http://blogs.sun.com/janp
___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org
On Mon, 26 Apr 2010, Jan Pechanec wrote:
>>But for example
>>$ nslookup www.google.com
>>works fine without delay, so the DNS resolution must be fine right?
>
> hi Robin, as mentioned before, not necessarily. name->ip
>resolution is configured by the "ho
ersion of ssh.
correct, it is not. Hopefully we fix this in the future.
J.
--
Jan Pechanec
http://blogs.sun.com/janp
___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org
in nsswitch.conf,
ip->name resolution is configured by the "ipnodes" keyword.
J.
--
Jan Pechanec
http://blogs.sun.com/janp
___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org
doesn't have to be to have a reverse mapping for
the client IP address but to set it up so that you get an immediate
response from the system that there is not such reverse, without a
delay.
cheers, J.
--
Jan Pechanec
http://blogs.sun.com/janp
___
tion times out.
see also my other responses later in the thread.
J.
--
Jan Pechanec
http://blogs.sun.com/janp
___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org
down on signal 15
>
>I want to see user activity to the samba shares... how do I do that...?
>
>TIA.
>
>Kr.
>Luke Van
>
--
Jan Pechanec
http://blogs.sun.com/janp
___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org
olaris when i used that as a
>desktop =))
ok, I understand that such app can save some time. There is
definitely room for improvement wrt ciphers, it should not use "-c"
option at all, and it could optionally allow to use it in case that the
shipped clie
icks. The client should by
default be willing to use only safe ciphers, and that's definitely not
DES. The fact that it even allows you to use DES with SSH protocol 2
seems very suspicious, it's not part of the SSH protocol at all, as
mentioned by Bayard in another email.
aes128-cbc
server: aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour
The client cipher list can be controlled using the "Ciphers" option,
see ssh_config(4) for more information. The "-o Ciphers="
option may be used to temporarily override the ciphers
remote system using the -c option to launch a command, and
> check that the destination file exists in the first place. If it doesn't,
> only
> then use a second command for scp to copy it to the remote system.
you can do something like this, in one command:
ng here?
http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6878610
fixed in 124. J.
--
Jan Pechanec
___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org
J.
>debug3: key_read: no key found
>debug2: user_key_allowed: check options: 'command="/usr/local/bin/my_command"
>ssh-rsa KEY_DATA_HERE'
>
>-Jon
>_______
>opensolaris-discuss mailing list
>opensolaris-discuss@ope
well at that
time. I updated the Description so that it doesn't confuse other readers
in the future. Thanks, J.
--
Jan Pechanec
___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org
r,d}sa* will expand to rsa, then dsa; the other way around is left as an
> exercise to the reader.
I also think the change was in a shell, or in a shell change, or
in something else, but not in SunSSH. We haven't changed anything
regarding this area for the last (at lea
for here.
http://blogs.sun.com/janp/entry/the_code_chrootdirectory_code_option
--
Jan Pechanec
___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org
illegal option -- Z
>sshd version Sun_SSH_1.1
>...
>
>>I'd like to start running Sun's SSH. Does anyone know the steps I'd
>need to
>>take to disable/uninstall OpenSSH and start up Sun's SSH? Thanks.
>
> OpenSSH is not shipped wi
27;s SSH. Does anyone know the steps I'd need to
>take to disable/uninstall OpenSSH and start up Sun's SSH? Thanks.
OpenSSH is not shipped with Solaris at all.
J.
--
Jan Pechanec
___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org
t think it's a good one. The reason why it's not there
now was explained by Casper. And I can confirm that there is no check
whether SUNWcry package is present (OpenSSL has it), aes256 was just
removed, I suspect that the reason was th
ypto is
>rolled into Solaris Nevada.
one file must be updated. It's a simple change that should be made
after we get strong crypto to Nevada by default.
Jan.
--
Jan Pechanec
___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org
there is a presentation on recent changes in SunSSH:
http://mediacast.sun.com/details.jsp?id=4075
if there is anything seemed missing on OO.org SSH's page I'm happy
to add it there.
cheers, Jan.
--
Jan Pechanec
_
ell, I don't really think there is a need for that (and I gave an
example the last time that being conservative might mean being more secure,
not less) but I understand that you might want to run latest OpenSSH and
nothing else.
Jan.
--
Jan Pechanec
___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org
quite sure that OpenSSH team will fix it in their code
base simply because they take security seriously.
J.
--
Jan Pechanec
___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org
So long as the door is slammed shut I'm safe. I hope.
the fact that you run latest OpenSSH version doesn't necessarily
mean that you are safer than if running SunSSH. CVE-2007-4752 is an example
of that. And yes, SunSSH doesn't follow all OpenSSH changes but t
hi Dennis,
> is that strange ? I think so. Why is there a library
> for ssh located in
> /usr/sfw whic is supposed to be the location for
> stuff from the Companion CD
> and NOT the OS core components.
historical reasons, /usr/sfw/ is going away. See this case for OpenSSL:
http://www.ope
vlad/entry/simple_solaris_installation
enjoy. Jan.
--
Jan Pechanec
Software Engineer
Security Technologies | OS Hardening
___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org
t;would like to release it under CDDL licence. This project is part of my
great, will it have write support?
Jan.
--
Jan Pechanec
___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org
e, but that did not work.
shouldn't be needed.
check edit -> preferences -> advanced -> security -> view_certs ->
authorities - there should be certificates of CA's. It seems that those
default ones are all built in Firefox.
Jan.
--
Jan Pech
;Sun_SSH_1.1\"
>
>But I seem to have :
>
> Local version string SSH-2.0-Sun_SSH_1.1
>
>or am I looking in the wrong place ?
>
>
>Also, and perhaps unrelated, I downloaded this :
>
>sol-10-encrypt-GA-iso.zip
>
>It says Sol-10
setkey=urn:cds:docid:1-21-121230-01-1
and since you talked about RedHat, I just tried to find it, too:
http://rhn.redhat.com/errata/RHSA-2005-882.html
I hope that I'm not mistaken but it seems to me that they released
their advisory/patches in 2005-12-19.
all it on
S10 and expect it work. OpenSSL is closely integrated into the system so
many commands are linked againt it. 0.9.7x and 0.9.8x versions are not
binary compatible so cannot just replace ssl/crypto libraries.
Jan.
--
Jan Pechanec
Software Engineer
Security Technologies | OS Harde
31 matches
Mail list logo
