A free and open implementation of the SSH communication security tools.
A free and open implementation of the SSH communication security tools.
Questions tagged [openssh]
178 questions
4
votes
1 answer
OpenSSH: Is setting a long ForwardX11Timeout better than ForwardX11Trusted?
I've never loved the idea of trusted X11 connections to shared machines. However, several years ago, we noticed that untrusted connections stopped working after a very short amount of time. After some digging, I found out that there's a…
Nate
- 143
- 4
3
votes
1 answer
ssh-keygen fingerprint format is different between RSA+ECDSA and ED25519
I noticed that when showing the fingerprint of different key types, there is one difference in the format.
for some reason ED25519 has the hash bits (I guess?) - 256, whereas the other key types have the key length in bits instead.
As you can see in…
Roy Ca
- 141
- 1
- 4
2
votes
2 answers
OpenSSH Disabling Diffie-Hellman (DHE) key exchange
I'm seeking to mitigate CVE-2002-20001 by disabling DHE key exchange through OpenSSH on an Ubuntu instance.
I understand this can be achieved through editing the /etc/ssh/sshd_config at line
KexAlgorithms…
user281564
- 21
- 1
- 2
2
votes
1 answer
OpenSSH Primes - can there be such a thing as "too few" primes available?
The (old) Secure Secure Shell guide suggests (re)creating /etc/ssh/moduli so sshd has safe prime numbers to use for Diffie-Hellman key agreement.
I've generated a 4096-bit moduli file with ssh-keygen -G -b 4096, and then filtered them with…
mgarciaisaia
- 157
- 1
- 7
1
vote
1 answer
Configuration option PubkeyAcceptedKeyTypes vs PubkeyAcceptedAlgorithms?
I'm using OpenSSH 8.9p1. I'm trying to connect to a git via SSH, and I'm getting
no matching host key type found. Their offer: ssh-rsa
I was able to fix the problem by adding the following to my ~/.ssh/config
Host git.host.net
User git
…
Evan Carroll
- 2,811
- 5
- 25
- 40
1
vote
0 answers
tools for testing ssh packets size
I need to test maximum-packet-size for SSH protocol. Would be grateful for information on possible tools that can be used for this. What I specifically need is the possibility to indicate packet length and to insure that data was send as one packet.…
Antonina
- 11
- 2
0
votes
1 answer
Besides intended usage, what is the difference between a host key and a user key?
The ssh-keygen program has -h flag for creating a host key. What is the actual difference between keys created with and without -h? Is there any reason I could/should not use a host key as a user key or vice versa?
Keith Wolters
- 123
- 4