openssh-portable
gentoo
Our great sponsors
openssh-portable | gentoo | |
---|---|---|
39 | 51 | |
2,807 | 1,990 | |
3.7% | 2.0% | |
9.4 | 10.0 | |
1 day ago | 6 days ago | |
C | Shell | |
GNU General Public License v3.0 or later | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
openssh-portable
-
Terrapin Attack for prefix injection in SSH
Unless I'm misunderstanding what this is about RFC5647 merely points out that the sequence number is included as AAD due to RFC4253 requirements. The [email protected] specification is not exactly the most rigorous thing I've ever seen (https://github.com/openssh/openssh-portable/blob/master/PROT...) but reading it, the sequence number is only included in the IV, and not as AAD, which directly runs afoul of the RFC4253 section 6.4 requirement for it to be included in the MAC.
- SSH3: SSH using HTTP/3 and QUIC
-
SSH keys stolen by stream of malicious PyPI and NPM packages
The key layout is described in https://github.com/openssh/openssh-portable/blob/master/PROT... and you can view it pretty easily via
cat private_key_here | head -n -1 | tail -n +2 | base64 -d | xxd
One I created in 2016 is using aes256-cbc with bcrypt for the kdf, which isn't awful at all.
-
Microsoft signing keys were leaked
Interestingly, it looks like ssh-agent disables core dumps[1], but I don't see similar usage for sshd
1: https://github.com/openssh/openssh-portable/blob/694150ad927...
-
An Excruciatingly Detailed Guide to SSH (But Only the Things I Find Useful)
There's a current pull request for adding AF_UNIX support, which should make all kinds of exciting forwarding possible, since it will make it easy to proxy ssh connections through an arbitrary local process which can do anything to forward the data to the remote end.
https://github.com/openssh/openssh-portable/pull/431
-
Project on GitHub - Customizable Arch Linux Podman images based on the official Arch Linux Docker image
OpenSSH server (allows connecting to containers)
-
Funds of every Trust Wallet browser extension could have been stolen
It doesn't, at least not for generic/unmodified cryptographic applications.
WebAuthN signatures are of a very specific challenge/response format that applications need to explicitly support. For example, SSH had to add new key and signature formats [1] to support it.
Theoretically, a blockchain/cryptocurrency application could adopt the WebAuthN signature format as its canonical or an alternative signature format, but I'm not aware of any popular one having done so.
[1] https://github.com/openssh/openssh-portable/blob/master/PROT...
-
We updated our RSA SSH host key
I just tested it and looked at the code briefly; the client fortunately does seem to remove all keys not provided by the server: https://github.com/openssh/openssh-portable/blob/36c6c3eff5e...
It seems like at least a `known_hosts` compromise would be "self-healing" after connecting to the legitimate github.com server once.
- What do you think 1.20 will be called?
-
OpenAI Execs Say They're Shocked by ChatGPT's Popularity
And OpenVAS and OpenSSH and OpenBSD and OpenNN and OpenAFS and on and on and on
gentoo
- Backdoor in upstream xz/liblzma leading to SSH server compromise
-
Vulkan Video Extensions for Accelerated H.264 and H.265 Encode
Whilst Firefox may support hardware video decoding, Mesa since March 2022 disables patent encumbered codecs by default[1], and distributions such as Fedora and OpenSuse do not explicitly enable these patent encumbered codecs to avoid possible legal problems. Even Gentoo (built from source code by the user) requires the user to explicitly enable a USE flag (proprietary-codes) to use patent encumbered codecs.[2]
The thought process is that AMD, NVIDIA, Intel and the likes are not providing a patent license with their hardware.[3] They are instead just supplying part of an overall system that together with operating system kernel, display manager software, video player software, etc allows the decoding and encoding of patent encumbered video files. Open source software projects and distributions are concerned they'd be found to be infringing patents by enabling a complete solution out-of-the-box. Hence they put some hurdles in place so that a user has to go out of their way to separately piece together the various parts to form a complete system capable of encoding and decoding patent encumbered codecs.
[1] https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/15...
[2] https://github.com/gentoo/gentoo/commit/1265a159743d7f07185a...
[3] https://lists.fedoraproject.org/archives/list/[email protected]...
-
I like gentoo's package deprecation process
Thank you! I don't live in git and this helps! Normally under gentoo I shouldn't have to. This actual git https://github.com/gentoo/gentoo (as opposed to the gentoo browser view) plus this "checkout the commit" should get me much further. ... And probably deserve some space in the gentoo docs.
- Great news java people: Gradle eclass is in the works!
- LLVM stages
-
Is gentoo difficult to maintain as a daily driver?
You choose - here's a list
- Error 2124 when trying to interact with super-block (show-super, set-option)
- HTTP-Tiny: verify_SSL (Draft PR)
-
My CNCF LFX Mentorship Spring 2023 Project at Kubescape
(pending) gentoo/gentoo #30595 sys-cluster/kubescape: new package, add 2.2.6
-
Why do the desktop profiles add so many USE flags?
profiles/targets/desktop/make.defaults:
What are some alternatives?
guardian-agent - [beta] Guardian Agent: secure ssh-agent forwarding for Mosh and SSH
gentooLTO - A Gentoo Portage configuration for building with -O3, Graphite, and LTO optimizations
wezterm - A GPU-accelerated cross-platform terminal emulator and multiplexer written by @wez and implemented in Rust
torbrowser-overlay - Gentoo overlay for Tor Browser related ebuilds
ssh-mitm - SSH-MITM - ssh audits made simple
cmake-init-conan-example - cmake-init generated executable project with Conan integration
mac-ssh-confirm - Protect against SSH Agent Hijacking on Mac OS X with the ability to confirm agent identities prior to each use
cmake-init-vcpkg-example - cmake-init generated executable project with vcpkg integration
ports - Read-only git conversion of OpenBSD's official cvs ports repository. Pull requests not accepted - send diffs to the ports@ mailing list.
llvm-overlay - Unofficial experimental gentoo overlay for compiling llvm with additional components
OpenSSL - TLS/SSL and crypto library
cmake-init - The missing CMake project initializer