[OmniOS-discuss] common-factor key exchange
Michael Mounteney
gate03 at landcroft.co.uk
Mon Dec 1 23:41:49 UTC 2014
On Mon, 1 Dec 2014 14:36:03 -0800
"Paul B. Henson" <henson at acm.org> wrote:
> I've got no idea why yours is behaving differently. What use flags do
> you have set? Mine are:
>
> [ebuild R ] net-misc/openssh-6.6_p1-r1 USE="X hpn kerberos pam
> -X509 -bindist -ldap -ldns -libedit (-selinux) -skey -static -tcpd" 0
> kB
My use flags are
equery u openssh
[ Legend : U - final flag setting for installation]
[ : I - package is installed with flag ]
[ Colors : set, unset ]
* Found these USE flags for net-misc/openssh-6.7_p1-r3:
U I
+ + X : Add support for X11
- - X509 : Adds support for X.509 certificate authentication
- - bindist : Disable EC/RC5 algorithms in OpenSSL for patent reasons.
+ + hpn : Enable high performance ssh
- - kerberos : Add kerberos support
+ + ldap : Add support for storing SSH public keys in LDAP
- - ldns : Use LDNS for DNSSEC/SSHFP validation.
- - libedit : Use the libedit library (replacement for readline)
+ + pam : Add support for PAM (Pluggable Authentication Modules) - DANGEROUS to arbitrarily flip
+ + pie : Build programs as Position Independent Executables (a security hardening technique)
- - sctp : Support for Stream Control Transmission Protocol
- - skey : Enable S/Key (Single use password) authentication support
- - static : !!do not set this during bootstrap!! Causes binaries to be statically linked instead of dynamically
but the reason for the problem is that the older algorithms have been removed from openssh-6.7. I just downgraded to 6.6 on one machine and once again was able to ssh in from OmniOS. Upgrade to 6.7 again and the common kex problem re-arose.
Michael.
More information about the OmniOS-discuss
mailing list