From bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org Mon Jan 5 01:01:44 2015 Return-Path: X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC23D1A1F20 for ; Mon, 5 Jan 2015 01:01:44 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.008 X-Spam-Level: X-Spam-Status: No, score=-2.008 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RELMPGGY6IwN for ; Mon, 5 Jan 2015 01:01:43 -0800 (PST) Received: from mail.netbsd.org (mail.NetBSD.org [IPv6:2001:4f8:3:7::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EEED91A1F1D for ; Mon, 5 Jan 2015 01:01:42 -0800 (PST) Received: by mail.netbsd.org (Postfix, from userid 605) id 190F614A162; Mon, 5 Jan 2015 09:01:42 +0000 (UTC) Delivered-To: ietf-ssh@netbsd.org Received: by mail.netbsd.org (Postfix, from userid 1347) id B277614A149; Mon, 5 Jan 2015 09:01:41 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 343E414A162 for ; Mon, 5 Jan 2015 06:06:16 +0000 (UTC) X-Virus-Scanned: amavisd-new at NetBSD.org Authentication-Results: mail.NetBSD.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id j9wzZLEA7Gey for ; Mon, 5 Jan 2015 06:06:15 +0000 (UTC) Received: from mail-wg0-x22c.google.com (mail-wg0-x22c.google.com [IPv6:2a00:1450:400c:c00::22c]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by mail.netbsd.org (Postfix) with ESMTPS id 4185A14A151 for ; Mon, 5 Jan 2015 06:06:15 +0000 (UTC) Received: by mail-wg0-f44.google.com with SMTP id b13so26921100wgh.3 for ; Sun, 04 Jan 2015 22:06:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=Dwd69ltChgx/GNc9gzZvd35pGoPKRfWTDvDSJSZGcL8=; b=VTx7h6BGn/sWRJ5RAGdG0zL9jpPrAr9hhm4YLVR2LXMcm25dJv+zWEUSnivCl0AGPn fKxATNux5FJKRPY6XMpTLogBGybC5xNPP2KHvtE0h0QRH26kyPXMiA1qp+vX8gh349Pq LR9TMwLl4dSTk2Dg2Pk3Mdv1sQD/QPccxJaKla5z2JTsKjXzce4HZWjfoT+O5IpigxPO /jOq4FkG/v06bdUpTCdoG6Ysf/c3r18cet8Md+dnN0nhcU+so4p+7lBV0lUkAQotpJqo Re1++GnxPNrjgIDN/thNGuAJd9SfE0lVvdV8T1O+4TNlr5cDr5OzXeD38s5wBYBU+aFx 3AIg== MIME-Version: 1.0 X-Received: by 10.180.75.237 with SMTP id f13mr21751870wiw.69.1420437973661; Sun, 04 Jan 2015 22:06:13 -0800 (PST) Received: by 10.194.95.40 with HTTP; Sun, 4 Jan 2015 22:06:13 -0800 (PST) Date: Mon, 5 Jan 2015 00:06:13 -0600 Message-ID: Subject: question about agent forwarding From: Thomas Anderson To: ietf-ssh@netbsd.org Content-Type: multipart/alternative; boundary=f46d043894e5d87e5e050be17cf6 Sender: ietf-ssh-owner@NetBSD.org List-Id: ietf-ssh.NetBSD.org Precedence: list --f46d043894e5d87e5e050be17cf6 Content-Type: text/plain; charset=UTF-8 Although OpenSSH does not appear to fully implement https://tools.ietf.org/html/draft-ietf-secsh-agent-02 it does seem like it implements that draft document for agent forwarding. Assuming that that's correct than I have a few questions. If you have to "shell" channels and want to be able to do agent forwarding on either channel that you'd have to do the "auth-agent-req" channel request for each one of those channels? I saw one implementation that created a channel for which a single channel request was ever sent - auth-agent-req. That channel was never closed and then another channel - a "shell" channel - was created. And forwarding seemed to work for that channel. ie. when an attempt was made to connect to another machine through the shell a channel open request for a "auth-agent" channel was sent to the client. Of course I'm thinking that this particular implementation just works by dumb luck and that it is, in fact, an incorrect implementation. Is that correct? Thanks! --f46d043894e5d87e5e050be17cf6 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Although OpenSSH does not appear to fully implement=C2=A0<= a href=3D"https://tools.ietf.org/html/draft-ietf-secsh-agent-02">https://to= ols.ietf.org/html/draft-ietf-secsh-agent-02 it does seem like it implem= ents that draft document for agent forwarding.

Assuming = that that's correct than I have a few questions. If you have to "s= hell" channels and want to be able to do agent forwarding on either ch= annel that you'd have to do the "auth-agent-req" channel requ= est for each one of those channels?

I saw one impl= ementation that created a channel for which a single channel request was ev= er sent - auth-agent-req. That channel was never closed and then another ch= annel - a "shell" channel - was created. And forwarding seemed to= work for that channel. ie. when an attempt was made to connect to another = machine through the shell a channel open request for a "auth-agent&quo= t; channel was sent to the client. Of course I'm thinking that this par= ticular implementation just works by dumb luck and that it is, in fact, an = incorrect implementation. Is that correct?

Thanks!=
--f46d043894e5d87e5e050be17cf6-- From bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org Mon Jan 26 10:59:38 2015 Return-Path: X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 455B21ACE2B for ; Mon, 26 Jan 2015 10:59:38 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.008 X-Spam-Level: X-Spam-Status: No, score=-2.008 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0taR_1NffzUs for ; Mon, 26 Jan 2015 10:59:36 -0800 (PST) Received: from mail.netbsd.org (mail.NetBSD.org [IPv6:2001:4f8:3:7::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3ECBC1ACE37 for ; Mon, 26 Jan 2015 10:59:04 -0800 (PST) Received: by mail.netbsd.org (Postfix, from userid 605) id E36AB14A233; Mon, 26 Jan 2015 18:59:01 +0000 (UTC) Delivered-To: ietf-ssh@netbsd.org Received: by mail.netbsd.org (Postfix, from userid 1347) id 87C6414A226; Mon, 26 Jan 2015 18:59:01 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 3892714A169 for ; Mon, 26 Jan 2015 06:09:32 +0000 (UTC) X-Virus-Scanned: amavisd-new at NetBSD.org Authentication-Results: mail.NetBSD.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id rGUONcNQ1p_k for ; Mon, 26 Jan 2015 06:09:31 +0000 (UTC) Received: from mail-lb0-x22f.google.com (mail-lb0-x22f.google.com [IPv6:2a00:1450:4010:c04::22f]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by mail.netbsd.org (Postfix) with ESMTPS id 69C2E14A167 for ; Mon, 26 Jan 2015 06:09:31 +0000 (UTC) Received: by mail-lb0-f175.google.com with SMTP id 10so5956964lbg.6 for ; Sun, 25 Jan 2015 22:09:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=lUFRkVnud+VFSmVyohYfrCkNkiS/suDN8i9Ql0Lhd2Q=; b=xcSSkl4D8WCzJ7cPS8x539uj3d1WWqCGha5VvjL1DmBE239z0J9sla4/1Znrq3iUhI 5TRE92Ut/Xl0fZKL80DKEH42lmeg3oQDc+pkyiO/Y1+hbzg+TB0FeSlITMOFFZwBowqP 4GFh80W9nLoB601FzkfwHvkBpzD3ZjVjLIRDC0qkLvb5nytgzZVMZLAUyLoPUw+8hy/a vnrhlKZOx/87u4O1mrTgWxeJxwin8cU6gptrg5v3ZOv8g7Ph/TYhApXJpig5SSNG5Zi4 0aJn4jVau3AKC22wf0LFlk5ByAd2OpEMqmrqhuEiSPVP5wDyU4rK6vZOz2lpggZp4R4c mwSQ== MIME-Version: 1.0 X-Received: by 10.112.235.194 with SMTP id uo2mr19189742lbc.57.1422252569558; Sun, 25 Jan 2015 22:09:29 -0800 (PST) Received: by 10.112.42.201 with HTTP; Sun, 25 Jan 2015 22:09:29 -0800 (PST) Date: Mon, 26 Jan 2015 11:39:29 +0530 Message-ID: Subject: SSH keygen From: Apoorva Bhatia To: ietf-ssh@netbsd.org Content-Type: multipart/alternative; boundary=001a11c315e8308292050d87fb8a Sender: ietf-ssh-owner@NetBSD.org List-Id: ietf-ssh.NetBSD.org Precedence: list --001a11c315e8308292050d87fb8a Content-Type: text/plain; charset=UTF-8 Hello, Actually I am trying to perform certain operation of encryption and decryption via hardware (security processor). So I wanted to ask if it is possible to bring about the change in the openssh package code and then build image to run on the security processor? As in if I make some changes to the code and just build the image (without installing it on my current system) and try running the image on the processor, is it possible? Apoorva Bhatia Electrical Engineering (4th year) --001a11c315e8308292050d87fb8a Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hello,

Actually I am trying to perform c= ertain operation of encryption and decryption via hardware (security proces= sor). So I wanted to ask if it is possible to bring about the change in the= openssh package code and then build image to run on the security processor= ? As in if I make some changes to the code and just build the image (withou= t installing it on my current system) and try running the image on the proc= essor, is it possible?


Apoorva Bhatia
Electrical Engineer= ing (4th year)

--001a11c315e8308292050d87fb8a-- From bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org Wed Jan 28 12:32:42 2015 Return-Path: X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E1A991A023E for ; Wed, 28 Jan 2015 12:32:42 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.011 X-Spam-Level: X-Spam-Status: No, score=-0.011 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vEevNGvY138y for ; Wed, 28 Jan 2015 12:32:41 -0800 (PST) Received: from mail.netbsd.org (mail.NetBSD.org [IPv6:2001:4f8:3:7::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A15771A0366 for ; Wed, 28 Jan 2015 12:32:38 -0800 (PST) Received: by mail.netbsd.org (Postfix, from userid 605) id D88B514A1C6; Wed, 28 Jan 2015 20:32:35 +0000 (UTC) Delivered-To: ietf-ssh@netbsd.org Received: by mail.netbsd.org (Postfix, from userid 1347) id 7BB8214A1C5; Wed, 28 Jan 2015 20:32:35 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 677EB14A16D for ; Mon, 26 Jan 2015 22:20:44 +0000 (UTC) X-Virus-Scanned: amavisd-new at NetBSD.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id AIfuGVThAcOo for ; Mon, 26 Jan 2015 22:20:43 +0000 (UTC) Received: from smtp02.srv.cs.cmu.edu (smtp02.srv.cs.cmu.edu [128.2.217.201]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.netbsd.org (Postfix) with ESMTPS id AC61014A169 for ; Mon, 26 Jan 2015 22:20:42 +0000 (UTC) Received-SPF: none (cmu.edu: No applicable sender policy available) receiver=smtp02.srv.cs.cmu.edu; identity=mailfrom; envelope-from="jhutz@cmu.edu"; helo="[128.2.193.239]"; client-ip=128.2.193.239 Received: from [128.2.193.239] (minbar.fac.cs.cmu.edu [128.2.193.239]) (authenticated bits=0) by smtp02.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id t0QKkNVr029321 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Mon, 26 Jan 2015 15:46:23 -0500 (EST) Message-ID: <1422305183.18482.235.camel@minbar.fac.cs.cmu.edu> Subject: Re: SSH keygen From: Jeffrey Hutzelman To: Apoorva Bhatia Cc: jhutz@cmu.edu, ietf-ssh@NetBSD.org Date: Mon, 26 Jan 2015 15:46:23 -0500 In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.2.3-0ubuntu6 Content-Transfer-Encoding: 7bit Mime-Version: 1.0 X-Scanned-By: mimedefang-cmuscs on 128.2.217.201 Sender: ietf-ssh-owner@NetBSD.org List-Id: ietf-ssh.NetBSD.org Precedence: list On Mon, 2015-01-26 at 11:39 +0530, Apoorva Bhatia wrote: > Hello, > > Actually I am trying to perform certain operation of encryption and > decryption via hardware (security processor). So I wanted to ask if it is > possible to bring about the change in the openssh package code and then > build image to run on the security processor? As in if I make some changes > to the code and just build the image (without installing it on my current > system) and try running the image on the processor, is it possible? You've reached the ietf-ssh mailing list, which is for the discussion of standards work related to the SSH protocol, including the now-concluded SECSH working group. This group works at the protocol level; we can't really help with issues related to one particular implemenetation. For discussion related to development of OpenSSH, you want openssh-unix-dev@mindrot.org -- Jeffrey T. Hutzelman (N3NHS) Sr. Research Systems Programmer School of Computer Science - Research Computing Facility Carnegie Mellon University - Pittsburgh, PA