Dendrobatus Azureus
@Dendrobatus_Azureus@mastodon.bsd.cafe  ·  activity timestamp 3 months ago

An unimportant remnant of the past has been removed from open SSH;
DSA.

Read about it in this article the next article linked will show you that it has been removed finally

#SSH#openSSH#DSA #programming #coding#OpenSource#openBSD#BSD#secureShell#Infosec

https://undeadly.org/cgi?action=article;sid=20240111105900

The image shows a screenshot of a webpage from the OpenBSD Journal. The top of the page features a black background with a logo on the left, depicting a cartoonish sun with guns, and the text "OpenBSD Journal" in light blue. Below the logo, navigation links are visible: Home, Archives, About, Submit, Story, Create Account, and Login. The main content of the page is a news article titled "DSA removal from OpenSSH" in large, light blue text. The article was contributed by "rueda" on January 11, 2024, from the "going-dept." The article states that the OpenSSH project has announced the timeline for the removal of DSA support from OpenSSH. It mentions that OpenSSH plans to remove support for DSA, as specified in the SSHv2 protocol, which is limited to a 160-bit private key with an estimated security level of less than or equal to 80 bits. The article also notes that OpenSSH has disabled DSA keys by default and that DSA is optional support for them. The bottom of the page shows the URL "undeady.org/cgi?act" and a navigation bar with three vertical lines, a home icon, a back arrow, and a menu icon. The battery icon in the top right corner indicates 82% battery life, and the time is 03:31. Ovis2-8B 🌱 Energy used: 0.353 Wh
The image shows a screenshot of a webpage from the OpenBSD Journal. The top of the page features a black background with a logo on the left, depicting a cartoonish sun with guns, and the text "OpenBSD Journal" in light blue. Below the logo, navigation links are visible: Home, Archives, About, Submit, Story, Create Account, and Login. The main content of the page is a news article titled "DSA removal from OpenSSH" in large, light blue text. The article was contributed by "rueda" on January 11, 2024, from the "going-dept." The article states that the OpenSSH project has announced the timeline for the removal of DSA support from OpenSSH. It mentions that OpenSSH plans to remove support for DSA, as specified in the SSHv2 protocol, which is limited to a 160-bit private key with an estimated security level of less than or equal to 80 bits. The article also notes that OpenSSH has disabled DSA keys by default and that DSA is optional support for them. The bottom of the page shows the URL "undeady.org/cgi?act" and a navigation bar with three vertical lines, a home icon, a back arrow, and a menu icon. The battery icon in the top right corner indicates 82% battery life, and the time is 03:31. Ovis2-8B 🌱 Energy used: 0.353 Wh
The image shows a screenshot of a webpage from the OpenBSD Journal. The top of the page features a black background with a logo on the left, depicting a cartoonish sun with guns, and the text "OpenBSD Journal" in light blue. Below the logo, navigation links are visible: Home, Archives, About, Submit, Story, Create Account, and Login. The main content of the page is a news article titled "DSA removal from OpenSSH" in large, light blue text. The article was contributed by "rueda" on January 11, 2024, from the "going-dept." The article states that the OpenSSH project has announced the timeline for the removal of DSA support from OpenSSH. It mentions that OpenSSH plans to remove support for DSA, as specified in the SSHv2 protocol, which is limited to a 160-bit private key with an estimated security level of less than or equal to 80 bits. The article also notes that OpenSSH has disabled DSA keys by default and that DSA is optional support for them. The bottom of the page shows the URL "undeady.org/cgi?act" and a navigation bar with three vertical lines, a home icon, a back arrow, and a menu icon. The battery icon in the top right corner indicates 82% battery life, and the time is 03:31. Ovis2-8B 🌱 Energy used: 0.353 Wh
Dendrobatus Azureus
@Dendrobatus_Azureus@mastodon.bsd.cafe replied  ·  activity timestamp 3 months ago

This article shows that DSA has finally been removed

#SSH#openSSH#DSA #programming #coding#OpenSource#openBSD#BSD#secureShell#Infosec

https://undeadly.org/cgi?action=article;sid=20250507010932

The image shows a screenshot of a webpage from the OpenBSD Journal. The top of the page displays the title "OpenBSD Journal" with a logo featuring a stylized sun. Below the title, there are navigation links including Home, Archives, About, Submit Story, Create Account, and Login. The main content of the page is a news article titled "DSA signature support removed from OpenSSH," contributed by rueda on 2025-05-06. The article states that Damien Miller has completed the removal of DSA signature support from OpenSSH, listing the modified and removed files. The CVSROOT and Module name are also provided. The log message confirms the removal of DSA signature support. The editors encourage readers to ensure the removal is complete. The latest articles section lists other recent news items, including a commit of the LLDP daemon and tool and a call for testing the last bits of DSA. The webpage's URL is undeadly.org/cgi?act, and the battery level is at 82%. Ovis2-8B 🌱 Energy used: 0.249 Wh
The image shows a screenshot of a webpage from the OpenBSD Journal. The top of the page displays the title "OpenBSD Journal" with a logo featuring a stylized sun. Below the title, there are navigation links including Home, Archives, About, Submit Story, Create Account, and Login. The main content of the page is a news article titled "DSA signature support removed from OpenSSH," contributed by rueda on 2025-05-06. The article states that Damien Miller has completed the removal of DSA signature support from OpenSSH, listing the modified and removed files. The CVSROOT and Module name are also provided. The log message confirms the removal of DSA signature support. The editors encourage readers to ensure the removal is complete. The latest articles section lists other recent news items, including a commit of the LLDP daemon and tool and a call for testing the last bits of DSA. The webpage's URL is undeadly.org/cgi?act, and the battery level is at 82%. Ovis2-8B 🌱 Energy used: 0.249 Wh
The image shows a screenshot of a webpage from the OpenBSD Journal. The top of the page displays the title "OpenBSD Journal" with a logo featuring a stylized sun. Below the title, there are navigation links including Home, Archives, About, Submit Story, Create Account, and Login. The main content of the page is a news article titled "DSA signature support removed from OpenSSH," contributed by rueda on 2025-05-06. The article states that Damien Miller has completed the removal of DSA signature support from OpenSSH, listing the modified and removed files. The CVSROOT and Module name are also provided. The log message confirms the removal of DSA signature support. The editors encourage readers to ensure the removal is complete. The latest articles section lists other recent news items, including a commit of the LLDP daemon and tool and a call for testing the last bits of DSA. The webpage's URL is undeadly.org/cgi?act, and the battery level is at 82%. Ovis2-8B 🌱 Energy used: 0.249 Wh
Dendrobatus Azureus
@Dendrobatus_Azureus@mastodon.bsd.cafe  ·  activity timestamp 3 months ago

An unimportant remnant of the past has been removed from open SSH;
DSA.

Read about it in this article the next article linked will show you that it has been removed finally

#SSH#openSSH#DSA #programming #coding#OpenSource#openBSD#BSD#secureShell#Infosec

https://undeadly.org/cgi?action=article;sid=20240111105900

The image shows a screenshot of a webpage from the OpenBSD Journal. The top of the page features a black background with a logo on the left, depicting a cartoonish sun with guns, and the text "OpenBSD Journal" in light blue. Below the logo, navigation links are visible: Home, Archives, About, Submit, Story, Create Account, and Login. The main content of the page is a news article titled "DSA removal from OpenSSH" in large, light blue text. The article was contributed by "rueda" on January 11, 2024, from the "going-dept." The article states that the OpenSSH project has announced the timeline for the removal of DSA support from OpenSSH. It mentions that OpenSSH plans to remove support for DSA, as specified in the SSHv2 protocol, which is limited to a 160-bit private key with an estimated security level of less than or equal to 80 bits. The article also notes that OpenSSH has disabled DSA keys by default and that DSA is optional support for them. The bottom of the page shows the URL "undeady.org/cgi?act" and a navigation bar with three vertical lines, a home icon, a back arrow, and a menu icon. The battery icon in the top right corner indicates 82% battery life, and the time is 03:31. Ovis2-8B 🌱 Energy used: 0.353 Wh
The image shows a screenshot of a webpage from the OpenBSD Journal. The top of the page features a black background with a logo on the left, depicting a cartoonish sun with guns, and the text "OpenBSD Journal" in light blue. Below the logo, navigation links are visible: Home, Archives, About, Submit, Story, Create Account, and Login. The main content of the page is a news article titled "DSA removal from OpenSSH" in large, light blue text. The article was contributed by "rueda" on January 11, 2024, from the "going-dept." The article states that the OpenSSH project has announced the timeline for the removal of DSA support from OpenSSH. It mentions that OpenSSH plans to remove support for DSA, as specified in the SSHv2 protocol, which is limited to a 160-bit private key with an estimated security level of less than or equal to 80 bits. The article also notes that OpenSSH has disabled DSA keys by default and that DSA is optional support for them. The bottom of the page shows the URL "undeady.org/cgi?act" and a navigation bar with three vertical lines, a home icon, a back arrow, and a menu icon. The battery icon in the top right corner indicates 82% battery life, and the time is 03:31. Ovis2-8B 🌱 Energy used: 0.353 Wh
The image shows a screenshot of a webpage from the OpenBSD Journal. The top of the page features a black background with a logo on the left, depicting a cartoonish sun with guns, and the text "OpenBSD Journal" in light blue. Below the logo, navigation links are visible: Home, Archives, About, Submit, Story, Create Account, and Login. The main content of the page is a news article titled "DSA removal from OpenSSH" in large, light blue text. The article was contributed by "rueda" on January 11, 2024, from the "going-dept." The article states that the OpenSSH project has announced the timeline for the removal of DSA support from OpenSSH. It mentions that OpenSSH plans to remove support for DSA, as specified in the SSHv2 protocol, which is limited to a 160-bit private key with an estimated security level of less than or equal to 80 bits. The article also notes that OpenSSH has disabled DSA keys by default and that DSA is optional support for them. The bottom of the page shows the URL "undeady.org/cgi?act" and a navigation bar with three vertical lines, a home icon, a back arrow, and a menu icon. The battery icon in the top right corner indicates 82% battery life, and the time is 03:31. Ovis2-8B 🌱 Energy used: 0.353 Wh
Bryan Steele :flan_beard:
@brynet@bsd.network  ·  activity timestamp 3 months ago

A very welcome change in #OpenBSD -current that impacts software which restrict filesystem access with unveil(2), but permit access to /tmp (like web browsers). flan_thumbs

ssh-agent(1) listener sockets and forwarded sockets in sshd(8) will now be under ~/.ssh/agent instead.

djm@ modified src/usr.bin/ssh/*: Move agent listener sockets from /tmp to under ~/.ssh/agent for both ssh-agent(1) and forwarded sockets in sshd(8).

This ensures processes (such as Firefox) that have restricted filesystem access that includes /tmp (via unveil(3)) do not have the ability to use keys in an agent.

Moving the default directory has the consequence that the OS will no longer clean up stale agent sockets, so ssh-agent now gains this
ability.

To support $HOME on NFS, the socket path includes a truncated hash of the hostname. ssh-agent will by default only clean up sockets from the same hostname.

ssh-agent gains some new flags: -U suppresses the automatic cleanup of stale sockets when it starts. -u forces a cleanup without keeping a running agent, -uu forces a cleanup that ignores the hostname. -T makes ssh-agent put the socket back in /tmp.

feedback deraadt@ naddy@
doitdoitdoit deraadt@

#OpenSSH