Re: Anyone have OpenSSH + X11-fwd working?
Peter Wemm wrote: I hope we haven't changed the server default to stop forwarding.. the security risk is to the client, not the remote sshd server, therefore it is the client that should decide on whether to forward or not. I seem to recall the server default being changed, then discussion about why it should be the client instead. The decision was to change the _client_ default and change the server default back, but I don't know if that all happened. (In fact, I'm pretty sure it didn't.) Doug To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: HEADS UP: Alpha OpenSSH/OpenSSL breakage
On Thu, 20 Apr 2000, Kris Kennaway wrote: I've tracked down what seems to be a bug in the new version of OpenSSL I imported a week ago which affects the alpha platform. It *looks* like a bug in OpenSSL's "bignum" library which might not have shown up for users of the default openssl distribution, which uses assembly to implement (parts of) bignum on alpha. We don't currently use asm on either platform (i386 or alpha) because of a lack of support for a target "CPU revision" (e.g. i[3456]86) during make world. This turns out to have been a bad guess: OpenSSL don't even use asm on alpha for some reason, although they have the .s files there. The actual bug here is that FreeBSD/Alpha doesn't support /dev/random, and OpenSSL-0.9.5a is more stringent about having good-quality random input than 0.9.4 was. When OpenSSH tries to generate an RSA key it cant get the randomness it wants at a lower level in the library, and the operation fails. I'm looking at how this can be worked around, but obviously the real fix is to get /dev/[u]random support working on alpha ASAP - this is a serious omission. Any takers? Kris In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Anyone have OpenSSH + X11-fwd working?
In message [EMAIL PROTECTED] "Andrew Reilly" writes: : Have you got "X11Forwarding yes" Ahem. "ForwardX11 yes" is what's documented and is known to work. Warner To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ssh to freefall broken
On Thu, Apr 20, 2000 at 05:05:11PM -0700, Archie Cobbs wrote: Kris Kennaway writes: $ ssh [EMAIL PROTECTED] Warning: Server lies about size of server host key: actual size is 1023 bits vs. announced 1024. Warning: This may be due to an old implementation of ssh. Warning: identity keysize mismatch: actual 1023, announced 1024 Agent admitted failure to authenticate using the key. Authentication agent failed to decrypt challenge. Enter passphrase for RSA key '[EMAIL PROTECTED]': Are you still being asked for your passphrase? I noticed a couple of days ago that ssh to freefall wanted my passphrase, but I didn't need it yesterday or today. Sunspots? Full moon? Even before OpenSSH, I've had this problem in the past. Sometimes it seemed to be due to reverse DNS lookups not resolving correctly (my ISP wasn't always responding to reverse DNS lookups correctly). -Mike -- Mike Pritchard [EMAIL PROTECTED] or [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Anyone have OpenSSH + X11-fwd working?
On Fri, Apr 21, 2000 at 01:25:20AM -0600, Warner Losh wrote: In message [EMAIL PROTECTED] "Andrew Reilly" writes: : Have you got "X11Forwarding yes" Ahem. "ForwardX11 yes" is what's documented and is known to work. Bzzzt. Man sshd(8): X11Forwarding Specifies whether X11 forwarding is permitted. The default is ``yes''. Note that disabling X11 forwarding does not improve se- curity in any way, as users can always install their own for- warders. Man ssh(1): ForwardX11 Specifies whether X11 connections will be automatically redirect- ed over the secure channel and DISPLAY set. The argument must be ``yes'' or ``no''. What man ssh(1) doesn't tell you in this paragraph is that even if you say "ForwardX11 yes" in ~/.ssh/config, you will not get a proxy X session unless the server has "X11Forwarding yes" in /etc/ssh/sshd_config. The default that my system configured itself with was "X11Forwarding no", and I've just changed it, and now it works. That's what I found out as a result of this conversation. -- Andrew To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Anyone have OpenSSH + X11-fwd working?
In message [EMAIL PROTECTED] "Andrew Reilly" writes: : Bzzzt. Man sshd(8): Ah, I'm confused and came in on the middle of a conversation. Never mind. : That's what I found out as a result of this conversation. That's good to know! Warner To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Anyone have OpenSSH + X11-fwd working?
On Fri, 21 Apr 2000, Warner Losh wrote: In message [EMAIL PROTECTED] "Andrew Reilly" writes: : Have you got "X11Forwarding yes" Ahem. "ForwardX11 yes" is what's documented and is known to work. According to the documentation, ForwardX11 yes is for ssh configs and X11Forwarding yes is for sshd configs. (O_o) Warner -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / [EMAIL PROTECTED]`--' To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Anyone have OpenSSH + X11-fwd working?
On Fri, 21 Apr 2000, Andrew Reilly wrote: What man ssh(1) doesn't tell you in this paragraph is that even if you say "ForwardX11 yes" in ~/.ssh/config, you will not get a proxy X session unless the server has "X11Forwarding yes" in /etc/ssh/sshd_config. The default that my system configured itself with was "X11Forwarding no", and I've just changed it, and now it works. That's what I found out as a result of this conversation. For better or for worse, my configuration files haven't changed at all, and are all still correct for OpenSSH, and nothing is fixed with the latest OpenSSH code either... All I can think of is perhaps reinstalling XFree. -- Andrew -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / [EMAIL PROTECTED]`--' To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
make release broken...
=== bin/csh/nls cd /usr/src/bin/csh/nls ; make afterdistribute DESTDIR=/R/stage/trees/bin === bin/csh/nls/finnish make: don't know how to make distribute. Stop *** Error code 2 Stop in /usr/src/bin/csh/nls. *** Error code 1 -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 [EMAIL PROTECTED] | TCP/IP since RFC 956 FreeBSD coreteam member | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: make release broken...
On Fri, Apr 21, 2000 at 01:54:23PM +0200, Poul-Henning Kamp wrote: === bin/csh/nls cd /usr/src/bin/csh/nls ; make afterdistribute DESTDIR=/R/stage/trees/bin === bin/csh/nls/finnish make: don't know how to make distribute. Stop Fix commited. -- Andrey A. Chernov [EMAIL PROTECTED] http://nagual.pp.ru/~ache/ To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Anyone have OpenSSH + X11-fwd working?
Brian Fundakowski Feldman wrote: On Thu, 20 Apr 2000, Chris Piazza wrote: It's working from my 5.0 box to my 4.0-R box across town, too. -Chris Okay, give me some more info, please: You're going from the 5.0 box to the 4.0 box. What's the /etc/hosts look like on the 5.0 box? What's xauth list show (you don't have to show me the cookies, of course :)? What does xauth list say when you're ssh'd into the 4.0 box? X11 forwarding is working for me now, but wasn't when I first tried it. I found I was explicitly setting XAUTHORITY=~/.Xauthority in my .zshrc file, so the temporary bits created in /tmp/ssh-foo/cookies by ssh weren't being picked up. I missed the beginning of this thread, but you're not doing anything similar are you? After fixing that, it seems to be working for me. Of course, I'm on 4.0-stable, so if that works for you anyway and it's just 5.0-current which is broken, ignore me. -- Ben Smithurst / [EMAIL PROTECTED] / PGP: 0x99392F7D To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: make world left me with an unbootable system
Nickolay Dudorov wrote: Me too There is some problems with "/boot/loader". You can just hit the key due to "|/-..." propelling and load "/boot/loader.old" instead of "/boot/loader". (And the first thing I make on the booted system - "cp /boot/loader.old /boot/loader.good" ;-) Ah, my most significant contribution to FreeBSD yet: generating a loader.old! :-) -- Daniel C. Sobral(8-DCS) [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] GPL certainly doesn't meet Janis Joplin's definition of freedom: "Freedom is just another word for nothing left to lose." To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Anyone have OpenSSH + X11-fwd working?
On Fri, 21 Apr 2000, Ben Smithurst wrote: X11 forwarding is working for me now, but wasn't when I first tried it. I found I was explicitly setting XAUTHORITY=~/.Xauthority in my .zshrc file, so the temporary bits created in /tmp/ssh-foo/cookies by ssh weren't being picked up. I missed the beginning of this thread, but you're not doing anything similar are you? After fixing that, it seems to be working for me. Of course, I'm on 4.0-stable, so if that works for you anyway and it's just 5.0-current which is broken, ignore me. Sorry, no dice :( It doesn't seem to be that. All I've got left is maybe sending out every bit of configuration info, and maybe someone could figure it out. I doubt it, though, so I'm not gonna. -- Ben Smithurst / [EMAIL PROTECTED] / PGP: 0x99392F7D -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / [EMAIL PROTECTED]`--' To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ssh to freefall broken
Mike Pritchard writes: Kris Kennaway writes: $ ssh [EMAIL PROTECTED] Warning: Server lies about size of server host key: actual size is 1023 bits vs. announced 1024. Warning: This may be due to an old implementation of ssh. Warning: identity keysize mismatch: actual 1023, announced 1024 Agent admitted failure to authenticate using the key. Authentication agent failed to decrypt challenge. Enter passphrase for RSA key '[EMAIL PROTECTED]': Are you still being asked for your passphrase? I noticed a couple of days ago that ssh to freefall wanted my passphrase, but I didn't need it yesterday or today. Sunspots? Full moon? Yes, that's what has changed.. before it never asked, now it always asks. For me it's not intermittent.. it's consistent. Even before OpenSSH, I've had this problem in the past. Sometimes it seemed to be due to reverse DNS lookups not resolving correctly (my ISP wasn't always responding to reverse DNS lookups correctly). That doesn't seem to be the problem.. I can resolve my IP address from freefall (in another window) at the same time it's failing.. This only happens when going from machine A - machine B - freefall. Machine A is 3.4-REL, machine B is either 4.0-stable or 5.0-current (as of a couple of days ago). When going directly from machine A - freefall it works fine... in this case no newer versions of FreeBSD are invovled. Previously, when machine B was 3.4-REL or pre-4.0-current (as of a few months ago), it worked fine. Since then, only 'machine B' has changed. Machine A (and presumably freefall) haven't. It may be something stupid I'm doing.. but if it is, then I was was doing it before and it used to work :-) It also may have to do with the warning 'Server lies about size of server host key: actual size is 1023 bits vs. announced 1024.' A complete trace is included below. -Archie ___ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com [machineA] $ ssh -v machineB SSH Version 1.2.26 [i386-unknown-freebsd3.1], protocol version 1.5. Standard version. Does not use RSAREF. machineA.whistle.com: Reading configuration data /usr/local/etc/ssh_config machineA.whistle.com: Applying options for * machineA.whistle.com: ssh_connect: getuid 1000 geteuid 0 anon 0 machineA.whistle.com: Connecting to machineB [207.76.205.132] port 22. machineA.whistle.com: Allocated local port 751. machineA.whistle.com: Connection established. machineA.whistle.com: Remote protocol version 1.5, remote software version OpenSSH-1.2.2 machineA.whistle.com: Waiting for server public key. machineA.whistle.com: Received server public key (768 bits) and host key (1024 bits). machineA.whistle.com: Host 'machineB' is known and matches the host key. machineA.whistle.com: Initializing random; seed file /home/archie/.ssh/random_seed machineA.whistle.com: IDEA not supported, using 3des instead. machineA.whistle.com: Encryption type: 3des machineA.whistle.com: Sent encrypted session key. machineA.whistle.com: Installing crc compensation attack detector. machineA.whistle.com: Received encrypted confirmation. machineA.whistle.com: Connection to authentication agent opened. machineA.whistle.com: Trying RSA authentication via agent with '[EMAIL PROTECTED]' machineA.whistle.com: Server refused our key. machineA.whistle.com: RSA authentication using agent refused. machineA.whistle.com: Trying RSA authentication with key '[EMAIL PROTECTED]' machineA.whistle.com: Server refused our key. machineA.whistle.com: Doing password authentication. archie@machineB's password: machineA.whistle.com: Requesting pty. machineA.whistle.com: Failed to get local xauth data. machineA.whistle.com: Requesting X11 forwarding with authentication spoofing. machineA.whistle.com: Remote: X11 forwarding disabled in server configuration file. Warning: Remote host denied X11 forwarding, perhaps xauth program could not be run on the server side. machineA.whistle.com: Requesting authentication agent forwarding. machineA.whistle.com: Requesting shell. machineA.whistle.com: Entering interactive session. Last login: Fri Apr 21 10:32:24 2000 from machineA.whistle.co Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 4.0-STABLE (MACHINEB) #0: Thu Apr 20 10:53:28 PDT 2000 Welcome to FreeBSD! Before seeking technical support, please use the following resources: o Security advisories and updated errata information for all releases are at http://www.FreeBSD.org/releases/ - always consult the ERRATA section for your release first as it's updated frequently. o The Handbook and FAQ documents are at http://www.freebsd.org/ and, along with the mailing lists, can be searched by going to http://www.FreeBSD.org/search.html. If the doc distribution has been installed, they're also available formatted
Re: ssh to freefall broken
Archie Cobbs wrote: I presume the public key at freefall matches the public key at machine-B. Try connecting back in the other direction so that the 'known machines' settings are tested. This only happens when going from machine A - machine B - freefall. Machine A is 3.4-REL, machine B is either 4.0-stable or 5.0-current (as of a couple of days ago). When going directly from machine A - freefall it works fine... in this case no newer versions of FreeBSD are invovled. Previously, when machine B was 3.4-REL or pre-4.0-current (as of a few months ago), it worked fine. The ssh in machine B is now different.. before it was ssh1 and now it is openssh. What happens if you use TELNET to get to machine B? does the ssh to freefall still misbehave? (in other words.. what if machine A is not involved?) Since then, only 'machine B' has changed. Machine A (and presumably freefall) haven't. _ -- __--_|\ Julian Elischer / \ [EMAIL PROTECTED] ( OZ) World tour 2000 --- X_.---._/ presently in: Perth v To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ssh to freefall brokenb
Julian Elischer writes: I presume the public key at freefall matches the public key at machine-B. Try connecting back in the other direction so that the 'known machines' settings are tested. Can't do that because of the firewall.. This only happens when going from machine A - machine B - freefall. Machine A is 3.4-REL, machine B is either 4.0-stable or 5.0-current (as of a couple of days ago). When going directly from machine A - freefall it works fine... in this case no newer versions of FreeBSD are invovled. Previously, when machine B was 3.4-REL or pre-4.0-current (as of a few months ago), it worked fine. The ssh in machine B is now different.. before it was ssh1 and now it is openssh. What happens if you use TELNET to get to machine B? does the ssh to freefall still misbehave? (in other words.. what if machine A is not involved?) Aha.. that works! (note: home directory is the same on A or B) [machineA] telnet machineB ... [machineB] $ ssh-agent tcsh [machineB] $ ssh-add Need passphrase for /home/archie/.ssh/identity Enter passphrase for [EMAIL PROTECTED]: Identity added: /home/archie/.ssh/identity ([EMAIL PROTECTED]) [machineB] $ ssh [EMAIL PROTECTED] Warning: Server lies about size of server host key: actual size is 1023 bits vs. announced 1024. Warning: This may be due to an old implementation of ssh. Warning: /home/archie/.ssh/known_hosts, line 4: keysize mismatch for host freefall.freebsd.org: actual 1023 vs. announced 1024. Warning: replace 1024 with 1023 in /home/archie/.ssh/known_hosts, line 4. Last login: Fri Apr 21 10:25:44 2000 from s205m132.whistle ... -Archie ___ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ssh to freefall brokenb
Archie Cobbs wrote: What happens if you use TELNET to get to machine B? does the ssh to freefall still misbehave? (in other words.. what if machine A is not involved?) Aha.. that works! (note: home directory is the same on A or B) Looks like some of the environment that the 1st ssh passes through is leaking right through to the second ssh. -Archie -- __--_|\ Julian Elischer / \ [EMAIL PROTECTED] ( OZ) World tour 2000 --- X_.---._/ presently in: Perth v To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: MAKEDEV warning
On Thu, 20 Apr 2000, Dirk Roehrdanz wrote: [ snippage ] I get this message too whenever I mount a mfs filesystem. The line in /etc/fstab is: /dev/da0s1b /tmp mfs rw,async,-s327680 0 The output of "ls -l /dev/*da0s1b" is: crw-r- 1 root operator 13, 0x00020001 Dec 12 21:09 /dev/da0s1b crw-r- 1 root operator 13, 0x00020001 Dec 12 21:09 /dev/rda0s1b Regards Dirk I also get the same warning when I mount /tmp on an MFS filesystem. I don't get the warning when I pass the "nodev" option to mount. /etc/fstab: /dev/da0s2b /tmp mfs rw,-s131072 0 0 = warning message /etc/fstab: /dev/da0s2b /tmp mfs rw,nodev,-s131072 0 0 = no warning message Looking in sys/kern/kern_conf.c at the function udev2dev() gave me the clue to use "nodev". Not that I understand what's happening or am able to fix it. Scott --- "When repairs are outlawed only outlaws will do repairs." -- Harry Tuttle (Robert DeNiro) in Brazil. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
make release still broken...
=== bin/csh install -c -s -o root -g wheel -m 555 csh /syv/release/bin /syv/release/bin/tcsh - /syv/release/bin/csh === bin/csh/nls === bin/csh/nls/finnish install -c -o root -g wheel -m 444 tcsh.cat /syv/release/../usr/share/nls/fi_FI.ISO_8859-1/tcsh.cat install: /syv/release/../usr/share/nls/fi_FI.ISO_8859-1/tcsh.cat: No such file or directory *** Error code 71 Stop in /syv/src/bin/csh/nls/finnish. *** Error code 1 -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 [EMAIL PROTECTED] | TCP/IP since RFC 956 FreeBSD coreteam member | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ssh to freefall broken
On Fri, 21 Apr 2000, Archie Cobbs wrote: This only happens when going from machine A - machine B - freefall. Machine A is 3.4-REL, machine B is either 4.0-stable or 5.0-current (as of a couple of days ago). Hmm. It works for me going 5.0-C - 5.0-C - freefall using openssh both times. Perhaps it's some bug in the ssh-openssh agent forwarding..I'll see if I can get it to fail with ssh. I noticed that you're running an old version of ssh, too, which may have some security problems (the 1.2.27 upgrade fixed some discovered problems, but I forget what they were). It also may have to do with the warning 'Server lies about size of server host key: actual size is 1023 bits vs. announced 1024.' That should be harmless. Kris In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Anyone have OpenSSH + X11-fwd working?
On Fri, 21 Apr 2000, Brian Fundakowski Feldman wrote: Sorry, no dice :( It doesn't seem to be that. All I've got left is maybe sending out every bit of configuration info, and maybe someone could figure it out. I doubt it, though, so I'm not gonna. Silly question, but have you tried asking the OpenSSH developers? Kris In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ssh to freefall broken
On Fri, 21 Apr 2000, Archie Cobbs wrote: Machine A is 3.4-REL, machine B is either 4.0-stable or 5.0-current (as of a couple of days ago). Hmm, I've just tried it with ssh-1.2.27 - openssh-1.2.3 - freefall, and it still works. Maybe it's something about 1.2.26..let me know what happens after the upgrade. Kris In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ssh to freefall broken
Kris Kennaway writes: On Fri, 21 Apr 2000, Archie Cobbs wrote: Machine A is 3.4-REL, machine B is either 4.0-stable or 5.0-current (as of a couple of days ago). Hmm, I've just tried it with ssh-1.2.27 - openssh-1.2.3 - freefall, and it still works. Maybe it's something about 1.2.26..let me know what happens after the upgrade. I upgraded to ssh-1.2.27 on 'machineA' and the same problem happens. By the way.. machine B was compiled with USA_RESIDENT=YES. -Archie ___ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
OpenSSL asm optimizations
OpenSSL includes asm code for several platforms to speed up various operations. Currently we don't build any of this - the attached patch turns on asm code for Pentiums and above (it relies on an uncommitted patch to sys.mk which defined MACHINE_CPU ?= i386). Set MACHINE_CPU to "i586" or "i686" (both are actually identical at present) and rebuild. Typical speed improvements are between 2x and 5x for BigNum, Blowfish, CAST, DES, MD5, RC4, RC5, RIPEMD-160, and SHA-1 operations, as measured by 'openssl speed' on my Pentium Pro 233 (speeds are in K/sec for packets of the given size): === BLOWFISH === type 8 bytes 64 bytes256 bytes 1024 bytes 8192 bytes blowfish cbc 3325.35k 4417.62k 4553.81k 4572.46k 4595.71k type 8 bytes 64 bytes256 bytes 1024 bytes 8192 bytes blowfish cbc 7073.58k 8099.29k 8286.63k 8328.53k 8315.07k === CAST === type 8 bytes 64 bytes256 bytes 1024 bytes 8192 bytes cast cbc 3249.59k 4231.19k 4394.88k 4401.69k 4437.97k type 8 bytes 64 bytes256 bytes 1024 bytes 8192 bytes cast cbc 6956.17k 7999.28k 8208.47k 8199.05k 8192.00k === DES === type 8 bytes 64 bytes256 bytes 1024 bytes 8192 bytes des cbc 2291.38k 2404.86k 2426.97k 2436.64k 2443.95k des ede3 492.61k 516.87k 519.83k 521.18k 520.20k type 8 bytes 64 bytes256 bytes 1024 bytes 8192 bytes des cbc 4830.90k 5301.97k 5412.18k 5419.02k 5355.72k des ede3 1831.93k 1919.80k 1929.86k 1932.36k 1913.72k === MD5 === type 8 bytes 64 bytes256 bytes 1024 bytes 8192 bytes md5 1636.10k 7736.92k13991.76k17495.04k18879.83k type 8 bytes 64 bytes256 bytes 1024 bytes 8192 bytes md5 2609.84k13585.19k26511.38k34934.97k38629.09k === RC4 === type 8 bytes 64 bytes256 bytes 1024 bytes 8192 bytes rc4 12947.45k16970.70k18044.59k18370.22k18275.58k type 8 bytes 64 bytes256 bytes 1024 bytes 8192 bytes rc4 18209.51k25287.65k26100.65k26139.99k26512.82k === RC5 === type 8 bytes 64 bytes256 bytes 1024 bytes 8192 bytes rc5-32/12 cbc 5115.15k 8124.08k 8766.29k 8814.59k 8928.03k type 8 bytes 64 bytes256 bytes 1024 bytes 8192 bytes rc5-32/12 cbc12462.59k15226.54k15804.76k16218.86k16447.82k === RIPEMD-160 === type 8 bytes 64 bytes256 bytes 1024 bytes 8192 bytes rmd160 849.94k 3680.04k 6326.22k 7626.07k 8123.73k type 8 bytes 64 bytes256 bytes 1024 bytes 8192 bytes rmd1601279.72k 5915.67k10461.46k12978.21k13944.41k === SHA1 === type 8 bytes 64 bytes256 bytes 1024 bytes 8192 bytes sha1 1081.31k 2844.71k 5784.80k 7765.50k 8650.75k type 8 bytes 64 bytes256 bytes 1024 bytes 8192 bytes sha1 1617.59k 7664.76k13538.05k17012.18k18419.89k Kris In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe [EMAIL PROTECTED] Index: Makefile === RCS file: /home/ncvs/src/secure/lib/libcrypto/Makefile,v retrieving revision 1.17 diff -u -r1.17 Makefile --- Makefile2000/04/13 07:36:09 1.17 +++ Makefile2000/04/22 02:16:57 @@ -9,11 +9,11 @@ ${LCRYPTO_SRC}/err ${LCRYPTO_SRC}/evp ${LCRYPTO_SRC}/hmac \ ${LCRYPTO_SRC}/lhash ${LCRYPTO_SRC}/md2 ${LCRYPTO_SRC}/md5 \ ${LCRYPTO_SRC}/mdc2 ${LCRYPTO_SRC}/objects ${LCRYPTO_SRC}/pem \ - ${LCRYPTO_SRC}/pkcs7 ${LCRYPTO_SRC}/pkcs12 ${LCRYPTO_SRC}/rand \ - ${LCRYPTO_SRC}/rc2 ${LCRYPTO_SRC}/rc4 ${LCRYPTO_SRC}/rc5 \ - ${LCRYPTO_SRC}/ripemd ${LCRYPTO_SRC}/rsa ${LCRYPTO_SRC}/../rsaref \ - ${LCRYPTO_SRC}/sha ${LCRYPTO_SRC}/stack ${LCRYPTO_SRC}/txt_db \ - ${LCRYPTO_SRC}/x509 ${LCRYPTO_SRC}/x509v3 + ${LCRYPTO_SRC}/perlasm ${LCRYPTO_SRC}/pkcs7 ${LCRYPTO_SRC}/pkcs12 \ + ${LCRYPTO_SRC}/rand ${LCRYPTO_SRC}/rc2 ${LCRYPTO_SRC}/rc4 \ + ${LCRYPTO_SRC}/rc5 ${LCRYPTO_SRC}/ripemd ${LCRYPTO_SRC}/rsa \ + ${LCRYPTO_SRC}/../rsaref ${LCRYPTO_SRC}/sha ${LCRYPTO_SRC}/stack \ + ${LCRYPTO_SRC}/txt_db ${LCRYPTO_SRC}/x509 ${LCRYPTO_SRC}/x509v3 LIB= crypto SHLIB_MAJOR= 1 @@ -41,24 +41,69 @@ x_x509a.c \ # blowfish -SRCS+= bf_cfb64.c bf_ecb.c bf_enc.c bf_ofb64.c bf_skey.c +SRCS+= bf_cfb64.c bf_ecb.c bf_ofb64.c bf_skey.c +.if (${MACHINE_ARCH} == "i386" (${MACHINE_CPU}
Re: Anyone have OpenSSH + X11-fwd working?
On Fri, 21 Apr 2000, Warner Losh wrote: In message [EMAIL PROTECTED] "Andrew Reilly" writes: : Have you got "X11Forwarding yes" Ahem. "ForwardX11 yes" is what's documented and is known to work. While this whole thing is being discussed, does anyone know of either a configuration variable or environmental variable that ssh reads, that will give the same effect as the -q flag, so that I can stop seeing those stupid warnings about the size of the key being off by one? Thanks. Chuck Robey| Interests include C Java programming, FreeBSD, [EMAIL PROTECTED] | electronics, communications, and signal processing. New Year's Resolution: I will not sphroxify gullible people into looking up fictitious words in the dictionary. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: OpenSSL asm optimizations
Can these be turned on at runtime? My concern is that build systems that compile for other machines not generate code dependent on the machine thats building the code. On Fri, 21 Apr 2000, Kris Kennaway wrote: OpenSSL includes asm code for several platforms to speed up various operations. Currently we don't build any of this - the attached patch turns on asm code for Pentiums and above (it relies on an uncommitted patch to sys.mk which defined MACHINE_CPU ?= i386). Set MACHINE_CPU to "i586" or "i686" (both are actually identical at present) and rebuild. Typical speed improvements are between 2x and 5x for BigNum, Blowfish, CAST, DES, MD5, RC4, RC5, RIPEMD-160, and SHA-1 operations, as measured by 'openssl speed' on my Pentium Pro 233 (speeds are in K/sec for packets of the given size): === BLOWFISH === type 8 bytes 64 bytes256 bytes 1024 bytes 8192 bytes blowfish cbc 3325.35k 4417.62k 4553.81k 4572.46k 4595.71k type 8 bytes 64 bytes256 bytes 1024 bytes 8192 bytes blowfish cbc 7073.58k 8099.29k 8286.63k 8328.53k 8315.07k === CAST === type 8 bytes 64 bytes256 bytes 1024 bytes 8192 bytes cast cbc 3249.59k 4231.19k 4394.88k 4401.69k 4437.97k type 8 bytes 64 bytes256 bytes 1024 bytes 8192 bytes cast cbc 6956.17k 7999.28k 8208.47k 8199.05k 8192.00k === DES === type 8 bytes 64 bytes256 bytes 1024 bytes 8192 bytes des cbc 2291.38k 2404.86k 2426.97k 2436.64k 2443.95k des ede3 492.61k 516.87k 519.83k 521.18k 520.20k type 8 bytes 64 bytes256 bytes 1024 bytes 8192 bytes des cbc 4830.90k 5301.97k 5412.18k 5419.02k 5355.72k des ede3 1831.93k 1919.80k 1929.86k 1932.36k 1913.72k === MD5 === type 8 bytes 64 bytes256 bytes 1024 bytes 8192 bytes md5 1636.10k 7736.92k13991.76k17495.04k18879.83k type 8 bytes 64 bytes256 bytes 1024 bytes 8192 bytes md5 2609.84k13585.19k26511.38k34934.97k38629.09k === RC4 === type 8 bytes 64 bytes256 bytes 1024 bytes 8192 bytes rc4 12947.45k16970.70k18044.59k18370.22k18275.58k type 8 bytes 64 bytes256 bytes 1024 bytes 8192 bytes rc4 18209.51k25287.65k26100.65k26139.99k26512.82k === RC5 === type 8 bytes 64 bytes256 bytes 1024 bytes 8192 bytes rc5-32/12 cbc 5115.15k 8124.08k 8766.29k 8814.59k 8928.03k type 8 bytes 64 bytes256 bytes 1024 bytes 8192 bytes rc5-32/12 cbc12462.59k15226.54k15804.76k16218.86k16447.82k === RIPEMD-160 === type 8 bytes 64 bytes256 bytes 1024 bytes 8192 bytes rmd160 849.94k 3680.04k 6326.22k 7626.07k 8123.73k type 8 bytes 64 bytes256 bytes 1024 bytes 8192 bytes rmd1601279.72k 5915.67k10461.46k12978.21k13944.41k === SHA1 === type 8 bytes 64 bytes256 bytes 1024 bytes 8192 bytes sha1 1081.31k 2844.71k 5784.80k 7765.50k 8650.75k type 8 bytes 64 bytes256 bytes 1024 bytes 8192 bytes sha1 1617.59k 7664.76k13538.05k17012.18k18419.89k Kris In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe [EMAIL PROTECTED] -- | Matthew N. Dodd | '78 Datsun 280Z | '75 Volvo 164E | FreeBSD/NetBSD | | [EMAIL PROTECTED] | 2 x '84 Volvo 245DL| ix86,sparc,pmax | | http://www.jurai.net/~winter | This Space For Rent | ISO8802.5 4ever | To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: OpenSSL asm optimizations
On Sat, 22 Apr 2000, Matthew N. Dodd wrote: Can these be turned on at runtime? My concern is that build systems that compile for other machines not generate code dependent on the machine thats building the code. I probably meant TARGET_CPU, but that's easily taken care of. Kris In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Anyone have OpenSSH + X11-fwd working?
On Fri, 21 Apr 2000, Chuck Robey wrote: While this whole thing is being discussed, does anyone know of either a configuration variable or environmental variable that ssh reads, that will give the same effect as the -q flag, so that I can stop seeing those stupid warnings about the size of the key being off by one? There doesn't exist one..plead your case to the OpenSSH developers and see how you go there. Kris In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
missing functionality
This thread began on -STABLE; I am moving it to -CURRENT and have crossposted. Please, followups to -CURRENT. On Sat, 22 Apr 2000, Jonathan Michaels wrote: actually see bad blocks your disk is about to die. IIRC, the code was suffering from bitrot and the drives that really needed it will (ESDI and MFM mostly) aren't supported in 5.0. and what of all the people who still use this kind of hardware ? I hate to have to ride on the heels of this scathing piece of criticism, but I'm confident that the other members of the lists will probably eat this guy alive. With that I leave Mr. Michaels to defend himself and move on with a new thread. The removal of kernel support for so-called winchester devices from HEAD is a bit of a perplexing issue for me. On the one hand I understand the multifold advantages of the new ata driver and appreciate it enormously. However, FreeBSD just went ahead with its first release to include support for the MCA bus. The vast majority of MCA bus machines in existence utilize ESDI because they predate the UDMA and ATA66 efforts. If we are to support MCA, how can we drop support for ESDI? I know that the wd driver duplicates a significant amount of the funtionality now present in ata and that having both of them in the kernel would be of questionable value to most users. Surely there must be some middle ground which would include support for ESDI, MFM, RLL, and XT hardcards in a seperate driver, without duplicating the functionality of ata and creating code bloat. I am not familiar with the wd driver as it stands now or if the above is possible, but I would like some feedback on just what issues currently surround the atticizing of wd without replacing its functionality. Brandon D. Valentine -- "...and as for hackers, we note that all of those known to The Register are so strapped financially that seizing their property would be tantamount to squeezing blood from a stone." -- The Register, 02/17/2000 To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message