from:"Conrad Meyer"

Re: [FreeBSD-Announce] HEADS-UP: OpenSSH DSA keys are deprecated in 12.0 and 11.0

2016-08-08 Thread Conrad Meyer

The OpenSSH defaults are intentionally sane.  RSA 2048 is anticipated
to be fine for the next 10 years.  It would not be a bad choice.  I'm
not aware of any reason not to use EC keys, and presumably the openssh
authors wouldn't ship them as an option if they knew of any reason to
believe they were compromised.

Best,
Conrad

On Mon, Aug 8, 2016 at 10:56 AM, Devin Teske  wrote:
> Which would you use?
>
> ECDSA?
>
> https://en.wikipedia.org/wiki/Elliptic_curve_cryptography 
> 
>
> "" In the wake of the exposure of Dual_EC_DRBG as "an NSA undercover 
> operation", cryptography experts have also expressed concern over the 
> security of the NIST recommended elliptic curves,[31] 
>  
> suggesting a return to encryption based on non-elliptic-curve groups. ""
>
> Or perhaps RSA? (as des@ recommends)
>
> (not necessarily to Glen but anyone that wants to answer)
> --
> Devin
>
>
>> On Aug 4, 2016, at 6:59 PM, Glen Barber  wrote:
>>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA256
>>
>> This is a heads-up that OpenSSH keys are deprecated upstream by OpenSSH,
>> and will be deprecated effective 11.0-RELEASE (and preceeding RCs).
>>
>> Please see r303716 for details on the relevant commit, but upstream no
>> longer considers them secure.  Please replace DSA keys with ECDSA or RSA
>> keys as soon as possible, otherwise there will be issues when upgrading
>> from 11.0-BETA4 to the subsequent 11.0 build, but most definitely the
>> 11.0-RELEASE build.
>>
>> Glen
>> On behalf of: re@ and secteam@
>>
>> -BEGIN PGP SIGNATURE-
>> Version: GnuPG v2
>>
>> iQIcBAEBCAAGBQJXo/L2AAoJEAMUWKVHj+KTG3sP/3j5PBVMBlYVVR+M4PUoRJjb
>> kShIRFHzHUV9YzTIljtqOVf/f/mw3kRHA4fUonID5AJlo23ht9cwGOvGUi5H3lBK
>> rnL9vsU9lvZoGyaHLpR/nikMOaRTa8bl1cdpULlEGH94HEzDuLT92AtAZ5HtdDEl
>> GcXRfTe3eGOaxcqNSF8NKSMQQ8rzbKmsgsa5Cbf0PYToemn3xyPAr+9Nz8tbSrlR
>> TrrFhzOR6+Ix0NcYJAKs6RUZ2kgbAheYF6nQmAHlJzyBihlfdfieJdysqNwSOQ8u
>> c7CyBLNFrGKqYTDVQI36MUwoyVtEqbOjt3cPitsMsD3fVAf05H7dHp/0iqrUghUs
>> 60HYOjfmvZxH5wvhEPdv/wPLAZeosdQgW8np3Y5cztw7cxZXF+PxoMjRcnXVpQ2c
>> QIZg3RsiQmJtAT4Z2OuvYikqGzrpsVido0um/KMM9b82XilJExxPPzgEpXCK3CE8
>> 7TchzrRA/W27eST4VXoNYrrMlmpavur1IxvMS54fBOu98efTIoER6uJc1t7qcL6r
>> mEVmBoMqecg+auuWqz50Bh8K329dlYuGLMbk/Ktc3agXtpkw88ylDmC6l5N7qrnL
>> kSb4i3DboU7R1cltiin3c/P+ahwfKQdNH18QbN3utJuzSSRVvXq4laUGFlRhWEEx
>> bLbbH2fh5bxDmDXDMdCF
>> =LLtP
>> -END PGP SIGNATURE-
>> ___
>> freebsd-annou...@freebsd.org mailing list
>> https://lists.freebsd.org/mailman/listinfo/freebsd-announce
>> To unsubscribe, send any mail to "freebsd-announce-unsubscr...@freebsd.org"
>
> ___
> freebsd-curr...@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Toggling between remote KGDB and local DDB within a debugging session

2016-04-19 Thread Conrad Meyer

On Tue, Apr 19, 2016 at 5:49 AM, Aijaz Baig  wrote:
> I would like to know if there is indeed a way to toggle between gdb
> and ddb while debugging a remote kernel. I am already at the gdb (or
> rather kgdb) prompt. From here how do I switch to local ddb on the
> debugged machine??

Ctrl-c on the serial console.

> When remote remote KGDB is listening and I force a
> panic using 'sysctl debug.kdb.enter=1', it drops into remote KGDB.
> However, when it is NOT listening on the serial port, the local system
> just freezes

Are you sure ddb just doesn't run on the serial port?

> What I want, is to enter ddb on the local machine. Do some debugging
> using it; drop to remote KGDB for things that are best done using
> KGDB, then switch back to local DDB when I'm done.

Yes.  I regularly do this with ctrl-c (gdb->ddb) / "gdb" (ddb->gdb).

Best,
Conrad
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Toggling between remote KGDB and local DDB within a debugging session

2016-04-19 Thread Conrad Meyer

On Tue, Apr 19, 2016 at 9:35 AM, Aijaz Baig <aijazba...@gmail.com> wrote:
> On Tue, Apr 19, 2016 at 9:08 PM, Conrad Meyer <c...@freebsd.org> wrote:
>> On Tue, Apr 19, 2016 at 5:49 AM, Aijaz Baig <aijazba...@gmail.com> wrote:
>>> I would like to know if there is indeed a way to toggle between gdb
>>> and ddb while debugging a remote kernel. I am already at the gdb (or
>>> rather kgdb) prompt. From here how do I switch to local ddb on the
>>> debugged machine??
>>
>> Ctrl-c on the serial console.
> For me I merely see 'Quit' being spat out when I do a ctrl-c

Ctrl-C on the serial console, not in GDB.  It looks like this:

# sysctl debug.kdb.enter=1
debug.kdb.enter:KDB: enter: sysctl debug.kdb.enter
[ thread pid 21907 tid 102340 ]
Stopped at  kdb_sysctl_enter+0x87:  movq$0,kdb_why
db> gdb
(ctrl-c will return control to ddb)
Switching to gdb back-end
Received ^C; trying to switch back to ddb.
using longjmp, hope it works!
KDB: reentering
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfea79d0e6140
kdb_backtrace() at kdb_backtrace+0x39/frame 0xfea79d0e61f0
kdb_reenter() at kdb_reenter+0x33/frame 0xfea79d0e6200
gdb_tx_end() at gdb_tx_end+0x28a/frame 0xfea79d0e6240
gdb_trap() at gdb_trap+0x1f9/frame 0xfea79d0e6390
kdb_trap() at kdb_trap+0x169/frame 0xfea79d0e63f0
trap() at trap+0x71d/frame 0xfea79d0e6600
calltrap() at calltrap+0x8/frame 0xfea79d0e6600
--- trap 0x3, rip = 0x8058f177, rsp = 0xfea79d0e66c0, rbp
= 0xfea79d0e66f0 ---
kdb_sysctl_enter() at kdb_sysctl_enter+0x87/frame 0xfea79d0e66f0
sysctl_root() at sysctl_root+0x24a/frame 0xfea79d0e6740
userland_sysctl() at userland_sysctl+0x1d2/frame 0xfea79d0e67f0
sys___sysctl() at sys___sysctl+0x74/frame 0xfea79d0e68a0
amd64_syscall() at amd64_syscall+0x397/frame 0xfea79d0e6ab0
Xfast_syscall() at Xfast_syscall+0xfb/frame 0xfea79d0e6ab0
--- syscall (202, FreeBSD ELF64, sys___sysctl), rip = 0x80095ed4a, rsp
= 0x7fffc948, rbp = 0x7fffc980 ---
gdb_trap bailing, hopefully back to ddb!
Switching to ddb back-end
[ thread pid 21907 tid 102340 ]
Stopped at  kdb_sysctl_enter+0x87:  movq$0,kdb_why
db> c
 0 -> 0

Best,
Conrad
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: [FreeBSD-Announce] HEADS-UP: OpenSSH DSA keys are deprecated in 12.0 and 11.0

Re: Toggling between remote KGDB and local DDB within a debugging session

Re: Toggling between remote KGDB and local DDB within a debugging session

3 matches

Site Navigation

Mail list logo

Footer information