Closed wagnert closed 9 years ago
coveralls
commented
9 years ago Coverage increased (+0.01%) to 10.36% when pulling c1df4342f0a604212b3214a1640e1a81ccfb74e7 on wagnert:master into 9258b23880686dde229c4d44f0938e908e509c3a on fpoirotte:master.
coveralls
commented
9 years ago Coverage increased (+0.01%) to 10.36% when pulling c1df4342f0a604212b3214a1640e1a81ccfb74e7 on wagnert:master into 9258b23880686dde229c4d44f0938e908e509c3a on fpoirotte:master.
coveralls
commented
9 years ago Coverage increased (+0.01%) to 10.36% when pulling c1df4342f0a604212b3214a1640e1a81ccfb74e7 on wagnert:master into 9258b23880686dde229c4d44f0938e908e509c3a on fpoirotte:master.
fpoirotte
commented
9 years ago Thanks for your words and your patch.
While the second change is obviously required (I missed a variable rename while refactoring the code), I don't understand your other change (in src/Handlers/KEXDH/INIT.php). Could you please explain why it was necessary?
wagnert
commented
9 years ago Hi, when i uncomment it, i can't connect with ssh -p 22222 clicky@127.0.0.1, because i got a Call to undefined method GMP::isValid() in the console. Seems that $message->getE() doesn't return the expected instance, but a instance of GMP that doesn't has a isValid() method. I'm working on Mac OS X 10.10 by the way :)
fpoirotte
commented
9 years ago OK, I temporarily disabled the check but plan to change the code later to include a proper fix. As you noted, this will fix Diffie-Hellman key exchanges.
This however leaves some users vulnerable (those who use Elliptic Curve Diffie-Hellman, aka. ECDH) as invalid public keys could be used. Given that this project is mainly a toy and not intended for production use, it's a risk I'm willing to take for now.
wagnert
commented
9 years ago I agree, this should only be a temporary fix, especially as it opens some vulnerabilities!
We really hope, that this project will switch to a stable and secure version as soon as possible, because it would perfectly fit to provide a secure shell for our application server. So, on the one hand, if we can provide you some help, feel free to give us a hint :) On the other hand, it'll be helpful if there'll be something like a roadmap with tasks that have to be solved!
And again, projects like this are great enrichment for the PHP ecosystem :+1:
wagnert
commented
9 years ago And before i forget: It'll be really helpful if you could tag this version :)
fpoirotte
commented
9 years ago I just released version 0.1.1 which includes this fix as well as various other improvements. Hope this makes it easier for you.
The roadmap for the project is defined as a series of milestones (see https://github.com/fpoirotte/pssht/milestones), but as you can see, the current milestone is way overdue.
wagnert
commented
9 years ago Hi François,
thanks, thats awesome! I'll checkout the new version and the roadmap tomorrow :)
Cheers
Tim Wagner Head of Development / Design MAGENTO CERTIFIED DEVELOPER PLUS CERTIFIED SCRUM MASTER
Telefon +49-8031-221055-0 Telefax +49-8031-221055-22 t.wagner@techdivision.com
TechDivision GmbH Spinnereiinsel 3a 83059 Kolbermoor
MAGENTO GOLD PARTNER TYPO3 GOLD MEMBER
Am 08.05.2015 um 22:03 schrieb François Poirotte notifications@github.com:
I just released version 0.1.1 which includes this fix as well as various other improvements. Hope this makes it easier for you.
The roadmap for the project is defined as a series of milestones (see https://github.com/fpoirotte/pssht/milestones), but as you can see, the current milestone is way overdue.
— Reply to this email directly or view it on GitHub.
Hi, i tried to run the server on Mac OS X Yosemite and found some problems. After some fixes, it finally work. Very interesting project, congratulations!!!! We think about using it in our application server after some testing :)