Thursday Jul 30, 2009

SSH with aes256ctr support not working on some S10 systems

I've been getting emails today about SSH aes256ctr being broken on some Solaris 10 machines.

This goes back to my work earlier to get strong crypto included by default on all Solaris 10 systems.  This started in Solaris 10 Update 4, and I guess I figured everyone would read my blog, jump for joy and upgrade their systems. ;-)

It seems some of you haven't and are now seeing errors like:

sshd[8975]: [ID 800047 auth.crit] fatal: matching cipher is not supported: aes256-ctr

Which is a direct result of Sun's SSH now taking advantage of  the presumed availability of strong crypto on the systems.  This works fantastically well on newer Solaris 10 systems.

This issue is now covered by a bug, and you can see one workaround there.

Let's assume you \*do\* want strong crypto, though, and you want to stay on an older release of Solaris 10. In which case, you need to install the original S10 version of SUNWcry and SUNWcryr onto these older Solaris 10 systems and reapply all cryptographic framework patches.  The packages are available as part of the Solaris 10 Encryption Kit. You need to reapply the patches, because when you installed them before SUNWcry & SUNWcryr were not on the system, so would've missed all the patching goodness for their bits.  It's important that you do this, or you will end up with mismatched bits for the cryptographic framework, which will have undefined (ie probably not good) results.


Tuesday Jul 21, 2009

OpenSolaris Security BoF on 23 July 2009 8PM!

8:00pm  Thursday, 07/23/2009

OSOSOS - Offering Security in OpenSource Operating Systems
Location: Ballroom A3/A6

Moderated by: Christoph Schuba

  Many operating system security mechanisms are necessary for
  developers to build secure software. While this session presents a few
  such mechanisms available and under development in OpenSolaris, it
  primarily seeks the dialogue and discussion how important these features
  are and how they compare to those of other OSes.

Speakers will do short talks on the Cryptographic Framework (Valerie Fenwick - that's me!), Priveleges (Scott Rotondo) and Zones/TX (Glenn Faden), followed by a panel from all presenters, plus Christoph Schuba and Glenn Barry (Kerberos guru).

BoFs are free, you just need to register for the expo pass (also free!)

Tuesday Apr 28, 2009

Storing ZFS backups in the cloud...

I'm still coming up fully to speed on Cloud computing and was just reading about this new tool from Glenn Brunette that uses existing OpenSolaris features, like ZFS and the Solaris Cryptographic Framework, to back up data securely to the Cloud. Pretty neat!
About

Valerie's former weblog. The new one can be found at http://bubbva.blogspot.com/

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today