Interesting changes in OpenSSH 5.4p1 that affected Putty

04/08/10, 04:36

From its change log: http://www.openssh.com/txt/release-5.4

* New RSA keys will be generated with a public exponent of RSA_F4 ==
(2**16)+1 == 65537 instead of the previous value 35.

* Passphrase-protected SSH protocol 2 private keys are now protected
with AES-128 instead of 3DES. This applied to newly-generated keys
as well as keys that are reencrypted (e.g. by changing their
passphrase).

Puttygen could NOT handle the new passphrase-protected key.

--
@~@ Might, Courage, Vision, SINCERITY.
/ v \ Simplicity is Beauty! May the Force and Farce be with you!
/( _ )\ (x86_64 Ubuntu 9.10) Linux 2.6.33.2
^ ^ 11:36:01 up 4 days 3:28 2 users load average: 0.00 0.00 0.00
äžåè²ž! äžè©éš! äžæŽäº€! äžæäº€! äžæå«! äžèªæ®º! è«èæ®ç¶æŽ (CSSA):
http://www.swd.gov.hk/tc/index/site_...sub_addressesa

04/11/10, 11:36

Error message from puttygen.exe:

Couldn't load private key (ciphers other than DES-EDE3-CBC not supported

On 4/8/2010 11:36, Man-wai Chang to The Door (33600bps) wrote:
>
> From its change log: http://www.openssh.com/txt/release-5.4
>
> * New RSA keys will be generated with a public exponent of RSA_F4 ==
> (2**16)+1 == 65537 instead of the previous value 35.
>
> * Passphrase-protected SSH protocol 2 private keys are now protected
> with AES-128 instead of 3DES. This applied to newly-generated keys
> as well as keys that are reencrypted (e.g. by changing their
> passphrase).

--
@~@ Might, Courage, Vision, SINCERITY.
/ v \ Simplicity is Beauty! May the Force and Farce be with you!
/( _ )\ (x86_64 Ubuntu 9.10) Linux 2.6.33.2
^ ^ 18:36:01 up 7 days 10:28 2 users load average: 3.58 4.22 3.82
äžåè²ž! äžè©éš! äžæŽäº€! äžæäº€! äžæå«! äžèªæ®º! è«èæ®ç¶æŽ (CSSA):
http://www.swd.gov.hk/tc/index/site_...sub_addressesa

04/15/10, 23:17

Man-wai Chang to The Door (33600bps) <toylet.toylet@gmail.com> writes:
> From its change log: http://www.openssh.com/txt/release-5.4
>
>* New RSA keys will be generated with a public exponent of RSA_F4 ==
> (2**16)+1 == 65537 instead of the previous value 35.
>
>* Passphrase-protected SSH protocol 2 private keys are now protected
> with AES-128 instead of 3DES. This applied to newly-generated keys
> as well as keys that are reencrypted (e.g. by changing their
> passphrase).
>
>Puttygen could NOT handle the new passphrase-protected key.

Support for AES encryption has been added to the development snapshots
of PuTTYgen (from r8916, 2010-04-13). Windows executables built
nightly are available from the PuTTY website to try.

(I don't think the exponent change will affect PuTTYgen?)

04/16/10, 12:10

>> * Passphrase-protected SSH protocol 2 private keys are now protected
>> with AES-128 instead of 3DES. This applied to newly-generated keys
>> as well as keys that are reencrypted (e.g. by changing their
>> passphrase).
>>
>> Puttygen could NOT handle the new passphrase-protected key.
>
> Support for AES encryption has been added to the development snapshots
> of PuTTYgen (from r8916, 2010-04-13). Windows executables built
> nightly are available from the PuTTY website to try.
>
> (I don't think the exponent change will affect PuTTYgen?)

Excellent! Thank you again!

--
@~@ Might, Courage, Vision, SINCERITY.
/ v \ Simplicity is Beauty! May the Force and Farce be with you!
/( _ )\ (x86_64 Ubuntu 9.10) Linux 2.6.33.2
^ ^ 19:10:01 up 12 days 11:02 2 users load average: 1.01 1.05 1.09
äžåè²ž! äžè©éš! äžæŽäº€! äžæäº€! äžæå«! äžèªæ®º! è«èæ®ç¶æŽ (CSSA):
http://www.swd.gov.hk/tc/index/site_...sub_addressesa

04/08/10, 04:36	#1
Man-wai Chang to The Door (33600bps) Posts: n/a Hébergeur:	Interesting changes in OpenSSH 5.4p1 that affected Putty From its change log: http://www.openssh.com/txt/release-5.4 * New RSA keys will be generated with a public exponent of RSA_F4 == (2*16)+1 == 65537 instead of the previous value 35. Passphrase-protected SSH protocol 2 private keys are now protected with AES-128 instead of 3DES. This applied to newly-generated keys as well as keys that are reencrypted (e.g. by changing their passphrase). Puttygen could NOT handle the new passphrase-protected key. -- @~@ Might, Courage, Vision, SINCERITY. / v \ Simplicity is Beauty! May the Force and Farce be with you! /( _ )\ (x86_64 Ubuntu 9.10) Linux 2.6.33.2 ^ ^ 11:36:01 up 4 days 3:28 2 users load average: 0.00 0.00 0.00 äžåè²ž! äžè©éš! äžæŽäº€! äžæäº€! äžæå«! äžèªæ®º! è«èæ®ç¶æŽ (CSSA): http://www.swd.gov.hk/tc/index/site_...sub_addressesa

04/11/10, 11:36	#2
Man-wai Chang to The Door (33600bps) Posts: n/a Hébergeur:	Re: Interesting changes in OpenSSH 5.4p1 that affected Putty Error message from puttygen.exe: Couldn't load private key (ciphers other than DES-EDE3-CBC not supported On 4/8/2010 11:36, Man-wai Chang to The Door (33600bps) wrote: > > From its change log: http://www.openssh.com/txt/release-5.4 > > * New RSA keys will be generated with a public exponent of RSA_F4 == > (2*16)+1 == 65537 instead of the previous value 35. > > Passphrase-protected SSH protocol 2 private keys are now protected > with AES-128 instead of 3DES. This applied to newly-generated keys > as well as keys that are reencrypted (e.g. by changing their > passphrase). -- @~@ Might, Courage, Vision, SINCERITY. / v \ Simplicity is Beauty! May the Force and Farce be with you! /( _ )\ (x86_64 Ubuntu 9.10) Linux 2.6.33.2 ^ ^ 18:36:01 up 7 days 10:28 2 users load average: 3.58 4.22 3.82 äžåè²ž! äžè©éš! äžæŽäº€! äžæäº€! äžæå«! äžèªæ®º! è«èæ®ç¶æŽ (CSSA): http://www.swd.gov.hk/tc/index/site_...sub_addressesa

04/15/10, 23:17	#3
Jacob Nevins Posts: n/a Hébergeur:	Re: Interesting changes in OpenSSH 5.4p1 that affected Putty Man-wai Chang to The Door (33600bps) <toylet.toylet@gmail.com> writes: > From its change log: http://www.openssh.com/txt/release-5.4 > >* New RSA keys will be generated with a public exponent of RSA_F4 == > (2*16)+1 == 65537 instead of the previous value 35. > > Passphrase-protected SSH protocol 2 private keys are now protected > with AES-128 instead of 3DES. This applied to newly-generated keys > as well as keys that are reencrypted (e.g. by changing their > passphrase). > >Puttygen could NOT handle the new passphrase-protected key. Support for AES encryption has been added to the development snapshots of PuTTYgen (from r8916, 2010-04-13). Windows executables built nightly are available from the PuTTY website to try. (I don't think the exponent change will affect PuTTYgen?)

04/16/10, 12:10	#4
Man-wai Chang to The Door (33600bps) Posts: n/a Hébergeur:	Re: Interesting changes in OpenSSH 5.4p1 that affected Putty >> * Passphrase-protected SSH protocol 2 private keys are now protected >> with AES-128 instead of 3DES. This applied to newly-generated keys >> as well as keys that are reencrypted (e.g. by changing their >> passphrase). >> >> Puttygen could NOT handle the new passphrase-protected key. > > Support for AES encryption has been added to the development snapshots > of PuTTYgen (from r8916, 2010-04-13). Windows executables built > nightly are available from the PuTTY website to try. > > (I don't think the exponent change will affect PuTTYgen?) Excellent! Thank you again! -- @~@ Might, Courage, Vision, SINCERITY. / v \ Simplicity is Beauty! May the Force and Farce be with you! /( _ )\ (x86_64 Ubuntu 9.10) Linux 2.6.33.2 ^ ^ 19:10:01 up 12 days 11:02 2 users load average: 1.01 1.05 1.09 äžåè²ž! äžè©éš! äžæŽäº€! äžæäº€! äžæå«! äžèªæ®º! è«èæ®ç¶æŽ (CSSA): http://www.swd.gov.hk/tc/index/site_...sub_addressesa