Starting November 1st, 2016 I am going to start offering premium access for members that pay monthly or yearly. This will include articles that have been specifically written and tested by me and posted on a special section on freebsdrocks.net. You will also get exclusive freebsd news as well as weekly updates from myself including what I am currently working on and I will also seek input from you on any new articles to post. I am depending on you to help me make freebsdrocks much better and possibly get some more traffic.
$50 a year or $5 a month
Please send donations to the paypal link to the right and reference SUBSCRIBER and your registered email address so I can setup your account to access our special features.
Thank you again for your support.
This was taken from https://wiki.archlinux.org/index.php/SSH_keys#Ed25519
The Windows SSH client PuTTY does not support ECDSA as of March 2016. One needs a PuTTY development snapshot to connect to a server that uses only ECDSA keys.
Ed25519 was introduced in OpenSSH 6.5: "Ed25519 is an elliptic curve signature scheme that offers better security than ECDSA and DSA and good performance". Its main strengths are its speed, its constant-time run time (and resistance against side-channel attacks), and its lack of nebulous hard-coded constants. See also this blog post by a Mozilla developer on how it works.
Ed25519 key pairs can be generated with:
# ssh-keygen -t ed25519
There is no need to set the key size, as all Ed25519 keys are 256 bits. Also, they rely on a new key format which "uses a bcrypt-based key derivation function that makes brute-force attacks against stolen private keys far slower".
For those reasons, compatibility with older versions of OpenSSH or other SSH clients and servers may prove troublesome.
Happy Monday! Today on October 17th it is an astonishing 68 degrees. Poolside anyone?
There are a few updates to post:
1) I have updated the vpopmail and backup walkthroughs to use better ssh encryption per my previous article.
2) On the configuring validrcptto page I have changed the fetch mkvalidrcptto location to now be included in the scripts4.tgz file. I am unsure how long John Simpsons site will be up and have attemtped to relocate anything that was on his site to mine. I plan on supporting qmail until it completely breaks.
Latest news from the FreeBSD list:
Dear FreeBSD community,
At 23:59 UTC, December 31, 2016, FreeBSD 9.3, 10.1 and 10.2 will reach
end-of-life and will no longer be supported by the FreeBSD Security Officers
Team. Users of FreeBSD 9.3, 10.1 and 10.2 are strongly encouraged to
upgrade to a newer release as soon as possible.
The currently supported branches and releases and their expected
end-of-life dates are:
|stable/9 |n/a |n/a |n/a |December 31, 2016 |
|releng/9.3 |9.3-RELEASE |Extended|July 16, 2014 |December 31, 2016 |
|stable/10 |n/a |n/a |n/a |last release + 2 years|
Please refer to https://security.freebsd.org/ for an up-to-date list of
supported releases and the latest security advisories.
This was taken from an email from the FreeBSD mailing list:
Dear FreeBSD Community:
Although the FreeBSD 11.0-RELEASE has not yet been officially announced,
many have found images on the Project FTP mirrors.
However, please be aware the final 11.0-RELEASE will be rebuilt and
republished on the Project mirrors as a result of a few last-minute
security fixes we feel are imperative to include in the final release.
FreeBSD users already running 11.0-RELEASE will be given instructions on
how to safely upgrade systems to the 11.0-RELEASE-p1 in the final
announcement email. Those building from source code can obtain the
latest security updates from the releng/11.0 branch in Subversion:
As the FreeBSD Project strives to provide the best possible product, the
Release Engineering team decided to build an updated release to include
the fixes. At present, we expect to have the final release available
Wednesday, October 5th. If you have not yet downloaded 11.0-RELEASE,
please wait for the official release announcement.
Thank you in advance for your patience waiting for 11.0-RELEASE, and of
course for understanding the reasons behind the updated release.
On behalf of: re@