cipherdyne.org

Michael Rash, Security Researcher



Software Release - fwknop-0.9.6

The 0.9.6 release of fwknop is ready for download. Here is an excerpt from the ChangeLog:
  • Added GPG based authentication capability for SPA packets. This new mode can be configured to require that a GPG message be signed with a particular key or set of keys.
  • In GPG mode, the fwknop client now prints GPG errors to stdout if not running with --gpg-no-batch-mode.
  • Added the ability to require that the client know the UNIX crypt() password associated with a username on the server side. This functionality is enabled on the fwknop client with the "--Server-auth crypt" command line argument, and the REQUIRE_AUTH_METHOD variable in /etc/fwknop/access.conf on the fwknopd server.
  • Added patch against OpenSSH-4.2p1 to integrate SPA mode. This patch adds a "-K <fwknop cmd line>" argument to the SSH client so that fwknop can be executed directly before an SSH connection is made.
  • Separated server and client portions of fwknop into "fwknopd" and fwknop respectively. This will allow better portability to be developed since the client and server pieces can be developed more independently.