WireGuard implementation for the OpenBSD kernel https://git.zx2c4.com/wireguard-openbsd/atom/usr.bin/ssh/ssh2.h?h=jd%2Fqueueboosts 2016-05-04T14:22:33Z 2016-05-04T14:22:33Z markus markus@openbsd.org 2016-05-04T14:22:33Z urn:sha1:39c1575d069577d2e31dc8794f3cc90e7a6628ea 2016-01-14T16:17:39Z markus markus@openbsd.org 2016-01-14T16:17:39Z urn:sha1:9068ae8f34fcab1e99ad6c37c2ef9ca5e0586ef5 2015-12-04T16:41:28Z markus markus@openbsd.org 2015-12-04T16:41:28Z urn:sha1:321f30e3f5b45d16472e86661b83433fc7519525 based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt; with & ok djm@ 2014-01-29T06:18:35Z djm djm@openbsd.org 2014-01-29T06:18:35Z urn:sha1:79b68f8120009dd8043335250ee19778d382f8fd 2010-08-31T11:54:45Z djm djm@openbsd.org 2010-08-31T11:54:45Z urn:sha1:f6c050330e4dc3006a2e35a95631a28ac664b4a2 host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer better performance than plain DH and DSA at the same equivalent symmetric key length, as well as much shorter keys. Only the mandatory sections of RFC5656 are implemented, specifically the three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and ECDSA. Point compression (optional in RFC5656 is NOT implemented). Certificate host and user keys using the new ECDSA key types are supported. Note that this code has not been tested for interoperability and may be subject to change. feedback and ok markus@ 2010-02-26T20:29:54Z djm djm@openbsd.org 2010-02-26T20:29:54Z urn:sha1:b94e498ee01728630740033222d91168419128b4 OpenSSH certificate key types are not X.509 certificates, but a much simpler format that encodes a public key, identity information and some validity constraints and signs it with a CA key. CA keys are regular SSH keys. This certificate style avoids the attack surface of X.509 certificates and is very easy to deploy. Certified host keys allow automatic acceptance of new host keys when a CA certificate is marked as trusted in ~/.ssh/known_hosts. see VERIFYING HOST KEYS in ssh(1) for details. Certified user keys allow authentication of users when the signing CA key is marked as trusted in authorized_keys. See "AUTHORIZED_KEYS FILE FORMAT" in sshd(8) for details. Certificates are minted using ssh-keygen(1), documentation is in the "CERTIFICATES" section of that manpage. Documentation on the format of certificates is in the file PROTOCOL.certkeys feedback and ok markus@ 2009-10-24T11:19:17Z andreas andreas@openbsd.org 2009-10-24T11:19:17Z urn:sha1:65658dc8f9f4794c2e8c553a46d7d3190ea4e454 ok markus@ 2008-11-04T08:22:12Z djm djm@openbsd.org 2008-11-04T08:22:12Z urn:sha1:5e1e7a5242b1ab8ed68e80b6a58e9bc53ef4eafc method using the J-PAKE protocol described in F. Hao, P. Ryan, "Password Authenticated Key Exchange by Juggling", 16th Workshop on Security Protocols, Cambridge, April 2008. This method allows password-based authentication without exposing the password to the server. Instead, the client and server exchange cryptographic proofs to demonstrate of knowledge of the password while revealing nothing useful to an attacker or compromised endpoint. This is experimental, work-in-progress code and is presently compiled-time disabled (turn on -DJPAKE in Makefile.inc). "just commit it. It isn't too intrusive." deraadt@ 2006-03-25T22:22:42Z djm djm@openbsd.org 2006-03-25T22:22:42Z urn:sha1:84cabb1018fc19a0ebf081037182fd1fb5b2ce51 2003-05-14T00:52:59Z markus markus@openbsd.org 2003-05-14T00:52:59Z urn:sha1:63289d4f0390f4e0f5c526255b16d906fd54e690