| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
make privilege dropping optional but allow it via callbacks (to avoid
need to link uidswap.c everywhere)
add some other flags (keep environment, disable strict path safety check)
that make this more useful for client-side use.
feedback & ok markus@
|
| | |
|
| |
|
|
| |
with & ok markus@
|
| |
|
|
| |
with & ok markus@
|
| | |
|
| |
|
|
| |
with codespell tool (https://github.com/lucasdemarchi/codespell)
|
| |
|
|
|
|
|
|
|
| |
legacy one.
Includes a fairly big refactor of auth2-pubkey.c to retain less state
between key file lines.
feedback and ok markus@
|
| | |
|
| |
|
|
|
|
|
| |
misc.c. Extend subprocess() to offer a little more control over stdio
disposition.
feedback & ok dtucker@
|
| |
|
|
|
|
|
| |
optionally record successful auth methods and public credentials
used in a file accessible to user sessions
feedback and ok markus@
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
places that use them (authn and session code). After this, no state is
cached in canohost.c
feedback and ok markus@
|
| |
|
|
|
| |
based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt;
with & ok djm@
|
| | |
|
| | |
|
| |
|
|
|
| |
a corresponding private key authentication being applied to other
authentication methods. Reported by halex@, ok markus@
|
| |
|
|
|
|
|
|
|
|
| |
The client will not ask the server to prove ownership of the private
halves of any hitherto-unseen hostkeys it offers to the client.
Allow UpdateHostKeys option to take an 'ask' argument to let the
user manually review keys offered.
ok markus@
|
| |
|
|
|
|
|
|
| |
host keys. Fixes connection-killing host key mismatches when
a server offers multiple ECDSA keys with different curve type
(an extremely unlikely configuration).
ok markus, "looks mechanical" deraadt@
|
| | |
|
| |
|
|
|
|
|
|
|
| |
refuse to accept previously-used keys.
This allows AuthenticationMethods=publickey,publickey to require
that users authenticate using two _different_ pubkeys.
ok markus@
|
| |
|
|
|
| |
user, source address, port and protocol in a format similar to the
authentication success / failure messages; bz#2199, ok dtucker
|
| | |
|
| |
|
|
|
| |
or hostkeys on smartcards; most of the work by Zev Weiss; bz #1974
ok djm@
|
| |
|
|
| |
the auth success/failure line; bz#2064, ok dtucker@
|
| |
|
|
|
|
|
|
|
|
| |
and ruser is now logged in the auth success/failure message alongside
the local username, remote host/port and protocol in use. Certificates
contents and CA are logged too.
Pushing all logging onto a single line simplifies log analysis as it is
no longer necessary to relate information scattered across multiple log
entries. "I like it" markus@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, we recorded "Failed xxx" since we reset authenticated before
calling auth_log() in auth2.c. This adds an explcit "Partial" state.
Add a "submethod" to auth_log() to report which submethod is used
for keyboard-interactive.
Fix multiple authentication when one of the methods is
keyboard-interactive.
ok markus@
|
| |
|
|
|
|
|
| |
option. This option lists one or more comma-separated lists of
authentication method names. Successful completion of all the methods in
any list is required for authentication to complete;
feedback and ok markus@
|
| |
|
|
|
|
|
|
|
| |
authorized_keys from a command in addition to (or instead of) from
the filesystem. The command is run as the target server user unless
another specified via a new AuthorizedKeysCommandUser option.
patch originally by jchadima AT redhat.com, reworked by me; feedback
and ok markus@
|
| |
|
|
|
|
|
|
|
| |
Bring back authorized_keys2 as a default search path (to avoid breaking
existing users of this file), but override this in sshd_config so it will
be no longer used on fresh installs. Maybe in 2015 we can remove it
entierly :)
feedback and ok markus@ dtucker@
|
| |
|
|
|
| |
of protocol v.2 support and has been undocumented for many years;
ok markus@
|
| |
|
|
|
| |
authentication failure and don't count such failures against MaxAuthTries;
bz#1244 from simon AT sxw.org.uk; ok markus@ before lock
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
in certificates. Currently, a certificate must include the a user's name
to be accepted for authentication. This change adds the ability to
specify a list of certificate principal names that are acceptable.
When authenticating using a CA trusted through ~/.ssh/authorized_keys,
this adds a new principals="name1[,name2,...]" key option.
For CAs listed through sshd_config's TrustedCAKeys option, a new config
option "AuthorizedPrincipalsFile" specifies a per-user file containing
the list of acceptable names.
If either option is absent, the current behaviour of requiring the
username to appear in principals continues to apply.
These options are useful for role accounts, disjoint account namespaces
and "user@realm"-style naming policies in certificates.
feedback and ok markus@
|
| |
|
|
|
|
|
|
|
|
|
| |
are trusted to authenticate users (in addition than doing it per-user
in authorized_keys).
Add a RevokedKeys option to sshd_config and a @revoked marker to
known_hosts to allow keys to me revoked and banned for user or host
authentication.
feedback and ok markus@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenSSH certificate key types are not X.509 certificates, but a much
simpler format that encodes a public key, identity information and
some validity constraints and signs it with a CA key. CA keys are
regular SSH keys. This certificate style avoids the attack surface
of X.509 certificates and is very easy to deploy.
Certified host keys allow automatic acceptance of new host keys
when a CA certificate is marked as trusted in ~/.ssh/known_hosts.
see VERIFYING HOST KEYS in ssh(1) for details.
Certified user keys allow authentication of users when the signing
CA key is marked as trusted in authorized_keys. See "AUTHORIZED_KEYS
FILE FORMAT" in sshd(8) for details.
Certificates are minted using ssh-keygen(1), documentation is in
the "CERTIFICATES" section of that manpage.
Documentation on the format of certificates is in the file
PROTOCOL.certkeys
feedback and ok markus@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
method using the J-PAKE protocol described in F. Hao, P. Ryan,
"Password Authenticated Key Exchange by Juggling", 16th Workshop on
Security Protocols, Cambridge, April 2008.
This method allows password-based authentication without exposing
the password to the server. Instead, the client and server exchange
cryptographic proofs to demonstrate of knowledge of the password while
revealing nothing useful to an attacker or compromised endpoint.
This is experimental, work-in-progress code and is presently
compiled-time disabled (turn on -DJPAKE in Makefile.inc).
"just commit it. It isn't too intrusive." deraadt@
|
| |
|
|
|
| |
Holland via bz #1348 . Also checks for non-regular files during protocol
1 RSA auth. ok djm@
|
| |
|
|
|
|
|
| |
unifdef -USKEY
These options have been in use for some years;
ok markus@ "no objection" millert@
|
| | |
|
| |
|
|
| |
all alarms have been cancelled; ok deraadt
|
| |
|
|
|
| |
ok djm, sort of ok stevesk
makes the pain stop in one easy step
|
| | |
|
| |
|
|
| |
move
|
| | |
|
| |
|
|
|
| |
sig_atomic_t, unfortunately with some knock-on effects in other (non-
signal) contexts in which it is used; ok markus@
|
| | |
|
djm
markus
fgsch
dtucker
deraadt
stevesk