summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/auth2-hostbased.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* update to new API (key_fingerprint => sshkey_fingerprint)djm2015-01-281-5/+7
| | | | | check sshkey_fingerprint return values; ok markus
* remove obsolete commentdjm2015-01-281-2/+1
|
* add sshd_config HostbasedAcceptedKeyTypes and PubkeyAcceptedKeyTypesdjm2015-01-131-1/+10
| | | | | options to allow sshd to control what public key types will be accepted. Currently defaults to all. Feedback & ok markus@
* deprecate key_load_private_pem() and sshkey_load_private_pem()djm2015-01-081-1/+2
| | | | | | | | | | | | | | | interfaces. Refactor the generic key loading API to not require pathnames to be specified (they weren't really used). Fixes a few other things en passant: Makes ed25519 keys work for hostbased authentication (ssh-keysign previously used the PEM-only routines). Fixes key comment regression bz#2306: key pathnames were being lost as comment fields. ok markus@
* KNF and add a little more debug()djm2014-12-231-5/+13
|
* Add FingerprintHash option to control algorithm used for keydjm2014-12-211-3/+4
| | | | | | | fingerprints. Default changes from MD5 to SHA256 and format from hex to base64. Feedback and ok naddy@ markus@
* Add support for Unix domain socket forwarding. A remote TCP portmillert2014-07-151-1/+2
| | | | | | | | may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@
* refuse RSA keys from old proprietary clients/servers that use thedjm2013-12-301-1/+7
| | | | | | obsolete RSA+MD5 signature scheme. it will still be possible to connect with these clients/servers but only DSA keys will be accepted, and we'll deprecate them entirely in a future release. ok markus@
* for hostbased authentication, print the client host and user ondjm2013-06-211-1/+5
| | | | the auth success/failure line; bz#2064, ok dtucker@
* bye, bye xfree(); ok markus@djm2013-05-171-7/+7
|
* enable certificates for hostbased authentication, from Iain Morgan;djm2010-08-041-3/+28
| | | | "looks ok" markus@
* Add a TrustedUserCAKeys option to sshd_config to specify CA keys thatdjm2010-03-041-1/+4
| | | | | | | | | | | are trusted to authenticate users (in addition than doing it per-user in authorized_keys). Add a RevokedKeys option to sshd_config and a @revoked marker to known_hosts to allow keys to me revoked and banned for user or host authentication. feedback and ok markus@
* strip trailing '.' from hostname when HostbasedUsesNameFromPacketOnly=yesdjm2008-07-171-5/+6
| | | | report and patch from res AT qoxp.net (bz#1200); ok markus@
* almost entirely get rid of the culture of ".h files that include .h files"deraadt2006-08-031-5/+8
| | | | | ok djm, sort of ok stevesk makes the pain stop in one easy step
* move #include <string.h> out of includes.hstevesk2006-07-221-1/+2
|
* move #include <pwd.h> out of includes.h; ok markus@stevesk2006-07-061-1/+5
|
* Put $OpenBSD$ tags back (as comments) to replace the RCSID()s thatdjm2006-03-251-0/+1
| | | | Theo nuked - our scripts to sync -portable need them in the files
* RCSID() can diederaadt2006-03-191-1/+0
|
* fix mem leaks; some fixes from Pete Flugstad; tested dtucker@markus2004-01-191-2/+2
|
* int -> u_int; ok djm@, deraadt@, mouring@markus2003-06-241-2/+2
|
* deprecate VerifyReverseMapping since it's dangerous if combinedmarkus2003-06-021-2/+2
| | | | | | | with IP based access control as noted by Mike Harding; replace with a UseDNS option, UseDNS is on by default and includes the VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@ ok deraadt@, djm@
* rename log() into logit() to avoid name conflict. markus ok, from netbsditojun2003-04-081-3/+3
|
* move Authmethod definitons to per-method file.markus2002-05-311-2/+8
|
* split auth2.c into one file per method; ok provos@/deraadt@markus2002-05-251-0/+176
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.