summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/authfile.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* enable certificates for hostbased authentication, from Iain Morgan;djm2010-08-041-1/+59
| | | | "looks ok" markus@
* Add a TrustedUserCAKeys option to sshd_config to specify CA keys thatdjm2010-03-041-1/+63
| | | | | | | | | | | are trusted to authenticate users (in addition than doing it per-user in authorized_keys). Add a RevokedKeys option to sshd_config and a @revoked marker to known_hosts to allow keys to me revoked and banned for user or host authentication. feedback and ok markus@
* Fix bug introduced in r1.78 (incorrect brace location) that broke key auth.dtucker2010-01-121-2/+2
| | | | Patch from joachim joachimschipper nl.
* Do not prompt for a passphrase if we fail to open a keyfile, and log thedtucker2010-01-111-3/+11
| | | | | reason the open failed to debug. bz #1693, found by tj AT castaglia org, ok djm@
* switch from 3DES to AES-128 for encryption of passphrase-protecteddjm2009-10-221-2/+2
| | | | SSH protocol 2 private keys; ok several
* almost entirely get rid of the culture of ".h files that include .h files"deraadt2006-08-031-4/+3
| | | | | ok djm, sort of ok stevesk makes the pain stop in one easy step
* clean extra spacesstevesk2006-08-011-2/+2
|
* move #include <stdio.h> out of includes.hstevesk2006-08-011-1/+2
|
* move #include <stdlib.h> out of includes.hstevesk2006-07-261-1/+2
|
* move #include <sys/param.h> out of includes.hstevesk2006-07-261-1/+2
|
* move #include <string.h> out of includes.hstevesk2006-07-221-1/+2
|
* move #include <unistd.h> out of includes.hstevesk2006-07-171-1/+2
|
* need <errno.h> here also (it's also included in <openssl/err.h>)stevesk2006-07-111-1/+2
|
* move #include <fcntl.h> out of includes.hstevesk2006-07-091-1/+3
|
* Prevent ssh from trying to open private keys with bad permissions more thandtucker2006-04-251-2/+6
| | | | | once or prompting for their passphrases (which it subsequently ignores anyway), similar to a previous change in ssh-add. bz #1186, ok djm@
* Put $OpenBSD$ tags back (as comments) to replace the RCSID()s thatdjm2006-03-251-0/+1
| | | | Theo nuked - our scripts to sync -portable need them in the files
* whoever thought that break after return was a good idea needs to get their head examimedderaadt2006-03-191-4/+0
|
* RCSID() can diederaadt2006-03-191-1/+0
|
* Make ssh-add check file permissions before attempting to load privatedtucker2006-03-131-2/+2
| | | | | key files multiple times; it will fail anyway and this prevents confusing multiple prompts and warnings. mindrot #1138, ok djm@
* move #include <sys/stat.h> out of includes.h; ok markus@stevesk2006-02-201-1/+4
|
* make this -Wsign-compare clean; ok avsm@ markus@djm2005-06-171-7/+9
|
* Fix debug call in error path of authorized_keys processing and fix relateddtucker2004-12-111-2/+3
| | | | warnings; ok djm@
* Discard over-length authorized_keys entries rather than complaining whendtucker2004-12-061-4/+5
| | | | they don't decode. bz #884, with & ok djm@
* fix error path, spotted by Martin.Kraemer AT Fujitsu-Siemens.com; ok markusdjm2004-08-231-3/+6
|
* make ssh -Wshadow clean, no functional changesavsm2004-06-211-5/+5
| | | | markus@ ok
* improve some code lint did not like; djm millert okderaadt2004-05-111-5/+11
|
* missing buffer_free(&encrypted); #662; zardoz at users.sf.netmarkus2003-09-181-1/+2
|
* cast some types for printing; ok markus@djm2003-05-241-2/+2
|
* change key_load_public to try to read a public from:markus2003-05-111-1/+10
| | | | | | rsa1 private or rsa1 public and ssh2 keys. this makes ssh-keygen -e fail for ssh1 keys more gracefully for example; report from itojun (netbsd pr 20550).
* move RSA_blinding_on to generic key load methodmarkus2003-03-131-1/+12
|
* lseek(2) may return -1 when getting the public/private key lenght.fgsch2002-11-151-5/+16
| | | | | | Simplify the code and check for errors using fstat(2). Problem reported by Mauricio Sanchez, markus@ ok.
* cat to (void) when output from buffer_get_X is ignoredmarkus2002-06-241-3/+3
|
* add /usr/libexec/ssh-keysign: a setuid helper program for hostbased authenticationmarkus2002-05-231-2/+2
| | | | in protocol v2 (needs to access the hostkeys).
* add some const EVP_MD for openssl-0.9.7markus2002-02-281-2/+2
|
* signed vs. unsigned: make size arguments u_int, ok stevesk@markus2002-02-241-2/+2
|
* hide some more implementation details of cipher.[ch] and prepares for movemarkus2002-02-141-12/+14
| | | | to EVP, ok deraadt@
* remove unneeded casts and some char->u_char cleanup; ok markus@stevesk2001-12-291-7/+7
|
* missing includemarkus2001-12-271-1/+2
|
* call fatal() for openssl allocation failuresmarkus2001-12-271-14/+2
|
* change the buffer/packet interface to use void* vs. char*; ok markus@stevesk2001-12-191-5/+5
|
* basic KNF done while i was looking for something elsederaadt2001-12-191-4/+4
|
* minor KNFderaadt2001-12-051-2/+2
|
* grammer; Matthew_Clarke@mindlink.bc.camarkus2001-10-071-5/+5
|
* relax permission check for private key files.markus2001-09-231-7/+10
|
* more strict prototypes. raise warning level in Makefile.inc. markus ok'editojun2001-06-231-8/+8
| | | | TODO; cleanup headers
* use xxx_put_cstring()markus2001-06-071-2/+2
|
* typomarkus2001-05-291-2/+2
|
* key_load_private: set comment to filename for PEM keysmarkus2001-05-281-5/+8
|
* return comments for private pem files, too; report from nolan@naic.edumarkus2001-05-161-2/+3
|
* error->debug; noted by fries@markus2001-04-181-2/+2
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.