summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/authfile.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* read in key comments for v.2 keys (though note that these are notdjm2011-05-231-3/+6
| | | | | passed over the agent protocol); bz#439, based on patch from binder AT arago.de; ok markus@
* warn on unexpected key type in key_parse_private_type()djm2011-05-131-1/+2
|
* despam debug() logs by detecting that we are trying to load a private keydjm2011-05-101-1/+4
| | | | in key_try_load_public() and returning early; ok markus@
* allow "ssh-add - < key"; feedback and ok markus@djm2011-05-041-36/+64
|
* correctly load comment for encrypted rsa1 keys;markus2010-11-291-2/+3
| | | | report/fix Joachim Schipper; ok djm@
* Refactor internals of private key loading and saving to work on memorydjm2010-11-211-193/+254
| | | | | buffers rather than directly on files. This will make a few things easier to do in the future; ok markus@
* fix a possible NULL deref on loading a corrupt ECDH keydjm2010-10-281-9/+5
| | | | | | | store ECDH group information in private keys files as "named groups" rather than as a set of explicit group parameters (by setting the OPENSSL_EC_NAMED_CURVE flag). This makes for shorter key files and retrieves the group's OpenSSL NID that we need for various things.
* typodjm2010-09-081-2/+2
|
* Implement Elliptic Curve Cryptography modes for key exchange (ECDH) anddjm2010-08-311-1/+31
| | | | | | | | | | | | | | | | | host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer better performance than plain DH and DSA at the same equivalent symmetric key length, as well as much shorter keys. Only the mandatory sections of RFC5656 are implemented, specifically the three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and ECDSA. Point compression (optional in RFC5656 is NOT implemented). Certificate host and user keys using the new ECDSA key types are supported. Note that this code has not been tested for interoperability and may be subject to change. feedback and ok markus@
* commited the wrong version of the hostbased certificate diff; thisdjm2010-08-041-5/+7
| | | | | version replaces some strlc{py,at} verbosity with xasprintf() at the request of markus@
* enable certificates for hostbased authentication, from Iain Morgan;djm2010-08-041-1/+59
| | | | "looks ok" markus@
* Add a TrustedUserCAKeys option to sshd_config to specify CA keys thatdjm2010-03-041-1/+63
| | | | | | | | | | | are trusted to authenticate users (in addition than doing it per-user in authorized_keys). Add a RevokedKeys option to sshd_config and a @revoked marker to known_hosts to allow keys to me revoked and banned for user or host authentication. feedback and ok markus@
* Fix bug introduced in r1.78 (incorrect brace location) that broke key auth.dtucker2010-01-121-2/+2
| | | | Patch from joachim joachimschipper nl.
* Do not prompt for a passphrase if we fail to open a keyfile, and log thedtucker2010-01-111-3/+11
| | | | | reason the open failed to debug. bz #1693, found by tj AT castaglia org, ok djm@
* switch from 3DES to AES-128 for encryption of passphrase-protecteddjm2009-10-221-2/+2
| | | | SSH protocol 2 private keys; ok several
* almost entirely get rid of the culture of ".h files that include .h files"deraadt2006-08-031-4/+3
| | | | | ok djm, sort of ok stevesk makes the pain stop in one easy step
* clean extra spacesstevesk2006-08-011-2/+2
|
* move #include <stdio.h> out of includes.hstevesk2006-08-011-1/+2
|
* move #include <stdlib.h> out of includes.hstevesk2006-07-261-1/+2
|
* move #include <sys/param.h> out of includes.hstevesk2006-07-261-1/+2
|
* move #include <string.h> out of includes.hstevesk2006-07-221-1/+2
|
* move #include <unistd.h> out of includes.hstevesk2006-07-171-1/+2
|
* need <errno.h> here also (it's also included in <openssl/err.h>)stevesk2006-07-111-1/+2
|
* move #include <fcntl.h> out of includes.hstevesk2006-07-091-1/+3
|
* Prevent ssh from trying to open private keys with bad permissions more thandtucker2006-04-251-2/+6
| | | | | once or prompting for their passphrases (which it subsequently ignores anyway), similar to a previous change in ssh-add. bz #1186, ok djm@
* Put $OpenBSD$ tags back (as comments) to replace the RCSID()s thatdjm2006-03-251-0/+1
| | | | Theo nuked - our scripts to sync -portable need them in the files
* whoever thought that break after return was a good idea needs to get their head examimedderaadt2006-03-191-4/+0
|
* RCSID() can diederaadt2006-03-191-1/+0
|
* Make ssh-add check file permissions before attempting to load privatedtucker2006-03-131-2/+2
| | | | | key files multiple times; it will fail anyway and this prevents confusing multiple prompts and warnings. mindrot #1138, ok djm@
* move #include <sys/stat.h> out of includes.h; ok markus@stevesk2006-02-201-1/+4
|
* make this -Wsign-compare clean; ok avsm@ markus@djm2005-06-171-7/+9
|
* Fix debug call in error path of authorized_keys processing and fix relateddtucker2004-12-111-2/+3
| | | | warnings; ok djm@
* Discard over-length authorized_keys entries rather than complaining whendtucker2004-12-061-4/+5
| | | | they don't decode. bz #884, with & ok djm@
* fix error path, spotted by Martin.Kraemer AT Fujitsu-Siemens.com; ok markusdjm2004-08-231-3/+6
|
* make ssh -Wshadow clean, no functional changesavsm2004-06-211-5/+5
| | | | markus@ ok
* improve some code lint did not like; djm millert okderaadt2004-05-111-5/+11
|
* missing buffer_free(&encrypted); #662; zardoz at users.sf.netmarkus2003-09-181-1/+2
|
* cast some types for printing; ok markus@djm2003-05-241-2/+2
|
* change key_load_public to try to read a public from:markus2003-05-111-1/+10
| | | | | | rsa1 private or rsa1 public and ssh2 keys. this makes ssh-keygen -e fail for ssh1 keys more gracefully for example; report from itojun (netbsd pr 20550).
* move RSA_blinding_on to generic key load methodmarkus2003-03-131-1/+12
|
* lseek(2) may return -1 when getting the public/private key lenght.fgsch2002-11-151-5/+16
| | | | | | Simplify the code and check for errors using fstat(2). Problem reported by Mauricio Sanchez, markus@ ok.
* cat to (void) when output from buffer_get_X is ignoredmarkus2002-06-241-3/+3
|
* add /usr/libexec/ssh-keysign: a setuid helper program for hostbased authenticationmarkus2002-05-231-2/+2
| | | | in protocol v2 (needs to access the hostkeys).
* add some const EVP_MD for openssl-0.9.7markus2002-02-281-2/+2
|
* signed vs. unsigned: make size arguments u_int, ok stevesk@markus2002-02-241-2/+2
|
* hide some more implementation details of cipher.[ch] and prepares for movemarkus2002-02-141-12/+14
| | | | to EVP, ok deraadt@
* remove unneeded casts and some char->u_char cleanup; ok markus@stevesk2001-12-291-7/+7
|
* missing includemarkus2001-12-271-1/+2
|
* call fatal() for openssl allocation failuresmarkus2001-12-271-14/+2
|
* change the buffer/packet interface to use void* vs. char*; ok markus@stevesk2001-12-191-5/+5
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.