summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/monitor_wrap.h (follow)
Commit message (Collapse)AuthorAgeFilesLines
* revised log infrastructure for OpenSSHdjm2020-10-161-2/+3
| | | | | | | log functions receive function, filename and line number of caller. We can use this to selectively enable logging via pattern-lists. ok markus@
* support for user-verified FIDO keysdjm2020-08-271-2/+3
| | | | | | | | | | | | | | | FIDO2 supports a notion of "user verification" where the user is required to demonstrate their identity to the token before particular operations (e.g. signing). Typically this is done by authenticating themselves using a PIN that has been set on the token. This adds support for generating and using user verified keys where the verification happens via PIN (other options might be added in the future, but none are in common use now). Practically, this adds another key generation option "verify-required" that yields a key that requires a PIN before each authentication. feedback markus@ and Pedro Martelletto; ok markus@
* Add new structure for signature optionsdjm2019-11-251-2/+3
| | | | | | | | | This is populated during signature verification with additional fields that are present in and covered by the signature. At the moment, it is only used to record security key-specific options, especially the flags field. with and ok markus@
* Refactor signing - use sshkey_sign for everything, including the newdjm2019-10-311-2/+2
| | | | | | | | | | | U2F signatures. Don't use sshsk_ecdsa_sign() directly, instead make it reachable via sshkey_sign() like all other signature operations. This means that we need to add a provider argument to sshkey_sign(), so most of this change is mechanically adding that. Suggested by / ok markus@
* fixes for !WITH_OPENSSL compilation; ok dtucker@djm2019-09-061-1/+3
|
* remove last references to active_statedjm2019-01-191-6/+5
| | | | with & ok markus@
* convert monitor.c to new packet APIdjm2019-01-191-3/+1
| | | | with & ok markus@
* convert auth.c to new packet APIdjm2019-01-191-2/+3
| | | | with & ok markus@
* remove legacy key emulation layer; ok djm@markus2018-07-111-3/+3
|
* switch over to the new authorized_keys options API and remove thedjm2018-03-031-4/+7
| | | | | | | | | legacy one. Includes a fairly big refactor of auth2-pubkey.c to retain less state between key file lines. feedback and ok markus@
* pass negotiated signing algorithm though to sshkey_verify() anddjm2017-12-181-2/+2
| | | | | check that the negotiated algorithm matches the type in the signature (only matters for RSA SHA1/SHA2 sigs). ok markus@
* clear session keys from memory; ok djm@markus2017-05-311-2/+2
|
* switch auth2-pubkey.c to modern APIs; with & ok djm@markus2017-05-301-2/+3
|
* switch from Key typedef with struct sshkey; ok djm@markus2017-05-301-6/+8
|
* Remove support for pre-authentication compression. Doing compressiondjm2016-09-281-4/+1
| | | | | | | | | | | | | | | | | early in the protocol probably seemed reasonable in the 1990s, but today it's clearly a bad idea in terms of both cryptography (cf. multiple compression oracle attacks in TLS) and attack surface. Moreover, to support it across privilege-separation zlib needed the assistance of a complex shared-memory manager that made the required attack surface considerably larger. Prompted by Guido Vranken pointing out a compiler-elided security check in the shared memory manager found by Stack (http://css.csail.mit.edu/stack/); ok deraadt@ markus@ NB. pre-auth authentication has been disabled by default in sshd for >10 years.
* remove ssh1 server code; ok djm@markus2016-08-131-11/+2
|
* refactor canohost.c: move functions that cache results closer to thedjm2016-03-071-4/+6
| | | | | | | places that use them (authn and session code). After this, no state is cached in canohost.c feedback and ok markus@
* implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth)markus2015-12-041-2/+2
| | | | | based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt; with & ok djm@
* remove prototypes for long-gone s/key support; ok dtucker@djm2015-11-111-5/+1
|
* prevent authorized_keys options picked up on public key tests withoutdjm2015-05-011-3/+3
| | | | | a corresponding private key authentication being applied to other authentication methods. Reported by halex@, ok markus@
* Revise hostkeys@openssh.com hostkey learning extension.djm2015-02-161-2/+2
| | | | | | | | | | The client will not ask the server to prove ownership of the private halves of any hitherto-unseen hostkeys it offers to the client. Allow UpdateHostKeys option to take an 'ask' argument to let the user manually review keys offered. ok markus@
* update packet.c & isolate, introduce struct sshmarkus2015-01-191-5/+2
| | | | | | | | a) switch packet.c to buffer api and isolate per-connection info into struct ssh b) (de)serialization of the state is moved from monitor to packet.c c) the old packet.c API is implemented in opacket.[ch] d) compress.c/h is removed and integrated into packet.c with and ok djm@
* remove experimental, never-enabled JPAKE code; ok markus@djm2014-01-291-21/+1
|
* make the pre-auth privsep slave log via a socketpair shared with thedjm2011-06-171-1/+2
| | | | monitor rather than /var/empty/dev/log; ok dtucker@ deraadt@ markus@
* refactor the (disabled) Schnorr proof code to make it a little moredjm2009-03-051-5/+5
| | | | generally useful
* Add support for an experimental zero-knowledge password authenticationdjm2008-11-041-1/+21
| | | | | | | | | | | | | | | | method using the J-PAKE protocol described in F. Hao, P. Ryan, "Password Authenticated Key Exchange by Juggling", 16th Workshop on Security Protocols, Cambridge, April 2008. This method allows password-based authentication without exposing the password to the server. Instead, the client and server exchange cryptographic proofs to demonstrate of knowledge of the password while revealing nothing useful to an attacker or compromised endpoint. This is experimental, work-in-progress code and is presently compiled-time disabled (turn on -DJPAKE in Makefile.inc). "just commit it. It isn't too intrusive." deraadt@
* almost entirely get rid of the culture of ".h files that include .h files"deraadt2006-08-031-9/+1
| | | | | ok djm, sort of ok stevesk makes the pain stop in one easy step
* don't need incompletely-typed 'struct passwd' now withstevesk2006-07-141-2/+1
| | | | #include <pwd.h>; ok markus@
* typo in commentstevesk2006-07-061-2/+2
|
* move #include <pwd.h> out of includes.h; ok markus@stevesk2006-07-061-1/+6
|
* standardise spacing in $OpenBSD$ tags; requested by deraadt@djm2006-03-251-1/+1
|
* sprinkle u_int throughout pty subsystem, ok markusderaadt2006-03-201-2/+2
|
* make ssh -Wshadow clean, no functional changesavsm2004-06-211-4/+4
| | | | markus@ ok
* replace "gssapi" with "gssapi-with-mic"; from Simon Wilkinson; test + ok jakob.markus2003-11-171-1/+2
|
* replace fatal_cleanup() and linked list of fatal callbacks with staticmarkus2003-09-231-2/+4
| | | | | | cleanup_exit() function. re-refine cleanup_exit() where appropriate, allocate sshd's authctxt eary to allow simpler cleanup in sshd. tested by many, ok deraadt@
* remove kerberos support from ssh1, since it has been replaced with GSSAPI;markus2003-08-281-8/+1
| | | | but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
* support GSS API user authentication; patches from Simon Wilkinson,markus2003-08-221-1/+9
| | | | stripped down and tested by Jakob and myself.
* remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1);markus2003-07-221-4/+1
| | | | test+ok henning@
* krb4 + privsep; ok dugsong@, deraadt@markus2002-09-261-2/+5
|
* kerberos support for privsep. confirmed to work by lha@stacken.kth.seitojun2002-09-091-1/+8
| | | | patch from markus
* minor KNFderaadt2002-06-301-2/+2
|
* Fix sshd Banner option for privsep; ok markus@ provos@djm2002-05-121-1/+2
|
* $OpenBSD$stevesk2002-03-261-0/+2
|
* make getpwnamallow() allways call pwcopy()markus2002-03-191-3/+0
|
* clean up prototypesmarkus2002-03-191-0/+1
|
* implementation of the interface between privileged and unprivileged processprovos2002-03-181-0/+87
for ssh-privsep
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.