summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/ssh-keyscan.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* include port number if a non-default one has been specified;djm2015-04-101-3/+6
| | | | based on patch from Michael Handler
* Do not use int for sig_atomic_t; spotted by christos@netbsd; ok markus@miod2015-04-051-2/+2
|
* set a timeout to prevent hangs when talking to busted servers;djm2015-01-301-1/+2
| | | | ok markus@
* avoid more fatal/exit in the packet.c paths that ssh-keyscandjm2015-01-301-2/+3
| | | | uses; feedback and "looks good" markus@
* avoid fatal() calls in packet codedjm2015-01-281-3/+5
| | | | | makes ssh-keyscan more reliable against server failures ok dtucker@ markus@
* Reduce use of <sys/param.h> and transition to <limits.h> throughout.deraadt2015-01-201-2/+1
| | | | ok djm markus
* switch ssh-keyscan from setjmp to multiple ssh transport layer instancesmarkus2015-01-191-68/+81
| | | | ok djm@
* adapt kex to sshbuf and struct ssh; ok djm@markus2015-01-191-6/+8
|
* explicitly include sys/param.h in files that use the howmany() macro;djm2014-12-111-1/+2
| | | | from portable
* make compiling against OpenSSL optional (make OPENSSL=no);markus2014-04-291-1/+7
| | | | | reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
* disable weak proposals in sshd, but keep them in ssh; ok djm@markus2014-03-271-1/+2
|
* scan for Ed25519 keys by default toodjm2014-03-121-2/+2
|
* support ed25519 keys (hostkeys and user identities) using the public domainmarkus2013-12-061-5/+11
| | | | | ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html feedback, help & ok djm@
* use curve25519 for default key exchange (curve25519-sha256@libssh.org);markus2013-11-021-1/+2
| | | | initial patch from Aris Adamantiadis; ok djm@
* bye, bye xfree(); ok markus@djm2013-05-171-8/+8
|
* now that sshd defaults to offering ECDSA keys, ssh-keyscan should alsodjm2012-04-111-2/+2
| | | | look for them by default; bz#1971
* use timerclear macrookan2011-03-151-2/+2
| | | | ok djm@
* handle ecdsa-sha2 with various key lengths; hint and ok djm@otto2011-01-041-3/+4
|
* Implement Elliptic Curve Cryptography modes for key exchange (ECDH) anddjm2010-08-311-4/+9
| | | | | | | | | | | | | | | | | host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer better performance than plain DH and DSA at the same equivalent symmetric key length, as well as much shorter keys. Only the mandatory sections of RFC5656 are implemented, specifically the three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and ECDSA. Point compression (optional in RFC5656 is NOT implemented). Certificate host and user keys using the new ECDSA key types are supported. Note that this code has not been tested for interoperability and may be subject to change. feedback and ok markus@
* replace verbose and overflow-prone Linebuf code with read_keyfile_line()djm2010-06-221-129/+36
| | | | based on patch from joachim AT joachimschipper.nl; bz#1565; ok dtucker@
* Remove RoutingDomain from ssh since it's now not needed. It can be replaceddtucker2010-01-091-15/+4
| | | | | | | | | | | | | with "route exec" or "nc -V" as a proxycommand. "route exec" also ensures that trafic such as DNS lookups stays withing the specified routingdomain. For example (from reyk): # route -T 2 exec /usr/sbin/sshd or inherited from the parent process $ route -T 2 exec sh $ ssh 10.1.2.3 ok deraadt@ markus@ stevesk@ reyk@
* validate routing domain is in range 0-RT_TABLEID_MAX.stevesk2009-12-251-4/+6
| | | | 'Looks right' deraadt@
* Allow to set the rdomain in ssh/sftp/scp/sshd and ssh-keyscan.reyk2009-10-281-4/+13
| | | | ok markus@
* make a2port() return -1 when it encounters an invalid port numberdjm2009-01-221-2/+2
| | | | | | | | | | | rather than 0, which it will now treat as valid (needed for future work) adjust current consumers of a2port() to check its return value is <= 0, which in turn required some things to be converted from u_short => int make use of int vs. u_short consistent in some other places too feedback & ok markus@
* the ellipsis is not an optional argument; while here, improve spacing.sobrado2008-11-011-3/+4
|
* default to rsa (protocol 2) keys, instead of rsa1 keys; spotted bydjm2008-04-301-2/+2
| | | | larsnooden AT openoffice.org
* Add a small helper function to consistently handle the EAI_SYSTEM errordtucker2007-12-271-2/+2
| | | | | code of getaddrinfo. Prompted by vgiffin at apple com via bz #1417. ok markus@ stevesk@
* sys/resource.h needs sys/time.h; prompted by brad@djm2006-10-061-2/+2
|
* almost entirely get rid of the culture of ".h files that include .h files"deraadt2006-08-031-5/+4
| | | | | ok djm, sort of ok stevesk makes the pain stop in one easy step
* move #include <stdio.h> out of includes.hstevesk2006-08-011-1/+2
|
* move #include <stdlib.h> out of includes.hstevesk2006-07-261-1/+2
|
* move #include <sys/time.h> out of includes.hstevesk2006-07-251-1/+2
|
* move #include <string.h> out of includes.hstevesk2006-07-221-3/+4
|
* move #include <unistd.h> out of includes.hstevesk2006-07-171-1/+2
|
* move #include <netdb.h> out of includes.h; ok djm@stevesk2006-07-121-1/+2
|
* move #include <stdarg.h> out of includes.h; ok markus@stevesk2006-07-101-1/+2
|
* move #include <sys/socket.h> out of includes.hstevesk2006-07-081-1/+3
|
* Put $OpenBSD$ tags back (as comments) to replace the RCSID()s thatdjm2006-03-251-0/+1
| | | | Theo nuked - our scripts to sync -portable need them in the files
* introduce xcalloc() and xasprintf() failure-checked allocations functionsdjm2006-03-251-10/+8
| | | | | | | | | | and use them throughout openssh xcalloc is particularly important because malloc(nmemb * size) is a dangerous idiom (subject to integer overflow) and it is time for it to die feedback and ok deraadt@
* please lintderaadt2006-03-191-2/+1
|
* RCSID() can diederaadt2006-03-191-1/+0
|
* Implement the diffie-hellman-group-exchange-sha256 key exchange methoddjm2006-03-071-1/+2
| | | | | using the SHA256 code in libc (and wrapper to make it into an OpenSSL EVP), interop tested against CVS PuTTY
* move #include <sys/resource.h> out of includes.h; ok markus@stevesk2006-02-081-1/+2
|
* move #include <sys/queue.h> out of includes.h; ok markus@stevesk2006-02-071-2/+3
|
* make ssh-keygen discard junk from server before SSH- ident, spotted bydjm2005-10-301-7/+13
| | | | dave AT cirt.net; ok dtucker@
* ensure that stdio fds are attached; ok deraadt@djm2005-09-131-1/+4
|
* make this -Wsign-compare clean; ok avsm@ markus@djm2005-06-171-6/+6
|
* Switch atomicio to use a simpler interface; it now returns a size_tavsm2005-05-241-12/+15
| | | | | | | | | | | (containing number of bytes read/written), and indicates error by returning 0. EOF is signalled by errno==EPIPE. Typical use now becomes: if (atomicio(read, ..., len) != len) err(1,"read"); ok deraadt@, cloder@, djm@
* add snprintf checks. ok djm@ markus@moritz2005-04-281-1/+6
|
* sort options and sync usage();jmc2005-03-011-2/+2
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.