summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/ssh-keyscan.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* support ed25519 keys (hostkeys and user identities) using the public domainmarkus2013-12-061-5/+11
| | | | | ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html feedback, help & ok djm@
* use curve25519 for default key exchange (curve25519-sha256@libssh.org);markus2013-11-021-1/+2
| | | | initial patch from Aris Adamantiadis; ok djm@
* bye, bye xfree(); ok markus@djm2013-05-171-8/+8
|
* now that sshd defaults to offering ECDSA keys, ssh-keyscan should alsodjm2012-04-111-2/+2
| | | | look for them by default; bz#1971
* use timerclear macrookan2011-03-151-2/+2
| | | | ok djm@
* handle ecdsa-sha2 with various key lengths; hint and ok djm@otto2011-01-041-3/+4
|
* Implement Elliptic Curve Cryptography modes for key exchange (ECDH) anddjm2010-08-311-4/+9
| | | | | | | | | | | | | | | | | host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer better performance than plain DH and DSA at the same equivalent symmetric key length, as well as much shorter keys. Only the mandatory sections of RFC5656 are implemented, specifically the three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and ECDSA. Point compression (optional in RFC5656 is NOT implemented). Certificate host and user keys using the new ECDSA key types are supported. Note that this code has not been tested for interoperability and may be subject to change. feedback and ok markus@
* replace verbose and overflow-prone Linebuf code with read_keyfile_line()djm2010-06-221-129/+36
| | | | based on patch from joachim AT joachimschipper.nl; bz#1565; ok dtucker@
* Remove RoutingDomain from ssh since it's now not needed. It can be replaceddtucker2010-01-091-15/+4
| | | | | | | | | | | | | with "route exec" or "nc -V" as a proxycommand. "route exec" also ensures that trafic such as DNS lookups stays withing the specified routingdomain. For example (from reyk): # route -T 2 exec /usr/sbin/sshd or inherited from the parent process $ route -T 2 exec sh $ ssh 10.1.2.3 ok deraadt@ markus@ stevesk@ reyk@
* validate routing domain is in range 0-RT_TABLEID_MAX.stevesk2009-12-251-4/+6
| | | | 'Looks right' deraadt@
* Allow to set the rdomain in ssh/sftp/scp/sshd and ssh-keyscan.reyk2009-10-281-4/+13
| | | | ok markus@
* make a2port() return -1 when it encounters an invalid port numberdjm2009-01-221-2/+2
| | | | | | | | | | | rather than 0, which it will now treat as valid (needed for future work) adjust current consumers of a2port() to check its return value is <= 0, which in turn required some things to be converted from u_short => int make use of int vs. u_short consistent in some other places too feedback & ok markus@
* the ellipsis is not an optional argument; while here, improve spacing.sobrado2008-11-011-3/+4
|
* default to rsa (protocol 2) keys, instead of rsa1 keys; spotted bydjm2008-04-301-2/+2
| | | | larsnooden AT openoffice.org
* Add a small helper function to consistently handle the EAI_SYSTEM errordtucker2007-12-271-2/+2
| | | | | code of getaddrinfo. Prompted by vgiffin at apple com via bz #1417. ok markus@ stevesk@
* sys/resource.h needs sys/time.h; prompted by brad@djm2006-10-061-2/+2
|
* almost entirely get rid of the culture of ".h files that include .h files"deraadt2006-08-031-5/+4
| | | | | ok djm, sort of ok stevesk makes the pain stop in one easy step
* move #include <stdio.h> out of includes.hstevesk2006-08-011-1/+2
|
* move #include <stdlib.h> out of includes.hstevesk2006-07-261-1/+2
|
* move #include <sys/time.h> out of includes.hstevesk2006-07-251-1/+2
|
* move #include <string.h> out of includes.hstevesk2006-07-221-3/+4
|
* move #include <unistd.h> out of includes.hstevesk2006-07-171-1/+2
|
* move #include <netdb.h> out of includes.h; ok djm@stevesk2006-07-121-1/+2
|
* move #include <stdarg.h> out of includes.h; ok markus@stevesk2006-07-101-1/+2
|
* move #include <sys/socket.h> out of includes.hstevesk2006-07-081-1/+3
|
* Put $OpenBSD$ tags back (as comments) to replace the RCSID()s thatdjm2006-03-251-0/+1
| | | | Theo nuked - our scripts to sync -portable need them in the files
* introduce xcalloc() and xasprintf() failure-checked allocations functionsdjm2006-03-251-10/+8
| | | | | | | | | | and use them throughout openssh xcalloc is particularly important because malloc(nmemb * size) is a dangerous idiom (subject to integer overflow) and it is time for it to die feedback and ok deraadt@
* please lintderaadt2006-03-191-2/+1
|
* RCSID() can diederaadt2006-03-191-1/+0
|
* Implement the diffie-hellman-group-exchange-sha256 key exchange methoddjm2006-03-071-1/+2
| | | | | using the SHA256 code in libc (and wrapper to make it into an OpenSSL EVP), interop tested against CVS PuTTY
* move #include <sys/resource.h> out of includes.h; ok markus@stevesk2006-02-081-1/+2
|
* move #include <sys/queue.h> out of includes.h; ok markus@stevesk2006-02-071-2/+3
|
* make ssh-keygen discard junk from server before SSH- ident, spotted bydjm2005-10-301-7/+13
| | | | dave AT cirt.net; ok dtucker@
* ensure that stdio fds are attached; ok deraadt@djm2005-09-131-1/+4
|
* make this -Wsign-compare clean; ok avsm@ markus@djm2005-06-171-6/+6
|
* Switch atomicio to use a simpler interface; it now returns a size_tavsm2005-05-241-12/+15
| | | | | | | | | | | (containing number of bytes read/written), and indicates error by returning 0. EOF is signalled by errno==EPIPE. Typical use now becomes: if (atomicio(read, ..., len) != len) err(1,"read"); ok deraadt@, cloder@, djm@
* add snprintf checks. ok djm@ markus@moritz2005-04-281-1/+6
|
* sort options and sync usage();jmc2005-03-011-2/+2
|
* option to hash hostnames output by ssh-keyscan; ok markus@ deraadt@djm2005-03-011-4/+14
|
* use atomicio instead of homegrown equivalents or read/write.avsm2004-08-111-3/+3
| | | | markus@ ok
* set_nonblock() instead of fnctl(...,O_NONBLOCK); "looks sane" deraadt@djm2004-06-141-3/+3
|
* implement diffie-hellman-group14-sha1 kex method (trivial extension todjm2004-06-131-1/+2
| | | | existing diffie-hellman-group1-sha1); ok markus@
* explicitly initialise remote_major and remote_minor.djm2004-03-081-2/+2
| | | | from cjwatson AT debian.org; ok markus@
* from portable - use sysconf to detect fd limit; ok markus@djm2003-11-231-2/+2
|
* avoid fatal_cleanup, just call exit(); ok deraadtmarkus2003-09-191-2/+2
|
* deal with typing of write vs read in atomicioderaadt2003-06-281-2/+2
|
* -t in usage(); rogier@quaak.orgderaadt2003-04-261-2/+2
|
* avoid hardcoded SOCK_xx; with itojun@; should allow ssh over SCTPmarkus2003-04-141-2/+2
|
* split kex into client and server code, no need to linkmarkus2003-02-161-1/+3
| | | | server code into the client; ok provos@
* unused variablestevesk2002-07-061-2/+1
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.