summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/ssh-keyscan.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* remove global variable used to stash compat flags and use thedjm2021-01-271-4/+3
| | | | purpose-built ssh->compat variable instead; feedback/ok markus@
* Update/replace the experimental post-quantim hybrid key exchangedjm2020-12-291-2/+2
| | | | | | | | | | | | | | | | | | method based on Streamlined NTRU Prime (coupled with X25519). The previous sntrup4591761x25519-sha512@tinyssh.org method is replaced with sntrup761x25519-sha512@openssh.com. Per the authors, sntrup4591761 was replaced almost two years ago by sntrup761. The sntrup761 implementaion, like sntrup4591761 before it, is public domain code extracted from the SUPERCOP cryptography benchmark suite (https://bench.cr.yp.to/supercop.html). Thanks for Daniel J Bernstein for guidance on algorithm selection. Patch from Tobias Heider; feedback & ok markus@ and myself (note this both the updated method and the one that it replaced are disabled by default)
* fix SEGV on fatal() errors spotted by dtucker@djm2020-10-191-2/+2
|
* use the new variant log macros instead of prepending __func__ anddjm2020-10-181-7/+5
| | | | appending ssh_err(r) manually; ok markus@
* variants of the log methods that append a ssherr.h string fromdjm2020-10-181-3/+3
| | | | a supplied error code; ok markus@
* make the log functions that exit (sshlogdie(), sshfatal(), etc) havedjm2020-10-171-4/+4
| | | | identical signatures. Makes things a bit more consistent...
* revised log infrastructure for OpenSSHdjm2020-10-161-4/+5
| | | | | | | log functions receive function, filename and line number of caller. We can use this to selectively enable logging via pattern-lists. ok markus@
* ssh-keyscan(1): simplify conloop() with timercmp(3), timersub(3); ok djm@cheloha2020-08-121-13/+5
|
* allow ssh-keyscan to find security key hostkeysdjm2019-12-151-3/+21
|
* fixes for !WITH_OPENSSL compilation; ok dtucker@djm2019-09-061-1/+3
|
* include SHA2-variant RSA key algorithms in KEX proposal; allowsdjm2019-07-121-2/+7
| | | | | ssh-keyscan to harvest keys from servers that disable olde SHA1 ssh-rsa. bz#3029 from Jakub Jelen
* When system calls indicate an error they return -1, not some arbitraryderaadt2019-06-281-6/+6
| | | | | | value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
* Replace calls to ssh_malloc_init() by a static init of malloc_options.otto2019-06-061-2/+1
| | | | Prepares for changes in the way malloc is initialized. ok guenther@ dtucker@
* make ssh-keyscan return a non-zero exit status if it finds no keys.djm2019-01-261-2/+6
| | | | bz#2903
* merge kexkem[cs] into kexgendjm2019-01-211-9/+9
| | | | from markus@ ok djm@
* use KEM API for vanilla ECDHdjm2019-01-211-2/+2
| | | | from markus@ ok djm@
* use KEM API for vanilla DH KEXdjm2019-01-211-6/+6
| | | | from markus@ ok djm@
* use KEM API for vanilla c25519 KEXdjm2019-01-211-2/+2
|
* Add support for a PQC KEX/KEM: sntrup4591761x25519-sha512@tinyssh.orgdjm2019-01-211-1/+2
| | | | | | | | | using the Streamlined NTRU Prime 4591^761 implementation from SUPERCOP coupled with X25519 as a stop-loss. Not enabled by default. introduce KEM API; a simplified framework for DH-ish KEX methods. from markus@ feedback & ok djm@
* switch config file parsing to getline(3) as this avoids static limitsmarkus2018-06-061-7/+5
| | | | noted by gerhard@; ok dtucker@, djm@
* apply a lick of paint; tweaks/ok dtuckerjmc2018-03-021-2/+2
|
* Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures)markus2018-02-231-2/+10
| | | | | | | The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@
* Add ssh-keyscan -D option to make it print its results in SSHFP formatdjm2018-02-231-4/+16
| | | | bz#2821, ok dtucker@
* Add monotime_ts and monotime_tv that return monotonic timespec anddtucker2017-11-251-4/+4
| | | | | | | timeval respectively. Replace calls to gettimeofday() in packet timing with monotime_tv so that the callers will work over a clock step. Should prevent integer overflow during clock steps reported by wangle6 at huawei.com. "I like" markus@
* Only call close once in confree(). ssh_packet_close will close the FDdtucker2017-06-301-3/+3
| | | | | so only explicitly close non-SSH channels. bz#2734, from bagajjal at microsoft.com, ok djm@
* remove now obsolete ctx from ssh_dispatch_run; ok djm@markus2017-05-311-2/+2
|
* obliterate ssh1.h and some dead code that used itdjm2017-04-301-2/+1
| | | | ok markus@
* remove KEY_RSA1djm2017-04-301-36/+28
| | | | ok markus@
* remove compat20/compat13/compat15 variablesdjm2017-04-301-2/+1
| | | | ok markus@
* unifdef WITH_SSH1djm2017-04-301-58/+1
| | | | ok markus@
* ensure hostname is lower-case before hashing it; bz#2591 reported bydjm2017-03-101-1/+2
| | | | Griff Miller II; ok dtucker@
* correctly hash hosts with a port number. Reported by Josh Powers indjm2017-03-101-6/+7
| | | | bz#2692; ok dtucker@
* Avoid confusing error message when attempting to use ssh-keyscan builtdjm2017-01-061-2/+6
| | | | without SSH protocol v.1 to scan for v.1 keys; bz#2583
* add support for additional fixed DH groups fromdjm2016-05-021-1/+4
| | | | | | | | | | | draft-ietf-curdle-ssh-kex-sha2-03 diffie-hellman-group14-sha256 (2K group) diffie-hellman-group16-sha512 (4K group) diffie-hellman-group18-sha512 (8K group) based on patch from Mark D. Baushke and Darren Tucker ok markus@
* Add a function to enable security-related malloc_options. With and okdtucker2016-02-151-1/+2
| | | | deraadt@, something similar has been in the snaps for a while.
* -c before -H, in SYNOPSIS and usage();jmc2015-11-081-2/+2
|
* Add "ssh-keyscan -c ..." flag to allow fetching certificates insteaddjm2015-11-081-10/+37
| | | | of plain keys; ok markus@
* fix keyscan output for multiple hosts/addrs on one line whendjm2015-10-241-6/+21
| | | | host hashing or a non standard port is in use; bz#2479 ok dtucker@
* include port number if a non-default one has been specified;djm2015-04-101-3/+6
| | | | based on patch from Michael Handler
* Do not use int for sig_atomic_t; spotted by christos@netbsd; ok markus@miod2015-04-051-2/+2
|
* set a timeout to prevent hangs when talking to busted servers;djm2015-01-301-1/+2
| | | | ok markus@
* avoid more fatal/exit in the packet.c paths that ssh-keyscandjm2015-01-301-2/+3
| | | | uses; feedback and "looks good" markus@
* avoid fatal() calls in packet codedjm2015-01-281-3/+5
| | | | | makes ssh-keyscan more reliable against server failures ok dtucker@ markus@
* Reduce use of <sys/param.h> and transition to <limits.h> throughout.deraadt2015-01-201-2/+1
| | | | ok djm markus
* switch ssh-keyscan from setjmp to multiple ssh transport layer instancesmarkus2015-01-191-68/+81
| | | | ok djm@
* adapt kex to sshbuf and struct ssh; ok djm@markus2015-01-191-6/+8
|
* explicitly include sys/param.h in files that use the howmany() macro;djm2014-12-111-1/+2
| | | | from portable
* make compiling against OpenSSL optional (make OPENSSL=no);markus2014-04-291-1/+7
| | | | | reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
* disable weak proposals in sshd, but keep them in ssh; ok djm@markus2014-03-271-1/+2
|
* scan for Ed25519 keys by default toodjm2014-03-121-2/+2
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.