summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/ssh-keysign.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* add an XXX reminder for getting correct key paths from sshd_configdjm2015-07-031-1/+2
|
* consistent check for NULL as noted by Nicholas Lemonias; ok djm@markus2015-03-241-2/+2
|
* update to new API (key_fingerprint => sshkey_fingerprint)djm2015-01-281-3/+4
| | | | | check sshkey_fingerprint return values; ok markus
* sync ssh-keysign, ssh-keygen and some dependencies to the newdjm2015-01-151-52/+68
| | | | buffer/key API; mostly mechanical, ok markus@
* deprecate key_load_private_pem() and sshkey_load_private_pem()djm2015-01-081-8/+13
| | | | | | | | | | | | | | | interfaces. Refactor the generic key loading API to not require pathnames to be specified (they weren't really used). Fixes a few other things en passant: Makes ed25519 keys work for hostbased authentication (ssh-keysign previously used the PEM-only routines). Fixes key comment regression bz#2306: key pathnames were being lost as comment fields. ok markus@
* Add FingerprintHash option to control algorithm used for keydjm2014-12-211-2/+3
| | | | | | | fingerprints. Default changes from MD5 to SHA256 and format from hex to base64. Feedback and ok naddy@ markus@
* Tweak config reparsing with host canonicalisationdjm2014-10-081-2/+2
| | | | | | | | | | | | | | | | Make the second pass through the config files always run when hostname canonicalisation is enabled. Add a "Match canonical" criteria that allows ssh_config Match blocks to trigger only in the second config pass. Add a -G option to ssh that causes it to parse its configuration and dump the result to stdout, similar to "sshd -T" Allow ssh_config Port options set in the second config parse phase to be applied (they were being ignored). bz#2267 bz#2286; ok markus
* make compiling against OpenSSL optional (make OPENSSL=no);markus2014-04-291-1/+4
| | | | | reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
* Delete futile calls to RAND_seed. ok djmtedu2014-04-191-5/+1
|
* include fingerprint of key not founddjm2014-04-011-6/+8
| | | | use arc4random_buf() instead of loop+arc4random()
* support ed25519 keys (hostkeys and user identities) using the public domainmarkus2013-12-061-2/+3
| | | | | ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html feedback, help & ok djm@
* add a "Match" keyword to ssh_config that allows matching on hostname,djm2013-10-141-2/+2
| | | | user and result of arbitrary commands. "nice work" markus@
* bye, bye xfree(); ok markus@djm2013-05-171-10/+10
|
* make hostbased auth with ECDSA keys work correctly. Based on patchdjm2011-02-161-8/+15
| | | | by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock)
* reintroduce commit from tedu@, which I pulled out for release engineering:djm2010-08-311-2/+2
| | | | | OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
* backout previous temporarily; discussed with deraadt@djm2010-08-161-2/+2
|
* OpenSSL_add_all_algorithms is the name of the function we have a man pagetedu2010-08-121-2/+2
| | | | for, so use that. ok djm
* clean for -Wuninitializeddjm2010-08-041-2/+2
|
* enable certificates for hostbased authentication, from Iain Morgan;djm2010-08-041-2/+2
| | | | "looks ok" markus@
* Make HostBased authentication work with a ProxyCommand. bz #1569, patchdtucker2010-01-131-2/+2
| | | | from imorgan at nas nasa gov, ok djm@
* almost entirely get rid of the culture of ".h files that include .h files"deraadt2006-08-031-4/+2
| | | | | ok djm, sort of ok stevesk makes the pain stop in one easy step
* move #include <stdlib.h> out of includes.hstevesk2006-07-261-1/+2
|
* move #include <string.h> out of includes.hstevesk2006-07-221-1/+2
|
* move #include <unistd.h> out of includes.hstevesk2006-07-171-1/+2
|
* move #include <fcntl.h> out of includes.hstevesk2006-07-091-1/+2
|
* move #include <pwd.h> out of includes.h; ok markus@stevesk2006-07-061-2/+5
|
* sessionid can be 32 bytes now too when sha256 kex is used; ok djm@dtucker2006-04-021-3/+3
|
* Put $OpenBSD$ tags back (as comments) to replace the RCSID()s thatdjm2006-03-251-0/+1
| | | | Theo nuked - our scripts to sync -portable need them in the files
* RCSID() can diederaadt2006-03-191-1/+0
|
* move #include <paths.h> out of includes.h; ok markus@stevesk2006-02-081-1/+3
|
* ensure that stdio fds are attached; ok deraadt@djm2005-09-131-1/+8
|
* Remove duplicate getuid(), suggested by & ok markus@dtucker2004-08-231-3/+3
|
* Use permanently_set_uid() in ssh and ssh-keysign for consistency, matchesdtucker2004-08-231-7/+7
| | | | change in Portable; ok markus@
* perform strict ownership and modes checks for ~/.ssh/config files, as thesedjm2004-04-181-2/+2
| | | | | | can be used to execute arbitrary programs; ok markus@ NB. ssh will now exit when it detects a config with poor permissions
* fix mem leaks; some fixes from Pete Flugstad; tested dtucker@markus2004-01-191-1/+2
|
* return error on msg send/receive failure (rather than fatal); ok markus@djm2003-11-171-2/+3
|
* fix AddressFamily option in config file, from brent@graveland.net; ok markus@djm2003-07-031-2/+1
|
* add AddressFamily option to ssh_config (like -4, -6 on commandline).djm2003-05-161-2/+4
| | | | Portable bug #534; ok markus@
* potential segfault if KEY_UNSPEC; cjwatson@debian.org; bug #526markus2003-04-021-2/+2
|
* move RSA_blinding_on to generic key load methodmarkus2003-03-131-8/+1
|
* s/msg_send/ssh_msg_send/ to avoid namespace clashes in portable; ok markus@djm2002-12-191-4/+4
|
* we cannot use HostbasedAuthentication for enabling ssh-keysign(8),markus2002-11-071-3/+3
| | | | | | | because HostbasedAuthentication might be enabled based on the target host and ssh-keysign(8) does not know the remote hostname and not trust ssh(1) about the hostname, so we add a new option EnableSSHKeysign; ok djm@, report from zierke@informatik.uni-hamburg.de
* re-enable ssh-keysign's sbit, but make ssh-keysign read /etc/ssh/ssh_configmarkus2002-07-031-1/+15
| | | | | and exit if HostbasedAuthentication is disabled globally. based on discussions with deraadt, itojun and sommerfeld; ok itojun@
* use RSA_blinding_on() for rsa hostkeys (suggested by Bill Sommerfeld)markus2002-07-031-1/+14
| | | | | in order to avoid a possible Kocher timing attack pointed out by Charles Hannum; ok provos@
* bug #304, xfree(data) called to early; openssh@sigint.cs.purdue.edumarkus2002-06-261-2/+2
|
* KNF done automatically while reading....deraadt2002-06-191-8/+8
|
* only accept 20 byte session idsmarkus2002-06-081-3/+7
|
* extent ssh-keysign protocol:markus2002-05-311-9/+28
| | | | | | pass # of socket-fd to ssh-keysign, keysign verfies locally used ip-address using this socket-fd, restricts fake local hostnames to actual local hostnames; ok stevesk@
* add /usr/libexec/ssh-keysign: a setuid helper program for hostbased authenticationmarkus2002-05-231-0/+185
in protocol v2 (needs to access the hostkeys).
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.