summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/ssh-keysign.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Make HostBased authentication work with a ProxyCommand. bz #1569, patchdtucker2010-01-131-2/+2
| | | | from imorgan at nas nasa gov, ok djm@
* almost entirely get rid of the culture of ".h files that include .h files"deraadt2006-08-031-4/+2
| | | | | ok djm, sort of ok stevesk makes the pain stop in one easy step
* move #include <stdlib.h> out of includes.hstevesk2006-07-261-1/+2
|
* move #include <string.h> out of includes.hstevesk2006-07-221-1/+2
|
* move #include <unistd.h> out of includes.hstevesk2006-07-171-1/+2
|
* move #include <fcntl.h> out of includes.hstevesk2006-07-091-1/+2
|
* move #include <pwd.h> out of includes.h; ok markus@stevesk2006-07-061-2/+5
|
* sessionid can be 32 bytes now too when sha256 kex is used; ok djm@dtucker2006-04-021-3/+3
|
* Put $OpenBSD$ tags back (as comments) to replace the RCSID()s thatdjm2006-03-251-0/+1
| | | | Theo nuked - our scripts to sync -portable need them in the files
* RCSID() can diederaadt2006-03-191-1/+0
|
* move #include <paths.h> out of includes.h; ok markus@stevesk2006-02-081-1/+3
|
* ensure that stdio fds are attached; ok deraadt@djm2005-09-131-1/+8
|
* Remove duplicate getuid(), suggested by & ok markus@dtucker2004-08-231-3/+3
|
* Use permanently_set_uid() in ssh and ssh-keysign for consistency, matchesdtucker2004-08-231-7/+7
| | | | change in Portable; ok markus@
* perform strict ownership and modes checks for ~/.ssh/config files, as thesedjm2004-04-181-2/+2
| | | | | | can be used to execute arbitrary programs; ok markus@ NB. ssh will now exit when it detects a config with poor permissions
* fix mem leaks; some fixes from Pete Flugstad; tested dtucker@markus2004-01-191-1/+2
|
* return error on msg send/receive failure (rather than fatal); ok markus@djm2003-11-171-2/+3
|
* fix AddressFamily option in config file, from brent@graveland.net; ok markus@djm2003-07-031-2/+1
|
* add AddressFamily option to ssh_config (like -4, -6 on commandline).djm2003-05-161-2/+4
| | | | Portable bug #534; ok markus@
* potential segfault if KEY_UNSPEC; cjwatson@debian.org; bug #526markus2003-04-021-2/+2
|
* move RSA_blinding_on to generic key load methodmarkus2003-03-131-8/+1
|
* s/msg_send/ssh_msg_send/ to avoid namespace clashes in portable; ok markus@djm2002-12-191-4/+4
|
* we cannot use HostbasedAuthentication for enabling ssh-keysign(8),markus2002-11-071-3/+3
| | | | | | | because HostbasedAuthentication might be enabled based on the target host and ssh-keysign(8) does not know the remote hostname and not trust ssh(1) about the hostname, so we add a new option EnableSSHKeysign; ok djm@, report from zierke@informatik.uni-hamburg.de
* re-enable ssh-keysign's sbit, but make ssh-keysign read /etc/ssh/ssh_configmarkus2002-07-031-1/+15
| | | | | and exit if HostbasedAuthentication is disabled globally. based on discussions with deraadt, itojun and sommerfeld; ok itojun@
* use RSA_blinding_on() for rsa hostkeys (suggested by Bill Sommerfeld)markus2002-07-031-1/+14
| | | | | in order to avoid a possible Kocher timing attack pointed out by Charles Hannum; ok provos@
* bug #304, xfree(data) called to early; openssh@sigint.cs.purdue.edumarkus2002-06-261-2/+2
|
* KNF done automatically while reading....deraadt2002-06-191-8/+8
|
* only accept 20 byte session idsmarkus2002-06-081-3/+7
|
* extent ssh-keysign protocol:markus2002-05-311-9/+28
| | | | | | pass # of socket-fd to ssh-keysign, keysign verfies locally used ip-address using this socket-fd, restricts fake local hostnames to actual local hostnames; ok stevesk@
* add /usr/libexec/ssh-keysign: a setuid helper program for hostbased authenticationmarkus2002-05-231-0/+185
in protocol v2 (needs to access the hostkeys).
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.