summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* document that -g will only work in the multiplexed case if applied todjm2014-07-031-2/+4
| | | | the mux master
* mention '%%' escape sequence in HostName directives and how it maydjm2014-07-031-2/+8
| | | | be used to specify IPv6 link-local addresses
* forward-declare struct sshbuf so consumers don't need to include sshbuf.hdjm2014-07-031-1/+2
|
* When hashing or removing hosts using ssh-keygen, don't choke ondjm2014-07-031-26/+44
| | | | | @revoked markers and don't remove @cert-authority markers; bz#2241, reported by mlindgren AT runelind.net
* standardise on NI_MAXHOST for gethostname() string lengths; aboutdjm2014-07-033-7/+9
| | | | 1/2 the cases were using it already. Fixes bz#2239 en passant
* use EVP_Digest() for one-shot hash instead of creating, updating,djm2014-07-031-8/+11
| | | | | finalising and destroying a context. bz#2231, based on patch from Timo Teras
* make stdout line-buffered; saves partial output getting lost whendjm2014-07-031-1/+3
| | | | | | ssh-add fatal()s part-way through (e.g. when listing keys from an agent that supports key types that ssh-add doesn't); bz#2234, reported by Phil Pennock
* Only cleanup agent socket in the main agent process and not in anydjm2014-07-031-1/+9
| | | | | | subprocesses it may have started (e.g. forked askpass). Fixes agent sockets being zapped when askpass processes fatal(); bz#2236 patch from Dmitry V. Levin
* make Ed25519 keys' title fit properly in the randomart border; bz#2247djm2014-07-031-8/+17
| | | | based on patch from Christian Hesse
* fix ssh protocol 1 on the server that regressed with the sshkey changedjm2014-07-021-19/+18
| | | | | (sometimes fatal() after auth completed), make file return useful status codes.
* suppress spurious error message when loading key with a passphrase;djm2014-06-301-2/+3
| | | | reported by kettenis@ ok markus@
* fix loading of private keysmarkus2014-06-272-9/+9
|
* fix remote fwding with same listen port but different listen addressmarkus2014-06-274-32/+79
| | | | with gerhard@, ok djm@
* unblock SIGSEGV before raising itderaadt2014-06-251-1/+2
| | | | ok djm
* when copying local->remote fails during read, don't send uninitialiseddjm2014-06-241-3/+7
| | | | heap to the remote end. Reported by Jann Horn
* don't fatal() when hostname canonicalisation fails with adjm2014-06-241-5/+9
| | | | | | ProxyCommand in use; continue and allow the ProxyCommand to connect anyway (e.g. to a host with a name outside the DNS behind a bastion)
* New key API: refactor key-related functions to be more library-like,djm2014-06-242-0/+4011
| | | | | | | | | existing API is offered as a set of wrappers. with and ok markus@ Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago.
* New key API: refactor key-related functions to be more library-like,djm2014-06-2442-4438/+1688
| | | | | | | | | existing API is offered as a set of wrappers. with and ok markus@ Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago.
* fix bug in KRL generation: multiple consecutive revoked certificatedjm2014-06-241-1/+2
| | | | | | | serial number ranges could be serialised to an invalid format. Readers of a broken KRL caused by this bug will fail closed, so no should-have-been-revoked key will be accepted.
* The ssh_get_bignum functions must accept the same range of bignumsnaddy2014-06-181-4/+6
| | | | | | the corresponding ssh_put_bignum functions create. This fixes the use of 16384-bit RSA keys (bug reported by Eivind Evensen). ok djm@
* Now that we have a dedicated getentropy(2) system call formatthew2014-06-181-2/+8
| | | | | | | arc4random(3), we can disallow __sysctl(2) in OpenSSH's systrace sandbox. ok djm
* permit SYS_getentropyderaadt2014-06-131-1/+2
| | | | from matthew
* Group ECC functions together to make things a little easier in -portable.dtucker2014-06-101-4/+4
| | | | "doesn't bother me" deraadt@
* fix inverted test that caused PKCS#11 keys that were explicitly listeddjm2014-06-051-2/+2
| | | | not to be preferred. Reported by Dirk-Willem van Gulik
* Zap extra whitespace.logan2014-05-051-2/+2
| | | | OK from djm@ and dtucker@
* unbreak compression, by re-init-ing the compression code in themarkus2014-05-033-3/+26
| | | | | | post-auth child. the new buffer code is more strict, and requires buffer_init() while the old code was happy after a bzero(); originally from djm@
* revert __bounded change; it causes way more problems for portable thandjm2014-05-029-43/+43
| | | | it solves; pointed out by dtucker@
* UMAC can use our local fallback implementation of AES when OpenSSL isn'tnaddy2014-04-304-21/+21
| | | | | available. Glue code straight from Ted Krovetz's original umac.c. ok markus@
* New buffer API; the first installment of the conversion/replacementdjm2014-04-3013-714/+1969
| | | | | | | | | | | | of OpenSSH's internals to make them usable as a standalone library. This includes a set of wrappers to make it compatible with the existing buffer API so replacement can occur incrementally. With and ok markus@ Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review.
* Don't attempt to append a nul quote char to the filename. Should preventdtucker2014-04-291-2/+2
| | | | | fatal'ing with "el_insertstr failed" when there's a single quote char somewhere in the string. bz#2238, ok markus@
* Move nulling of variable next to where it's freed. ok markus@dtucker2014-04-291-2/+2
|
* make compiling against OpenSSL optional (make OPENSSL=no);markus2014-04-2928-87/+492
| | | | | reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
* re-add our own aesctr implementation; ok djm@markus2014-04-294-0/+1380
|
* bz#1818 - don't send channel success/failre replies on channels thatdjm2014-04-292-4/+4
| | | | | have sent a close already; analysis and patch from Simon Tatham; ok markus@
* buffer_get_string_ptr's return should be const to reminddjm2014-04-289-27/+30
| | | | | callers that futzing with it will futz with the actual buffer contents
* don't record duplicate IdentityFilesdjm2014-04-231-1/+12
|
* zap eol whitespace;jmc2014-04-221-6/+6
|
* Document sftp upload resume.logan2014-04-221-8/+29
| | | | OK from djm@, with feedback from okan@.
* comment out the .if (${KERBEROS5:L} block for now, breaks the buildhenning2014-04-221-6/+6
| | | | | once the bsd.own.mk KERBEROS5 is removed otherwise. this way suggested by theo.
* Sort the sftp command list.logan2014-04-221-3/+3
| | | | OK from djm@
* Implement sftp upload resume support.logan2014-04-213-28/+57
| | | | | OK from djm@, with input from guenther@, mlarkin@ and okan@
* Add support for SSHFP DNS records for ED25519 key types.logan2014-04-203-5/+12
| | | | OK from djm@
* add a canonical 6.6 + curve25519 bignum fix fake version that I candjm2014-04-201-1/+2
| | | | recommend people use ahead of the openssh-6.7 release
* use get/put_u32 to load values rather than *((UINT32 *)p) that breaks ondjm2014-04-203-31/+46
| | | | strict-alignment architectures; reported by and ok stsp@
* delete .xr to hosts.equiv. there's still an unfortunate amount oftedu2014-04-191-3/+2
| | | | documentation referring to rhosts equivalency in here.
* remove some really old rsh referencestedu2014-04-191-17/+3
|
* Delete futile calls to RAND_seed. ok djmtedu2014-04-192-26/+2
|
* missing wildcard; pointed out by naddy@djm2014-04-191-2/+2
|
* OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connectionsdjm2014-04-185-7/+28
| | | | | | | | | | using the curve25519-sha256@libssh.org KEX exchange method to fail when connecting with something that implements the spec properly. Disable this KEX method when speaking to one of the affected versions. reported by Aris Adamantiadis; ok markus@
* remove the identity files from this manpage - ssh-agent doesn't dealdjm2014-04-161-37/+16
| | | | | with them at all and the same information is duplicated in ssh-add.1 (which does deal with them); prodded by deraadt@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.