summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Add a ssh_config HostbasedKeyType option to control whichdjm2015-01-307-120/+245
| | | | | | | | | host public key types are tried during hostbased authentication. This may be used to prevent too many keys being sent to the server, and blowing past its MaxAuthTries limit. bz#2211 based on patch by Iain Morgan; ok markus@
* set a timeout to prevent hangs when talking to busted servers;djm2015-01-301-1/+2
| | | | ok markus@
* avoid more fatal/exit in the packet.c paths that ssh-keyscandjm2015-01-309-114/+204
| | | | uses; feedback and "looks good" markus@
* permit KRLs that revoke certificates by serial number or key IDdjm2015-01-303-51/+86
| | | | without scoping to a particular CA; ok markus@
* missing parentheses after if in do_convert_from() brokedjm2015-01-301-3/+3
| | | | | private key conversion from other formats some time in 2010; bz#2345 reported by jjelen AT redhat.com
* fix ssh protocol 1, spotted by miod@djm2015-01-301-9/+20
|
* update to new API (key_fingerprint => sshkey_fingerprint)djm2015-01-2812-68/+81
| | | | | check sshkey_fingerprint return values; ok markus
* avoid fatal() calls in packet codedjm2015-01-281-3/+15
| | | | | makes ssh-keyscan more reliable against server failures ok dtucker@ markus@
* avoid fatal() calls in packet codedjm2015-01-287-29/+54
| | | | | makes ssh-keyscan more reliable against server failures ok dtucker@ markus@
* remove obsolete commentdjm2015-01-281-2/+1
|
* Since r1.2 removed the use of PRI* macros, inttypes.h is no longerokan2015-01-272-4/+2
| | | | | | required. ok djm@
* sort previous;jmc2015-01-261-2/+2
|
* properly restore umaskdjm2015-01-261-2/+4
|
* correct description of UpdateHostKeys in ssh_config.5 anddjm2015-01-264-10/+13
| | | | | add it to -o lists for ssh, scp and sftp; pointed out by jmc@
* correctly match ECDSA subtype (== curve) for offered/recevieddjm2015-01-2614-42/+68
| | | | | | | | host keys. Fixes connection-killing host key mismatches when a server offers multiple ECDSA keys with different curve type (an extremely unlikely configuration). ok markus, "looks mechanical" deraadt@
* Host key rotation support.djm2015-01-269-28/+401
| | | | | | | | | | | | | Add a hostkeys@openssh.com protocol extension (global request) for a server to inform a client of all its available host key after authentication has completed. The client may record the keys in known_hosts, allowing it to upgrade to better host key algorithms and a server to gracefully rotate its keys. The client side of this is controlled by a UpdateHostkeys config option (default on). ok markus@
* small refactor and add some convenience functions;djm2015-01-263-50/+86
| | | | ok markus
* heirarchy -> hierarchy;jmc2015-01-221-2/+2
|
* Provide a warning about chroot misuses (which sadly, seem to have becomederaadt2015-01-221-4/+13
| | | | | | quite popular because shiny). sshd cannot detect/manage/do anything about these cases, best we can do is warn in the right spot in the man page. ok markus
* Reduce use of <sys/param.h> and transition to <limits.h> throughout.deraadt2015-01-2031-81/+82
| | | | ok djm markus
* kex_setup errors are fatal()markus2015-01-202-4/+8
|
* make this compile with KERBEROS5 enableddjm2015-01-201-8/+12
|
* fix hostkeys in agent; ok markus@djm2015-01-204-20/+16
|
* switch ssh-keyscan from setjmp to multiple ssh transport layer instancesmarkus2015-01-191-68/+81
| | | | ok djm@
* add experimental api for packet layer; ok djm@markus2015-01-196-11/+690
|
* store compat flags in struct ssh; ok djm@markus2015-01-194-12/+15
|
* adapt kex to sshbuf and struct ssh; ok djm@markus2015-01-1924-1149/+1701
|
* move dispatch to struct ssh; ok djm@markus2015-01-1913-145/+253
|
* update packet.c & isolate, introduce struct sshmarkus2015-01-1928-1879/+2535
| | | | | | | | a) switch packet.c to buffer api and isolate per-connection info into struct ssh b) (de)serialization of the state is moved from monitor to packet.c c) the old packet.c API is implemented in opacket.[ch] d) compress.c/h is removed and integrated into packet.c with and ok djm@
* fix format strings in (disabled) debuggingdjm2015-01-191-4/+4
|
* djm, your /usr/include tree is oldderaadt2015-01-191-2/+2
|
* some feedback from markus@: comment hostkeys_foreach()djm2015-01-181-10/+11
| | | | context and avoid a member in it.
* make ssh-keygen use hostkeys_foreach(). Removes somedjm2015-01-181-205/+121
| | | | horrendous code; ok markus@
* convert load_hostkeys() (hostkey ordering and known_hostdjm2015-01-181-89/+52
| | | | | matching) to use the new hostkey_foreach() iterator; ok markus
* introduce hostkeys_foreach() to allow iteration over adjm2015-01-182-3/+187
| | | | | | | | known_hosts file or controlled subset thereof. This will allow us to pull out some ugly and duplicated code, and will be used to implement hostkey rotation later. feedback and ok markus
* string truncation due to sizeof(size)deraadt2015-01-181-2/+2
| | | | ok djm markus
* avoid trailing ',' in host key algorithmsdjm2015-01-181-2/+3
|
* infer key length correctly when user specified a fully-djm2015-01-181-7/+12
| | | | | qualified key name instead of using the -b bits option; ok markus@
* fix hostkeys on ssh agent; found by unit test I'm about to commitdjm2015-01-171-3/+7
|
* garbage collect empty .No macros mandoc warns aboutschwarze2015-01-161-4/+4
|
* regression: incorrect error message on otherwise-successfuldjm2015-01-161-3/+3
| | | | ssh-keygen -A. Reported by Dmitry Orlov, via deraadt@
* when hostname canonicalisation is enabled, try to parse hostnamesdjm2015-01-161-5/+72
| | | | | | as addresses before looking them up for canonicalisation. fixes bz#2074 and avoids needless DNS lookups in some cases; ok markus
* Replace <sys/param.h> with <limits.h> and other less dirty headers wherederaadt2015-01-1613-36/+41
| | | | | | | | | possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
* remove xmalloc, switch to sshbufmarkus2015-01-151-5/+3
|
* switch to sshbufmarkus2015-01-151-3/+3
|
* handle UMAC128 initialization like UMAC; ok djm@ markus@naddy2015-01-151-2/+3
|
* fix regression reported by brad@ for passworded keys withoutdjm2015-01-151-3/+5
| | | | agent present
* sync ssh-keysign, ssh-keygen and some dependencies to the newdjm2015-01-1513-495/+595
| | | | buffer/key API; mostly mechanical, ok markus@
* remove commented-out test code now that it has moved to adjm2015-01-151-175/+0
| | | | proper unit test
* whitespacedjm2015-01-141-2/+0
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.