summaryrefslogtreecommitdiffstats
path: root/usr.bin (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* UpdateHostkeys: better detect manual host entriesdjm2020-10-111-17/+37
| | | | | | | | Disable UpdateHostkeys if the known_hosts line has more than two entries in the pattern-list. ssh(1) only writes "host" or "host,ip" lines so anything else was added by a different tool or by a human. ok markus@
* Escape ! in Qltim2020-10-091-3/+3
| | | | OK jmc@ nicm@, agreement from schwarze@
* fix SEE ALSO;jmc2020-10-091-2/+2
|
* Add nolog option to avoid syslog(3)kn2020-10-094-8/+20
| | | | | | | | | | | | | doas(1) unconditionally logs all executions but syslog.conf(5) provides no means to filter messages by user, target or command. Add the "nolog" option to doas.conf(5) such that syslog becomes an opt-out feature; this keeps configuration simple enough yet powerful since rule definition is the best place to decide whether to log commands or not on a per rule basis - this also aoids duplicating information or logic in any other log processing tool. OK tedu martijn
* Improve error message on missing permissionkn2020-10-091-2/+2
| | | | | | | | | | | | | In case "cmd" (and "args") in doas.conf(5) mismatch, the log syslog(3) message might be read as if the command was executed but failed, i.e. returned non-zero. Be unambiguous and help admins spot execution *attempts* as such: -Oct 9 01:05:20 eru doas: failed command for kn: echo bar +Oct 9 01:05:20 eru doas: command not permitted for kn: echo bar OK tedu deraadt
* set SO_REUSEADDR on the server socket when we play oscp server.beck2020-10-081-1/+2
| | | | ok inoguchi@ tb@ deraadt@
* don't misdetect comma-separated hostkey names as wildcards;djm2020-10-081-4/+4
| | | | spotted by naddy@
* clarify conditions for UpdateHostkeysdjm2020-10-081-3/+9
|
* Allow fnmatch(3) wildcards in update-environment, GitHub issue 2397.nicm2020-10-071-2/+7
|
* Disable UpdateHostkeys when hostkey checking failsdjm2020-10-071-1/+6
| | | | | | | | If host key checking fails (i.e. a wrong host key is recorded for the server) and the user elects to continue (via StrictHostKeyChecking=no), then disable UpdateHostkeys for the session. reminded by Mark D. Baushke; ok markus@
* Fix UpdateHostkeys/HashKnownHosts/CheckHostIP bugdjm2020-10-071-1/+4
| | | | | | | | When all of UpdateHostkeys, HashKnownHosts and ChechHostIP were enabled and new host keys were learned, known_hosts IP entries were not being recorded for new host keys. reported by matthieu@ ok markus@
* don't UpdateHostkeys when the hostkey is verified by thedjm2020-10-071-4/+28
| | | | | | GlobalKnownHostsFile file, support only UserKnownHostsFile matches suggested by Mark D. Baushke; feedback and ok markus@
* revert kex->flags cert hostkey downgrade back to a plain keydjm2020-10-075-64/+20
| | | | | | | (commitid VtF8vozGOF8DMKVg). We now do this a simpler way that needs less plumbing. ok markus@
* simply disable UpdateHostkeys when a certificate successfullydjm2020-10-071-2/+7
| | | | | | | authenticated the host; simpler than the complicated plumbing via kex->flags we have now. ok markus@
* disable UpdateHostkeys by default if VerifyHostKeyDNS is enabled;djm2020-10-072-6/+9
| | | | suggested by Mark D. Baushke
* Fix a last minute change in previous.nicm2020-10-061-2/+2
|
* Add a state struct to store working state during format expansionnicm2020-10-061-175/+232
| | | | | | | instead of modiyfing the format tree. Use this to disable nested job expansion so that the result of #() is not expanded again. Reported by Chas J Owens IV, GitHub issue 2390.
* Agent protocol draft is now at rev 4. ok djm@dtucker2020-10-061-2/+2
|
* Trim "s from process names; also fix a default format in man page.nicm2020-10-052-4/+8
|
* Tidy the resize code, merge some common bits and add some comments. Fromnicm2020-10-051-209/+168
| | | | "Mike" in GitHub issue 2392.
* Use the setal capability as well as (tmux's) Setulc.nicm2020-10-055-18/+37
|
* when ordering host key algorithms in the client, consider the ECDSAdjm2020-10-044-12/+19
| | | | key subtype; ok markus@
* Allow full range of UIDs and GIDs for sftp chown and chgrp on 32bitdtucker2020-10-041-6/+6
| | | | | platforms instead of being limited by LONG_MAX. bz#3206, found by booking00 at sina.cn, ok markus@
* There are lots of place where we want to redirect stdin, stdoutdjm2020-10-039-135/+60
| | | | | | and/or stderr to /dev/null. Factor all these out to a single stdfd_devnull() function that allows selection of which of these to redirect. ok markus@
* enable UpdateHostkeys by default when the configuration has notdjm2020-10-032-4/+10
| | | | | overridden UserKnownHostsFile; ok markus@ "The timing is perfect" deraadt@
* disable UpdateHostkeys when a wildcard hostname pattern isdjm2020-10-031-2/+31
| | | | | encountered or when a certificate host key is in use. feedback/ok markus@
* record when the host key checking code downgrades a certificate hostdjm2020-10-034-19/+57
| | | | | | key to a plain key. This occurs when the user connects to a host with a certificate host key but no corresponding CA key configured in known_hosts; feedback and ok markus@
* prefer ed25519 signature algorithm variants to ECDSA; ok markus@djm2020-10-033-33/+39
|
* want time.h here toodjm2020-10-031-1/+2
|
* split introductory paragraph, and insert ominous words about the globderaadt2020-10-031-4/+8
| | | | | | issue, which cannot be fully fixed and really requires completely replacing scp with a completely different subsystem. team effort to find the right words..
* Add -[46] nops for compatibility with the OpenSSL s_servertb2020-10-021-1/+9
| | | | | | | | | | | | | | | On OpenBSD it's necessary to use the eopenssl11 s_server with either -4 or -6 to choose an address family. I often want to try something with an OpenSSL server and then test the same thing with LibreSSL or vice versa. Adding and removing -4s on top of editing the command is annoying and distracting. This commits teaches our s_server to ignore -4 and -6 and thus makes commands that work with eopenssl11 more likely to work with openssl(1). These options are deliberately undocumented and don't show up in help listings. ok bcook inoguchi jsing
* add a missing .Ppschwarze2020-10-011-2/+3
|
* add example to apropos.1 to list all manuals in a given sectionians2020-10-011-2/+5
| | | | ok schwarze@
* update currency exchange rates;jmc2020-10-011-39/+39
|
* Now that dprintf(3) uses format string annotation checking, a sizeof()deraadt2020-09-301-2/+2
| | | | | requires (int) for a '*' modifier ok millert
* Regen moduli.dtucker2020-09-306-452/+405
|
* openssh 8.4djm2020-09-271-2/+2
|
* Escape+Up and the other arrow keys should be kept as Escape+Up and notnicm2020-09-231-10/+15
| | | | | | converted to M-Up. Do not give them the implied meta flag so they don't match the M-Up entry in the output key tree. Fixes problem with vi reported by jsing@.
* Move a sentence to the right command.nicm2020-09-221-5/+5
|
* Do not wrap at end of text when positioning at end of match because thenicm2020-09-221-6/+6
| | | | length may include trailing spaces.
* Resize screen to the correct size (borders need to be taken off).nicm2020-09-221-2/+2
|
* Fix warnings on some platforms with %llx and add a new message to handlenicm2020-09-224-13/+30
| | | | 64-bit client flags.
* close stdin when forking after authentication too; ok markusdjm2020-09-211-2/+3
|
* close stdout/stderr after "ssh -f ..." forkingdjm2020-09-201-6/+21
| | | | bz#3137, ok markus
* cap channel input buffer size at 16MB; avoids high memory use whendjm2020-09-202-2/+8
| | | | | | | | | peer advertises a large window but is slow to consume the data we send (e.g. because of a slow network) reported by Pierre-Yves David fix with & ok markus@
* Free buffer earlier to avoid confusing some compilers, GitHub issuenicm2020-09-181-7/+5
| | | | 2382.
* Some other warnings, GitHub issue 2382.nicm2020-09-183-8/+10
|
* handle multiple messages in a single read()djm2020-09-181-6/+13
| | | | PR#183 by Dennis Kaarsemaker; feedback and ok markus@
* tweak the client hostkey preference ordering algorithm to prefer thedjm2020-09-181-3/+38
| | | | | | | default ordering if the user has a key that matches the best-preference default algorithm. feedback and ok markus@
* Add -q flag to unbind-key to hide errors, GitHub issue 2381.nicm2020-09-162-26/+39
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.