diff options
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 33 |
1 files changed, 33 insertions, 0 deletions
@@ -1,3 +1,36 @@ | |||
1 | 20100226 | ||
2 | - OpenBSD CVS Sync | ||
3 | - djm@cvs.openbsd.org 2010/02/26 20:29:54 | ||
4 | [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys addrmatch.c auth-options.c] | ||
5 | [auth-options.h auth.h auth2-pubkey.c authfd.c dns.c dns.h hostfile.c] | ||
6 | [hostfile.h kex.h kexdhs.c kexgexs.c key.c key.h match.h monitor.c] | ||
7 | [myproposal.h servconf.c servconf.h ssh-add.c ssh-agent.c ssh-dss.c] | ||
8 | [ssh-keygen.1 ssh-keygen.c ssh-rsa.c ssh.1 ssh.c ssh2.h sshconnect.c] | ||
9 | [sshconnect2.c sshd.8 sshd.c sshd_config.5] | ||
10 | Add support for certificate key types for users and hosts. | ||
11 | |||
12 | OpenSSH certificate key types are not X.509 certificates, but a much | ||
13 | simpler format that encodes a public key, identity information and | ||
14 | some validity constraints and signs it with a CA key. CA keys are | ||
15 | regular SSH keys. This certificate style avoids the attack surface | ||
16 | of X.509 certificates and is very easy to deploy. | ||
17 | |||
18 | Certified host keys allow automatic acceptance of new host keys | ||
19 | when a CA certificate is marked as trusted in ~/.ssh/known_hosts. | ||
20 | see VERIFYING HOST KEYS in ssh(1) for details. | ||
21 | |||
22 | Certified user keys allow authentication of users when the signing | ||
23 | CA key is marked as trusted in authorized_keys. See "AUTHORIZED_KEYS | ||
24 | FILE FORMAT" in sshd(8) for details. | ||
25 | |||
26 | Certificates are minted using ssh-keygen(1), documentation is in | ||
27 | the "CERTIFICATES" section of that manpage. | ||
28 | |||
29 | Documentation on the format of certificates is in the file | ||
30 | PROTOCOL.certkeys | ||
31 | |||
32 | feedback and ok markus@ | ||
33 | |||
1 | 20100224 | 34 | 20100224 |
2 | - (djm) [pkcs11.h ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c] | 35 | - (djm) [pkcs11.h ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c] |
3 | [ssh-pkcs11.h] Add $OpenBSD$ RCS idents so we can sync portable | 36 | [ssh-pkcs11.h] Add $OpenBSD$ RCS idents so we can sync portable |