Age | Commit message (Collapse) | Author |
|
algorithms from the default set (i.e. HostkeyAlgorithms=+/-...), retain the
default behaviour of preferring those algorithms that have existing keys in
known_hosts; ok markus
OpenBSD-Commit-ID: 040e7fcc38ea00146b5d224ce31ce7a1795ee6ed
|
|
other algorithm lists; ok markus@
OpenBSD-Commit-ID: a66f0fca8cc5ce30405a2867bc115fff600671d0
|
|
Match keyword. ok markus@
OpenBSD-Commit-ID: 342e940538b13dd41e0fa167dc9ab192b9f6e2eb
|
|
messages.
This replaces "security key" in error/usage/verbose messages and
distinguishes between "authenticator" and "authenticator-hosted key".
ok djm@
OpenBSD-Commit-ID: 7c63800e9c340c59440a054cde9790a78f18592e
|
|
... unless we are actually going to use it. Fixes build on HP-UX
without the potential impact to other platforms of a header change
shortly before release.
|
|
|
|
The point of the dummy declaration is so that MAKE_CLONE(...) can have
a trailing semicolon without introducing an empty declaration. So,
the macro replacement text should *not* have a trailing semicolon,
just like DEF_WEAK.
|
|
markus@
OpenBSD-Commit-ID: 94e9c1c066d42b76f035a3d58250a32b14000afb
|
|
corner cases we need to address; ok markus
OpenBSD-Commit-ID: ff7ad941bfdc49fb1d8baa95fd0717a61adcad57
|
|
rejig the challenge text a little;
ok djm
OpenBSD-Commit-ID: 9f351e6da9edfdc907d5c3fdaf2e9ff3ab0a7a6f
|
|
|
|
bz3093
|
|
as suggested by markus@
OpenBSD-Commit-ID: 4ab9117ee5261cbbd1868717fcc3142eea6385cf
|
|
OpenBSD-Commit-ID: 37b252e2e6f690efed6682437ef75734dbc8addf
|
|
OpenBSD-Commit-ID: 08efad608b790949a9a048d65578fae9ed5845fe
|
|
OpenBSD-Commit-ID: 0c42851cdc88583402b4ab2b110a6348563626d3
|
|
Fixes build on platforms that don't have sys/queue.h (eg MUSL).
|
|
Jelen
OpenBSD-Regress-ID: 0d9224de3297c7a5f51ba68d6e3725a2a9345fa4
|
|
OpenBSD-Commit-ID: 564cf7a5407ecf5da2d94ec15474e07427986772
|
|
avoids missing messages from re-exec config passing
OpenBSD-Commit-ID: 02484b8241c1f49010e7a543a7098e6910a8c9ff
|
|
OpenBSD-Commit-ID: 862ee84bd4b97b529f64aec5d800c3dcde952e3a
|
|
of files. This has sensible semantics wrt Match blocks and accepts glob(3)
patterns to specify the included files. Based on patch by Jakub Jelen in
bz2468; feedback and ok markus@
OpenBSD-Commit-ID: 36ed0e845b872e33f03355b936a4fff02d5794ff
|
|
OpenBSD-Commit-ID: 3c079523c4b161725a4b15dd06348186da912402
|
|
OpenBSD-Commit-ID: 25c390b21d142f78ac0106241d13441c4265fd2c
|
|
specifies only the default known_hosts files, otherwise select
UpdateKnownHosts=ask; ok markus@
OpenBSD-Commit-ID: ab401a5ec4a33d2e1a9449eae6202e4b6d427df7
|
|
Should prevent warnings on at least some AIX versions.
|
|
ssh_packet_write_poll() failures here too as the former yields better error
messages; ok dtucker@
OpenBSD-Commit-ID: 1f7a6ca95bc2b716c2e948fc1370753be772d8e3
|
|
call sshpkt_fatal() if it fails; avoid potential busy-loop under some
circumstances. Based on patch by Mike Frysinger; ok dtucker@
OpenBSD-Commit-ID: c79fe5cf4f0cd8074cb6db257c1394d5139408ec
|
|
potentially call strerror() (via ssh_err()); ok dtucker
OpenBSD-Commit-ID: 5590df31d21405498c848245b85c24acb84ad787
|
|
OpenBSD-Commit-ID: 10bbfb6607ebbb9a018dcd163f0964941adf58de
|
|
that the changes are validated by the existing trusted host key. Prompted by
espie@ feedback and ok markus@
OpenBSD-Commit-ID: b3d95f4a45f2692f4143b9e77bb241184dbb8dc5
|
|
Allow writing to disk the attestation certificate that is generated by
the FIDO token at key enrollment time. These certificates may be used
by an out-of-band workflow to prove that a particular key is held in
trustworthy hardware.
Allow passing in a challenge that will be sent to the card during
key enrollment. These are needed to build an attestation workflow
that resists replay attacks.
ok markus@
OpenBSD-Commit-ID: 457dc3c3d689ba39eed328f0817ed9b91a5f78f6
|
|
me" matthieu@
OpenBSD-Commit-ID: 60d7b5eb91accf935ed9852650a826d86db2ddc7
|
|
|
|
based on patch by veegish AT cyberstorm.mu
OpenBSD-Commit-ID: 9902bf4fbb4ea51de2193ac2b1d965bc5d99c425
|
|
djm@ sthen@
OpenBSD-Commit-ID: e5bcc45eadb78896637d4143d289f1e42c2ef5d7
|
|
OpenBSD-Regress-ID: 075a899a01bbf7781d38bf0b33d8366faaf6d3c0
|
|
This allows us to always define it if needed not just if we also
define the type ourself.
|
|
OpenBSD-Regress-ID: 075a899a01bbf7781d38bf0b33d8366faaf6d3c0
|
|
|
|
|
|
key types - just ignore them. spotted by and ok dtucker@
OpenBSD-Commit-ID: 91769e443f6197c983932fc8ae9d39948727d473
|
|
files to debug() as it was intended to be; spotted by dtucker@
OpenBSD-Commit-ID: 18cfea382cb52f2da761be524e309cc3d5354ef9
|
|
(e.g. host key confirmation) and not just password prompts.
OpenBSD-Commit-ID: 97b001883d89d3fb1620d2e6b747c14a26aa9818
|
|
sshbuf-io.c doesn't need SSHBUF_INTERNAL set
OpenBSD-Commit-ID: 27a724d2e0b2619c1a1490f44093bbd73580d9e6
|
|
|
|
making ssh-keygen be solely responsible for printing the error message and
convertint some more common error responses from the middleware to a useful
ssherr.h status code. more detail remains visible via -v of course.
also remove indepedent copy of sk-api.h declarations in sk-usbhid.c
and just include it.
feedback & ok markus@
OpenBSD-Commit-ID: a4a8ffa870d9a3e0cfd76544bcdeef5c9fb1f1bb
|
|
functions; feedback and ok markus@
OpenBSD-Commit-ID: dc09e5f1950b7acc91b8fdf8015347782d2ecd3d
|
|
we use; requested by markus@
OpenBSD-Commit-ID: 83a1f09810ffa3a96a55fbe32675b34ba739e56b
|
|
connection killing behaviour, rather than killing the connection after
sending the first liveness test probe (regardless of whether the client was
responsive) bz2627; ok markus
OpenBSD-Commit-ID: 5af79c35f4c9fa280643b6852f524bfcd9bccdaf
|