Age | Commit message (Collapse) | Author |
|
comment. Patch from openbsd@academicsolutions.ch, ok djm@
OpenBSD-Commit-ID: 35862beb0927b1cb0af476ec23cc07f6e3006101
|
|
keys.
Update the list of default host key algorithms in ssh_config.5 and
sshd_config.5. Copy the description of the SecurityKeyProvider
option to sshd_config.5.
ok jmc@
OpenBSD-Commit-ID: edadf3566ab5e94582df4377fee3b8b702c7eca0
|
|
correct term. Add "MAC" since we use that acronym in other man pages. ok
naddy@
OpenBSD-Commit-ID: c35529e511788586725fb63bda3459e10738c5f5
|
|
how SSH works ok markus@ jmc@
OpenBSD-Commit-ID: 8e34973f232ab48c4d4f5d07df48d501708b9160
|
|
the safer xstrdup which fatals on allocation failures.
ok markus@
OpenBSD-Commit-ID: 8b608d387120630753cbcb8110e0b019c0c9a0d0
|
|
for now
OpenBSD-Commit-ID: c97e22c2b28c0d12ee389b8b4ef5f2ada7908828
|
|
|
|
|
|
|
|
OpenBSD-Regress-ID: 40481999a5928d635ab2e5b029e8239c112005ea
|
|
in sshd, so don't double the tests' work by trying both off/on
OpenBSD-Regress-ID: d366665466dbd09e9b707305da884be3e7619c68
|
|
spurious warnings from the cfgparse regress test
OpenBSD-Commit-ID: ba49ea7a5c92b8a16cb9c2e975dbb163853afc54
|
|
SecurityKeyProvider=internal - unbreaks cfgparse regress test
OpenBSD-Commit-ID: d2ddcf525c0dc3c8339522360c10b3c70f1fd641
|
|
OpenBSD-Commit-ID: 1fe822a7f714df19a7e7184e3a3bbfbf546811d3
|
|
keys.
Previously we didn't do this because we didn't want to expose
the attack surface presented by USB and FIDO protocol handling,
but now that this is insulated behind ssh-sk-helper there is
less risk.
ok markus@
OpenBSD-Commit-ID: 77b068dd133b8d87e0f010987bd5131e640ee64c
|
|
Needed on Linux ARM. bz#3100, patch from jjelen@redhat.com.
|
|
Fixes build when linking against OpenSSLs built with no-ec.
|
|
The ssh-sk-helper client API gives us a nice place to disable
security key support when it is wasn't enabled at compile time,
so we don't need to check everywere.
Also, verification of security key signatures can remain enabled
all the time - it has no additional dependencies. So sshd can
accept security key pubkeys in authorized_keys, etc regardless of
the host's support for dlopen, etc.
|
|
|
|
|
|
|
|
|
|
OpenBSD-Commit-ID: fd2ea776a5bbbf4d452989d3c3054cf25a5e0589
|
|
This means that ssh-keygen no longer needs to link against ssh-sk-helper, and
only ssh-sk-helper needs libfido2 and /dev/uhid* access;
feedback & ok markus@
OpenBSD-Commit-ID: 9464233fab95708d2ff059f8bee29c0d1f270800
|
|
OpenBSD-Commit-ID: 91482c1ada9adb283165d48dafbb88ae91c657bd
|
|
This extracts and refactors the client interface for ssh-sk-helper
from ssh-agent and generalises it for use by the other programs.
This means that most OpenSSH tools no longer need to link against
libfido2 or directly interact with /dev/uhid*
requested by, feedback and ok markus@
OpenBSD-Commit-ID: 1abcd3aea9a7460eccfbf8ca154cdfa62f1dc93f
|
|
object
OpenBSD-Commit-ID: 67c01e0565b258e0818c1ccfe1f1aeaf9a0d4c7b
|
|
by Ron Frederick
document certifiate private key format
correct flags type for sk-ssh-ed25519@openssh.com keys
OpenBSD-Commit-ID: fc4e9a1ed7f9f7f9dd83e2e2c59327912e933e74
|
|
constraint "sk-provider@openssh.com", not "sk@openssh.com"; spotted by Ron
Frederick
OpenBSD-Commit-ID: dbfba09edbe023abadd5f59c1492df9073b0e51d
|
|
CAs; spotted by Ron Frederick
OpenBSD-Commit-ID: 9bb0dfff927b4f7aa70679f983f84c69d45656c3
|
|
key, remind the user to touch they key to authorise the signature.
OpenBSD-Commit-ID: fe58733edd367362f9766b526a8b56827cc439c1
|
|
security key protocol description; feedback from Ron Frederick
OpenBSD-Commit-ID: 048c9483027fbf9c995e5a51b3ac502989085a42
|
|
when asking passphrases, only when confirming the use of a key (i.e. for
ssh-agent keys added with "ssh-add -c keyfile")
OpenBSD-Commit-ID: 6643c82960d9427d5972eb702c917b3b838ecf89
|
|
OpenBSD-Commit-ID: 71a3a45b0fe1b8f680ff95cf264aa81f7abbff67
|
|
OpenBSD-Commit-ID: 876651bdde06bc1e72dd4bd7ad599f42a6ce5a16
|
|
If the system (or one of the dependencies) implements memmem but does
not define the header, we would not declare it either resulting in
compiler warnings. Check for declaration explicitly. bz#3102.
|
|
|
|
This makes diffs more stable between makedepend implementations.
|
|
|
|
While there, move the OpenSSL 1.1.0g caveat closer to the other version
information.
|
|
|
|
Fixes tests when built against an OpenSSL configured with no-ec.
|
|
Fixes build --without-openssl on at least Fedora.
|
|
This lets it pick up the -L path to libcrypto for example.
|
|
|
|
Check for -fPIC support from compiler
Compile libopenbsd-compat -fPIC
Don't mix -fPIE and -fPIC when compiling
|
|
|
|
include a fatal() implementation to satisfy libopenbsd-compat
clean up .lo and .so files
.gitignore .lo and .so files
|
|
needing the ssh_digest API.
OpenBSD-Regress-ID: 785847ec78cb580d141e29abce351a436d6b5d49
|
|
libcrypto or libc SHA512 functions rather than calling ssh_digest_memory();
avoids many dependencies on ssh code that complicate standalone use of
ed25519, as we want to do in sk-dummy.so
OpenBSD-Commit-ID: 5a3c37593d3ba7add037b587cec44aaea088496d
|