| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
|
|
Fix name space clash on Solaris 10. Still more to do for Solaris 10
to deal with msghdr structure differences. ok djm@
|
|
a88dd1da119052870bb2654c1a32c51971eade16
(some systems have sig_atomic_t in signal.h, some in sys/signal.h)
Sounds good to me djm@
|
|
|
|
|
|
|
|
Our getaddrinfo implementation always returns numeric values already.
|
|
Prevents compile errors on some platforms (at least old GCCs and AIX's
XLC compilers).
|
|
Convert packet_send_debug and packet_disconnect from macros to
functions. Some older GCCs (2.7.x, 2.95.x) see to have problems with
variadic macros with only one argument so we convert these two into
functions. ok djm@
|
|
further silence spurious error message even when -v is
specified (e.g. to get visual host keys); reported by naddy@
|
|
|
|
spotted by Tom Christensen
|
|
fix a race condition by using a mux socket rather than an
ineffectual wait statement
|
|
|
|
add an XXX to remind me to improve sshkey_load_public
|
|
silence a spurious error message when listing
fingerprints for known_hosts; bz#2342
|
|
fix setting/clearing of TTY raw mode around
UpdateHostKeys=ask confirmation question; reported by Herb Goldman
|
|
Ifdef out the ECC parts when building with an OpenSSL that doesn't have
it.
|
|
|
|
|
|
|
|
make "ssh-add -d" properly remove a corresponding
certificate, and also not whine and fail if there is none
ok djm@
|
|
|
|
sort options useable under Match case-insensitively; prodded
jmc@
|
|
correct paths to configuration files being written/updated;
they live in $OBJ not cwd; some by Roumen Petrov
|
|
|
|
Some platforms (older FreeBSD and DragonFly versions) do have
getaddrinfo() but do not have AI_NUMERICINFO. so define it to zero
in those cases.
|
|
more options that are available under Match; bz#2353 reported
by calestyo AT scientia.net
|
|
UpdateHostKeys fixes:
I accidentally changed the format of the hostkeys@openssh.com messages
last week without changing the extension name, and this has been causing
connection failures for people who are running -current. First reported
by sthen@
s/hostkeys@openssh.com/hostkeys-00@openssh.com/
Change the name of the proof message too, and reorder it a little.
Also, UpdateHostKeys=ask is incompatible with ControlPersist (no TTY
available to read the response) so disable UpdateHostKeys if it is in
ask mode and ControlPersist is active (and document this)
|
|
Regression: I broke logging of public key fingerprints in
1.46. Pointed out by Pontus Lundkvist
|
|
|
|
|
|
enable hostkeys unit tests
|
|
check string/memory compare arguments aren't NULL
|
|
unit tests for hostfile.c code, just hostkeys_foreach so
far
|
|
test server rekey limit
|
|
partial backout of:
revision 1.441
date: 2015/01/31 20:30:05; author: djm; state: Exp; lines: +17 -10; commitid
: x8klYPZMJSrVlt3O;
Let sshd load public host keys even when private keys are missing.
Allows sshd to advertise additional keys for future key rotation.
Also log fingerprint of hostkeys loaded; ok markus@
hostkey updates now require access to the private key, so we can't
load public keys only. The improved log messages (fingerprints of keys
loaded) are kept.
|
|
Revise hostkeys@openssh.com hostkey learning extension.
The client will not ask the server to prove ownership of the private
halves of any hitherto-unseen hostkeys it offers to the client.
Allow UpdateHostKeys option to take an 'ask' argument to let the
user manually review keys offered.
ok markus@
|
|
Refactor hostkeys_foreach() and dependent code Deal with
IP addresses (i.e. CheckHostIP) Don't clobber known_hosts when nothing
changed ok markus@ as part of larger commit
|
|
Declare ge25519_base as extern, to prevent it from
becoming a common. Gets us rid of ``lignment 4 of symbol
`crypto_sign_ed25519_ref_ge25519_base' in mod_ge25519.o is smaller than 16 in
mod_ed25519.o'' warnings at link time.
|
|
make rekey_limit for sshd w/privsep work; ok djm@
dtucker@
|
|
Prevent sshd spamming syslog with
"ssh_dispatch_run_fatal: disconnected". ok markus@
|
|
Some packet error messages show the address of the peer,
but might be generated after the socket to the peer has suffered a TCP reset.
In these cases, getpeername() won't work so cache the address earlier.
spotted in the wild via deraadt@ and tedu@
|
|
fix some leaks in error paths ok markus@
|
|
SIZE_MAX is standard, we should be using it in preference to
the obsolete SIZE_T_MAX. OK miod@ beck@
|
|
Include stdint.h, not limits.h to get SIZE_MAX. OK guenther@
|
|
missing ; djm and mlarkin really having great
interactions recently
|
