| Age | Commit message (Collapse) | Author |
|---|
|
don't printf NULL key comments; reported by Tom Christensen
|
|
zero cmsgbuf before use; we initialise the bits we use
but valgrind still spams warning on it
|
|
fix small memory leak when UpdateHostkeys=no
|
|
This reverts commit d1db656021d0cd8c001a6692f772f1de29b67c8b.
No longer needed with commit 678e473e2af2e4802f24dd913985864d9ead7fb3
|
|
don't leak validity of user in "too many authentication
failures" disconnect message; reported by Sebastian Reitenbach
|
|
add -v (show ASCII art) to -l's synopsis; ok djm@
|
|
Remove ssh_get_progname's dependency on xmalloc, which should reduce
link order problems. ok djm@
|
|
ifdef out some more ECDSA and ECDH tests when built against an OpenSSL
that does not have eliptic curve functionality.
|
|
_NSIG is only unsed in one file, so move it there prevent redefinition
warnings reported by Kevin Brott.
|
|
|
|
|
|
|
|
|
|
Fix name space clash on Solaris 10. Still more to do for Solaris 10
to deal with msghdr structure differences. ok djm@
|
|
a88dd1da119052870bb2654c1a32c51971eade16
(some systems have sig_atomic_t in signal.h, some in sys/signal.h)
Sounds good to me djm@
|
|
|
|
|
|
|
|
Our getaddrinfo implementation always returns numeric values already.
|
|
Prevents compile errors on some platforms (at least old GCCs and AIX's
XLC compilers).
|
|
Convert packet_send_debug and packet_disconnect from macros to
functions. Some older GCCs (2.7.x, 2.95.x) see to have problems with
variadic macros with only one argument so we convert these two into
functions. ok djm@
|
|
further silence spurious error message even when -v is
specified (e.g. to get visual host keys); reported by naddy@
|
|
|
|
spotted by Tom Christensen
|
|
fix a race condition by using a mux socket rather than an
ineffectual wait statement
|
|
|
|
add an XXX to remind me to improve sshkey_load_public
|
|
silence a spurious error message when listing
fingerprints for known_hosts; bz#2342
|
|
fix setting/clearing of TTY raw mode around
UpdateHostKeys=ask confirmation question; reported by Herb Goldman
|
|
Ifdef out the ECC parts when building with an OpenSSL that doesn't have
it.
|
|
|
|
|
|
|
|
make "ssh-add -d" properly remove a corresponding
certificate, and also not whine and fail if there is none
ok djm@
|
|
|
|
sort options useable under Match case-insensitively; prodded
jmc@
|
|
correct paths to configuration files being written/updated;
they live in $OBJ not cwd; some by Roumen Petrov
|
|
|
|
Some platforms (older FreeBSD and DragonFly versions) do have
getaddrinfo() but do not have AI_NUMERICINFO. so define it to zero
in those cases.
|
|
more options that are available under Match; bz#2353 reported
by calestyo AT scientia.net
|
|
UpdateHostKeys fixes:
I accidentally changed the format of the hostkeys@openssh.com messages
last week without changing the extension name, and this has been causing
connection failures for people who are running -current. First reported
by sthen@
s/hostkeys@openssh.com/hostkeys-00@openssh.com/
Change the name of the proof message too, and reorder it a little.
Also, UpdateHostKeys=ask is incompatible with ControlPersist (no TTY
available to read the response) so disable UpdateHostKeys if it is in
ask mode and ControlPersist is active (and document this)
|
|
Regression: I broke logging of public key fingerprints in
1.46. Pointed out by Pontus Lundkvist
|
|
|
|
|
|
enable hostkeys unit tests
|
|
check string/memory compare arguments aren't NULL
|
|
unit tests for hostfile.c code, just hostkeys_foreach so
far
|
|
test server rekey limit
|
|
partial backout of:
revision 1.441
date: 2015/01/31 20:30:05; author: djm; state: Exp; lines: +17 -10; commitid
: x8klYPZMJSrVlt3O;
Let sshd load public host keys even when private keys are missing.
Allows sshd to advertise additional keys for future key rotation.
Also log fingerprint of hostkeys loaded; ok markus@
hostkey updates now require access to the private key, so we can't
load public keys only. The improved log messages (fingerprints of keys
loaded) are kept.
|
|
Revise hostkeys@openssh.com hostkey learning extension.
The client will not ask the server to prove ownership of the private
halves of any hitherto-unseen hostkeys it offers to the client.
Allow UpdateHostKeys option to take an 'ask' argument to let the
user manually review keys offered.
ok markus@
|
