Age | Commit message (Collapse) | Author |
|
of a specified command (ie "ssh-agent command"). Would have caught bz#3181.
OpenBSD-Regress-ID: 895b4765ba5153eefaea3160a7fe08ac0b6db8b3
|
|
OpenBSD-Regress-ID: 706ef17e2b545b64873626e0e35553da7c06052a
|
|
verification only so far
OpenBSD-Regress-ID: fb1f946c8fc59206bc6a6666e577b5d5d7e45896
|
|
OpenBSD-Regress-ID: 8089b88393dd916d7c95422b442a6fd4cfe00c82
|
|
part of previous diff)
OpenBSD-Commit-ID: 65a4f66436028748b59fb88b264cb8c94ce2ba63
|
|
sshd can load a private key but no public counterpart; with & ok markus@
OpenBSD-Commit-ID: 0713cbdf9aa1ff8ac7b1f78b09ac911af510f81b
|
|
OpenBSD-Commit-ID: 8d03b6c96ca98bfbc23d3754c3c33e1fe0852e10
|
|
early. ok markus@
OpenBSD-Commit-ID: 49346e945c6447aca3e904e65fc400128d2f8ed0
|
|
|
|
OpenBSD-Commit-ID: 976fdc99b500e347023d430df372f31c1dd128f7
|
|
OpenBSD-Commit-ID: b4a5accae750875d665b862504169769bcf663bd
|
|
OpenBSD-Commit-ID: ed405a12bd27bdc9c52e169bc5ff3529b4ebbbb2
|
|
work with SSLeay (very quickly replaced by OpenSSL) not SSL in general. ok
deraadt, historical context markus@
OpenBSD-Commit-ID: 7209e07a2984b50411ed8ca5a4932da5030d2b90
|
|
OpenBSD-Commit-ID: 52ff0e3205036147b2499889353ac082e505ea54
|
|
clang 10's -Wimplicit-fallthrough does not understand /* FALLTHROUGH */
comments and we don't use the __attribute__((fallthrough)) that it's
looking for. This has the effect of turning off -Wimplicit-fallthrough
where it does not currently help (particularly with -Werror). ok djm@
|
|
OpenBSD-Commit-ID: 52ff0e3205036147b2499889353ac082e505ea54
|
|
ok djm@
OpenBSD-Commit-ID: 2e2b18e3aa6ee22a7b69c39f2d3bd679ec35c362
|
|
attributes. From Christos Zoulas, OK markus@
OpenBSD-Commit-ID: 41523c999a9e3561fcc7082fd38ea2e0629ee07e
|
|
vdollar_percent_expand. Fixes build error on arm64 spotted by otto@.
OpenBSD-Commit-ID: 181910d7ae489f40ad609b4cf4a20f3d068a7279
|
|
Fixes tests on old BSDs.
|
|
dollar_expand. The original intent was in case there's some platform where
va_list is not a pointer equivalent, but on i386 this chokes on the memset.
This unbreaks that build, but will require further consideration.
OpenBSD-Commit-ID: 7b90afcd8e1137a1d863204060052aef415baaf7
|
|
OpenBSD-Commit-ID: 58ddfe6f8a15fe10209db6664ecbe7896f1d167c
|
|
environment variable expansion in various keywords (bz#3140). ok djm@
OpenBSD-Regress-ID: 4d9ceb95d89365b7b674bc26cf064c15a5bbb197
|
|
OpenBSD-Regress-ID: cec4239efa2fc4c7062064f07a847e1cbdbcd5dd
|
|
bz#3165
OpenBSD-Commit-ID: 8856f3d1612bd42e9ee606d89386cae456dd165c
|
|
environment variables on the client side. The supported keywords are
CertificateFile, ControlPath, IdentityAgent and IdentityFile, plus
LocalForward and RemoteForward when used for Unix domain socket paths. This
would for example allow forwarding of Unix domain socket paths that change at
runtime. bz#3140, ok djm@
OpenBSD-Commit-ID: a4a2e801fc2d4df2fe0e58f50d9c81b03822dffa
|
|
|
|
synchronize synopsis and usage.
|
|
remove unused variable
ok tedu@
|
|
The code in socks.c writes multiple times in a row to a socket. If the socket becomes invalid between these calls (e.g. connection closed), write will throw SIGPIPE. With this patch, SIGPIPE is ignored so we can handle write's -1 return value (errno will be EPIPE). Ultimately, it leads to program exit, too -- but with nicer error message. :)
with input by and ok djm
|
|
Check for short writes in fdpass(). Clean up while at it.
ok djm
|
|
Support for nc -T on IPv6 addresses.
ok sthen@
|
|
was not updated to match API change. From Dale Rahn via beck@ ok markus@
OpenBSD-Commit-ID: 2b8d054afe34c9ac85e417dae702ef981917b836
|
|
from Pedro Martelletto, ok markus@
OpenBSD-Commit-ID: 0da77dc24a1084798eedd83c39a002a9d231faef
|
|
other units. bz#3171, spotted by ronf at timeheart.net, ok djm@.
OpenBSD-Commit-ID: 95b7a848e1083974a65fbb6ccb381d438e1dd5be
|
|
from Jakub Jelen
OpenBSD-Commit-ID: 1b0aaf135fe6732b5d326946042665dd3beba5f4
|
|
included file from sshd_config; patch from Jakub Jelen
OpenBSD-Commit-ID: 0ff603d6f06a7fab4881f12503b53024799d0a49
|
|
variables; spotted by & ok sthen@
OpenBSD-Commit-ID: b881e8e849edeec5082b5c0a87d8d7cff091a8fd
|
|
Port directives are processed correctly and handling of Include directives
that appear before Match. Both tests currently fail. bz#3122 and bz#3169 -
patch from Jakub Jelen
OpenBSD-Regress-ID: 8ad5a4a385a63f0a1c59c59c763ff029b45715df
|
|
|
|
OpenBSD-Commit-ID: d0a6eb07e77c001427d738b220dd024ddc64b2bb
|
|
keys.
When signing messages in ssh-agent using a FIDO key that has an
application string that does not start with "ssh:", ensure that the
message being signed is one of the forms expected for the SSH protocol
(currently pubkey authentication and sshsig signatures).
This prevents ssh-agent forwarding on a host that has FIDO keys
attached granting the ability for the remote side to sign challenges
for web authentication using those keys too.
Note that the converse case of web browsers signing SSH challenges is
already precluded because no web RP can have the "ssh:" prefix in the
application string that we require.
ok markus@
OpenBSD-Commit-ID: 9ab6012574ed0352d2f097d307f4a988222d1b19
|
|
have sshd log when it starts and stops throttling and periodically while in
this state. bz#3055 ok markus@
OpenBSD-Commit-ID: 2e07a09a62ab45d790d3d2d714f8cc09a9ac7ab9
|
|
interval in a human- friendly format. Switch copyright for this file from BSD
to MIT to make it easier to add Henning's copyright for this function. ok
markus@
OpenBSD-Commit-ID: 414a831c662df7e68893e5233e86f2cac081ccf9
|
|
OpenBSD-Commit-ID: e6099c3fbb70aa67eb106e84d8b43f1fa919b721
|
|
in write(2) on config_s[0] if the forked child exits early before finishing
recv_rexec_state (e.g. with fatal()) because config_s[1] stays open in the
parent. this prevents the parent from accepting new connections. ok djm,
deraadt
OpenBSD-Commit-ID: 92ccfeb939ccd55bda914dc3fe84582158c4a9ef
|
|
one more concurrent request that desired. This prevented using sftp(1) in
unpipelined request/response mode, which is useful when debugging. Patch from
Stephen Goetze in bz#3054
OpenBSD-Commit-ID: 41b394ebe57037dbc43bdd0eef21ff0511191f28
|
|
OpenBSD-Commit-ID: a240fc9cbe60bc4e6c3d24d022eb4ab01fe1cb38
|
|
key.
The FIDO 2.1 Client to Authenticator Protocol introduced a "credProtect"
feature to better protect resident keys. This option allows (amone other
possibilities) requiring a PIN prior to all operations that may retrieve
the key handle.
Patch by Pedro Martelletto; ok djm and markus
OpenBSD-Commit-ID: 013bc06a577dcaa66be3913b7f183eb8cad87e73
|
|
fido_init() when SK_DEBUG was defined. Harmless with current libfido2, but
this isn't guaranteed in the future.
OpenBSD-Commit-ID: c7ea20ff2bcd98dd12015d748d3672d4f01f0864
|