summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2017-05-31upstream commitmarkus@openbsd.org
sshd: pass struct ssh to auth functions; ok djm@ Upstream-ID: b00a80c3460884ebcdd14ef550154c761aebe488
2017-05-31upstream commitmarkus@openbsd.org
remove unused wrapper functions from key.[ch]; ok djm@ Upstream-ID: ea0f4016666a6817fc11f439dd4be06bab69707e
2017-05-31upstream commitmarkus@openbsd.org
sshkey_new() might return NULL (pkcs#11 code only); ok djm@ Upstream-ID: de9f2ad4a42c0b430caaa7d08dea7bac943075dd
2017-05-31upstream commitmarkus@openbsd.org
switch sshconnect.c to modern APIs; ok djm@ Upstream-ID: 27be17f84b950d5e139b7a9b281aa487187945ad
2017-05-31upstream commitmarkus@openbsd.org
switch auth2-pubkey.c to modern APIs; with & ok djm@ Upstream-ID: 8f08d4316eb1b0c4ffe4a206c05cdd45ed1daf07
2017-05-31upstream commitmarkus@openbsd.org
switch from Key typedef with struct sshkey; ok djm@ Upstream-ID: 3067d33e04efbe5131ce8f70668c47a58e5b7a1f
2017-05-31upstream commitmarkus@openbsd.org
remove ssh1 references; ok djm@ Upstream-ID: fc23b7578e7b0a8daaec72946d7f5e58ffff5a3d
2017-05-31upstream commitmarkus@openbsd.org
revise sshkey_load_public(): remove ssh1 related comments, remove extra open()/close() on keyfile, prevent leak of 'pub' if 'keyp' is NULL, replace strlcpy+cat with asprintf; ok djm@ Upstream-ID: 6175e47cab5b4794dcd99c1175549a483ec673ca
2017-05-27upstream commitmarkus@openbsd.org
sshbuf_consume: reset empty buffer; ok djm@ Upstream-ID: 0d4583ba57f69e369d38bbd7843d85cac37fa821
2017-05-27upstream commitmarkus@openbsd.org
remove SSH_CHANNEL_XXX_DRAINING (ssh1 only); ok djm@ Upstream-ID: e2e225b6ac67b84dd024f38819afff2554fafe42
2017-05-27upstream commitmarkus@openbsd.org
remove channel_input_close_confirmation (ssh1 only); ok djm@ Upstream-ID: 8e7c8c38f322d255bb0294a5c0ebef53fdf576f1
2017-05-27upstream commitdjm@openbsd.org
fix references to obsolete v00 cert format; spotted by Jakub Jelen Upstream-ID: 7600ce193ab8fd19451acfe24fc2eb39d46b2c4f
2017-05-25configure: actually set cache vars when cross-compilingMike Frysinger
The cross-compiling fallback message says it's assuming the test passed, but it didn't actually set the cache var which causes later tests to fail.
2017-05-20upstream commitdjm@openbsd.org
there's no reason to artificially limit the key path here, just check that it fits PATH_MAX; spotted by Matthew Patton Upstream-ID: 858addaf2009c9cf04d80164a41b2088edb30b58
2017-05-20upstream commitdjm@openbsd.org
Now that we no longer support SSHv1, replace the contents of this file with a pointer to https://tools.ietf.org/html/draft-miller-ssh-agent-00 It's better edited, doesn't need to document stuff we no longer implement and does document stuff that we do implement (RSA SHA256/512 signature flags) Upstream-ID: da8cdc46bbcc266efabd565ddddd0d8e556f846e
2017-05-17upstream commitdjm@openbsd.org
allow LogLevel in sshd_config Match blocks; ok dtucker bz#2717 Upstream-ID: 662e303be63148f47db1aa78ab81c5c2e732baa8
2017-05-17upstream commitdjm@openbsd.org
remove duplicate check; spotted by Jakub Jelen Upstream-ID: 30c2996c1767616a8fdc49d4cee088efac69c3b0
2017-05-17upstream commitdjm@openbsd.org
mention that Ed25519 keys are valid as CA keys; spotted by Jakub Jelen Upstream-ID: d3f6db58b30418cb1c3058211b893a1ffed3dfd4
2017-05-09clean up regress files and add a .gitignoreDamien Miller
2017-05-10upstream commitdjm@openbsd.org
remove hmac-ripemd160; ok dtucker Upstream-ID: 896e737ea0bad6e23327d1c127e02d5e9e9c654d
2017-05-10upstream commitdjm@openbsd.org
make requesting bad ECDSA bits yield the same error (SSH_ERR_KEY_LENGTH) as the same mistake for RSA/DSA Upstream-ID: bf40d3fee567c271e33f05ef8e4e0fa0b6f0ece6
2017-05-09Only call "initctl set-env" from agent-launch if $UPSTART_SESSION is set ↵Colin Watson
(LP: #1689299).
2017-05-08upstream commitdjm@openbsd.org
fix for new SSH_ERR_KEY_LENGTH error value Upstream-Regress-ID: c38a6e6174d4c3feca3518df150d4fbae0dca8dc
2017-05-08upstream commitdjm@openbsd.org
helps if I commit the correct version of the file. fix missing return statement. Upstream-ID: c86394a3beeb1ec6611e659bfa830254f325546c
2017-05-08upstream commitdjm@openbsd.org
remove arcfour, blowfish and CAST here too Upstream-Regress-ID: c613b3bcbef75df1fe84ca4dc2d3ef253dc5e920
2017-05-08upstream commitdjm@openbsd.org
I was too aggressive with the scalpel in the last commit; unbreak sshd, spotted quickly by naddy@ Upstream-ID: fb7e75d2b2c7e6ca57dee00ca645e322dd49adbf
2017-05-08upstream commitdjm@openbsd.org
Refuse RSA keys <1024 bits in length. Improve reporting for keys that do not meet this requirement. ok markus@ Upstream-ID: b385e2a7b13b1484792ee681daaf79e1e203df6c
2017-05-08upstream commitdjm@openbsd.org
Don't offer CBC ciphers by default in the client. ok markus@ Upstream-ID: 94c9ce8d0d1a085052e11c7f3307950fdc0901ef
2017-05-08upstream commitdjm@openbsd.org
As promised in last release announcement: remove support for Blowfish, RC4 and CAST ciphers. ok markus@ deraadt@ Upstream-ID: 21f8facdba3fd8da248df6417000867cec6ba222
2017-05-08upstream commitnaddy@openbsd.org
more simplification and removal of SSHv1-related code; ok djm@ Upstream-ID: d2f041aa0b79c0ebd98c68a01e5a0bfab2cf3b55
2017-05-08upstream commitnaddy@openbsd.org
remove superfluous protocol 2 mentions; ok jmc@ Upstream-ID: 0aaf7567c9f2e50fac5906b6a500a39c33c4664d
2017-05-08upstream commitdjm@openbsd.org
since a couple of people have asked, leave a comment explaining why we retain SSH v.1 support in the "delete all keys from agent" path. Upstream-ID: 4b42dcfa339813c15fe9248a2c1b7ed41c21bbb4
2017-05-08upstream commitdjm@openbsd.org
another tentacle: cipher_set_key_string() was only ever used for SSHv1 Upstream-ID: 7fd31eb6c48946f7e7cc12af0699fe8eb637e94a
2017-05-08upstream commitnaddy@openbsd.org
restore mistakenly deleted description of the ConnectionAttempts option ok markus@ Upstream-ID: 943002b1b7c470caea3253ba7b7348c359de0348
2017-05-08upstream commitnaddy@openbsd.org
remove miscellaneous SSH1 leftovers; ok markus@ Upstream-ID: af23696022ae4d45a1abc2fb8b490d8d9dd63b7c
2017-05-08upstream commitjmc@openbsd.org
more protocol 1 bits removed; ok djm Upstream-ID: b5b977eaf756915acb56aef3604a650e27f7c2b9
2017-05-08upstream commitjmc@openbsd.org
more protocol 1 stuff to go; ok djm Upstream-ID: 307a30441d2edda480fd1661d998d36665671e47
2017-05-08upstream commitjmc@openbsd.org
rsa1 is no longer valid; Upstream-ID: 9953d09ed9841c44b7dcf7019fa874783a709d89
2017-05-08upstream commitjmc@openbsd.org
add PubKeyAcceptedKeyTypes to the -o list: scp(1) has it, so i guess this should too; Upstream-ID: 7fab32e869ca5831d09ab0c40d210b461d527a2c
2017-05-08upstream commitjmc@openbsd.org
remove now obsolete protocol1 options from the -o lists; Upstream-ID: 828e478a440bc5f9947672c392420510a362b3dd
2017-05-08upstream commitjmc@openbsd.org
more -O shuffle; ok djm Upstream-ID: c239991a3a025cdbb030b73e990188dd9bfbeceb
2017-05-08upstream commitdjm@openbsd.org
remove -1 / -2 options; pointed out by jmc@ Upstream-ID: 65d2a816000741a95df1c7cfdb5fa8469fcc7daa
2017-05-08upstream commitjmc@openbsd.org
remove options -12 from usage(); Upstream-ID: db7ceef25132e63b50ed05289bf447fece1d1270
2017-05-08upstream commitjmc@openbsd.org
tidy up -O somewhat; ok djm Upstream-ID: 804405f716bf7ef15c1f36ab48581ca16aeb4d52
2017-05-03Drop README.Debian section on privilege separation, as it's no longer optional.Colin Watson
2017-05-02releasing package openssh version 1:7.5p1-3Colin Watson
2017-05-02upstream commitdjm@openbsd.org
when freeing a bitmap, zero all it bytes; spotted by Ilya Kaliman Upstream-ID: 834ac024f2c82389d6ea6b1c7d6701b3836e28e4
2017-05-02upstream commitdjm@openbsd.org
this one I did forget to "cvs rm" Upstream-ID: 5781670c0578fe89663c9085ed3ba477cf7e7913
2017-05-02upstream commitdjm@openbsd.org
don't know why cvs didn't exterminate these the first time around, I use rm -f and everuthing... pointed out by sobrado@ Upstream-ID: a6c44a0c2885330d322ee01fcfd7f6f209b1e15d
2017-05-01Define INT32_MAX and INT64_MAX if needed.Darren Tucker