Age | Commit message (Collapse) | Author |
|
Issue noticed and reported by Pierre-Olivier Martel <pom@apple.com>
ok dtucker@ markus@ djm@
OpenBSD-Commit-ID: 749f3168ec520609c35b0c4e1984e5fa47f16094
|
|
bz#3108 from jmckitrick@gmail.com.
|
|
S/Key support was removed in OpenSSH 7.8 but this file was missed.
|
|
(lower); ok djm
OpenBSD-Commit-ID: 71dc28a3e1fa7c553844abc508845bcf5766e091
|
|
test?
OpenBSD-Regress-ID: 3b953df5a7e14081ff6cf495d4e8d40e153cbc3a
|
|
and PIN prompting in the dummy middleware that we use for the tests. Should
fix breakage spotted by dtucker@
OpenBSD-Regress-ID: 379cf9eabfea57aaf7f3f59dafde59889566c484
|
|
line option change to ssh-keygen(1).
OpenBSD-Regress-ID: 744a72755004377e9669b662c13c6aa9ead8a0c3
|
|
"ssh-keygen -K". This will save public/private keys into the current
directory.
This is handy if you move a token between hosts.
feedback & ok markus@
OpenBSD-Commit-ID: d57c1f9802f7850f00a117a1d36682a6c6d10da6
|
|
markus@
OpenBSD-Commit-ID: 5d6f96a966d10d7fa689ff9aa9e1d6767ad5a076
|
|
-compact;
OpenBSD-Commit-ID: 6492c72280482c6d072be46236b365cb359fc280
|
|
|
|
|
|
|
|
FIDO/U2F-specific key flags. Instead these flags may be specified via -O.
ok markus@
OpenBSD-Commit-ID: f23ebde2a8a7e1bf860a51055a711cffb8c328c1
|
|
ok markus@
OpenBSD-Commit-ID: 52622363c103a3c4d3d546050480ffe978a32186
|
|
Define some well-known error codes in the SK API and pass
them back via ssh-sk-helper.
Use the new "wrong PIN" error code to retry PIN prompting during
ssh-keygen of resident keys.
feedback and ok markus@
OpenBSD-Commit-ID: 9663c6a2bb7a0bc8deaccc6c30d9a2983b481620
|
|
OpenBSD-Commit-ID: 4ccd8ddabb8df4f995107dd3b7ea58220e93cb81
|
|
Allow passing a PIN via the SK API (API major crank) and let the
ssh-sk-helper API follow.
Also enhance the ssh-sk-helper API to support passing back an error
code instead of a complete reply. Will be used to signal "wrong PIN",
etc.
feedback and ok markus@
OpenBSD-Commit-ID: a1bd6b0a2421646919a0c139b8183ad76d28fb71
|
|
"ssh-add -O" will load resident keys from a FIDO2 token and add them
to a ssh-agent.
feedback and ok markus@
OpenBSD-Commit-ID: 608104ae957a7d65cb84e0a3a26c8f60e0df3290
|
|
feedback and ok markus@
OpenBSD-Commit-ID: b273c23769ea182c55c4a7b8f9cbd9181722011a
|
|
Adds a sk_load_resident_keys() function to the security key
API that accepts a security key provider and a PIN and returns
a list of keys.
Implement support for this in the usbhid middleware.
feedback and ok markus@
OpenBSD-Commit-ID: 67e984e4e87f4999ce447a6178c4249a9174eff0
|
|
We'll reuse this for extracting resident keys from a device.
feedback and ok markus@
OpenBSD-Commit-ID: 9bc1efd9c6897eac4df0983746cf6578c1542273
|
|
"ssh-keygen -t ecdsa-sk|ed25519-sk -x resident" will generate a
device-resident key.
feedback and ok markus@
OpenBSD-Commit-ID: 8e1b3c56a4b11d85047bd6c6c705b7eef4d58431
|
|
Move all moduli generation options to live under the -O flag.
Frees up seven single-letter flags.
NB. this change break existing ssh-keygen commandline syntax for moduli-
related operations. Very few people use these fortunately.
feedback and ok markus@
OpenBSD-Commit-ID: d498f3eaf28128484826a4fcb343612764927935
|
|
Move list of available certificate options in ssh-keygen.1 to the
CERTIFICATES section.
Collect options specified by -O but delay parsing/validation of
certificate options until we're sure that we're acting as a CA.
ok markus@
OpenBSD-Commit-ID: 33e6bcc29cfca43606f6fa09bd84b955ee3a4106
|
|
done in synopsis;
OpenBSD-Commit-ID: 86d033c5764404057616690d7be992e445b42274
|
|
OpenBSD-Commit-ID: 24c2e6a3aeab6e050a0271ffc73fdff91c10dcaa
|
|
authenticator".
The polysemous use of "key" was too confusing. Input from markus@.
ok jmc@
OpenBSD-Commit-ID: 12eea973a44c8232af89f86e4269d71ae900ca8f
|
|
OpenBSD-Regress-ID: 24f693f78290b2c17725dab2c614dffe4a88c8da
|
|
OpenBSD-Regress-ID: 9fb45326106669a27e4bf150575c321806e275b1
|
|
specified by $SSH_AUTH_SOCK, by extending the existing ForwardAgent option to
accepting an explicit path or the name of an environment variable in addition
to yes/no.
Patch by Eric Chiang, manpage by me; ok markus@
OpenBSD-Commit-ID: 98f2ed80bf34ea54d8b2ddd19ac14ebbf40e9265
|
|
path sentence. ok markus@
OpenBSD-Commit-ID: 67d7971ca1a020acd6c151426c54bd29d784bd6b
|
|
ones. Move oSecurityProvider to match the order in the OpCodes enum. Patch
from openbsd@academicsolutions.ch, ok djm@
OpenBSD-Commit-ID: 061e4505861ec1e02ba3a63e3d1b3be3cad458ec
|
|
Patch from openbsd@academicsolutions.ch, ok djm@
OpenBSD-Commit-ID: 395c202228872ce8d9044cc08552ac969f51e01b
|
|
comment. Patch from openbsd@academicsolutions.ch, ok djm@
OpenBSD-Commit-ID: 35862beb0927b1cb0af476ec23cc07f6e3006101
|
|
keys.
Update the list of default host key algorithms in ssh_config.5 and
sshd_config.5. Copy the description of the SecurityKeyProvider
option to sshd_config.5.
ok jmc@
OpenBSD-Commit-ID: edadf3566ab5e94582df4377fee3b8b702c7eca0
|
|
correct term. Add "MAC" since we use that acronym in other man pages. ok
naddy@
OpenBSD-Commit-ID: c35529e511788586725fb63bda3459e10738c5f5
|
|
how SSH works ok markus@ jmc@
OpenBSD-Commit-ID: 8e34973f232ab48c4d4f5d07df48d501708b9160
|
|
the safer xstrdup which fatals on allocation failures.
ok markus@
OpenBSD-Commit-ID: 8b608d387120630753cbcb8110e0b019c0c9a0d0
|
|
for now
OpenBSD-Commit-ID: c97e22c2b28c0d12ee389b8b4ef5f2ada7908828
|
|
|
|
|
|
|
|
OpenBSD-Regress-ID: 40481999a5928d635ab2e5b029e8239c112005ea
|
|
in sshd, so don't double the tests' work by trying both off/on
OpenBSD-Regress-ID: d366665466dbd09e9b707305da884be3e7619c68
|
|
spurious warnings from the cfgparse regress test
OpenBSD-Commit-ID: ba49ea7a5c92b8a16cb9c2e975dbb163853afc54
|
|
SecurityKeyProvider=internal - unbreaks cfgparse regress test
OpenBSD-Commit-ID: d2ddcf525c0dc3c8339522360c10b3c70f1fd641
|
|
OpenBSD-Commit-ID: 1fe822a7f714df19a7e7184e3a3bbfbf546811d3
|
|
keys.
Previously we didn't do this because we didn't want to expose
the attack surface presented by USB and FIDO protocol handling,
but now that this is insulated behind ssh-sk-helper there is
less risk.
ok markus@
OpenBSD-Commit-ID: 77b068dd133b8d87e0f010987bd5131e640ee64c
|
|
Needed on Linux ARM. bz#3100, patch from jjelen@redhat.com.
|