Age | Commit message (Collapse) | Author |
|
Change all tame callers to namechange to pledge(2).
Upstream-ID: 17e654fc27ceaf523c60f4ffd9ec7ae4e7efc7f2
|
|
OpenBSD only for now
|
|
include PubkeyAcceptedKeyTypes in ssh -G config dump
Upstream-ID: 6c097ce6ffebf6fe393fb7988b5d152a5d6b36bb
|
|
UsePrivilegeSeparation defaults to sandbox now.
ok djm@
Upstream-ID: bff136c38bcae89df82e044d2f42de21e1ad914f
|
|
don't try to change tun device flags if they are already
what we need; makes it possible to use tun/tap networking as non- root user
if device permissions and interface flags are pre-established; based on patch
by Ossi Herrala
Upstream-ID: 89099ac4634cd477b066865acf54cb230780fd21
|
|
|
|
adapt to recent sshkey_parse_private_fileblob() API
change
Upstream-Regress-ID: 5c0d818da511e33e0abf6a92a31bd7163b7ad988
|
|
fix command-line option to match what was actually
committed
Upstream-Regress-ID: 3e8c24a2044e8afd37e7ce17b69002ca817ac699
|
|
regress test for CertificateFile; patch from Meghana Bhat
via bz#2436
Upstream-Regress-ID: e7a6e980cbe0f8081ba2e83de40d06c17be8bd25
|
|
some more bzero->explicit_bzero, from Michael McConville
Upstream-ID: 17f19545685c33327db2efdc357c1c9225ff00d0
|
|
fix email
Upstream-ID: 72150f2d54b94de14ebef1ea054ef974281bf834
|
|
a sandbox using tame ok djm
Upstream-ID: 4ca24e47895e72f5daaa02f3e3d3e5ca2d820fa3
|
|
re-order system calls in order of risk, ok i'll be
honest, ordered this way they look like tame... ok djm
Upstream-ID: 42a1e6d251fd8be13c8262bee026059ae6328813
|
|
some certificatefile tweaks; ok djm
Upstream-ID: 0e5a7852c28c05fc193419cc7e50e64c1c535af0
|
|
add ssh_config CertificateFile option to explicitly list
a certificate; patch from Meghana Bhat on bz#2436; ok markus@
Upstream-ID: 58648ec53c510b41c1f46d8fe293aadc87229ab8
|
|
fix two typos.
Upstream-ID: 424402c0d8863a11b51749bacd7f8d932083b709
|
|
fix possible hang on closed output; bz#2469 reported by Tomas
Kuthan ok markus@
Upstream-ID: f7afd41810f8540f524284f1be6b970859f94fe3
|
|
skip if running as root; many systems (inc OpenBSD) allow
root to ptrace arbitrary processes
Upstream-Regress-ID: be2b925df89360dff36f972951fa0fa793769038
|
|
try all supported key types here; bz#2455 reported by
Jakub Jelen
Upstream-Regress-ID: 188cb7d9031cdbac3a0fa58b428b8fa2b2482bba
|
|
- Fix error message: passphrase needs to be at least 5
characters, not 4. - Remove unused function argument. - Remove two
unnecessary variables.
OK djm@
Upstream-ID: 13010c05bfa8b523da1c0dc19e81dd180662bc30
|
|
When adding keys to the agent, don't ignore the comment
of keys for which the user is prompted for a passphrase.
Tweak and OK djm@
Upstream-ID: dc737c620a5a8d282cc4f66e3b9b624e9abefbec
|
|
Use explicit_bzero() when zeroing before free()
from Michael McConville (mmcconv1 (at) sccs.swarthmore.edu)
ok millert@ djm@
Upstream-ID: 2e3337db046c3fe70c7369ee31515ac73ec00f50
|
|
sync -Q in usage() to SYNOPSIS; since it's drastically
shorter, i've reformatted the block to sync with the man (80 cols) and saved
a line;
Upstream-ID: 86e2c65c3989a0777a6258a77e589b9f6f354abd
|
|
tweak previous;
Upstream-ID: f29b3cfcfd9aa31fa140c393e7bd48c1c74139d6
|
|
Update usage to match man page.
Upstream-ID: 9e85aefaecfb6aaf34c7cfd0700cd21783a35675
|
|
expand %i in ControlPath to UID; bz#2449
patch from Christian Hesse w/ feedback from dtucker@
Upstream-ID: 2ba8d303e555a84e2f2165ab4b324b41e80ab925
|
|
mention -Q key-plain and -Q key-cert; bz#2455 pointed out
by Jakub Jelen
Upstream-ID: c8f1f8169332e4fa73ac96b0043e3b84e01d4896
|
|
Use ssh-keygen -A instead of per-keytype invocations when generating host
keys. Add tests when doing host-key-force since we can't use ssh-keygen -A
since it can't specify alternate locations. bz#2459, ok djm@
|
|
bz#2457, from konto-mindrot.org at walimnieto.com.
|
|
more clarity on what AuthorizedKeysFile=none does; based
on diff by Thiebaud Weksteen
Upstream-ID: 78ab87f069080f0cc3bc353bb04eddd9e8ad3704
|
|
openssh_RSA_verify return type is int, so don't make it
size_t within the function itself with only negative numbers or zero assigned
to it. bz#2460
Upstream-ID: b6e794b0c7fc4f9f329509263c8668d35f83ea55
|
|
Plug minor memory leaks when options are used more than
once. bz#2182, patch from Tiago Cunha, ok deraadt djm
Upstream-ID: 5b84d0401e27fe1614c10997010cc55933adb48e
|
|
bz#2259, from sconeu at yahoo.com.
|
|
|
|
full stop belongs outside the brackets, not inside;
Upstream-ID: 99d098287767799ac33d2442a05b5053fa5a551a
|
|
add a debug2() right before DNS resolution; it's a place
where ssh could previously silently hang for a while. bz#2433
Upstream-ID: 52a1a3e0748db66518e7598352c427145692a6a0
|
|
correct function name in error messages
Upstream-ID: 92fb2798617ad9561370897f4ab60adef2ff4c0e
|
|
better document ExitOnForwardFailure; bz#2444, ok
dtucker@
Upstream-ID: a126209b5a6d9cb3117ac7ab5bc63d284538bfc2
|
|
don't record hostbased authentication hostkeys as user
keys in test for multiple authentication with the same key
Upstream-ID: 26b368fa2cff481f47f37e01b8da1ae5b57b1adc
|
|
remove extra newline in nethack-mode hostkey; from
Christian Hesse bz#2686
Upstream-ID: 4f56368b1cc47baeea0531912186f66007fd5b92
|
|
trim junk from end of file; bz#2455 from Jakub Jelen
Upstream-Regress-ID: a4e64e8931e40d23874b047074444eff919cdfe6
|
|
Fix occurrences of "r = func() != 0" which result in the
wrong error codes being returned due to != having higher precedence than =.
ok deraadt@ markus@
Upstream-ID: 5fc35c9fc0319cc6fca243632662d2f06b5fd840
|
|
|
|
Improve printing of KEX offers and decisions
The debug output now labels the client and server offers and the
negotiated options. ok markus@
Upstream-ID: 8db921b3f92a4565271b1c1fbce6e7f508e1a2cb
|
|
Fix printing (ssh -G ...) of HostKeyAlgorithms=+...
Reported by Bryan Drewery
Upstream-ID: 19ad20c41bd5971e006289b6f9af829dd46c1293
|
|
Fix expansion of HostkeyAlgorithms=+...
Reported by Bryan Drewery
Upstream-ID: 70ca1deea39d758ba36d36428ae832e28566f78d
|
|
Improve size == 0, count == 0 checking in mm_zalloc,
which is "array" like. Discussed with tedu, millert, otto.... and ok djm
Upstream-ID: 899b021be43b913fad3eca1aef44efe710c53e29
|
|
|
|
|
|
|