| Age | Commit message (Collapse) | Author |
|---|
|
the mentioned tasks are obsolete and, of the remainder, most are already
captured in PROTOCOL.mux where they better belong
OpenBSD-Commit-ID: 16d9d76dee42a5bb651c9d6740f7f0ef68aeb407
|
|
Also add a little bit of information about the overall packet format
OpenBSD-Commit-ID: bdb6f6ea8580ef96792e270cae7857786ad84a95
|
|
function names,
Gives better symmetry with the existing mux_client_*() names and makes
it more obvious when a message comes from the master vs client (they
are interleved in ControlMaster=auto mode).
no functional change beyond prefixing a could of log messages with
__func__ where they were previously lacking.
OpenBSD-Commit-ID: b01f7c3fdf92692e1713a822a89dc499333daf75
|
|
|
|
|
|
timeout and allow X11 connections in untrusted mode indefinitely. ok dtucker@
OpenBSD-Commit-ID: ea1ceed3f540b48e5803f933e59a03b20db10c69
|
|
OIDs by calling ssh_gssapi_prepare_supported_oids() regardless of whether
GSSAPI authentication is enabled in the main config.
This avoids sandbox violations for configurations that enable GSSAPI
auth later, e.g.
Match user djm
GSSAPIAuthentication yes
bz#2107; ok dtucker@
OpenBSD-Commit-ID: a5dd42d87c74e27cfb712b15b0f97ab20e0afd1d
|
|
being too short (i.e. SSH_ERR_KEY_LENGTH). These keys will not be considered
to be "in the file". This allows key revocation lists to contain short keys
without the entire revocation list being considered invalid.
bz#2897; ok dtucker
OpenBSD-Commit-ID: d9f3d857d07194a42ad7e62889a74dc3f9d9924b
|
|
with a ProxyCommand set with regards to hostname canonicalisation (i.e. don't
try to canonicalise the hostname unless CanonicalizeHostname is set to
'always').
Patch from Sven Wegener via bz#2896
OpenBSD-Commit-ID: 527ff501cf98bf65fb4b29ed0cb847dda10f4d37
|
|
option
OpenBSD-Commit-ID: 93fa7ff58314ed7b1ab7744090a6a91232e6ae52
|
|
OpenBSD-Commit-ID: 04431e8e7872f49a2129bf080a6b73c19d576d40
|
|
various -o lists; ok djm
OpenBSD-Commit-ID: ecb88baecc3c54988b4d1654446ea033da359288
|
|
(it was erroneously showing certificate algorithms); prompted by markus@
OpenBSD-Commit-ID: 1cdee002f2f0c21456979deeb887fc889afb154d
|
|
it to specify which signature algorithms may be used by CAs when signing
certificates. Useful if you want to ban RSA/SHA1; ok markus@
OpenBSD-Commit-ID: 9159e5e9f67504829bf53ff222057307a6e3230f
|
|
control over which signature algorithms a CA may use when signing
certificates. In particular, this allows a sshd to ban certificates signed
with RSA/SHA1.
ok markus@
OpenBSD-Commit-ID: b05c86ef8b52b913ed48d54a9b9c1a7714d96bac
|
|
output from successful operations.
Based on patch from Thijs van Dijk; ok dtucker@ deraadt@
OpenBSD-Commit-ID: c4f754ecc055c10af166116ce7515104aa8522e1
|
|
re-using the linenum variable for something that is not a line number to
avoid the confusion that resulted in the bug in rev. 1.64. This also lets us
pass the actual linenum to parse_prime() so the error messages include the
correct line number. OK markus@ some time ago.
OpenBSD-Commit-ID: 4d8e5d3e924d6e8eb70053e3defa23c151a00084
|
|
ok djm@
|
|
Apparently needed for some glibc/openssl combinations.
Patch from Arkadiusz MiĆkiewicz
|
|
|
|
|
|
Use consistent format in debug log for keys readied, offered and
received during public key authentication.
This makes it a little easier to see what is going on, as each message
now contains (where available) the key filename, its type and fingerprint,
and whether the key is hosted in an agent or a token.
OpenBSD-Commit-ID: f1c6a8e9cfc4e108c359db77f24f9a40e1e25ea7
|
|
|
|
revision 1.285
date: 2018/09/14 04:17:12; author: djm; state: Exp; lines: +47 -26; commitid: lflGFcNb2X2HebaK;
Use consistent format in debug log for keys readied, offered and
received during public key authentication.
This makes it a little easier to see what is going on, as each message
now contains the key filename, its type and fingerprint, and whether
the key is hosted in an agent or a token.
OpenBSD-Commit-ID: e496bd004e452d4b051f33ed9ae6a54ab918f56d
|
|
OpenBSD-Commit-ID: 7c05bf13b094093dfa01848a9306c82eb6e95f6c
|
|
offered and received during public key authentication.
This makes it a little easier to see what is going on, as each message
now contains the key filename, its type and fingerprint, and whether
the key is hosted in an agent or a token.
OpenBSD-Commit-ID: 2a01d59285a8a7e01185bb0a43316084b4f06a1f
|
|
now returning const char *.
OpenBSD-Commit-ID: b5fe571ea77cfa7b9035062829ab05eb87d7cc6f
|
|
Lets users on those unfortunate operating systems that lack SIGINFO
still be able to obtain progress information from unit tests :)
|
|
|
|
OpenBSD-Regress-ID: a73a54d7f7381856a3f3a2d25947bee7a9a5dbc9
|
|
OpenBSD-Regress-ID: ae877064597c349954b1b443769723563cecbc8f
|
|
Polyfill missing API with replacement functions extracted from LibreSSL
|
|
|
|
OpenSSH; feedback and ok tb@ jsing@ markus@
OpenBSD-Commit-ID: cacbcac87ce5da0d3ca7ef1b38a6f7fb349e4417
|
|
test data Ensure that cert->signature_key is populated correctly
OpenBSD-Regress-ID: 56e68f70fe46cb3a193ca207385bdb301fd6603a
|
|
OpenBSD-Regress-ID: 079c18a9ab9663f4af419327c759fc1e2bc78fd8
|
|
OpenBSD-Regress-ID: 782bde7407d94a87aa8d1db7c23750e09d4443c4
|
|
|
|
OpenBSD-Commit-ID: dd724e1c52c9d6084f4cd260ec7e1b2b138261c6
|
|
signature algorithms that are allowed for CA signatures. Notably excludes
ssh-dsa.
ok markus@
OpenBSD-Commit-ID: 1628e4181dc8ab71909378eafe5d06159a22deb4
|
|
cert->signature_type against a supplied whitelist; ok markus
OpenBSD-Commit-ID: caadb8073292ed7a9535e5adc067d11d356d9302
|
|
certificate signature wrt loading and certification operations; ok markus@
OpenBSD-Commit-ID: e8b8b9f76b66707a0cd926109c4383db8f664df3
|
|
algorithms ok markus@
OpenBSD-Commit-ID: 7a8c6eb6c249dc37823ba5081fce64876d10fe2b
|
|
to create KRLs using SHA256/base64 key fingerprints; ok markus@
OpenBSD-Commit-ID: a0590fd34e7f1141f2873ab3acc57442560e6a94
|
|
success/failure message (previously we logged only key ID and CA key
fingerprint).
ok markus@
OpenBSD-Commit-ID: a8ef2d172b7f1ddbcce26d6434b2de6d94f6c05d
|
|
jjelen at redhat via bz#2687.
OpenBSD-Commit-ID: c48eb457be697a19d6d2950c6d0879f3ccc851d3
|
|
change the multiplexing state, not just new sessions.
mention that confirmation is checked via ssh-askpass
OpenBSD-Commit-ID: 0f1b45551ebb9cc5c9a4fe54ad3b23ce90f1f5c2
|
|
and the only issue is showing an unknown error (since it's not defined)
during fatal(), if it ever an error occurs inside that condition.
OK deraadt@ markus@ djm@
OpenBSD-Commit-ID: acb0a8e6936bfbe590504752d01d1d251a7101d8
|
|
OK dtucker@
OpenBSD-Commit-ID: ec1568cf27726e9638a0415481c20c406e7b441c
|
|
Based on github pull request #99 from Darren Maffat at Oracle: Solaris'
getgrouplist considers _SC_NGROUPS_MAX more of a guideline and can return
a larger number of groups. In this case, retry getgrouplist with a
larger array and defer allocating groups_byname. ok djm@
|
