Age | Commit message (Collapse) | Author |
|
Move list of available certificate options in ssh-keygen.1 to the
CERTIFICATES section.
Collect options specified by -O but delay parsing/validation of
certificate options until we're sure that we're acting as a CA.
ok markus@
OpenBSD-Commit-ID: 33e6bcc29cfca43606f6fa09bd84b955ee3a4106
|
|
done in synopsis;
OpenBSD-Commit-ID: 86d033c5764404057616690d7be992e445b42274
|
|
OpenBSD-Commit-ID: 24c2e6a3aeab6e050a0271ffc73fdff91c10dcaa
|
|
authenticator".
The polysemous use of "key" was too confusing. Input from markus@.
ok jmc@
OpenBSD-Commit-ID: 12eea973a44c8232af89f86e4269d71ae900ca8f
|
|
OpenBSD-Regress-ID: 24f693f78290b2c17725dab2c614dffe4a88c8da
|
|
OpenBSD-Regress-ID: 9fb45326106669a27e4bf150575c321806e275b1
|
|
specified by $SSH_AUTH_SOCK, by extending the existing ForwardAgent option to
accepting an explicit path or the name of an environment variable in addition
to yes/no.
Patch by Eric Chiang, manpage by me; ok markus@
OpenBSD-Commit-ID: 98f2ed80bf34ea54d8b2ddd19ac14ebbf40e9265
|
|
path sentence. ok markus@
OpenBSD-Commit-ID: 67d7971ca1a020acd6c151426c54bd29d784bd6b
|
|
ones. Move oSecurityProvider to match the order in the OpCodes enum. Patch
from openbsd@academicsolutions.ch, ok djm@
OpenBSD-Commit-ID: 061e4505861ec1e02ba3a63e3d1b3be3cad458ec
|
|
Patch from openbsd@academicsolutions.ch, ok djm@
OpenBSD-Commit-ID: 395c202228872ce8d9044cc08552ac969f51e01b
|
|
comment. Patch from openbsd@academicsolutions.ch, ok djm@
OpenBSD-Commit-ID: 35862beb0927b1cb0af476ec23cc07f6e3006101
|
|
keys.
Update the list of default host key algorithms in ssh_config.5 and
sshd_config.5. Copy the description of the SecurityKeyProvider
option to sshd_config.5.
ok jmc@
OpenBSD-Commit-ID: edadf3566ab5e94582df4377fee3b8b702c7eca0
|
|
correct term. Add "MAC" since we use that acronym in other man pages. ok
naddy@
OpenBSD-Commit-ID: c35529e511788586725fb63bda3459e10738c5f5
|
|
how SSH works ok markus@ jmc@
OpenBSD-Commit-ID: 8e34973f232ab48c4d4f5d07df48d501708b9160
|
|
the safer xstrdup which fatals on allocation failures.
ok markus@
OpenBSD-Commit-ID: 8b608d387120630753cbcb8110e0b019c0c9a0d0
|
|
for now
OpenBSD-Commit-ID: c97e22c2b28c0d12ee389b8b4ef5f2ada7908828
|
|
|
|
|
|
|
|
OpenBSD-Regress-ID: 40481999a5928d635ab2e5b029e8239c112005ea
|
|
in sshd, so don't double the tests' work by trying both off/on
OpenBSD-Regress-ID: d366665466dbd09e9b707305da884be3e7619c68
|
|
spurious warnings from the cfgparse regress test
OpenBSD-Commit-ID: ba49ea7a5c92b8a16cb9c2e975dbb163853afc54
|
|
SecurityKeyProvider=internal - unbreaks cfgparse regress test
OpenBSD-Commit-ID: d2ddcf525c0dc3c8339522360c10b3c70f1fd641
|
|
OpenBSD-Commit-ID: 1fe822a7f714df19a7e7184e3a3bbfbf546811d3
|
|
keys.
Previously we didn't do this because we didn't want to expose
the attack surface presented by USB and FIDO protocol handling,
but now that this is insulated behind ssh-sk-helper there is
less risk.
ok markus@
OpenBSD-Commit-ID: 77b068dd133b8d87e0f010987bd5131e640ee64c
|
|
Needed on Linux ARM. bz#3100, patch from jjelen@redhat.com.
|
|
Fixes build when linking against OpenSSLs built with no-ec.
|
|
The ssh-sk-helper client API gives us a nice place to disable
security key support when it is wasn't enabled at compile time,
so we don't need to check everywere.
Also, verification of security key signatures can remain enabled
all the time - it has no additional dependencies. So sshd can
accept security key pubkeys in authorized_keys, etc regardless of
the host's support for dlopen, etc.
|
|
|
|
|
|
|
|
|
|
OpenBSD-Commit-ID: fd2ea776a5bbbf4d452989d3c3054cf25a5e0589
|
|
This means that ssh-keygen no longer needs to link against ssh-sk-helper, and
only ssh-sk-helper needs libfido2 and /dev/uhid* access;
feedback & ok markus@
OpenBSD-Commit-ID: 9464233fab95708d2ff059f8bee29c0d1f270800
|
|
OpenBSD-Commit-ID: 91482c1ada9adb283165d48dafbb88ae91c657bd
|
|
This extracts and refactors the client interface for ssh-sk-helper
from ssh-agent and generalises it for use by the other programs.
This means that most OpenSSH tools no longer need to link against
libfido2 or directly interact with /dev/uhid*
requested by, feedback and ok markus@
OpenBSD-Commit-ID: 1abcd3aea9a7460eccfbf8ca154cdfa62f1dc93f
|
|
object
OpenBSD-Commit-ID: 67c01e0565b258e0818c1ccfe1f1aeaf9a0d4c7b
|
|
by Ron Frederick
document certifiate private key format
correct flags type for sk-ssh-ed25519@openssh.com keys
OpenBSD-Commit-ID: fc4e9a1ed7f9f7f9dd83e2e2c59327912e933e74
|
|
constraint "sk-provider@openssh.com", not "sk@openssh.com"; spotted by Ron
Frederick
OpenBSD-Commit-ID: dbfba09edbe023abadd5f59c1492df9073b0e51d
|
|
CAs; spotted by Ron Frederick
OpenBSD-Commit-ID: 9bb0dfff927b4f7aa70679f983f84c69d45656c3
|
|
key, remind the user to touch they key to authorise the signature.
OpenBSD-Commit-ID: fe58733edd367362f9766b526a8b56827cc439c1
|
|
security key protocol description; feedback from Ron Frederick
OpenBSD-Commit-ID: 048c9483027fbf9c995e5a51b3ac502989085a42
|
|
when asking passphrases, only when confirming the use of a key (i.e. for
ssh-agent keys added with "ssh-add -c keyfile")
OpenBSD-Commit-ID: 6643c82960d9427d5972eb702c917b3b838ecf89
|
|
OpenBSD-Commit-ID: 71a3a45b0fe1b8f680ff95cf264aa81f7abbff67
|
|
OpenBSD-Commit-ID: 876651bdde06bc1e72dd4bd7ad599f42a6ce5a16
|
|
If the system (or one of the dependencies) implements memmem but does
not define the header, we would not declare it either resulting in
compiler warnings. Check for declaration explicitly. bz#3102.
|
|
|
|
This makes diffs more stable between makedepend implementations.
|
|
|
|
While there, move the OpenSSL 1.1.0g caveat closer to the other version
information.
|