Age | Commit message (Collapse) | Author |
|
fuzzing
rename to make more consistent with philosophically-similar auth
options parsing API.
OpenBSD-Commit-ID: 0c67600ef04187f98e2912ca57b60c22a8025b7c
|
|
Options such as Ciphers take values that may be a list of ciphers; the
complete list, not indiviual elements, may be prefixed with a dash or plus
character to remove from or append to the default list, respectively.
Users might read the current text as if each elment took an optional prefix,
so tweak the wording from "values" to "list" to prevent such ambiguity for
all options supporting these semantics.
Fix instances missed in first commit. ok jmc@ kn@
OpenBSD-Commit-ID: 7112522430a54fb9f15a7a26d26190ed84d5e417
|
|
OpenBSD-Commit-ID: 0abd728aef6b5b35f6db43176aa83b7e3bf3ce27
|
|
OpenBSD-Commit-ID: d125ab720ca71ccf9baf83e08ddc8c12a328597e
|
|
|
|
|
|
|
|
OpenBSD-Regress-ID: 74c0974f2cdae8d9599b9d76a09680bae55d8a8b
|
|
from confusing the test.
OpenBSD-Regress-ID: b8f1508f822bc560b98dea910e61ecd76f34100f
|
|
Markus
ok markus/me
OpenBSD-Commit-ID: ea4f46ad5a16b27af96e08c4877423918c4253e9
|
|
for OpenSSH
This adds a simple manual signature scheme to OpenSSH.
Signatures can be made and verified using ssh-keygen -Y sign|verify
Signatures embed the key used to make them. At verification time, this
is matched via principal name against an authorized_keys-like list
of allowed signers.
Mostly by Sebastian Kinne w/ some tweaks by me
ok markus@
OpenBSD-Commit-ID: 2ab568e7114c933346616392579d72be65a4b8fb
|
|
and make them public; ok markus@
OpenBSD-Commit-ID: c18bcb2a687227b3478377c981c2d56af2638ea2
|
|
markus@
OpenBSD-Commit-ID: 01f8cdbec63350490d2249f41112c5780d1cfbb8
|
|
public; ok markus@
OpenBSD-Commit-ID: edda2fbba2c5b1f48e60f857a2010479e80c5f3c
|
|
markus@
OpenBSD-Commit-ID: caa77e8a3b210948e29ad3e28c5db00852961eae
|
|
This commit adds a helper function which allows the caller to
check if a given public key is present in ssh-agent.
work by Sebastian Kinne; ok markus@
OpenBSD-Commit-ID: d43c5826353e1fdc1af71eb42961b30782c7bd13
|
|
OpenBSD-Commit-ID: aa51f77ae2c5330a1f61b2d22933f24a443f9abf
|
|
OpenBSD-Commit-ID: 304e95381b39c774c8fced7e5328b106a3ff0400
|
|
OpenBSD-Commit-ID: 724bafc9f993746ad4303e95bede2c030de6233b
|
|
from log level error to debug. This is common when attempting to enumerate
keys on smartcard readers with no cards plugged in. bz#3058 ok dtucker@
OpenBSD-Commit-ID: bb8839ddeb77c271390488af1b771041d43e49c6
|
|
bz#3052; ok dtucker
OpenBSD-Commit-ID: a91b2a8d5f1053d34d7fce44523c53fb534ba914
|
|
from likan_999.student AT sina.com
|
|
Dropping this privilege removes the ability to create hard links to
files owned by other users. This is required for the legacy sftp rename
operation.
bz#3036; approach ok Alex Wilson (the original author of the Solaris
sandbox/pledge replacement code)
|
|
supported even when built without OpenSSL. Use RSA for the secondary type
test if supported, otherwise skip it. Fixes this test for !OpenSSL builds.
OpenBSD-Regress-ID: 101cb34a84fd974c623bdb2e496f25a6e91be109
|
|
sshbuf-misc.c to regress as it was done in ssh make file. from Moritz Buhl
OpenBSD-Regress-ID: 9e1c23476bb845f3cf3d15d9032da3ed0cb2fcf5
|
|
Enable -Wextra if compiler supports it
Set -Wno-error=format-truncation if available to prevent expected
string truncations in openbsd-compat from breaking -Werror builds
|
|
Refactor closefrom() to use a single brute-force close() loop fallback.
Based on patch from likan_999.student@sina.com in bz#3049. ok dtucker@
|
|
Options such as Ciphers take values that may be a list of ciphers; the
complete list, not indiviual elements, may be prefixed with a dash or plus
character to remove from or append to the default list respectively.
Users might read the current text as if each elment took an optional prefix,
so tweak the wording from "values" to "list" to prevent such ambiguity for
all options supporting this semantics (those that provide a list of
available elements via "ssh -Q ...").
Input and OK jmc
OpenBSD-Commit-ID: 4fdd175b0e5f5cb10ab3f26ccc38a93bb6515d57
|
|
OpenBSD-Commit-ID: 99dd10e72c04e93849981d43d64c946619efa474
|
|
There is no parameter called "pathname", it should simply be "path".
bz#3059, patch from samuel at cendio.se.
|
|
Restrict to PROT_(READ|WRITE|NONE), i.e. exclude PROT_EXEC
|
|
Used by some hardened heap allocators. Requested by Yegor
Timoshenko in https://github.com/openssh/openssh-portable/pull/142
|
|
fixed buffer; ok markus@
OpenBSD-Commit-ID: 3f9ef20bca5ef5058b48c1cac67c53b9a1d15711
|
|
incorrectly during "match exec" processing. bz#2791 reported by Dario
Bertini; ok dtucker
OpenBSD-Commit-ID: cf9eddd6a6be726cb73bd9c3936f3888cd85c03d
|
|
"unresponsive" to clarify what it checks for. Patch from jblaine at
kickflop.net via github pr#129, ok djm@.
OpenBSD-Commit-ID: 3682f8ec7227f5697945daa25d11ce2d933899e9
|
|
-b which allows better error messages from later validation. bz#3050, ok
djm@
OpenBSD-Commit-ID: 10adf6876b2401b3dc02da580ebf67af05861673
|
|
the size restrictions and apply the default size only to the matching key
type. tweak and ok dtucker@
OpenBSD-Commit-ID: b825de92d79cc4cba19b298c61e99909488ff57e
|
|
sshkey_load_private_type will now return SSH_ERR_KEY_BAD_PERMISSIONS in that
case. Patch from jitendra.sharma at intel.com, ok djm@
OpenBSD-Commit-ID: 07916a17ed0a252591b71e7fb4be2599cb5b0c77
|
|
Patch from jitendra.sharma at intel.com.
|
|
bz#3037 from Jitendra Sharma
OpenBSD-Regress-ID: 71440fa9186f5842a65ce9a27159385c6cb6f751
|
|
OpenBSD-Commit-ID: 82f6de7438ea7ee5a14f44fdf5058ed57688fdc3
|
|
search/comparison argument, instead of a u_char*. Saves callers needing to
cast.
OpenBSD-Commit-ID: d63b69b7c5dd570963e682f758f5a47b825605ed
|
|
forwarding the gpg-agent (and options ControlMaster+RemoteForward in
ssh_config(5)) then the codepath taken will call mux_client_request_session
-> mm_send_fd -> sendmsg(2). Since sendmsg(2) is not allowed in that codepath
then pledge(2) kills the process.
The solution is to add "sendfd" to pledge(2), which is not too bad considering
a little bit later we reduce pledge(2) to only "stdio proc tty" in that
codepath.
Problem reported and diff provided by Timothy Brown <tbrown at freeshell.org>
OK deraadt@
OpenBSD-Commit-ID: 7ce38b6542bbec00e441595d0a178e970a9472ac
|
|
a comma is a dot. Patch from hnj2 via github pr#141.
OpenBSD-Commit-ID: 01f5a460438ff1af09aab483c0a70065309445f0
|
|
This puts the "all tests passed" message back at the end where the
test harnesses can find it.
|
|
|
|
means we have to skip a couple tests when only one key type is supported.
OpenBSD-Regress-ID: 22d05befb9c7ce21ce8dc22acf1ffe9e2ef2e95e
|
|
The DH-GEX override doesn't work when build without OpenSSL, and
we'll prefer curve25519 these days, removing the need for it.
|
|
ed25519 since it's supported by both OpenSSL and non-OpenSSL builds.
OpenBSD-Regress-ID: 9f2bb3eadd50fcc8245b1bd8fd6f0e53602f71aa
|
|
supported for both OpenSSL and non-OpenSSL builds.
OpenBSD-Regress-ID: 174be4be876edd493e4a5c851e5bc579885e7a0a
|