Age | Commit message (Collapse) | Author |
|
OpenBSD-Commit-ID: bd002ca1599b71331faca735ff5f6de29e32222e
|
|
|
|
|
|
from Michael Forney
OpenBSD-Commit-ID: fda95acb799bb160d15e205ee126117cf33da3a7
|
|
in many places for channel ids so the INT_MAX check still makes sense.
OpenBSD-Commit-ID: 532e4b644791b826956c3c61d6ac6da39bac84bf
|
|
|
|
cleanup handlers in child process; spotted via weird regress failures in
portable
OpenBSD-Commit-ID: 6902a9bb3987c7d347774444f7979b8a9ba7f412
|
|
and cast that were left over from the type conversion. Noted by
t-hashida@amiya.co.jp in bz#3098, ok markus@ djm@
OpenBSD-Commit-ID: 3ad105b6a905284e780b1fd7ff118e1c346e90b5
|
|
OpenBSD-Regress-ID: 367e06d5a260407619b4b113ea0bd7004a435474
|
|
markus@
This will allow us to test U2F/FIDO2 support in OpenSSH without
requiring real hardware.
ok markus@
OpenBSD-Regress-ID: 88b309464b8850c320cf7513f26d97ee1fdf9aae
|
|
OpenBSD-Commit-ID: a4c097364c75da320f1b291568db830fb1ee4883
|
|
OpenBSD-Commit-ID: a978896227118557505999ddefc1f4c839818b60
|
|
|
|
OpenBSD-Regress-ID: 2cdf2fcae9962ca4d711338f3ceec3c1391bdf95
|
|
OpenBSD-Regress-ID: 3ab578b0dbeb2aa6d9969b54a9c1bad329c0dcba
|
|
that was fixed in libcrypto/rsa/rsa_ameth.c r1.24.
ok dtucker inoguchi
OpenBSD-Regress-ID: c260edfac177daa8fcce90141587cf04a95c4f5f
|
|
OpenBSD-Commit-ID: 38fa7806c528a590d91ae560e67bd8b246c2d7a3
|
|
ok markus, feedback deraadt
OpenBSD-Commit-ID: 47640122b13f825e9c404ea99803b2372246579d
|
|
key. Most keys require a touch to authorize the operation.
OpenBSD-Commit-ID: 7fe8b23edbf33e1bb81741b9f25e9a63be5f6b68
|
|
security key keypair to request one that does not require a touch for each
authentication attempt. The default remains to require touch.
feedback deraadt; ok markus@
OpenBSD-Commit-ID: 887e7084b2e89c0c62d1598ac378aad8e434bcbd
|
|
a similar extension for certificates. This option disables the default
requirement that security key signatures attest that the user touched their
key to authorize them.
feedback deraadt, ok markus
OpenBSD-Commit-ID: f1fb56151ba68d55d554d0f6d3d4dba0cf1a452e
|
|
This directive has a single valid option "no-touch-required" that
causes sshd to skip checking whether user presence was tested before
a security key signature was made (usually by the user touching the
key).
ok markus@
OpenBSD-Commit-ID: 46e434a49802d4ed82bc0aa38cb985c198c407de
|
|
This is populated during signature verification with additional fields
that are present in and covered by the signature. At the moment, it is
only used to record security key-specific options, especially the flags
field.
with and ok markus@
OpenBSD-Commit-ID: 338a1f0e04904008836130bedb9ece4faafd4e49
|
|
OpenBSD-Commit-ID: 93488431bf02dde85a854429362695d2d43d9112
|
|
connect, not just readable. Prevents a timeout when the server doesn't
immediately send a banner (eg multiplexers like sslh) but is also slightly
quicker for other connections since, unlike ssh1, ssh2 doesn't specify
that the client should parse the server banner before sending its own.
Patch from mnissler@chromium.org, ok djm@
OpenBSD-Commit-ID: aba9cd8480d1d9dd31d0ca0422ea155c26c5df1d
|
|
Fixes warning for ECDSA_SIG_set0 on OpenSSL versions prior to 1.1.
|
|
better match ec25519-sk keys. Discussed with markus@ and Sebastian Kinne
NB. if you are depending on security keys (already?) then make sure you
update both your clients and servers.
OpenBSD-Commit-ID: 53d88d8211f0dd02a7954d3af72017b1a79c0679
|
|
verification fails.
OpenBSD-Commit-ID: e6a30071e0518cac512f9e10be3dc3500e2003f3
|
|
happen. rethink needed...
OpenBSD-Commit-ID: fb0fede8123ea7f725fd65e00d49241c40bd3421
|
|
the main synopsis/usage; ok djm
OpenBSD-Commit-ID: f881ba253da015398ae8758d973e3390754869bc
|
|
SecurityKeyProvider; ok djm@
OpenBSD-Commit-ID: 76db507ebd336a573e1cd4146cc40019332c5799
|
|
OpenBSD-Commit-ID: f242e53366f61697dffd53af881bc5daf78230ff
|
|
WITH_OPENSSL; ok djm@
OpenBSD-Commit-ID: 881f9a2c4e2239849cee8bbf4faec9bab128f55b
|
|
addition; ok djm@
OpenBSD-Commit-ID: a9545e1c273e506cf70e328cbb9d0129b6d62474
|
|
ok dtucker@
|
|
Remove ECC algorithms from the PUBKEY_DEFAULT_PK_ALG list when
compiling without ECC support in libcrypto.
|
|
"publicExponent" to "Exponent" so accept either. with djm.
OpenBSD-Regress-ID: b7e6c4bf700029a31c98be14600d4472fe0467e6
|
|
OpenBSD-Commit-ID: 066682b79333159cac04fcbe03ebd9c8dcc152a9
|
|
OpenBSD-Commit-ID: 7771bd77ee73f7116df37c734c41192943a73cee
|
|
OpenBSD-Commit-ID: 64c8cc6f5de2cdd0ee3a81c3a9dee8d862645996
|
|
OpenBSD-Commit-ID: cd365ee343934862286d0b011aa77fa739d2a945
|
|
jmc@
OpenBSD-Commit-ID: e281977e4a4f121f3470517cbd5e483eee37b818
|
|
prompted by jmc@
OpenBSD-Commit-ID: 076d386739ebe7336c2137e583bc7a5c9538a442
|
|
formats
OpenBSD-Commit-ID: 795a7c1c80315412e701bef90e31e376ea2f3c88
|
|
OpenBSD-Commit-ID: 4d4a0c13226a79f0080ce6cbe74f73b03ed8092e
|
|
missing curve name); spotted by Sebastian Kinne
OpenBSD-Commit-ID: 2a11340dc7ed16200342d384fb45ecd4fcce26e7
|
|
ssh/ssh-agent now sets a hint environment variable $SSH_ASKPASS_PROMPT
when running the askpass program. This is intended to allow the
askpass to vary its UI across the three cases it supports: asking for
a passphrase, confirming the use of a key and (recently) reminding
a user to touch their security key.
This adapts the gnome-ssh-askpass[23] to use these hints. Specifically,
for SSH_ASKPASS_PROMPT=confirm it will skip the text input box and show
only "yes"/"no" buttons. For SSH_ASKPASS_PROMPT=none (used to remind
users to tap their security key), it shows only a "close" button.
Help wanted: adapt the other askpass programs in active use, including
x11-ssh-askpass, lxqt-openssh-askpass, etc.
|
|
Found by -Wimplicit-fallthrough: one ECC case was not inside the ifdef.
ok djm@
|
|
Suggested by djm.
|
|
OpenBSD-Commit-ID: f002dbf14dba5586e8407e90f0141148ade8e8fc
|