Age | Commit message (Collapse) | Author |
|
|
|
OpenBSD-Regress-ID: 3a2e044be616afc7dd4f56c100179e83b33d8abf
|
|
OpenBSD-Regress-ID: 764d5c696e2a259f1316a056e225e50023abb027
|
|
bz#3071; ok dtucker@
OpenBSD-Commit-ID: 08fa87be50070bd8b754d9b1ebb1138d7bc9d8ee
|
|
stdin bz#3180; ok dtucker@
OpenBSD-Commit-ID: 15c7f10289511eb19fce7905c9cae8954e3857ff
|
|
diff)
OpenBSD-Commit-ID: 7c17fc987085994d752304bd20b1ae267a9bcdf6
|
|
write to it so we don't leave an empty .ssh directory when it's not needed.
Use the same function to replace the code in ssh-keygen that does the same
thing. bz#3156, ok djm@
OpenBSD-Commit-ID: 59c073b569be1a60f4de36f491a4339bc4ae870f
|
|
being relative to the current directory, so that it'll still be found if the
shell startup changes its directory. Since the path is potentially longer,
make the cmd buffer that uses it dynamically sized. bz#3185, with & ok djm@
OpenBSD-Commit-ID: 36e33ff01497af3dc8226d0c4c1526fc3a1e46bf
|
|
OpenBSD-Commit-ID: e2e9533f393620383afd0b68ef435de8d5e8abe4
|
|
making ssh->kex optional in packet.c revision 1.278 ok djm@
OpenBSD-Commit-ID: 2b65df04a064c2c6277359921d2320c90ab7d917
|
|
djm
OpenBSD-Commit-ID: ba9238e810074ac907f0cf8cee1737ac04983171
|
|
OpenBSD-Commit-ID: 83f40dd5457a64c1d3928eb4364461b22766beb3
|
|
djm
OpenBSD-Commit-ID: d0002ffb7f20f538b014d1d0735facd5a81ff096
|
|
OpenBSD-Commit-ID: 5268479000fd97bfa30ab819f3517139daa054a2
|
|
missed in previous;
OpenBSD-Commit-ID: 8d84dc3050469884ea91e29ee06a371713f2d0b7
|
|
OpenBSD-Commit-ID: 16a38b049f216108f66c8b699aa046063381bd23
|
|
|
|
and example HTML/JS to generate webauthn signatures in SSH formats (also used
to generate the testdata/* for the test).
OpenBSD-Regress-ID: dc575be5bb1796fdf4b8aaee0ef52a6671a0f6fb
|
|
webauthn is a standard for using FIDO keys in web browsers. webauthn
signatures are a slightly different format to plain FIDO signatures - this
support allows verification of these. Feedback and ok markus@
OpenBSD-Commit-ID: ab7e3a9fb5782d99d574f408614d833379e564ad
|
|
support for FIDO webauthn signature verification support; ok markus@
OpenBSD-Commit-ID: c9f478fd8e0c1bd17e511ce8694f010d8e32043e
|
|
OpenBSD-Commit-ID: 0ef22c55e772dda05c112c88412c0797fec66eb4
|
|
OpenBSD-Commit-ID: ff2a71803b5ea57b83cc3fa9b3be42b70e462fb9
|
|
OpenBSD-Commit-ID: ffb220b435610741dcb4de0e7fc68cbbdc876d2c
|
|
passing a command to ssh-agent. ok jmc@
OpenBSD-Commit-ID: b36f0679cb0cac0e33b361051b3406ade82ea846
|
|
|
|
Prevents following warning from clang 10:
bcrypt_pbkdf.c:94:40: error: expression does not compute the number of
elements in this array; element type is ´uint32_tÂ[...]
place parentheses around the ´sizeof(uint64_t)´ expression to
silence this warning
|
|
Fixes warnings eg "´bounded´ attribute directive ignor" from gcc.
|
|
Allows unit tests to pass when configure'ed --without-openssl.
|
|
|
|
of a specified command (ie "ssh-agent command"). Would have caught bz#3181.
OpenBSD-Regress-ID: 895b4765ba5153eefaea3160a7fe08ac0b6db8b3
|
|
OpenBSD-Regress-ID: 706ef17e2b545b64873626e0e35553da7c06052a
|
|
verification only so far
OpenBSD-Regress-ID: fb1f946c8fc59206bc6a6666e577b5d5d7e45896
|
|
OpenBSD-Regress-ID: 8089b88393dd916d7c95422b442a6fd4cfe00c82
|
|
part of previous diff)
OpenBSD-Commit-ID: 65a4f66436028748b59fb88b264cb8c94ce2ba63
|
|
sshd can load a private key but no public counterpart; with & ok markus@
OpenBSD-Commit-ID: 0713cbdf9aa1ff8ac7b1f78b09ac911af510f81b
|
|
OpenBSD-Commit-ID: 8d03b6c96ca98bfbc23d3754c3c33e1fe0852e10
|
|
|
|
Closes: #962035
LP: #1876320
|
|
included file from sshd_config; patch from Jakub Jelen
OpenBSD-Commit-ID: 0ff603d6f06a7fab4881f12503b53024799d0a49
Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=0a9a611619b0a1fecd0195ec86a9885f5d681c84
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=3169
Bug-Debian: https://bugs.debian.org/962035
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1876320
Last-Update: 2020-06-07
Patch-Name: avoid-extra-ports.patch
|
|
|
|
Also update GSSAPI key exchange patch from
https://github.com/openssh-gsskex/openssh-gsskex.
|
|
This reverts commit 5ee8448ad7c306f05a9f56769f95336a8269f379.
The IPQoS default changes have some unfortunate interactions with
iptables (see https://bugs.debian.org/923880) and VMware, so I'm
temporarily reverting them until those have been fixed.
Bug-Debian: https://bugs.debian.org/923879
Bug-Debian: https://bugs.debian.org/926229
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1822370
Last-Update: 2019-04-08
Patch-Name: revert-ipqos-defaults.patch
|
|
Twisted Conch fails to read private keys in the new format
(https://twistedmatrix.com/trac/ticket/9515). Work around this until it
can be fixed in Twisted.
Forwarded: not-needed
Last-Update: 2019-10-09
Patch-Name: conch-old-privkey-format.patch
|
|
Upstream seems to intend to gradually phase this out, so don't assume
that this will remain the default forever. However, we were late in
adopting the upstream sshd_config changes, so it makes sense to extend
the grace period.
Bug-Debian: https://bugs.debian.org/852320
Forwarded: not-needed
Last-Update: 2017-03-05
Patch-Name: restore-authorized_keys2.patch
|
|
ssh: Enable ForwardX11Trusted, returning to earlier semantics which cause
fewer problems with existing setups (http://bugs.debian.org/237021).
ssh: Set 'SendEnv LANG LC_*' by default (http://bugs.debian.org/264024).
ssh: Enable HashKnownHosts by default to try to limit the spread of ssh
worms.
ssh: Enable GSSAPIAuthentication by default.
ssh: Include /etc/ssh/ssh_config.d/*.conf.
sshd: Enable PAM, disable ChallengeResponseAuthentication, and disable
PrintMotd.
sshd: Enable X11Forwarding.
sshd: Set 'AcceptEnv LANG LC_*' by default.
sshd: Change sftp subsystem path to /usr/lib/openssh/sftp-server.
sshd: Include /etc/ssh/sshd_config.d/*.conf.
Document all of this.
Author: Russ Allbery <rra@debian.org>
Forwarded: not-needed
Last-Update: 2020-02-21
Patch-Name: debian-config.patch
|
|
Bug-Debian: https://bugs.debian.org/778913
Forwarded: no
Last-Update: 2017-08-22
Patch-Name: systemd-readiness.patch
|
|
Bug-Ubuntu: https://bugs.launchpad.net/bugs/27152
Last-Update: 2010-02-28
Patch-Name: gnome-ssh-askpass2-icon.patch
|
|
There is no reason to check the version of OpenSSL (in Debian). If it's
not compatible the soname will change. OpenSSH seems to want to do a
check for the soname based on the version number, but wants to keep the
status of the release the same. Remove that check on the status since
it doesn't tell you anything about how compatible that version is.
Author: Colin Watson <cjwatson@debian.org>
Bug-Debian: https://bugs.debian.org/93581
Bug-Debian: https://bugs.debian.org/664383
Bug-Debian: https://bugs.debian.org/732940
Forwarded: not-needed
Last-Update: 2014-10-07
Patch-Name: no-openssl-version-status.patch
|
|
Bug-Debian: http://bugs.debian.org/711623
Forwarded: no
Last-Update: 2020-02-21
Patch-Name: ssh-agent-setgid.patch
|
|
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1727
Bug-Debian: http://bugs.debian.org/430154
Last-Update: 2013-09-14
Patch-Name: doc-hash-tab-completion.patch
|