| Age | Commit message (Collapse) | Author |
|---|
|
OpenBSD-Regress-ID: 5f147990cb67094fe554333782ab268a572bb2dd
|
|
|
|
verify-required resident keys) even though it doesn't implement this feature
OpenBSD-Regress-ID: 86579ea2891e18e822e204413d011b2ae0e59657
|
|
OpenBSD-Commit-ID: 9ed6078251a0959ee8deda443b9ae42484fd8b18
|
|
When we know that a particular action will require a PIN, such as
downloading resident keys or generating a verify-required key, request
the PIN before attempting it.
joint work with Pedro Martelletto; ok markus@
OpenBSD-Commit-ID: 863182d38ef075bad1f7d20ca485752a05edb727
|
|
When downloading a resident, verify-required key from a FIDO token,
preserve the verify-required in the private key that is written to
disk. Previously we weren't doing that because of lack of support
in the middleware API.
from Pedro Martelletto; ok markus@ and myself
OpenBSD-Commit-ID: 201c46ccdd227cddba3d64e1bdbd082afa956517
|
|
When PINs are in use and multiple FIDO tokens are attached to a host, we
cannot just blast requests at all attached tokens with the PIN specified
as this will cause the per-token PIN failure counter to increment. If
this retry counter hits the token's limit (usually 3 attempts), then the
token will lock itself and render all (web and SSH) of its keys invalid.
We don't want this.
So this reworks the key selection logic for the specific case of
multiple keys being attached. When multiple keys are attached and the
operation requires a PIN, then the user must touch the key that they
wish to use first in order to identify it.
This may require multiple touches, but only if there are multiple keys
attached AND (usually) the operation requires a PIN. The usual case of a
single key attached should be unaffected.
Work by Pedro Martelletto; ok myself and markus@
OpenBSD-Commit-ID: 637d3049ced61b7a9ee796914bbc4843d999a864
|
|
This adds a "verify-required" authorized_keys flag and a corresponding
sshd_config option that tells sshd to require that FIDO keys verify the
user identity before completing the signing/authentication attempt.
Whether or not user verification was performed is already baked into the
signature made on the FIDO token, so this is just plumbing that flag
through and adding ways to require it.
feedback and ok markus@
OpenBSD-Commit-ID: 3a2313aae153e043d57763d766bb6d55c4e276e6
|
|
FIDO2 supports a notion of "user verification" where the user is
required to demonstrate their identity to the token before particular
operations (e.g. signing). Typically this is done by authenticating
themselves using a PIN that has been set on the token.
This adds support for generating and using user verified keys where
the verification happens via PIN (other options might be added in the
future, but none are in common use now). Practically, this adds
another key generation option "verify-required" that yields a key that
requires a PIN before each authentication.
feedback markus@ and Pedro Martelletto; ok markus@
OpenBSD-Commit-ID: 57fd461e4366f87c47502c5614ec08573e6d6a15
|
|
timersub(3); ok djm@
OpenBSD-Commit-ID: a102acb544f840d33ad73d40088adab4a687fa27
|
|
limit for keys in addition to its current flag options. Time-limited keys
will automatically be removed from ssh-agent after their expiry time has
passed; ok markus@
OpenBSD-Commit-ID: 792e71cacbbc25faab5424cf80bee4a006119f94
|
|
notification respect $SSH_ASKPASS_REQUIRE; ok markus@
OpenBSD-Commit-ID: 7c1a616b348779bda3b9ad46bf592741f8e206c1
|
|
It was added in 8d1fd57a9 for measuring entropy of ssh_prng_cmds which
has long since been removed and there are no other references to it.
|
|
|
|
|
|
If the PAM account stack reaturns any messages, send them to the user
not just if the check succeeds. bz#2049, ok djm@
|
|
|
|
|
|
|
|
|
|
* Only use heimdal kerberos implementation
* Fetch yubico/libfido2 (see: https://github.com/Yubico/libfido2)
* Add one target for
* all features
* each feature alone
* no features
|
|
bz#960, ok dtucker
|
|
avoids warnings on NetBSD
|
|
Needed for NetBSD. etc that supply these macros
|
|
Previously if the user specified a custom extension then the everything would
be in order except the custom ones. bz3198 ok dtucker markus
OpenBSD-Commit-ID: d97deb90587b06cb227c66ffebb2d9667bf886f0
|
|
sftp. The default remains to not forward an agent, even when ssh_config
enables it. ok jmc dtucker markus
OpenBSD-Commit-ID: 36cc526aa3b0f94e4704b8d7b969dd63e8576822
|
|
FALLTHROUGH */ comments, which is the style we currently use, and gives too
many boring warnings. ok djm
OpenBSD-Commit-ID: 07b5031e9f49f2b69ac5e85b8da4fc9e393992a0
|
|
bz#3057, ok djm@
OpenBSD-Commit-ID: 9bbc1d138adb34c54f3c03a15a91f75dbf418782
|
|
It hasn't been useful since we switched to git in 2014. ok djm@
|
|
configure.ac is not detecting -Wextra in compilers that implement the
option. The problem is that -Wextra implies -Wunused-parameter, and the
C excerpt used by aclocal.m4 does not use argv. Patch from pedro at
ambientworks.net, ok djm@
|
|
|
|
Based on patch from Fabio Pedretti
|
|
the other keywords that recently got %k.
OpenBSD-Commit-ID: 1857d1c40f270cbc254fca91e66110641dddcfdb
|
|
OpenBSD-Commit-ID: 624e47ab209450ad9ad5c69f54fa69244de5ed9a
|
|
OpenBSD-Regress-ID: 8ed1ba1a811790031aad3fcea860a34ad7910456
|
|
OpenBSD-Regress-ID: bccf8060306c841bbcceb1392644f906a4d6ca51
|
|
OpenBSD-Commit-ID: f733d7b3b05e3c68967dc18dfe39b9e8fad29851
|
|
the destination. This allows, eg, keeping host keys in individual files
using "UserKnownHostsFile ~/.ssh/known_hosts.d/%k". bz#1654, ok djm@, jmc@
(man page bits)
OpenBSD-Commit-ID: 7084d723c9cc987a5c47194219efd099af5beadc
|
|
UserKnownHostsFile, allowing the file to be automagically split up in the
configuration (eg bz#1654). ok djm@, man page parts jmc@
OpenBSD-Commit-ID: 7e1b406caf147638bb51558836a72d6cc0bd1b18
|
|
Reorder parameters list in the first usage() case - Sentence rewording
ok dtucker@
jmc@ noticed usage() missed -a flag too
OpenBSD-Commit-ID: f06b9afe91cc96f260b929a56e9930caecbde246
|
|
OpenBSD-Commit-ID: ab06581d51b2b4cc1b4aab781f7f3cfa56cad973
|
|
This is a frankenstein monster of AMD64 instructions/calling conventions
but with a 4GB address space. Allegedly deprecated but people still run
into it causing weird sandbox failures, e.g. bz#3085
|
|
OpenBSD-Regress-ID: 821cdd1dff9c502cceff4518b6afcb81767cad5a
|
|
OpenBSD-Regress-ID: 965bda1f95f09a765050707340c73ad755f41167
|
|
|
|
OpenBSD-Commit-ID: cb7e9aa04ace01a98e63e4bd77f34a42ab169b15
|
|
via $SSH_ASKPASS_REQUIRE, including force-enable/disable. bz#69 ok markus@
OpenBSD-Commit-ID: 3a1e6cbbf6241ddc4405c4246caa2c249f149eb2
|
|
OpenBSD-Commit-ID: 964d9a88f7de1d0eedd3f8070b43fb6e426351f1
|
|
OpenBSD-Commit-ID: 939d787d571b4d5da50b3b721fd0b2ac236acaa8
|
|
OpenBSD-Commit-ID: bc92d122f9184ec2a9471ade754b80edd034ce8b
|
