| Age | Commit message (Collapse) | Author |
|---|
|
Document "none" for PidFile XAuthLocation
TrustedUserCAKeys and RevokedKeys. bz#2382, feedback from jmc@, ok djm@
|
|
Plug leak of address passed to logging. bz#2373, patch
from jjelen at redhat, ok markus@
|
|
Output remote username in debug output since with Host
and Match it's not always obvious what it will be. bz#2368, ok djm@
|
|
Part of bz#2346, patch from jjelen at redhat com.
|
|
|
|
This changes configure.ac to look for '${host}-ar' as set by
AC_CANONICAL_HOST before looking for the unprefixed 'ar'.
Useful when cross-compiling when all your binutils are prefixed.
Patch from moben at exherbo org via astrand at lysator liu se and
bz#2352.
|
|
|
|
|
|
|
|
deprecate ancient, pre-RFC4419 and undocumented
SSH2_MSG_KEX_DH_GEX_REQUEST_OLD message; ok markus@ deraadt@ "seems
reasonable" dtucker@
|
|
Don't send hostkey advertisments
(hostkeys-00@openssh.com) to current versions of Tera Term as they can't
handle them. Newer versions should be OK. Patch from Bryan Drewery and
IWAMOTO Kouichi, ok djm@
|
|
include port number if a non-default one has been
specified; based on patch from Michael Handler
|
|
treat Protocol=1,2|2,1 as Protocol=2 when compiled
without SSH1 support; ok dtucker@ millert@
|
|
Do not use int for sig_atomic_t; spotted by
christos@netbsd; ok markus@
|
|
From FreeBSD.
|
|
|
|
Patch from Bryan Drewery.
|
|
correct return value in pubkey parsing, spotted by Ben Hawkes
ok markus@
|
|
adapt to recent hostfile.c change: when parsing
known_hosts without fully parsing the keys therein, hostkeys_foreach() will
now correctly identify KEY_RSA1 keys; ok markus@ miod@
|
|
use ${SSH} for -Q instead of installed ssh
|
|
make CLEANFILES clean up more of the tests' droppings
|
|
downgrade error() for known_hosts parse errors to debug()
to quiet warnings from ssh1 keys present when compiled !ssh1.
also identify ssh1 keys when scanning, even when compiled !ssh1
ok markus@ miod@
|
|
fd leak for !ssh1 case; found by unittests; ok markus@
|
|
don't fatal when a !ssh1 sshd is reexeced from a w/ssh1
listener; reported by miod@; ok miod@ markus@
|
|
Comments are only supported for RSA1 keys. If a user
tried to add one and entered his passphrase, explicitly clear it before exit.
This is done in all other error paths, too.
ok djm
|
|
ssh-askpass(1) is the default, overridden by SSH_ASKPASS;
diff originally from jiri b;
|
|
fix uninitialised memory read when parsing a config file
consisting of a single nul byte. Found by hanno AT hboeck.de using AFL; ok
dtucker
|
|
sigp and lenp are not optional in ssh_agent_sign(); ok
djm@
|
|
don't try to load .ssh/identity by default if SSH1 is
disabled; ok markus@
|
|
ban all-zero curve25519 keys as recommended by latest
CFRG curves draft; ok markus
|
|
relax bits needed check to allow
diffie-hellman-group1-sha1 key exchange to complete for chacha20-poly1305 was
selected as symmetric cipher; ok markus
|
|
ignore v1 errors on ssh-add -D; only try v2 keys on
-l/-L (unless WITH_SSH1) ok djm@
|
|
unbreak ssh_agent_sign (lenp vs *lenp)
|
|
don't leak 'setp' on error; noted by Nicholas Lemonias;
ok djm@
|
|
consistent check for NULL as noted by Nicholas
Lemonias; ok djm@
|
|
correct fmt-string for size_t as noted by Nicholas
Lemonias; ok djm@
|
|
promote chacha20-poly1305@openssh.com to be the default
cipher; ok markus
|
|
Compile-time disable SSH protocol 1. You can turn it
back on using the Makefile.inc knob if you need it to talk to ancient
devices.
|
|
fix double-negative error message "ssh1 is not
unsupported"
|
|
for ssh-keygen -A, don't try (and fail) to generate ssh
v.1 keys when compiled without SSH1 support RSA/DSA/ECDSA keys when compiled
without OpenSSL based on patch by Mike Frysinger; bz#2369
|
|
KRL support doesn't need OpenSSL anymore, remove #ifdefs
from around call
|
|
#if 0 some more arrays used only for decrypting (we don't
use since we only need encrypt for AES-CTR)
|
|
add back the changes from rev 1.206, djm reverted this by
mistake in rev 1.207
|
|
pointed out by Christian Hesse
|
|
|
|
|
|
|
|
unbreak for w/SSH1 (default) case; ok markus@ deraadt@
|
|
|
|
fix sshkey_certify() return value for unsupported key types;
ok markus@ deraadt@
|
