Age | Commit message (Collapse) | Author |
|
avoids malicious client from being able to cause agent to load arbitrary
libraries into ssh-sk-helper.
reported by puck AT puckipedia.com; ok markus
OpenBSD-Commit-ID: 1086643df1b7eee4870825c687cf0c26a6145d1c
|
|
Extract the key label or X.509 subject string when PKCS#11 keys
are retrieved from the token and plumb this through to places where
it may be used as a comment.
based on https://github.com/openssh/openssh-portable/pull/138
by Danielle Church
feedback and ok markus@
OpenBSD-Commit-ID: cae1fda10d9e10971dea29520916e27cfec7ca35
|
|
frequently used to distinguish between multiple independent instances of the
server. New proctitle looks like this:
$ pgrep -lf sshd
12844 sshd: /usr/sbin/sshd -f /etc/ssh/sshd_config [listener] 0 of 10-100 startups
requested by sthen@ and aja@; ok aja@
OpenBSD-Commit-ID: cf235a561c655a3524a82003cf7244ecb48ccc1e
|
|
(reallocating as necessary). ok aja@ as part of a larger diff
OpenBSD-Commit-ID: 30796b50d330b3e0e201747fe40cdf9aa70a77f9
|
|
emit matched principals one per line to stdout rather than as comma-
separated and with a free-text preamble (easy confusion opportunity)
emit "not found" error to stderr
fix up argument testing for -Y operations and improve error message for
unsupported operations
OpenBSD-Commit-ID: 3d9c9a671ab07fc04a48f543edfa85eae77da69c
|
|
signature algorithms ok markus
OpenBSD-Commit-ID: da3481fca8c81e6951f319a86b7be67502237f57
|
|
a safe signature algorithm (rsa-sha-512) if not is explicitly specified by
the user; ok markus@
OpenBSD-Commit-ID: e05f638f0be6c0266e1d3d799716b461011e83a9
|
|
from Jakub Jelen ok markus@
OpenBSD-Commit-ID: a58edec8b9f07acab4b962a71a5125830d321b51
|
|
from Markus:
use "principals" instead of principal, as allowed_signers lines may list
multiple.
When the signing key is a certificate, emit only principals that match
the certificate principal list.
NB. the command -Y name changes: "find-principal" => "find-principals"
ok markus@
OpenBSD-Commit-ID: ab575946ff9a55624cd4e811bfd338bf3b1d0faf
|
|
OpenBSD-Regress-ID: 339d4cbae224bd8743ffad9c3afb0cf3cb66c357
|
|
optional.
OpenBSD-Regress-ID: 0af4fbc5168e62f89d0350de524bff1cb00e707a
|
|
OpenBSD-Commit-ID: d1d7a6553208bf439378fd1cf686a828aceb353a
|
|
(ie symlinks, where permissions are not relevant).
OpenBSD-Regress-ID: fb6cfc8b022becb62b2dcb99ed3f072b3326e501
|
|
|
|
This allows zlib support to be disabled by ./configure --without-zlib.
|
|
that allows building without zlib compression and associated options. With
feedback from markus@, ok djm@
OpenBSD-Commit-ID: 44c6e1133a90fd15a3aa865bdedc53bab28b7910
|
|
pathnames - they make them needlessly more difficult to cut and paste without
error; ok markus@ & dtucker@
OpenBSD-Commit-ID: abdcfd1a5723fcac0711feee7665edc66ae2335a
|
|
|
|
We switched the main code to use sigaction(), so the wrapper is no
longer used.
|
|
OpenBSD-Commit-ID: b6c3f2f36ec77e99198619b38a9f146655281925
|
|
sigaction(2). This wrapper blocks all other signals during the handler
preventing races between handlers, and sets SA_RESTART which should reduce
the potential for short read/write operations.
OpenBSD-Commit-ID: 5e047663fd77a40d7b07bdabe68529df51fd2519
|
|
OpenBSD-Commit-ID: 321ce74c0a5bbd0f02fa3f20cb5cf2a952c6b96f
|
|
OpenBSD-Regress-ID: 4841704ccdee50ee7efc6035bc686695c6ac2991
|
|
OpenBSD-Regress-ID: 7af6a0e8763b05f1f8eee6bca5f31fcb16151040
|
|
OpenBSD-Regress-ID: ec4017dce612131842398a03e93007a869c2c133
|
|
time and remove ifdef and distinct settings for OPENSSL=no case.
This will make things much simpler for -portable where the exact set
of algos depends on the configuration of both OpenSSH and the libcrypto
it's linked against (if any). ok djm@
OpenBSD-Commit-ID: e0116d0183dcafc7a9c40ba5fe9127805c5dfdd2
|
|
up the principal associated with a signature from an allowed-signers file.
Work by Sebastian Kinne; ok dtucker@
OpenBSD-Commit-ID: 6f782cc7e18e38fcfafa62af53246a1dcfe74e5d
|
|
When confirming a host key using the fingerprint itself, ignore leading and
trailing whitespace. ok deraadt@ djm@
OpenBSD-Commit-ID: cafd7f803bbdcd40c3a8f8f1a77747e6b6d8c011
|
|
concurrent keyscans can hit the default 5 second timeout, so increase to 15
seconds.
OpenBSD-Regress-ID: 16383dec166af369b7fb9948572856f5d544c93f
|
|
see what happens. general mostly ok
OpenBSD-Commit-ID: 216b7b8462d2ef5f4531f26cb2cb839b2153dad9
|
|
when there is a comment. This makes copy-paste of fingerprints into ssh
easier. OK djm@
OpenBSD-Commit-ID: fa01d95624f65c1eb4dc7c575d20d77c78010dfd
|
|
change
OpenBSD-Commit-ID: 6c3ddd5f848b99ea560b31d3fba99ceed66cef37
|
|
OpenBSD-Commit-ID: 85ee6aeff608371826019ea85e55bfa87f79d06e
|
|
|
|
along with the MaxStartups limit in the proctitle; suggestion from Philipp
Marek, w/ feedback from Craig Miskell ok dtucker@
OpenBSD-Commit-ID: a4a6db2dc1641a5df8eddf7d6652176e359dffb3
|
|
ok dtucker@ djm@
OpenBSD-Commit-ID: 0788e7f2b5a9d4e36d3d2ab378f73329320fef66
|
|
|
|
libcrypto support; it works just fine and disabling it breaks a few tests. ok
dtucker@
OpenBSD-Commit-ID: 65f6272c4241eb4b04de78b012fe98b2b555ad44
|
|
cleared; with dtucker@
OpenBSD-Regress-ID: 03178a0580324bf0dff28f7eac6c3edbc5407f8e
|
|
error message for misconfigured helper paths
OpenBSD-Commit-ID: 061bcc262155d12e726305c91394ac0aaf1f8341
|
|
from jtesta@positronsecurity.com via github PR#151.
OpenBSD-Commit-ID: f3d48168623045c258245c340a5a2af7dbb74edc
|
|
prompt; reported by jmc@
OpenBSD-Commit-ID: 04d4f582fc194eb3897ebcbfe286c49958ba2859
|
|
messages
OpenBSD-Commit-ID: 6da47a0e6373f6683006f49bc2a516d197655508
|
|
authenticator"
OpenBSD-Commit-ID: 031bca03c1d1f878ab929facd561911f1bc68dfd
|
|
again
OpenBSD-Commit-ID: 341749062c089cc360a7877e9ee3a887aecde395
|
|
authenticator.
* Rename -O to -K to keep "-O option" available.
* Document -K.
* Trim usage() message down to synopsis, like all other commands.
ok markus@
OpenBSD-Commit-ID: 015c2c4b28f8e19107adc80351b44b23bca4c78a
|
|
other and reality ok markus@
OpenBSD-Commit-ID: cdf64454f2c3604c25977c944e5b6262a3bcce92
|
|
expand_proxy_command()
Always put 'host' before 'host_arg' for consistency. ok markus@ djm@
OpenBSD-Commit-ID: 1ba5b25472779f1b1957295fcc6907bb961472a3
|
|
ssh-sk-helper, making debugging a bit easier. ok markus@
OpenBSD-Commit-ID: 2e7aea6bf5770d3f38b7c7bba891069256c5a49a
|
|
It's only needed for USE_PAM or HAVE_CYGWIN cases and will cause compiler
warnings otherwise.
|