| Age | Commit message (Collapse) | Author |
|---|
|
via $SSH_ASKPASS_REQUIRE, including force-enable/disable. bz#69 ok markus@
OpenBSD-Commit-ID: 3a1e6cbbf6241ddc4405c4246caa2c249f149eb2
|
|
stdin bz#3180; ok dtucker@
OpenBSD-Commit-ID: 15c7f10289511eb19fce7905c9cae8954e3857ff
|
|
variable with that of the SecurityKeyProvider ssh/sshd_config(5) directive,
as the latter was more descriptive.
OpenBSD-Commit-ID: 0488f09530524a7e53afca6b6e1780598022552f
|
|
authenticator.
* Rename -O to -K to keep "-O option" available.
* Document -K.
* Trim usage() message down to synopsis, like all other commands.
ok markus@
OpenBSD-Commit-ID: 015c2c4b28f8e19107adc80351b44b23bca4c78a
|
|
authenticator".
The polysemous use of "key" was too confusing. Input from markus@.
ok jmc@
OpenBSD-Commit-ID: 12eea973a44c8232af89f86e4269d71ae900ca8f
|
|
OpenBSD-Commit-ID: 876651bdde06bc1e72dd4bd7ad599f42a6ce5a16
|
|
OpenBSD-Commit-ID: f242e53366f61697dffd53af881bc5daf78230ff
|
|
OpenBSD-Commit-ID: 43d09bafa4ea9002078cb30ca9adc3dcc0b9c2b9
|
|
linking against the (previously external) USB HID middleware. The dlopen()
capability still exists for alternate middlewares, e.g. for Bluetooth, NFC
and test/debugging.
OpenBSD-Commit-ID: 14446cf170ac0351f0d4792ba0bca53024930069
|
|
Mention the new key types, the ~/.ssh/id_ecdsa_sk file, ssh's
SecurityKeyProvider keyword, the SSH_SK_PROVIDER environment variable,
and ssh-keygen's new -w and -x options.
Copy the ssh-sk-helper man page from ssh-pkcs11-helper with minimal
substitutions.
ok djm@
OpenBSD-Commit-ID: ef2e8f83d0c0ce11ad9b8c28945747e5ca337ac4
|
|
OpenBSD-Commit-ID: 8264b0be01ec5a60602bd50fd49cc3c81162ea16
|
|
OpenBSD-Commit-ID: 7f88a5181c982687afedf3130c6ab2bba60f7644
|
|
debug verbosity.
Make ssh-agent turn on ssh-pkcs11-helper's verbosity when it is run
in debug mode ("ssh-agent -d"), so we get to see errors from the
PKCS#11 code.
ok markus@
OpenBSD-Commit-ID: 0a798643c6a92a508df6bd121253ba1c8bee659d
|
|
"..." denotes optional, no need to surround it in []
ok djm
OpenBSD-Commit-ID: 918f6d8eed4e0d8d9ef5eadae1b8983d796f0e25
|
|
by performing a signature and a verification using each key "ssh-add -T
pubkey [...]"
work by markus@, ok djm@
OpenBSD-Commit-ID: 931b888a600b6a883f65375bd5f73a4776c6d19b
|
|
sort options;
Upstream-ID: cf21d68cf54e81968bca629aaeddc87f0c684f3c
|
|
add a -q option to ssh-add to make it quiet on success.
if you want to silence ssh-add without this you generally redirect
the output to /dev/null, but that can hide error output which you
should see.
ok djm@
Upstream-ID: 2f31b9b13f99dcf587e9a8ba443458e6c0d8997c
|
|
remove superfluous protocol 2 mentions; ok jmc@
Upstream-ID: 0aaf7567c9f2e50fac5906b6a500a39c33c4664d
|
|
more protocol 1 stuff to go; ok djm
Upstream-ID: 307a30441d2edda480fd1661d998d36665671e47
|
|
ssh-askpass(1) is the default, overridden by SSH_ASKPASS;
diff originally from jiri b;
|
|
Add FingerprintHash option to control algorithm used for
key fingerprints. Default changes from MD5 to SHA256 and format from hex to
base64.
Feedback and ok naddy@ markus@
|
|
improve capitalization for the Ed25519 public-key
signature system.
ok djm@
|
|
[ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8 ssh.1]
[ssh_config.5 sshd.8 sshd_config.5]
add missing mentions of ed25519; ok djm@
|
|
[ssh-add.1 sshd_config.5]
tweak previous;
|
|
[ssh-add.1 ssh-add.c]
make deleting explicit keys "ssh-add -d" symmetric with adding keys -
try to delete the corresponding certificate too and respect the -k option
to allow deleting of the key only; feedback and ok markus@
|
|
[ssh-add.1 ssh-add.c]
new "ssh-add -k" option to load plain keys (skipping certificates);
"looks ok" markus@
|
|
[scp.1 ssh-add.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5]
knock out some "-*- nroff -*-" lines;
|
|
[ssh-add.1 ssh.1]
two more EXIT STATUS sections;
|
|
[PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c]
[authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c]
[monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c]
[ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c]
[ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h]
[ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5]
[uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c]
Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and
host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer
better performance than plain DH and DSA at the same equivalent symmetric
key length, as well as much shorter keys.
Only the mandatory sections of RFC5656 are implemented, specifically the
three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and
ECDSA. Point compression (optional in RFC5656 is NOT implemented).
Certificate host and user keys using the new ECDSA key types are supported.
Note that this code has not been tested for interoperability and may be
subject to change.
feedback and ok markus@
|
|
[ssh-add.1 ssh.1 ssh_config.5]
mention loading of certificate files from [private]-cert.pub when
they are present; feedback and ok jmc@
|
|
[ssh-add.1 ssh-keygen.1 ssh.1 ssh_config.5]
pkcs#11 is no longer optional; improve wording; ok jmc@
|
|
[ssh-add.1 ssh-keygen.1 ssh.1 ssh.c]
tweak previous; ok markus
|
|
[pathnames.h readconf.c readconf.h scp.1 sftp.1 ssh-add.1 ssh-add.c]
[ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config.5]
replace our obsolete smartcard code with PKCS#11.
ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf
ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11
provider (shared library) while ssh-agent(1) delegates PKCS#11 to
a forked a ssh-pkcs11-helper process.
PKCS#11 is currently a compile time option.
feedback and ok djm@; inspired by patches from Alon Bar-Lev
`
|
|
[ssh-agent.1 ssh-add.1 ssh.1]
write UNIX-domain in a more consistent way; while here, replace a
few remaining ".Tn UNIX" macros with ".Ux" ones.
pointed out by ratchov@, thanks!
ok jmc@
|
|
[ssh.1 ssh-agent.1 ssh-add.1]
use the UNIX-related macros (.At and .Ux) where appropriate.
ok jmc@
|
|
[ssh-add.1]
identies -> identities;
|
|
[ssh-add.1]
better document ssh-add's -d option (delete identies from agent), bz#1224
new text based on some provided by andrewmc-debian AT celt.dias.ie;
ok dtucker@
|
|
[scp.1 ssh_config.5 sftp-server.8 ssh-agent.1 sshd_config.5 sftp.1
ssh-keygen.1 ssh-keyscan.1 ssh-add.1 sshd.8 ssh.1 ssh-keysign.8]
convert to new .Dd format;
(We will need to teach mdoc2man.awk to understand this too.)
|
|
[ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8]
[sshd_config.5] OpenSSH doesn't ever look at the $HOME environment
variable, so don't say that we do (bz #623); ok deraadt@
|
|
[ssh-add.1]
sort options;
|
|
[ssh-add.1 ssh.1]
.Xsession -> .xsession;
originally from a pr from f at obiit dot org, but missed by myself;
ok markus@ matthieu@
|
|
[ssh-add.1]
ssh-add doesn't need to be a descendant of ssh-agent. Ok markus@, jmc@.
|
|
[scp.1 sftp-server.8 ssh.1 ssh-add.1 ssh-agent.1 ssh_config.5]
[sshd.8 sshd_config.5 ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8]
- section reorder
- COMPATIBILITY merge
- macro cleanup
- kill whitespace at EOL
- new sentence, new line
ssh pages ok markus@
|
|
- jmc@cvs.openbsd.org 2003/03/28 10:11:43
[scp.1 sftp.1 ssh.1 ssh-add.1 ssh-agent.1 ssh_config.5 sshd_config.5]
[ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8]
- killed whitespace
- new sentence new line
- .Bk for arguments
ok markus@
|
|
[ssh-add.1]
xref sshd_config.5 (not sshd.8); mark@summersault.com; bug #490
|
|
[authfd.c authfd.h readpass.c ssh-add.1 ssh-add.c ssh-agent.c]
ssh-add -c, prompt user for confirmation (using ssh-askpass) when
private agent key is used; with djm@; test by dugsong@, djm@;
ok deraadt@
|
|
[auth-bsdauth.c auth-skey.c auth1.c auth2-chall.c auth2-none.c authfd.c
authfd.h monitor_wrap.c msg.c nchan.c radix.c readconf.c scp.c sftp.1
ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c
ssh-keysign.c ssh.1 sshconnect.c sshconnect.h sshconnect2.c ttymodes.c
xmalloc.h]
KNF done automatically while reading....
|
|
[ssh-add.1 ssh-add.c]
use convtime() to parse and validate key lifetime. can now
use '-t 2h' etc. ok markus@ provos@
|
|
[authfd.c authfd.h ssh-add.1 ssh-add.c ssh-agent.c]
ssh-add -t life, Set lifetime (in seconds) when adding identities;
ok provos@
|
|
[authfd.c authfd.h ssh-add.1 ssh-add.c ssh-agent.c]
ssh-add -x for lock and -X for unlocking the agent.
todo: encrypt private keys with locked...
|
