| Age | Commit message (Collapse) | Author |
|---|
|
don't leave an empty .ssh directory when it's not needed. Use the same
function to replace the code in ssh-keygen that does the same thing.
bz#3156, ok djm@
|
|
Pedro Martelletto, ok markus@
|
|
|
|
"ssh-keygen -Rf /path". The old behaviour was to remove all rights for
group/other. bz#3146 ok dtucker@
|
|
and save a bunch of redundant code.
Patch from loic AT venez.fr; ok markus@ djm@
|
|
private keys using "ssh-keygen -i"; spotted by Michael Forney
|
|
of old-format key, key comments were not being displayed. Spotted by
loic AT venez.fr, ok dtucker
|
|
regression caused by my recent pubkey loading refactor. Reported by
loic AT venez.fr, ok dtucker@
|
|
revocation list: ssh-keygen -lQf /path bz#3132; ok dtucker
|
|
from https://fossies.org/linux/misc/openssh-8.2p1.tar.gz/codespell.html
|
|
until the token has told us that it needs one. Avoids double-prompting on
devices that implement on-device authentication (e.g. a touchscreen PIN
pad on the Trezor Model T). ok dtucker@
|
|
|
|
|
|
a critical option.
|
|
While freezero() returns early if the pointer is NULL the tests for
NULL in callers are left to avoid warnings about passing an
uninitialised size argument across a function boundry.
ok deraadt@ djm@
|
|
intended number of prompts (3) and 2) it would SEGV too many incorrect
PINs were entered; based on patch by Gabriel Kihlman
|
|
This replaces "security key" in error/usage/verbose messages and
distinguishes between "authenticator" and "authenticator-hosted key".
ok djm@
|
|
|
|
Allow writing to disk the attestation certificate that is generated by
the FIDO token at key enrollment time. These certificates may be used
by an out-of-band workflow to prove that a particular key is held in
trustworthy hardware.
Allow passing in a challenge that will be sent to the card during
key enrollment. These are needed to build an attestation workflow
that resists replay attacks.
ok markus@
|
|
ssh-keygen be solely responsible for printing the error message and
convertint some more common error responses from the middleware to
a useful ssherr.h status code. more detail remains visible via -v
of course.
also remove indepedent copy of sk-api.h declarations in sk-usbhid.c
and just include it.
feedback & ok markus@
|
|
feedback and ok markus@
|
|
Extract the key label or X.509 subject string when PKCS#11 keys
are retrieved from the token and plumb this through to places where
it may be used as a comment.
based on https://github.com/openssh/openssh-portable/pull/138
by Danielle Church
feedback and ok markus@
|
|
emit matched principals one per line to stdout rather than as comma-
separated and with a free-text preamble (easy confusion opportunity)
emit "not found" error to stderr
fix up argument testing for -Y operations and improve error message for
unsupported operations
|
|
algorithm (rsa-sha-512) if not is explicitly specified by the user;
ok markus@
|
|
ok markus@
|
|
use "principals" instead of principal, as allowed_signers lines may list
multiple.
When the signing key is a certificate, emit only principals that match
the certificate principal list.
NB. the command -Y name changes: "find-principal" => "find-principals"
ok markus@
|
|
they make them needlessly more difficult to cut and paste without
error; ok markus@ & dtucker@
|
|
principal associated with a signature from an allowed-signers
file. Work by Sebastian Kinne; ok dtucker@
|
|
comment. This makes copy-paste of fingerprints into ssh easier.
OK djm@
|
|
support; it works just fine and disabling it breaks a few tests.
ok dtucker@
|
|
ok markus@
|
|
operations. These are intended to future-proof the API a little by
making it easier to specify additional fields for without having to
change the API version for each.
At present, only two options are defined: one to explicitly specify
the device for an operation (rather than accepting the middleware's
autoselection) and another to specify the FIDO2 username that may
be used when generating a resident key. These new options may be
invoked at key generation time via ssh-keygen -O
This also implements a suggestion from Markus to avoid "int" in favour
of uint32_t for the algorithm argument in the API, to make implementation
of ssh-sk-client/helper a little easier.
feedback, fixes and ok markus@
|
|
"ssh-keygen -K". This will save public/private keys into the
current directory.
This is handy if you move a token between hosts.
feedback & ok markus@
|
|
Instead these flags may be specified via -O.
ok markus@
|
|
Define some well-known error codes in the SK API and pass
them back via ssh-sk-helper.
Use the new "wrong PIN" error code to retry PIN prompting during
ssh-keygen of resident keys.
feedback and ok markus@
|
|
Allow passing a PIN via the SK API (API major crank) and let the
ssh-sk-helper API follow.
Also enhance the ssh-sk-helper API to support passing back an error
code instead of a complete reply. Will be used to signal "wrong PIN",
etc.
feedback and ok markus@
|
|
"ssh-keygen -t ecdsa-sk|ed25519-sk -x resident" will generate a
device-resident key.
feedback and ok markus@
|
|
Move all moduli generation options to live under the -O flag.
Frees up seven single-letter flags.
NB. this change break existing ssh-keygen commandline syntax for moduli-
related operations. Very few people use these fortunately.
feedback and ok markus@
|
|
Move list of available certificate options in ssh-keygen.1 to the
CERTIFICATES section.
Collect options specified by -O but delay parsing/validation of
certificate options until we're sure that we're acting as a CA.
ok markus@
|
|
user to touch they key to authorise the signature.
|
|
require a touch to authorize the operation.
|
|
keypair to request one that does not require a touch for each
authentication attempt. The default remains to require touch.
feedback deraadt; ok markus@
|
|
extension for certificates. This option disables the default
requirement that security key signatures attest that the user touched
their key to authorize them.
feedback deraadt, ok markus
|
|
This is populated during signature verification with additional fields
that are present in and covered by the signature. At the moment, it is
only used to record security key-specific options, especially the flags
field.
with and ok markus@
|
|
|
|
|
|
|
|
|
|
|
|
against the (previously external) USB HID middleware. The dlopen()
capability still exists for alternate middlewares, e.g. for
Bluetooth, NFC and test/debugging.
|
