summaryrefslogtreecommitdiff
path: root/usr.bin/ssh/ssh2.h
AgeCommit message (Collapse)Author
2010-02-26Add support for certificate key types for users and hosts.Damien Miller
OpenSSH certificate key types are not X.509 certificates, but a much simpler format that encodes a public key, identity information and some validity constraints and signs it with a CA key. CA keys are regular SSH keys. This certificate style avoids the attack surface of X.509 certificates and is very easy to deploy. Certified host keys allow automatic acceptance of new host keys when a CA certificate is marked as trusted in ~/.ssh/known_hosts. see VERIFYING HOST KEYS in ssh(1) for details. Certified user keys allow authentication of users when the signing CA key is marked as trusted in authorized_keys. See "AUTHORIZED_KEYS FILE FORMAT" in sshd(8) for details. Certificates are minted using ssh-keygen(1), documentation is in the "CERTIFICATES" section of that manpage. Documentation on the format of certificates is in the file PROTOCOL.certkeys feedback and ok markus@
2009-10-24Define the KEX messages used when resuming a suspended connection.Andreas Gunnarsson
ok markus@
2008-11-04Add support for an experimental zero-knowledge password authenticationDamien Miller
method using the J-PAKE protocol described in F. Hao, P. Ryan, "Password Authenticated Key Exchange by Juggling", 16th Workshop on Security Protocols, Cambridge, April 2008. This method allows password-based authentication without exposing the password to the server. Instead, the client and server exchange cryptographic proofs to demonstrate of knowledge of the password while revealing nothing useful to an attacker or compromised endpoint. This is experimental, work-in-progress code and is presently compiled-time disabled (turn on -DJPAKE in Makefile.inc). "just commit it. It isn't too intrusive." deraadt@
2006-03-25standardise spacing in $OpenBSD$ tags; requested by deraadt@Damien Miller
2003-05-14ranges for per auth method messagesMarkus Friedl
2002-03-04$OpenBSD$ and RCSID() cleanup: don't use RCSID() in .h files; addKevin Steves
missing RCSID() to .c files and remove dup /*$OpenBSD$*/ from .c files. ok markus@
2002-01-11add defines for msg type rangesMarkus Friedl
2001-03-27make dh group exchange more flexible, allow min and max group size,Niels Provos
okay markus@, deraadt@
2000-10-11First rough implementation of the diffie-hellman group exchange. TheNiels Provos
client can ask the server for bigger groups to perform the diffie-hellman in, thus increasing the attack complexity when using ciphers with longer keys. University of Windsor provided network, T the company.
2000-09-07cleanup copyright notices on all files. I have attempted to be accurate withTheo de Raadt
the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
2000-05-15draft-ietf-secsh-architecture-05.txtMarkus Friedl
2000-04-14whitespace cleanupMarkus Friedl
2000-03-27ssh2 message type codesMarkus Friedl
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-26 22:41:03 +0000