| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Allows forcing maximum debug logging by file/function/line pattern-
lists.
ok markus@
|
|
|
|
suggested by Mark D. Baushke
|
|
overridden UserKnownHostsFile;
ok markus@ "The timing is perfect" deraadt@
|
|
|
|
keys in addition to its current flag options. Time-limited keys will
automatically be removed from ssh-agent after their expiry time has
passed; ok markus@
|
|
|
|
destination. This allows, eg, keeping host keys in individual files
using "UserKnownHostsFile ~/.ssh/known_hosts.d/%k".
bz#1654, ok djm@, jmc@ (man page bits)
|
|
allowing the file to be automagically split up in the configuration
(eg bz#1654). ok djm@, man page parts jmc@
|
|
|
|
|
|
variables on the client side. The supported keywords are
CertificateFile, ControlPath, IdentityAgent and IdentityFile, plus
LocalForward and RemoteForward when used for Unix domain socket
paths. This would for example allow forwarding of Unix domain
socket paths that change at runtime. bz#3140, ok djm@
|
|
|
|
for Unix domain socket forwarding. Factor out the code for the config
keywords that use the most common subset of TOKENS into its own function.
bz#3014, ok jmc@ (man page bits) djm@
|
|
- %C is moved into its own function and added to Match Exec.
- move the common (global) options into a macro. This is ugly but it's
the least-ugly way I could come up with.
- move IdentityAgent and ForwardAgent percent expansion to before the
config dump to make it regression-testable.
- document all of the above
ok jmc@ for man page bits, "makes things less terrible" djm@ for the rest.
|
|
ssh_config(5) and sshd_config(5) algorithm keywords as an alias for the
corresponding query. Man page help jmc@, ok djm@.
|
|
|
|
|
|
patch by veegish AT cyberstorm.mu
|
|
confirmation) and not just password prompts.
|
|
|
|
the wording confusing (bz#2560)
|
|
to known_hosts name privacy, it's not practical for this option to
offer any guarantee that hostnames cannot be recovered from a
disclosed known_hosts file (e.g. by brute force).
|
|
|
|
The polysemous use of "key" was too confusing. Input from markus@.
ok jmc@
|
|
$SSH_AUTH_SOCK, by extending the existing ForwardAgent option to
accepting an explicit path or the name of an environment variable
in addition to yes/no.
Patch by Eric Chiang, manpage by me; ok markus@
|
|
Update the list of default host key algorithms in ssh_config.5 and
sshd_config.5. Copy the description of the SecurityKeyProvider
option to sshd_config.5.
ok jmc@
|
|
ok markus
|
|
|
|
|
|
|
|
against the (previously external) USB HID middleware. The dlopen()
capability still exists for alternate middlewares, e.g. for
Bluetooth, NFC and test/debugging.
|
|
Mention the new key types, the ~/.ssh/id_ecdsa_sk file, ssh's
SecurityKeyProvider keyword, the SSH_SK_PROVIDER environment variable,
and ssh-keygen's new -w and -x options.
Copy the ssh-sk-helper man page from ssh-pkcs11-helper with minimal
substitutions.
ok djm@
|
|
keys; bz#3062
|
|
From Zachary Harmany via github.com/openssh/openssh-portable/pull/118
ok dtucker@
|
|
the protocol handshake/KEX. From Jean-Charles Longuet via Github PR140
|
|
the list with the '^' character, e.g.
HostKeyAlgorithms ^ssh-ed25519
Ciphers ^aes128-gcm@openssh.com,aes256-gcm@openssh.com
ok djm@ dtucker@
|
|
Options such as Ciphers take values that may be a list of ciphers; the
complete list, not indiviual elements, may be prefixed with a dash or plus
character to remove from or append to the default list, respectively.
Users might read the current text as if each elment took an optional prefix,
so tweak the wording from "values" to "list" to prevent such ambiguity for
all options supporting these semantics.
Fix instances missed in first commit. ok jmc@ kn@
|
|
Options such as Ciphers take values that may be a list of ciphers; the
complete list, not indiviual elements, may be prefixed with a dash or plus
character to remove from or append to the default list respectively.
Users might read the current text as if each elment took an optional prefix,
so tweak the wording from "values" to "list" to prevent such ambiguity for
all options supporting this semantics (those that provide a list of
available elements via "ssh -Q ...").
Input and OK jmc
|
|
to clarify what it checks for. Patch from jblaine at kickflop.net via
github pr#129, ok djm@.
|
|
|
|
ok dtucker
|
|
"X11UseLocalhost" keywords; this makes things consistent (effectively reversing
my commit of yesterday);
ok deraadt markus djm
|
|
|
|
Part of a patch from Stephen Gregoratto <dev at sgregoratto dot me>.
|
|
RSA keys only (since we support ECDSA now and might support others in
the future). Inspired by Jakub Jelen via bz#2974
|
|
client for KEX, ciphers and MACs. The ciphers and MACs were
identical between the client and server, but the error accidentially
disabled the diffie-hellman-group-exchange-sha1 KEX method.
This fixes the client code to use the correct method list, but
because nobody complained, it also disables the
diffie-hellman-group-exchange-sha1 KEX method.
Reported by nuxi AT vault24.org via bz#2697; ok dtucker
|
|
issue pointed out by andreas kahari
ok dtucker djm
|
|
to any ProxyJump/-J hosts. This has confused a few people...
|
