summaryrefslogtreecommitdiff
path: root/usr.bin/ssh
AgeCommit message (Collapse)Author
2015-03-23for ssh-keygen -A, don't try (and fail) to generateDamien Miller
ssh v.1 keys when compiled without SSH1 support RSA/DSA/ECDSA keys when compiled without OpenSSL based on patch by Mike Frysinger; bz#2369
2015-03-18KRL support doesn't need OpenSSL anymore, remove #ifdefsDamien Miller
from around call
2015-03-16#if 0 some more arrays used only for decrypting (we don't useDamien Miller
since we only need encrypt for AES-CTR)
2015-03-11add back the changes from rev 1.206, djm reverted this by mistake inJonathan Gray
rev 1.207
2015-03-06fix sshkey_certify() return value for unsupported key types;Damien Miller
ok markus@ deraadt@
2015-03-04make ssh-add -D work with !SSH1 agentDamien Miller
2015-03-04crank; ok markus, deraadtDamien Miller
2015-03-03add SSH1 Makefile knob to make it easier to build without SSH1 support;Damien Miller
ok markus@
2015-03-03Allow "ssh -Q protocol-version" to list supported SSH protocolDamien Miller
versions. Useful for detecting builds without SSH v.1 support; idea and ok markus@
2015-03-01Make sure we only call getnameinfo() for AF_INET or AF_INET6 sockets.Todd C. Miller
getpeername() of a Unix domain socket may return without error on some systems without actually setting ss_family so getnameinfo() was getting called with ss_family set to AF_UNSPEC. OK djm@
2015-02-26don't printf NULL key comments; reported by Tom ChristensenDamien Miller
2015-02-25zero cmsgbuf before use; we initialise the bits we use butDamien Miller
valgrind still spams warning on it
2015-02-25fix small memory leak when UpdateHostkeys=noDamien Miller
2015-02-25don't leak validity of user in "too many authentication failures"Damien Miller
disconnect message; reported by Sebastian Reitenbach
2015-02-24add -v (show ASCII art) to -l's synopsis; ok djm@Christian Weisgerber
2015-02-23further silence spurious error message even when -v is specifiedDamien Miller
(e.g. to get visual host keys); reported by naddy@
2015-02-23add an XXX to remind me to improve sshkey_load_publicDamien Miller
2015-02-23silence a spurious error message when listing fingerprints forDamien Miller
known_hosts; bz#2342
2015-02-23fix setting/clearing of TTY raw mode around UpdateHostKeys=askDamien Miller
confirmation question; reported by Herb Goldman
2015-02-21make "ssh-add -d" properly remove a corresponding certificate, and alsoAlexander Hall
not whine and fail if there is none ok djm@
2015-02-20sort options useable under Match case-insensitively;Damien Miller
prodded jmc@
2015-02-20more options that are available under Match;Damien Miller
bz#2353 reported by calestyo AT scientia.net
2015-02-20UpdateHostKeys fixes:Damien Miller
I accidentally changed the format of the hostkeys@openssh.com messages last week without changing the extension name, and this has been causing connection failures for people who are running -current. First reported by sthen@ s/hostkeys@openssh.com/hostkeys-00@openssh.com/ Change the name of the proof message too, and reorder it a little. Also, UpdateHostKeys=ask is incompatible with ControlPersist (no TTY available to read the response) so disable UpdateHostKeys if it is in ask mode and ControlPersist is active (and document this)
2015-02-17Regression: I broke logging of public key fingerprints in 1.46.Damien Miller
Pointed out by Pontus Lundkvist
2015-02-16partial backout of:Damien Miller
revision 1.441 date: 2015/01/31 20:30:05; author: djm; state: Exp; lines: +17 -10; commitid : x8klYPZMJSrVlt3O; Let sshd load public host keys even when private keys are missing. Allows sshd to advertise additional keys for future key rotation. Also log fingerprint of hostkeys loaded; ok markus@ hostkey updates now require access to the private key, so we can't load public keys only. The improved log messages (fingerprints of keys loaded) are kept.
2015-02-16Revise hostkeys@openssh.com hostkey learning extension.Damien Miller
The client will not ask the server to prove ownership of the private halves of any hitherto-unseen hostkeys it offers to the client. Allow UpdateHostKeys option to take an 'ask' argument to let the user manually review keys offered. ok markus@
2015-02-16Refactor hostkeys_foreach() and dependent codeDamien Miller
Deal with IP addresses (i.e. CheckHostIP) Don't clobber known_hosts when nothing changed ok markus@ as part of larger commit
2015-02-16Declare ge25519_base as extern, to prevent it from becoming a common. Gets usMiod Vallat
rid of ``lignment 4 of symbol `crypto_sign_ed25519_ref_ge25519_base' in mod_ge25519.o is smaller than 16 in mod_ed25519.o'' warnings at link time.
2015-02-13make rekey_limit for sshd w/privsep work; ok djm@ dtucker@Markus Friedl
2015-02-12Prevent sshd spamming syslog with "ssh_dispatch_run_fatal: disconnected".Darren Tucker
ok markus@
2015-02-11Some packet error messages show the address of the peer, but might beDamien Miller
generated after the socket to the peer has suffered a TCP reset. In these cases, getpeername() won't work so cache the address earlier. spotted in the wild via deraadt@ and tedu@
2015-02-09fix some leaks in error pathsJonathan Gray
ok markus@
2015-02-06SIZE_MAX is standard, we should be using it in preference to theTodd C. Miller
obsolete SIZE_T_MAX. OK miod@ beck@
2015-02-05Include stdint.h, not limits.h to get SIZE_MAX. OK guenther@Todd C. Miller
2015-02-03missing ;Theo de Raadt
djm and mlarkin really having great interactions recently
2015-02-03slightly extend the passphrase prompt if running with -c in order toAlexander Hall
give the user a chance to notice if unintentionally running without it wording tweak and ok djm@
2015-02-02handle PKCS#11 C_Login returning CKR_USER_ALREADY_LOGGED_IN;Damien Miller
based on patch from Yuri Samoilenko; ok markus@
2015-02-02turn UpdateHostkeys off by default until I figure out mlarkin@'sDamien Miller
warning message; requested by deraadt@
2015-02-02increasing encounters with difficult DNS setups in darknets hasTheo de Raadt
convinced me UseDNS off by default is better ok djm
2015-01-31Let sshd load public host keys even when private keys are missing.Damien Miller
Allows sshd to advertise additional keys for future key rotation. Also log fingerprint of hostkeys loaded; ok markus@
2015-01-30Add a ssh_config HostbasedKeyType option to control whichDamien Miller
host public key types are tried during hostbased authentication. This may be used to prevent too many keys being sent to the server, and blowing past its MaxAuthTries limit. bz#2211 based on patch by Iain Morgan; ok markus@
2015-01-30set a timeout to prevent hangs when talking to busted servers;Damien Miller
ok markus@
2015-01-30avoid more fatal/exit in the packet.c paths that ssh-keyscanDamien Miller
uses; feedback and "looks good" markus@
2015-01-30permit KRLs that revoke certificates by serial number or key IDDamien Miller
without scoping to a particular CA; ok markus@
2015-01-30missing parentheses after if in do_convert_from() brokeDamien Miller
private key conversion from other formats some time in 2010; bz#2345 reported by jjelen AT redhat.com
2015-01-30fix ssh protocol 1, spotted by miod@Damien Miller
2015-01-28update to new API (key_fingerprint => sshkey_fingerprint)Damien Miller
check sshkey_fingerprint return values; ok markus
2015-01-28avoid fatal() calls in packet codeDamien Miller
makes ssh-keyscan more reliable against server failures ok dtucker@ markus@
2015-01-28avoid fatal() calls in packet codeDamien Miller
makes ssh-keyscan more reliable against server failures ok dtucker@ markus@
2015-01-28remove obsolete commentDamien Miller
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-23 11:14:28 +0000