summaryrefslogtreecommitdiff
path: root/usr.bin/ssh
AgeCommit message (Collapse)Author
2022-12-15The idiomatic way of coping with signed char vs unsigned char (whichTheo de Raadt
did not come from stdio read functions) in the presence of ctype macros, is to always cast to (unsigned char). casting to (int) for a "macro" which is documented to take int, is weird. And sadly wrong, because of the sing extension risk.. same diff from florian
2022-12-09Warn if no host keys for hostbased auth can be loaded. From bz#3507, ok djm@Darren Tucker
2022-12-09Add some server debugging for hostbased auth.Darren Tucker
auth_debug_add queues messages about the auth process which is sent to the client after successful authentication. This also sends those to the server debug log to aid in debugging. From bz#3507, ok djm@
2022-12-04userspace: remove vestigial '?' cases from top-level getopt(3) loopsScott Soule Cheloha
getopt(3) returns '?' when it encounters a flag not present in the in the optstring or if a flag is missing its option argument. We can handle this case with the "default" failure case with no loss of legibility. Hence, remove all the redundant "case '?':" lines. Prompted by dlg@. With help from dlg@ and millert@. Link: https://marc.info/?l=openbsd-tech&m=167011979726449&w=2 ok naddy@ millert@ dlg@
2022-12-04Remove duplicate includes. Patch from AtariDreams via github PR#364.Darren Tucker
2022-12-02make struct sshbuf private and remove an unused field; ok dtuckerDamien Miller
2022-11-29Add void to client_repledge args to fix compiler warning. ok djm@Darren Tucker
2022-11-28tighten pledge(2) after session establishmentDamien Miller
feedback, ok & testing in snaps deraadt@
2022-11-28New EnableEscapeCommandline ssh_config(5) optionDamien Miller
This option (default "no") controls whether the ~C escape is available. Turning it off by default means we will soon be able to use a stricter default pledge(2) in the client. feedback deraadt@ dtucker@; tested in snaps for a while
2022-11-18In channel_request_remote_forwarding the parameters for permission_set_addMoritz Buhl
are leaked as they are also duplicated in the call. Found by CodeChecker. ok djm
2022-11-10Handle dynamic remote port forwarding in escape commandline's -R processing.Darren Tucker
bz#3499, ok djm@
2022-11-09Fix typo in fatal error message. Patch from vapier at chromium.org.Darren Tucker
2022-11-09Remove errant colon and simplify format string in error messages.Darren Tucker
Patch from vapier at chromium.org.
2022-11-09rename client_global_hostkeys_private_confirm() toDamien Miller
client_global_hostkeys_prove_confirm(), as it handles the "hostkeys-prove00@openssh.com" message; no functional change
2022-11-09typo in commentDamien Miller
2022-11-07The IdentityFile option in ssh_config can also be used to specify aDarren Tucker
public key file, as documented in ssh.1 for the -i option. Document this also for IdentityFile in ssh_config.5, for documentation completeness. From laalsaas at systemli.org via portable github PR#352, ok jmc@ djm@
2022-11-07Remove some set but otherwise unused variables, spotted in -portable byDarren Tucker
clang 16's -Wunused-but-set-variable. ok djm@
2022-11-07Check for and disallow MaxStartups values less than or equal to zeroDarren Tucker
during config parsing, rather than faling later at runtime. bz#3489, ok djm@
2022-11-07fix parsing of hex cert expiry time; was checking whether theDamien Miller
start time began with "0x", not the expiry time. from Ed Maste
2022-11-07Import regenerated moduli.Darren Tucker
2022-11-07Fix typo. From pablomh via -portable github PR#344.Darren Tucker
2022-11-03replace recently-added valid_domain() check for hostnames going toDamien Miller
known_hosts with a more relaxed check for bad characters; previous commit broke address literals. Reported by/feedback from florian@
2022-10-28put sshkey_check_rsa_length() back in sshkey.c to unbreakDamien Miller
OPENSSL=no builds
2022-10-28allow ssh-keyscan(1) to accept CIDR address ranges, e.g.Damien Miller
ssh-keyscan 192.168.0.0/24 If a CIDR range is passed, then it will be expanded to all possible addresses in the range including the all-0s and all-1s addresses. bz#976 feedback/ok markus@
2022-10-28refactor sshkey_private_deserializeDamien Miller
feedback/ok markus@
2022-10-28refactor sshkey_private_serialize_opt()Damien Miller
feedback/ok markus@
2022-10-28refactor certifyDamien Miller
feedback/ok markus@
2022-10-28refactor sshkey_sign() and sshkey_verify()Damien Miller
feedback/ok markus@
2022-10-28refactor sshkey_from_blob_internal()Damien Miller
feedback/ok markus@
2022-10-28refactor sshkey_from_private()Damien Miller
feedback/ok markus@
2022-10-28factor out key generationDamien Miller
feedback/ok markus@
2022-10-28refactor and simplify sshkey_read()Damien Miller
feedback/ok markus@
2022-10-28factor out public key serializationDamien Miller
feedback/ok markus@
2022-10-28factor out sshkey_equal_public()Damien Miller
feedback/ok markus@
2022-10-28begin big refactor of sshkeyDamien Miller
Move keytype data and some of the type-specific code (allocation, cleanup, etc) out into each key type's implementation. Subsequent commits will move more, with the goal of having each key-*.c file owning as much of its keytype's implementation as possible. lots of feedback + ok markus@
2022-10-24Be more paranoid with host/domain names coming from the resolver:Damien Miller
don't follow CNAMEs with invalid characters when canonicalising and never write a name with bad characters to a known_hosts file. reported by David Leadbeater, ok deraadt@
2022-10-24when scp(1) is using the SFTP protocol for transport (the default),Damien Miller
better match scp/rcp's handling of globs that don't match the globbed characters but do match literally (e.g. trying to transfer "foo.[1]"). Previously scp(1) in SFTP mode would not match these pathnames but legacy scp/rcp mode would. Reported by Michael Yagliyan in bz3488; ok dtucker@
2022-10-13use correct type with sizeofJonathan Gray
ok djm@
2022-10-07ssh-agent.1:Jason McIntyre
- use Nm not Xr for self-ref - while here, wrap a long line ssh-agent.c: - add -O to usage()
2022-10-07document "-O no-restrict-websafe"; spotted by Ross L RichardsonDamien Miller
2022-10-06honour user's umask if it is more restrictive then the ssh defaultDamien Miller
(022); based on patch from Alex Henrie, ok dtucker@ deraadt@
2022-09-26openssh-9.1Damien Miller
2022-09-21Fix typo. From AlexanderStohr via github PR#343.Darren Tucker
2022-09-19add RequiredRSASize to the list of keywords accepted by -o;Damien Miller
spotted by jmc@
2022-09-19use users-groups-by-id@openssh.com sftp-server extension (whenDamien Miller
available) to fill in user/group names for directory listings. Implement a client-side cache of see uid/gid=>user/group names. ok markus@
2022-09-19sftp client library support for users-groups-by-id@openssh.com;Damien Miller
ok markus@
2022-09-19extend sftp-common.c:extend ls_file() to support supplied user/groupDamien Miller
names; ok markus@
2022-09-19sftp-server(8): add a "users-groups-by-id@openssh.com" extensionDamien Miller
request that allows the client to obtain user/group names that correspond to a set of uids/gids. Will be used to make directory listings more useful and consistent in sftp(1). ok markus@
2022-09-19better debugging for connect_next()Damien Miller
2022-09-17Add RequiredRSASize for sshd(8); RSA keys that fall beneath this limitDamien Miller
will be ignored for user and host-based authentication. Feedback deraadt@ ok markus@
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-30 17:42:22 +0000