| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
Found by Martin Cracauer
"look right" tb@
|
|
from Julian Prein, GitHub issue 4121.
|
|
applications can still enter mode 2 if they want, they just cannot turn
extended keys off entirely. From Stanislav Kljuhhin.
|
|
|
|
using -fwrapv to provide defined over/underflow behaviour, but we use
-ftrapv to catch integer errors and abort the program. ok dtucker@
|
|
|
|
|
|
|
|
in SUPERCOP 20201130 to the "compact" implementation in SUPERCOP
20240808. The new version is substantially faster.
Thanks to Daniel J Bernstein for pointing out the new implementation
(and of course for writing it).
tested in snaps/ok deraadt@
|
|
|
|
This allows writing Match conditions that trigger for invalid username.
E.g.
PerSourcePenalties refuseconnection:90s
Match invalid-user
RefuseConnection yes
Will effectively penalise bots try to guess passwords for bogus accounts,
at the cost of implicitly revealing which accounts are invalid.
feedback markus@
|
|
PerSourcePenalties
This allows penalising connection sources that have had connections
dropped by the RefuseConnection option. ok markus@
|
|
If set, this will terminate the connection at the first authentication
request (this is the earliest we can evaluate sshd_config Match blocks)
ok markus@
|
|
ok markus@
|
|
tokeniser, making it possible to use shell-like quoting in Match
directives, particularly "Match exec". ok markus@
|
|
the user know what's going on when ssh-keygen is invoked via other
tools. Requested in GHPR503
|
|
fails. Prevents restrictive key options being incorrectly applied
to subsequent keys in authorized_keys. bz3733, ok markus@
|
|
half-way between misleadingly eurocentric and urban legend.
It was so obviously suspect that it had already been marked "(?!)"
since at least 4.3BSD-Tahoe (June 1988).
Brought up by <Rob dot Schmersel at bahnhof dot se>,
additional research by <me at FletcherPorter dot com>,
see https://marc.info/?l=openbsd-bugs&m=172634202204747 for details.
|
|
kdump.c r1.138 in 2019 dropped the letters list in favour of [-t trstr].
|
|
which incorrectly required that sshd was started with an absolute path
in inetd mode. bz3717, patch from Colin Wilson
|
|
them on unless the application requests them. Ignore them so they do not
cause the prefix to be canceled, GitHub issue 4111.
|
|
Also, switch to S_IS*() tests and update the manpage
to reflect that POSIX-2024 has no substantive changes
for wc(1)
ok op@ millert@
|
|
|
|
flag now than an IANA codepoint has been assigned for the algorithm.
Add mlkem768x25519-sha256 in 2nd KexAlgorithms preference slot.
ok markus@
|
|
string rather than the first. This makes it possible to use usernames
that contain '@' characters.
Prompted by Max ZettlmeiÃl; feedback/ok millert@
|
|
"rsa") in user-interface code and require full SSH protocol names (e.g.
"ssh-rsa") everywhere else.
Prompted by bz3725; ok markus@
|
|
|
|
|
|
that "Match Exec" and environment variables.
ok dtucker@
|
|
|
|
ML-KEM768 with ECDH/X25519 from the Internet-draft:
https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03
This is based on previous patches from markus@ but adapted to use the
final FIPS203 standard ML-KEM using a formally-verified implementation
from libcrux.
Note this key exchange method is still a draft and thus subject to
change. It is therefore disabled by default; set MLKEM=yes to build it.
We're making it available now to make it easy for other SSH
implementations to test against it.
ok markus@ deraadt@
|
|
|
|
The public API will be removed. This fixes its only consumer.
|
|
looks reasonable to deraadt
ok/improvements bluhm@
|
|
|
|
It doesn't handle angular brackets in Return-Path, which are fine
per RFC 5332 (section 3.6.7).
Diff from Sven M. Hallberg with a tiny change by me.
|
|
ok beck
|
|
The underlying API will be removed, so these commands have to go.
ok beck
|
|
|
|
If the memory layout is not optimal, m_defrag(), m_prepend(),
m_pullup(), and m_pulldown() will allocate mbufs or copy memory.
Count these operations to find possible optimizations.
input dhill@; OK mvs@
|
|
b.root-servers.net renumbered on 2023-11-27.
OK phessler, jsg, sthen, deraadt
|
|
with a NUL character, which might occur after using the D command.
From Mohamed Akram
|
|
get the hyperlink under the cursor.
|
|
issue 4091.
|
|
by a range.
|
|
original report by Collin Funk
ok bluhm, millert
|
|
|
