| Commit message (Collapse) | Author | Files | Lines |
|
and list_hostkey_types() that are passed to compat_pkalg_proposal(). Part of
github PR#324 from ZoltanFridrich, ok djm@
OpenBSD-Commit-ID: b2f6e5f60f2bba293b831654328a8a0035ef4a1b
|
|
Prevents us from trying to link them into ssh-sk-helper and failing to
build.
|
|
|
|
|
|
idea/patch from Pedro Martelletto via GHPR#322; ok dtucker@
|
|
and received data. GHPR#328 from Jan Pazdziora
OpenBSD-Commit-ID: d180a905fec9ff418a75c07bb96ea41c9308c3f9
|
|
error.
ok dtucker@
OpenBSD-Commit-ID: e384c4e05d5521e7866b3d53ca59acd2a86eef99
|
|
Martin Vahlensieck via tech@.
OpenBSD-Commit-ID: 4c54d20a8e8e4e9912c38a7b4ef5bfc5ca2e05c2
|
|
connection. bz#3447, from vincent-openssh at vinc17 net, ok djm@
OpenBSD-Commit-ID: 9d59f19872b94900a5c79da2d57850241ac5df94
|
|
If libfido2 is found and usable, then enable the built-in
security key support unless --without-security-key-builtin
was requested.
ok dtucker@
|
|
Analysis/fix from kircher in bz3443; ok dtucker@
|
|
and not in the pledge(2)'d unprivileged process; fixes regression caused by
recent refactoring spotted by henning@
OpenBSD-Commit-ID: a089870b95101cd8881a2dff65b2f1627d13e88d
|
|
auth2-pubkeyfile.c too; they make more sense there.
OpenBSD-Commit-ID: 9970d99f900e1117fdaab13e9e910a621b7c60ee
|
|
too
OpenBSD-Regress-ID: 4c8804f9db38a02db480b9923317457b377fe34b
|
|
sshd_config and sshd_config; previously if the same name was reused then the
last would win (which is the opposite to how the config is supposed to work).
While there, make the ssh_config parsing more like sshd_config.
bz3438, ok dtucker
OpenBSD-Commit-ID: 797909c1e0262c0d00e09280459d7ab00f18273b
|
|
skazi0 via github PR#294.
OpenBSD-Commit-ID: fda2c869cdb871f3c90a89fb3f985370bb5d25c0
|
|
message. github PR#320 from jschauma, ok djm@
OpenBSD-Commit-ID: bd60809803c4bfd3ebb7c5c4d918b10e275266f2
|
|
Based on github PR#303 from jsegitz with man page text from jmc@, ok markus@
djm@
OpenBSD-Commit-ID: 5c4c57bdd7063ff03381cfb6696659dd3f9f5b9f
|
|
This was already documented when support for user-verified FIDO
keys was added, but the ssh-keygen(1) code was missing.
ok djm@
OpenBSD-Commit-ID: f660f973391b593fea4b7b25913c9a15c3eb8a06
|
|
from caspar schutijser
OpenBSD-Commit-ID: f146a19d7d5c9374c3b9c520da43b2732d7d1a4e
|
|
|
|
|
|
|
|
mostly redundant to authopt_fuzz, but it's sensitive code so IMO it
makes sense to test this layer too
|
|
auth2-pubkey.c
Put them in a new auth2-pubkeyfile.c to make it easier to refer to them
(e.g. in unit/fuzz tests) without having to refer to everything else
pubkey auth brings in.
ok dtucker@
OpenBSD-Commit-ID: 3fdca2c61ad97dc1b8d4a7346816f83dc4ce2217
|
|
remove "struct ssh *" from arguments - this was only used to pass the
remote host/address. These can be passed in instead and the resulting
code is less tightly coupled to ssh_api.[ch]
ok dtucker@
OpenBSD-Commit-ID: 9d4373d013edc4cc4b5c21a599e1837ac31dda0d
|
|
with freezero. Unconditionally call freezero to guarantee that password is
removed from RAM.
From tobias@ and c3h2_ctf via github PR#286, ok djm@
OpenBSD-Commit-ID: 6b093619c9515328e25b0f8093779c52402c89cd
|
|
reached before fork has been called. If this happens, then kill -1 would be
called, sending SIGTERM to all processes reachable by the current process.
From tobias@ and c3h2_ctf via github PR#286, ok djm@
OpenBSD-Commit-ID: 6277af1207d81202f5daffdccfeeaed4c763b1a8
|
|
ProxyCommand. From pallxk via github PR#305.
OpenBSD-Commit-ID: 7115ac351b129205f1f1ffa6bbfd62abd76be7c5
|
|
OpenBSD-Commit-ID: 457c79afaca2f89ec2606405c1059b98b30d8b0d
|
|
via #define) dump to stderr rather than stdout
OpenBSD-Commit-ID: 10298513ee32db8390aecb0397d782d68cb14318
|
|
HAVE_CAPH_CACHE_TZDATA to be missing from config.h.in.
Spotted by Bryan Drewery
|
|
files with smaller ones; would have caught last regression in scp(1)
OpenBSD-Regress-ID: 19de4e88dd3a4f7e5c1618c9be3c32415bd93bc2
|
|
architectures do not ship with gdb.
OpenBSD-Regress-ID: ec53e928803e6b87f9ac142d38888ca79a45348d
|
|
all cases, not just at the start of a transfer. This could cause overwrites
of larger files to leave junk at the end. Spotted by tb@
OpenBSD-Commit-ID: b189f19cd68119548c8e24e39c79f61e115bf92c
|
|
early
previous behavious of unconditionally truncating the destination file
would cause "scp ~/foo localhost:" and "scp localhost:foo ~/" to
delete all the contents of their destination.
spotted by solene@ sthen@, also bz3431; ok dtucker@
OpenBSD-Commit-ID: ca39fdd39e0ec1466b9666f15cbcfddea6aaa179
|
|
OpenBSD-Commit-ID: dc6b294567cb84b384ad6ced9ca469f2bbf0bd10
|
|
operations, where it will be interpreted to require that the private keys is
hosted in an agent; bz3429, suggested by Adam Szkoda; ok dtucker@
OpenBSD-Commit-ID: a7bc69873b99c32c42c7628ed9ea91565ba08c2f
|
|
load a private key; bz3429, reported by Adam Szkoda ok dtucker@
OpenBSD-Commit-ID: bb57b285e67bea536ef81b1055467be2fc380e74
|
|
bcrypt_pbkdf.o is duplicated in the openbsd-compat Makefile's object
file list.
|
|
that the implicit working directory used to construct that path escapes
glob(3) characters.
This prevents glob characters from being processed in places they
shouldn't, e.g. "cd /tmp/a*/", "get *.txt" should have the get operation
treat the path "/tmp/a*" literally and not attempt to expand it.
Reported by Lusia Kundel; ok markus@
OpenBSD-Commit-ID: 4f647f58482cbad3d58b1eab7f6a1691433deeef
|
|
|
|
|
|
As suggested by djm@.
|
|
the code in private2_check_padding(). Pull private2_check_padding() up so the
code can be reused. From Martin Vahlensieck, ok deraadt@
OpenBSD-Commit-ID: 876884c3f0e62e8fd8d1594bab06900f971c9c85
|
|
comment accordingly. As remote_name is not modified, it can be const as
well. From Martin Vahlensieck
OpenBSD-Commit-ID: e4e10dc8dc9f40c166ea5a8e991942bedc75a76a
|
|
OpenBSD-Commit-ID: 69a1a93a55986c7c2ad9f733c093b46a47184341
|
|
OpenBSD-Commit-ID: 64940fffbd1b882eda2d7c8c7a43c79368309c0d
|
|
works. The wording came mostly from the 8.2 OpenSSH release notes, addapted
to fit the man page. Then move the -O bits into the new section as is already
done for CERTIFICATES and MODULI GENERATION. Finally we can explain the
trade-offs of resident keys. While here, consistently refer to the FIDO
thingies as "FIDO authenticators", not "FIDO tokens".
input & OK jmc, naddy
OpenBSD-Commit-ID: dd98748d7644df048f78dcf793b3b63db9ab1d25
|
|
from megan batty
ok djm
OpenBSD-Commit-ID: db2c89879c29bf083df996bd830abfb1e70d62bf
|