summaryrefslogtreecommitdiffstats
path: root/ssh-keyscan.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* upstream: remove unneeded semicolons; checked by millert@jsg@openbsd.org2024-09-241-2/+2
| | | | OpenBSD-Commit-ID: 3fb621a58e04b759a875ad6a33f35bb57ca80231
* upstream: pull post-quantum ML-KEM/x25519 key exchange out fromdjm@openbsd.org2024-09-091-3/+1
| | | | | | | | | | | compile-time flag now than an IANA codepoint has been assigned for the algorithm. Add mlkem768x25519-sha256 in 2nd KexAlgorithms preference slot. ok markus@ OpenBSD-Commit-ID: 9f50a0fae7d7ae8b27fcca11f8dc6f979207451a
* upstream: be more strict in parsing key type names. Only allowdjm@openbsd.org2024-09-041-2/+2
| | | | | | | | | shortnames (e.g "rsa") in user-interface code and require full SSH protocol names (e.g. "ssh-rsa") everywhere else. Prompted by bz3725; ok markus@ OpenBSD-Commit-ID: b3d8de9dac37992eab78adbf84fab2fe0d84b187
* upstream: Add experimental support for hybrid post-quantum key exchangedjm@openbsd.org2024-09-021-1/+4
| | | | | | | | | | | | | | | | | | ML-KEM768 with ECDH/X25519 from the Internet-draft: https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03 This is based on previous patches from markus@ but adapted to use the final FIPS203 standard ML-KEM using a formally-verified implementation from libcrux. Note this key exchange method is still a draft and thus subject to change. It is therefore disabled by default; set MLKEM=yes to build it. We're making it available now to make it easy for other SSH implementations to test against it. ok markus@ deraadt@ OpenBSD-Commit-ID: 02a8730a570b63fa8acd9913ec66353735dea42c
* upstream: make host/banner comments go to stderr instead of stdout,djm@openbsd.org2024-06-141-5/+12
| | | | | | | | | | | so they are useful as comments without extra shell redirection and so they don't clutter actual errors on stderr. Add a -q flag to shut them up. ok dtucker@ OpenBSD-Commit-ID: bec813de56a71adb5c1a76adcf49621130d24264
* upstream: remove SSH1 leftoverstobias@openbsd.org2024-05-081-48/+4
| | | | | | | | Authored with Space Meyer <git at the-space dot agency> ok djm OpenBSD-Commit-ID: 81db602e4cb407baae472689db1c222ed7b2afa3
* upstream: never close stdintobias@openbsd.org2024-05-081-4/+7
| | | | | | | | | | | | | | | | | | | The sanitise_stdfd call makes sure that standard file descriptors are open (if they were closed, they are connected with /dev/null). Do not close stdin in any case to prevent error messages when stdin is read multiple times and to prevent later usage of fd 0 for connections, e.g. echo localhost | ssh-keyscan -f - -f - While at it, make stdin-related error messages nicer. Authored with Max Kunzelmann <maxdev at posteo dot de> ok djm OpenBSD-Commit-ID: 48e9b7938e2fa2f9bd47e6de6df66a31e0b375d3
* upstream: make DSA key support compile-time optional, defaulting todjm@openbsd.org2024-01-111-1/+3
| | | | | | | | on ok markus@ OpenBSD-Commit-ID: 4f8e98fc1fd6de399d0921d5b31b3127a03f581d
* upstream: spelling; ok markus@jsg@openbsd.org2024-01-081-3/+3
| | | | OpenBSD-Commit-ID: 9d01f2e9d59a999d5d42fc3b3efcf8dfb892e31b
* handle sysconf(SC_OPEN_MAX) returning > INT_MAX;Damien Miller2023-06-221-7/+12
| | | | bz3581; ok dtucker
* upstream: handle rlimits > INT_MAX (rlim_t is u64); ok dtuckerdjm@openbsd.org2023-06-211-6/+8
| | | | | | bz3581 OpenBSD-Commit-ID: 31cf59c041becc0e5ccb0a77106f812c4cd1cd74
* upstream: don't print key if printing hostname failed; with/okdjm@openbsd.org2023-03-311-4/+5
| | | | | | dtucker@ OpenBSD-Commit-ID: ad42971a6ee5a46feab2d79f7f656f8cf4b119f3
* upstream: space between macro and punctuation; sort usage();jmc@openbsd.org2023-02-161-3/+3
| | | | OpenBSD-Commit-ID: 6141610cfca037700730e41f868d1d9124958f8c
* upstream: let ssh-keygen and ssh-keyscan acceptdjm@openbsd.org2023-02-101-6/+16
| | | | | | | -Ohashalg=sha1|sha256 when outputting SSHFP fingerprints to allow algorithm selection. bz3493 ok dtucker@ OpenBSD-Commit-ID: e6e07fe21318a873bd877f333e189eb963a11b3d
* upstream: spelling fixes; from paul tagliamonte amendments to hisjmc@openbsd.org2023-01-031-2/+2
| | | | | | diff are noted on tech OpenBSD-Commit-ID: d776dd03d0b882ca9c83b84f6b384f6f9bd7de4a
* upstream: remove '?' from getopt(3) loopscheloha@openbsd.org2022-12-091-2/+1
| | | | | | | | | | | | | | | | | userspace: remove vestigial '?' cases from top-level getopt(3) loops getopt(3) returns '?' when it encounters a flag not present in the in the optstring or if a flag is missing its option argument. We can handle this case with the "default" failure case with no loss of legibility. Hence, remove all the redundant "case '?':" lines. Prompted by dlg@. With help from dlg@ and millert@. Link: https://marc.info/?l=openbsd-tech&m=167011979726449&w=2 ok naddy@ millert@ dlg@ OpenBSD-Commit-ID: b2f89346538ce4f5b33ab8011a23e0626a67e66e
* upstream: allow ssh-keyscan(1) to accept CIDR address ranges, e.g.djm@openbsd.org2022-10-281-3/+40
| | | | | | | | | | | ssh-keyscan 192.168.0.0/24 If a CIDR range is passed, then it will be expanded to all possible addresses in the range including the all-0s and all-1s addresses. bz#976 feedback/ok markus@ OpenBSD-Commit-ID: ce6c5211f936ac0053fd4a2ddb415277931e6c4b
* upstream: Strictly enforce the maximum allowed SSH2 banner size indtucker@openbsd.org2022-08-191-1/+15
| | | | | | | ssh-keyscan and prevent a one-byte buffer overflow. Patch from Qualys, ok djm@ OpenBSD-Commit-ID: 6ae664f9f4db6e8a0589425f74cd0bbf3aeef4e4
* upstream: When poll(2) returns -1, for some error conditionsderaadt@openbsd.org2022-01-251-4/+6
| | | | | | | pfd[].revents is not cleared. There are subtle errors in various programs. In this particular case, the program should error out. ok djm millert OpenBSD-Commit-ID: 00f839b16861f7fb2adcf122e95e8a82fa6a375c
* upstream: hash full host:port when asked to hash output, fixes hashesdjm@openbsd.org2021-12-031-2/+2
| | | | | | for non- default ports. bz3367 ok dtucker@ OpenBSD-Commit-ID: 096021cc847da7318ac408742f2d0813ebe9aa73
* Put poll.h inside ifdef HAVE_POLL_H.Darren Tucker2021-11-181-0/+2
|
* upstream: check for POLLHUP wherever we check for POLLINdjm@openbsd.org2021-11-181-2/+2
| | | | OpenBSD-Commit-ID: 6aa6f3ec6b17c3bd9bfec672a917f003a76d93e5
* upstream: aggressively pre-fill the pollfd array with fd=-1deraadt@openbsd.org2021-11-171-1/+3
| | | | OpenBSD-Commit-ID: c2a525de8f83c1a04405bd79122c424140552a5b
* upstream: Convert from select() to ppoll(). Along the way, Ideraadt@openbsd.org2021-11-171-31/+22
| | | | | | observed that the select() code was using exceptfds incorrectly.. ok millert OpenBSD-Commit-ID: 548e05bfc31b2af02319eb3d051286d4128dec96
* upstream: Dynamically allocate encoded HashKnownHosts and free asdtucker@openbsd.org2021-10-061-3/+4
| | | | | | | | | appropriate. Saves 1k of static storage and prevents snprintf "possible truncation" warnings from newer compilers (although in this case it's false positive since the actual sizes are limited by the output size of the SHA1). ok djm@ OpenBSD-Commit-ID: e254ae723f7e3dce352c7d5abc4b6d87faf61bf4
* upstream: remove global variable used to stash compat flags and use thedjm@openbsd.org2021-01-271-4/+3
| | | | | | purpose-built ssh->compat variable instead; feedback/ok markus@ OpenBSD-Commit-ID: 7c4f200e112dae6bcf99f5bae1a5629288378a06
* upstream: Update/replace the experimental post-quantim hybrid keydjm@openbsd.org2020-12-291-2/+2
| | | | | | | | | | | | | | | | | | | | exchange method based on Streamlined NTRU Prime (coupled with X25519). The previous sntrup4591761x25519-sha512@tinyssh.org method is replaced with sntrup761x25519-sha512@openssh.com. Per the authors, sntrup4591761 was replaced almost two years ago by sntrup761. The sntrup761 implementaion, like sntrup4591761 before it, is public domain code extracted from the SUPERCOP cryptography benchmark suite (https://bench.cr.yp.to/supercop.html). Thanks for Daniel J Bernstein for guidance on algorithm selection. Patch from Tobias Heider; feedback & ok markus@ and myself (note this both the updated method and the one that it replaced are disabled by default) OpenBSD-Commit-ID: 2bf582b772d81ee24e911bb6f4b2aecfd39338ae
* upstream: fix SEGV on fatal() errors spotted by dtucker@djm@openbsd.org2020-10-191-2/+2
| | | | OpenBSD-Commit-ID: 75f155a1ac61e364ed00dc379e2c42df81067ce2
* upstream: use the new variant log macros instead of prependingdjm@openbsd.org2020-10-181-7/+5
| | | | | | __func__ and appending ssh_err(r) manually; ok markus@ OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8
* upstream: variants of the log methods that append a ssherr.h stringdjm@openbsd.org2020-10-181-3/+3
| | | | | | from a supplied error code; ok markus@ OpenBSD-Commit-ID: aed98c4435d48d036ae6740300f6a8357b7cc0bf
* upstream: make the log functions that exit (sshlogdie(),djm@openbsd.org2020-10-171-4/+4
| | | | | | | sshfatal(), etc) have identical signatures. Makes things a bit more consistent... OpenBSD-Commit-ID: bd0ae124733389d7c0042e135c71ee9091362eb9
* upstream: revised log infrastructure for OpenSSHdjm@openbsd.org2020-10-161-4/+5
| | | | | | | | | log functions receive function, filename and line number of caller. We can use this to selectively enable logging via pattern-lists. ok markus@ OpenBSD-Commit-ID: 51a472610cbe37834ce6ce4a3f0e0b1ccc95a349
* upstream: ssh-keyscan(1): simplify conloop() with timercmp(3),cheloha@openbsd.org2020-08-271-13/+5
| | | | | | timersub(3); ok djm@ OpenBSD-Commit-ID: a102acb544f840d33ad73d40088adab4a687fa27
* upstream: allow ssh-keyscan to find security key hostkeysdjm@openbsd.org2019-12-161-3/+21
| | | | OpenBSD-Commit-ID: 1fe822a7f714df19a7e7184e3a3bbfbf546811d3
* upstream: fixes for !WITH_OPENSSL compilation; ok dtucker@djm@openbsd.org2019-09-061-1/+3
| | | | OpenBSD-Commit-ID: 7fd68eaa9e0f7482b5d4c7e8d740aed4770a839f
* upstream: include SHA2-variant RSA key algorithms in KEX proposal;djm@openbsd.org2019-07-121-2/+7
| | | | | | | allows ssh-keyscan to harvest keys from servers that disable olde SHA1 ssh-rsa. bz#3029 from Jakub Jelen OpenBSD-Commit-ID: 9f95ebf76a150c2f727ca4780fb2599d50bbab7a
* upstream: When system calls indicate an error they return -1, notderaadt@openbsd.org2019-07-051-6/+6
| | | | | | | | some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future. OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075
* upstream: Replace calls to ssh_malloc_init() by a static init ofotto@openbsd.org2019-06-071-2/+1
| | | | | | | malloc_options. Prepares for changes in the way malloc is initialized. ok guenther@ dtucker@ OpenBSD-Commit-ID: 154f4e3e174f614b09f792d4d06575e08de58a6b
* upstream: make ssh-keyscan return a non-zero exit status if itdjm@openbsd.org2019-01-261-2/+6
| | | | | | finds no keys. bz#2903 OpenBSD-Commit-ID: 89f1081fb81d950ebb48e6e73d21807b2723d488
* upstream: rename kex->kem_client_pub -> kex->client_pub now thatdjm@openbsd.org2019-01-211-9/+9
| | | | | | | | KEM has been renamed to kexgen from markus@ ok djm@ OpenBSD-Commit-ID: fac6da5dc63530ad0da537db022a9a4cfbe8bed8
* upstream: use KEM API for vanilla ECDHdjm@openbsd.org2019-01-211-2/+2
| | | | | | from markus@ ok djm@ OpenBSD-Commit-ID: 6fbff96339a929835536b5730585d1d6057a352c
* upstream: use KEM API for vanilla DH KEXdjm@openbsd.org2019-01-211-6/+6
| | | | | | from markus@ ok djm@ OpenBSD-Commit-ID: af56466426b08a8be275412ae2743319e3d277c9
* upstream: use KEM API for vanilla c25519 KEXdjm@openbsd.org2019-01-211-2/+2
| | | | OpenBSD-Commit-ID: 38d937b85ff770886379dd66a8f32ab0c1c35c1f
* upstream: Add support for a PQC KEX/KEM:djm@openbsd.org2019-01-211-1/+2
| | | | | | | | | | | | sntrup4591761x25519-sha512@tinyssh.org using the Streamlined NTRU Prime 4591^761 implementation from SUPERCOP coupled with X25519 as a stop-loss. Not enabled by default. introduce KEM API; a simplified framework for DH-ish KEX methods. from markus@ feedback & ok djm@ OpenBSD-Commit-ID: d687f76cffd3561dd73eb302d17a1c3bf321d1a7
* last bits of old packet API / active_state globalDamien Miller2019-01-201-2/+0
|
* upstream: switch config file parsing to getline(3) as this avoidsmarkus@openbsd.org2018-06-061-7/+5
| | | | | | static limits noted by gerhard@; ok dtucker@, djm@ OpenBSD-Commit-ID: 6d702eabef0fa12e5a1d75c334a8c8b325298b5c
* upstream: apply a lick of paint; tweaks/ok dtuckerjmc@openbsd.org2018-03-031-2/+2
| | | | OpenBSD-Commit-ID: 518a6736338045e0037f503c21027d958d05e703
* upstream: Add experimental support for PQC XMSS keys (Extendedmarkus@openbsd.org2018-02-261-2/+10
| | | | | | | | | Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@ OpenBSD-Commit-ID: ef3eccb96762a5d6f135d7daeef608df7776a7ac
* upstream: Add ssh-keyscan -D option to make it print its results indjm@openbsd.org2018-02-231-4/+16
| | | | | | SSHFP format bz#2821, ok dtucker@ OpenBSD-Commit-ID: 831446b582e0f298ca15c9d99c415c899e392221
* upstream commitdtucker@openbsd.org@openbsd.org2017-11-281-4/+4
| | | | | | | | | | Add monotime_ts and monotime_tv that return monotonic timespec and timeval respectively. Replace calls to gettimeofday() in packet timing with monotime_tv so that the callers will work over a clock step. Should prevent integer overflow during clock steps reported by wangle6 at huawei.com. "I like" markus@ OpenBSD-Commit-ID: 74d684264814ff806f197948b87aa732cb1b0b8a
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-03 06:42:53 +0100