summaryrefslogtreecommitdiffstats
path: root/ssh-keyscan.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* upstream: allow ssh-keyscan to find security key hostkeysdjm@openbsd.org2019-12-161-3/+21
| | | | OpenBSD-Commit-ID: 1fe822a7f714df19a7e7184e3a3bbfbf546811d3
* upstream: fixes for !WITH_OPENSSL compilation; ok dtucker@djm@openbsd.org2019-09-061-1/+3
| | | | OpenBSD-Commit-ID: 7fd68eaa9e0f7482b5d4c7e8d740aed4770a839f
* upstream: include SHA2-variant RSA key algorithms in KEX proposal;djm@openbsd.org2019-07-121-2/+7
| | | | | | | allows ssh-keyscan to harvest keys from servers that disable olde SHA1 ssh-rsa. bz#3029 from Jakub Jelen OpenBSD-Commit-ID: 9f95ebf76a150c2f727ca4780fb2599d50bbab7a
* upstream: When system calls indicate an error they return -1, notderaadt@openbsd.org2019-07-051-6/+6
| | | | | | | | some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future. OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075
* upstream: Replace calls to ssh_malloc_init() by a static init ofotto@openbsd.org2019-06-071-2/+1
| | | | | | | malloc_options. Prepares for changes in the way malloc is initialized. ok guenther@ dtucker@ OpenBSD-Commit-ID: 154f4e3e174f614b09f792d4d06575e08de58a6b
* upstream: make ssh-keyscan return a non-zero exit status if itdjm@openbsd.org2019-01-261-2/+6
| | | | | | finds no keys. bz#2903 OpenBSD-Commit-ID: 89f1081fb81d950ebb48e6e73d21807b2723d488
* upstream: rename kex->kem_client_pub -> kex->client_pub now thatdjm@openbsd.org2019-01-211-9/+9
| | | | | | | | KEM has been renamed to kexgen from markus@ ok djm@ OpenBSD-Commit-ID: fac6da5dc63530ad0da537db022a9a4cfbe8bed8
* upstream: use KEM API for vanilla ECDHdjm@openbsd.org2019-01-211-2/+2
| | | | | | from markus@ ok djm@ OpenBSD-Commit-ID: 6fbff96339a929835536b5730585d1d6057a352c
* upstream: use KEM API for vanilla DH KEXdjm@openbsd.org2019-01-211-6/+6
| | | | | | from markus@ ok djm@ OpenBSD-Commit-ID: af56466426b08a8be275412ae2743319e3d277c9
* upstream: use KEM API for vanilla c25519 KEXdjm@openbsd.org2019-01-211-2/+2
| | | | OpenBSD-Commit-ID: 38d937b85ff770886379dd66a8f32ab0c1c35c1f
* upstream: Add support for a PQC KEX/KEM:djm@openbsd.org2019-01-211-1/+2
| | | | | | | | | | | | sntrup4591761x25519-sha512@tinyssh.org using the Streamlined NTRU Prime 4591^761 implementation from SUPERCOP coupled with X25519 as a stop-loss. Not enabled by default. introduce KEM API; a simplified framework for DH-ish KEX methods. from markus@ feedback & ok djm@ OpenBSD-Commit-ID: d687f76cffd3561dd73eb302d17a1c3bf321d1a7
* last bits of old packet API / active_state globalDamien Miller2019-01-201-2/+0
|
* upstream: switch config file parsing to getline(3) as this avoidsmarkus@openbsd.org2018-06-061-7/+5
| | | | | | static limits noted by gerhard@; ok dtucker@, djm@ OpenBSD-Commit-ID: 6d702eabef0fa12e5a1d75c334a8c8b325298b5c
* upstream: apply a lick of paint; tweaks/ok dtuckerjmc@openbsd.org2018-03-031-2/+2
| | | | OpenBSD-Commit-ID: 518a6736338045e0037f503c21027d958d05e703
* upstream: Add experimental support for PQC XMSS keys (Extendedmarkus@openbsd.org2018-02-261-2/+10
| | | | | | | | | Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@ OpenBSD-Commit-ID: ef3eccb96762a5d6f135d7daeef608df7776a7ac
* upstream: Add ssh-keyscan -D option to make it print its results indjm@openbsd.org2018-02-231-4/+16
| | | | | | SSHFP format bz#2821, ok dtucker@ OpenBSD-Commit-ID: 831446b582e0f298ca15c9d99c415c899e392221
* upstream commitdtucker@openbsd.org@openbsd.org2017-11-281-4/+4
| | | | | | | | | | Add monotime_ts and monotime_tv that return monotonic timespec and timeval respectively. Replace calls to gettimeofday() in packet timing with monotime_tv so that the callers will work over a clock step. Should prevent integer overflow during clock steps reported by wangle6 at huawei.com. "I like" markus@ OpenBSD-Commit-ID: 74d684264814ff806f197948b87aa732cb1b0b8a
* upstream commitdtucker@openbsd.org2017-06-301-3/+3
| | | | | | | | Only call close once in confree(). ssh_packet_close will close the FD so only explicitly close non-SSH channels. bz#2734, from bagajjal at microsoft.com, ok djm@ Upstream-ID: a81ce0c8b023527167739fccf1732b154718ab02
* upstream commitmarkus@openbsd.org2017-06-011-2/+2
| | | | | | remove now obsolete ctx from ssh_dispatch_run; ok djm@ Upstream-ID: 9870aabf7f4d71660c31fda91b942b19a8e68d29
* upstream commitdjm@openbsd.org2017-05-011-2/+1
| | | | | | | | obliterate ssh1.h and some dead code that used it ok markus@ Upstream-ID: 1ca9159a9fb95618f9d51e069ac8e1131a087343
* upstream commitdjm@openbsd.org2017-05-011-36/+28
| | | | | | | | remove KEY_RSA1 ok markus@ Upstream-ID: 7408517b077c892a86b581e19f82a163069bf133
* upstream commitdjm@openbsd.org2017-05-011-2/+1
| | | | | | | | remove compat20/compat13/compat15 variables ok markus@ Upstream-ID: 43802c035ceb3fef6c50c400e4ecabf12354691c
* upstream commitdjm@openbsd.org2017-05-011-58/+1
| | | | | | unifdef WITH_SSH1 ok markus@ Upstream-ID: 9716e62a883ef8826c57f4d33b4a81a9cc7755c7
* upstream commitdjm@openbsd.org2017-03-101-1/+2
| | | | | | | ensure hostname is lower-case before hashing it; bz#2591 reported by Griff Miller II; ok dtucker@ Upstream-ID: c3b8b93804f376bd00d859b8bcd9fc0d86b4db17
* upstream commitdjm@openbsd.org2017-03-101-6/+7
| | | | | | | correctly hash hosts with a port number. Reported by Josh Powers in bz#2692; ok dtucker@ Upstream-ID: 468e357ff143e00acc05bdd2803a696b3d4b6442
* upstream commitdjm@openbsd.org2017-01-301-2/+6
| | | | | | | Avoid confusing error message when attempting to use ssh-keyscan built without SSH protocol v.1 to scan for v.1 keys; bz#2583 Upstream-ID: 5d214abd3a21337d67c6dcc5aa6f313298d0d165
* upstream commitdjm@openbsd.org2016-05-021-1/+4
| | | | | | | | | | | | | | add support for additional fixed DH groups from draft-ietf-curdle-ssh-kex-sha2-03 diffie-hellman-group14-sha256 (2K group) diffie-hellman-group16-sha512 (4K group) diffie-hellman-group18-sha512 (8K group) based on patch from Mark D. Baushke and Darren Tucker ok markus@ Upstream-ID: ac00406ada4f0dfec41585ca0839f039545bc46f
* upstream commitdtucker@openbsd.org2016-02-161-1/+2
| | | | | | | Add a function to enable security-related malloc_options. With and ok deraadt@, something similar has been in the snaps for a while. Upstream-ID: 43a95523b832b7f3b943d2908662191110c380ed
* upstream commitjmc@openbsd.org2015-11-091-2/+2
| | | | | | -c before -H, in SYNOPSIS and usage(); Upstream-ID: 25e8c58a69e1f37fcd54ac2cd1699370acb5e404
* upstream commitdjm@openbsd.org2015-11-091-10/+37
| | | | | | | Add "ssh-keyscan -c ..." flag to allow fetching certificates instead of plain keys; ok markus@ Upstream-ID: 0947e2177dba92339eced9e49d3c5bf7dda69f82
* upstream commitdjm@openbsd.org2015-10-251-6/+21
| | | | | | | fix keyscan output for multiple hosts/addrs on one line when host hashing or a non standard port is in use; bz#2479 ok dtucker@ Upstream-ID: 5321dabfaeceba343da3c8a8b5754c6f4a0a307b
* upstream commitdjm@openbsd.org2015-04-131-3/+6
| | | | | include port number if a non-default one has been specified; based on patch from Michael Handler
* upstream commitmiod@openbsd.org2015-04-131-2/+2
| | | | | Do not use int for sig_atomic_t; spotted by christos@netbsd; ok markus@
* Repair for non-ECC OpenSSL.Darren Tucker2015-02-221-0/+2
| | | | | Ifdef out the ECC parts when building with an OpenSSL that doesn't have it.
* upstream commitdjm@openbsd.org2015-01-301-1/+2
| | | | | set a timeout to prevent hangs when talking to busted servers; ok markus@
* upstream commitdjm@openbsd.org2015-01-301-2/+3
| | | | | avoid more fatal/exit in the packet.c paths that ssh-keyscan uses; feedback and "looks good" markus@
* upstream commitdjm@openbsd.org2015-01-281-3/+5
| | | | | avoid fatal() calls in packet code makes ssh-keyscan more reliable against server failures ok dtucker@ markus@
* these need active_state defined to link on OSXDamien Miller2015-01-271-0/+2
| | | | temporary measure until active_state goes away entirely
* upstream commitderaadt@openbsd.org2015-01-261-2/+1
| | | | | Reduce use of <sys/param.h> and transition to <limits.h> throughout. ok djm markus
* upstream commitmarkus@openbsd.org2015-01-191-68/+81
| | | | | switch ssh-keyscan from setjmp to multiple ssh transport layer instances ok djm@
* upstream commitmarkus@openbsd.org2015-01-191-6/+8
| | | | adapt kex to sshbuf and struct ssh; ok djm@
* upstream commitdjm@openbsd.org2014-12-111-1/+3
| | | | | explicitly include sys/param.h in files that use the howmany() macro; from portable
* - markus@cvs.openbsd.org 2014/04/29 18:01:49Damien Miller2014-05-151-1/+7
| | | | | | | | | | [auth.c authfd.c authfile.c bufaux.c cipher.c cipher.h hostfile.c] [kex.c key.c mac.c monitor.c monitor_wrap.c myproposal.h packet.c] [roaming_client.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c] [ssh-pkcs11.h ssh.c sshconnect.c sshconnect2.c sshd.c] make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
* Three commits in one (since they touch the same heavily-diverged fileDamien Miller2014-04-201-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | repeatedly): - markus@cvs.openbsd.org 2014/03/25 09:40:03 [myproposal.h] trimm default proposals. This commit removes the weaker pre-SHA2 hashes, the broken ciphers (arcfour), and the broken modes (CBC) from the default configuration (the patch only changes the default, all the modes are still available for the config files). ok djm@, reminded by tedu@ & naddy@ and discussed with many - deraadt@cvs.openbsd.org 2014/03/26 17:16:26 [myproposal.h] The current sharing of myproposal[] between both client and server code makes the previous diff highly unpallatable. We want to go in that direction for the server, but not for the client. Sigh. Brought up by naddy. - markus@cvs.openbsd.org 2014/03/27 23:01:27 [myproposal.h ssh-keyscan.c sshconnect2.c sshd.c] disable weak proposals in sshd, but keep them in ssh; ok djm@
* - djm@cvs.openbsd.org 2014/03/12 04:44:58Damien Miller2014-04-201-2/+2
| | | | | [ssh-keyscan.c] scan for Ed25519 keys by default too
* - markus@cvs.openbsd.org 2013/12/06 13:39:49Damien Miller2013-12-071-5/+11
| | | | | | | | | | | | [authfd.c authfile.c key.c key.h myproposal.h pathnames.h readconf.c] [servconf.c ssh-agent.c ssh-keygen.c ssh-keyscan.1 ssh-keyscan.c] [ssh-keysign.c ssh.c ssh_config.5 sshd.8 sshd.c verify.c ssh-ed25519.c] [sc25519.h sc25519.c hash.c ge25519_base.data ge25519.h ge25519.c] [fe25519.h fe25519.c ed25519.c crypto_api.h blocks.c] support ed25519 keys (hostkeys and user identities) using the public domain ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html feedback, help & ok djm@
* - markus@cvs.openbsd.org 2013/11/02 21:59:15Damien Miller2013-11-031-1/+2
| | | | | | [kex.c kex.h myproposal.h ssh-keyscan.c sshconnect2.c sshd.c] use curve25519 for default key exchange (curve25519-sha256@libssh.org); initial patch from Aris Adamantiadis; ok djm@
* - djm@cvs.openbsd.org 2013/05/17 00:13:13Darren Tucker2013-06-011-8/+8
| | | | | | | | | | | | | | | | | | [xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c dns.c packet.c readpass.c authfd.c moduli.c] bye, bye xfree(); ok markus@
* - djm@cvs.openbsd.org 2012/04/11 13:34:17Damien Miller2012-04-221-2/+2
| | | | | | [ssh-keyscan.1 ssh-keyscan.c] now that sshd defaults to offering ECDSA keys, ssh-keyscan should also look for them by default; bz#1971
* - okan@cvs.openbsd.org 2011/03/15 10:36:02Damien Miller2011-05-051-2/+2
| | | | | | [ssh-keyscan.c] use timerclear macro ok djm@
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-02 06:05:36 +0100