fix missing field in users-groups-by-id@openssh.com reply documentation

GHPR441 from TJ Saunders

make kex-strict section more explicit about its intent: banning all
messages not strictly required in KEX

spelling; ok markus@

correct section numbers; from Ed Maste

add "ext-info-in-auth@openssh.com" extension

This adds another transport protocol extension to allow a sshd to send
SSH2_MSG_EXT_INFO during user authentication, after the server has
learned the use

add "ext-info-in-auth@openssh.com" extension

This adds another transport protocol extension to allow a sshd to send
SSH2_MSG_EXT_INFO during user authentication, after the server has
learned the username that is being logged in to.

This lets sshd to update the acceptable signature algoritms for public
key authentication, and allows these to be varied via sshd_config(5)
"Match" directives, which are evaluated after the server learns the
username being authenticated.

Full details in the PROTOCOL file

show more ...

implement "strict key exchange" in ssh and sshd

This adds a protocol extension to improve the integrity of the SSH
transport protocol, particular in and around the initial key exchange
(KEX) phase.

implement "strict key exchange" in ssh and sshd

This adds a protocol extension to improve the integrity of the SSH
transport protocol, particular in and around the initial key exchange
(KEX) phase.

Full details of the extension are in the PROTOCOL file.

with markus@

show more ...

Introduce a transport-level ping facility

This adds a pair of SSH transport protocol messages SSH2_MSG_PING/PONG
to implement a ping capability. These messages use numbers in the "local
extensions"

Introduce a transport-level ping facility

This adds a pair of SSH transport protocol messages SSH2_MSG_PING/PONG
to implement a ping capability. These messages use numbers in the "local
extensions" number space and are advertised using a "ping@openssh.com"
ext-info message with a string version number of "0".

ok markus@

show more ...

Fix typo. From pablomh via -portable github PR#344.

sftp-server(8): add a "users-groups-by-id@openssh.com" extension
request that allows the client to obtain user/group names that
correspond to a set of uids/gids.

Will be used to make directory listi

sftp-server(8): add a "users-groups-by-id@openssh.com" extension
request that allows the client to obtain user/group names that
correspond to a set of uids/gids.

Will be used to make directory listings more useful and consistent
in sftp(1).

ok markus@

show more ...

sftp-server: support home-directory request

Add support to the sftp-server for the home-directory extension defined
in draft-ietf-secsh-filexfer-extensions-00. This overlaps a bit with the
existing

sftp-server: support home-directory request

Add support to the sftp-server for the home-directory extension defined
in draft-ietf-secsh-filexfer-extensions-00. This overlaps a bit with the
existing expand-path@openssh.com, but uses a more official protocol name,
and so is a bit more likely to be implemented by non-OpenSSH clients.

From Mike Frysinger, ok dtucker@

show more ...

Note that curve25519-sha256 was later published in RFC8731. ok djm@

add support for the "corp-data" protocol extension to allow
server-side copies to be performed without having to go via
the client. Patch by Mike Frysinger, ok dtucker@

document host-bound publickey authentication

SFTP protocol extension to allow the server to expand ~-prefixed
paths, in particular ~user ones. Allows scp in sftp mode to accept
these paths, like scp in rcp mode does.

prompted by and much discu

SFTP protocol extension to allow the server to expand ~-prefixed
paths, in particular ~user ones. Allows scp in sftp mode to accept
these paths, like scp in rcp mode does.

prompted by and much discussion deraadt@
ok markus@

show more ...

Fix the hostkeys rotation extension documentation

The documentation was lacking the needed want-reply field in the initial
global request.

https://github.com/openssh/openssh-portable/pull/218 by db

Fix the hostkeys rotation extension documentation

The documentation was lacking the needed want-reply field in the initial
global request.

https://github.com/openssh/openssh-portable/pull/218 by dbussink

show more ...

sftp-server: implement limits@openssh.com extension

This is a simple extension that allows the server to clearly
communicate transfer limits it is imposing so the client doesn't
have to guess, or fo

sftp-server: implement limits@openssh.com extension

This is a simple extension that allows the server to clearly
communicate transfer limits it is imposing so the client doesn't
have to guess, or force the user to manually tune. This is
particularly useful when an attempt to use too large of a value
causes the server to abort the connection.

Patch from Mike Frysinger; ok dtucker@

show more ...

sftp: add missing lsetstat@openssh.com documentation
patch from Mike Frysinger

some language improvements; ok markus

Fix some typos and an incorrect word in docs. Patch from itoama at live.jp
via github PR#172.

mention INFO@openssh.com for sending SIGINFO

improve

Describe pubkey format, prompted by bz#2853

While I'm here, describe and link to the remaining local PROTOCOL.*
docs that weren't already mentioned (PROTOCOL.key, PROTOCOL.krl and
PROTOCOL.mux)

fix numbering

emphasise that the hostkey rotation may send key types that the client
may not support, and that the client should simply disregard such keys
(this is what ssh does already).

fix references to obsolete v00 cert format; spotted by Jakub Jelen