ssh-add side of destination constraints

Have ssh-add accept a list of "destination constraints" that allow
restricting where keys may be used in conjunction with a ssh-agent/ssh
that supports sessio

ssh-add side of destination constraints

Have ssh-add accept a list of "destination constraints" that allow
restricting where keys may be used in conjunction with a ssh-agent/ssh
that supports session ID/hostkey binding.

Constraints are specified as either "[user@]host-pattern" or
"host-pattern>[user@]host-pattern".

The first form permits a key to be used to authenticate as the
specified user to the specified host.

The second form permits a key that has previously been permitted
for use at a host to be available via a forwarded agent to an
additional host.

For example, constraining a key with "user1@host_a" and
"host_a>host_b". Would permit authentication as "user1" at
"host_a", and allow the key to be available on an agent forwarded
to "host_a" only for authentication to "host_b". The key would not
be visible on agent forwarded to other hosts or usable for
authentication there.

Internally, destination constraints use host keys to identify hosts.
The host patterns are used to obtain lists of host keys for that
destination that are communicated to the agent. The user/hostkeys are
encoded using a new restrict-destination-v00@openssh.com key
constraint.

host keys are looked up in the default client user/system known_hosts
files. It is possible to override this set on the command-line.

feedback Jann Horn & markus@
ok markus@

show more ...

give ssh-keygen the ability to dump the contents of a binary key
revocation list: ssh-keygen -lQf /path bz#3132; ok dtucker

factor out reading/writing sshbufs to dedicated functions;
feedback and ok markus@

use ssh-sk-helper for all security key signing operations

This extracts and refactors the client interface for ssh-sk-helper
from ssh-agent and generalises it for use by the other programs.
This mea

use ssh-sk-helper for all security key signing operations

This extracts and refactors the client interface for ssh-sk-helper
from ssh-agent and generalises it for use by the other programs.
This means that most OpenSSH tools no longer need to link against
libfido2 or directly interact with /dev/uhid*

requested by, feedback and ok markus@

show more ...

directly support U2F/FIDO2 security keys in OpenSSH by linking
against the (previously external) USB HID middleware. The dlopen()
capability still exists for alternate middlewares, e.g. for
Bluetooth

directly support U2F/FIDO2 security keys in OpenSSH by linking
against the (previously external) USB HID middleware. The dlopen()
capability still exists for alternate middlewares, e.g. for
Bluetooth, NFC and test/debugging.

show more ...

Refactor signing - use sshkey_sign for everything, including the new
U2F signatures.

Don't use sshsk_ecdsa_sign() directly, instead make it reachable via
sshkey_sign() like all other signature opera

Refactor signing - use sshkey_sign for everything, including the new
U2F signatures.

Don't use sshsk_ecdsa_sign() directly, instead make it reachable via
sshkey_sign() like all other signature operations. This means that
we need to add a provider argument to sshkey_sign(), so most of this
change is mechanically adding that.

Suggested by / ok markus@

show more ...

ssh-add support for U2F/FIDO keys

Don't redefine Makefile choices which come correct from bsd.*.mk
ok markus

group shared source files (e.g. SRCS_KEX) and allow compilation w/o OPENSSL
ok djm@

Replace ED25519's private SHA-512 implementation with a call to the
regular digest code. This speeds up compilation considerably.
ok markus@

ssh/lib hasn't worked towards our code-sharing goals for a quit while,
perhaps it is too verbose? Change each */Makefile to specifying exactly
what sources that program requires, compiling it sepera

ssh/lib hasn't worked towards our code-sharing goals for a quit while,
perhaps it is too verbose? Change each */Makefile to specifying exactly
what sources that program requires, compiling it seperate. Maybe we'll
iterate by sorting those into seperatable chunks, splitting up files
which contain common code + server/client specific code, or whatnot. But
this isn't one step, or we'd have done it a long time ago..
ok dtucker markus djm

show more ...

zap redundant Makefile variables.
okay djm@

don't link unused libs

log*.c -> log.c

$OpenBSD$

no longer needed; good riddance for static archs

atomicio() via lib

move atomicio into it's own file. wrap all socket write()s which were doing
write(sock, buf, len) != len, with atomicio() calls.

fix for stupid binutils linker

move common files to ./lib and link libssh.a, tested with and w/o obj

on static machines, install these as mode 0

scp should not link against kerberos stuff

more shrinking

nuked minfd. sigh. hope this is the last one.

Remove kerberos libdes - it's all in libcrypto