| #
7bb43397 |
| 04-Apr-2024 |
semarie <semarie@openbsd.org> |
set right mode on ssh-agent at boot-time
which sthen@
ok deraadt@
|
| #
3124af8d |
| 01-Apr-2024 |
deraadt <deraadt@openbsd.org> |
also create a relink kit for ssh-agent, since it is a long-running setgid
program carrying keys with some (not very powerful) communication channels.
solution for testing the binary from dtucker. ag
also create a relink kit for ssh-agent, since it is a long-running setgid
program carrying keys with some (not very powerful) communication channels.
solution for testing the binary from dtucker. agreement from djm.
Will add it into /etc/rc in a few days.
show more ...
|
| #
6e2e0391 |
| 03-Apr-2020 |
djm <djm@openbsd.org> |
give ssh-keygen the ability to dump the contents of a binary key
revocation list: ssh-keygen -lQf /path bz#3132; ok dtucker
|
| #
62af2284 |
| 25-Jan-2020 |
djm <djm@openbsd.org> |
factor out reading/writing sshbufs to dedicated functions;
feedback and ok markus@
|
| #
4852100a |
| 13-Dec-2019 |
djm <djm@openbsd.org> |
use ssh-sk-helper for all security key signing operations
This extracts and refactors the client interface for ssh-sk-helper
from ssh-agent and generalises it for use by the other programs.
This mea
use ssh-sk-helper for all security key signing operations
This extracts and refactors the client interface for ssh-sk-helper
from ssh-agent and generalises it for use by the other programs.
This means that most OpenSSH tools no longer need to link against
libfido2 or directly interact with /dev/uhid*
requested by, feedback and ok markus@
show more ...
|
| #
094c80e0 |
| 14-Nov-2019 |
djm <djm@openbsd.org> |
directly support U2F/FIDO2 security keys in OpenSSH by linking
against the (previously external) USB HID middleware. The dlopen()
capability still exists for alternate middlewares, e.g. for
Bluetooth
directly support U2F/FIDO2 security keys in OpenSSH by linking
against the (previously external) USB HID middleware. The dlopen()
capability still exists for alternate middlewares, e.g. for
Bluetooth, NFC and test/debugging.
show more ...
|
| #
e3a62e69 |
| 31-Oct-2019 |
djm <djm@openbsd.org> |
Refactor signing - use sshkey_sign for everything, including the new
U2F signatures.
Don't use sshsk_ecdsa_sign() directly, instead make it reachable via
sshkey_sign() like all other signature opera
Refactor signing - use sshkey_sign for everything, including the new
U2F signatures.
Don't use sshsk_ecdsa_sign() directly, instead make it reachable via
sshkey_sign() like all other signature operations. This means that
we need to add a provider argument to sshkey_sign(), so most of this
change is mechanically adding that.
Suggested by / ok markus@
show more ...
|
| #
19e6a92c |
| 31-Oct-2019 |
djm <djm@openbsd.org> |
ssh-agent support for U2F/FIDO keys
feedback & ok markus@
|
| #
00af78b5 |
| 06-Sep-2019 |
djm <djm@openbsd.org> |
avoid compiling certain files that deeply depend on libcrypto when
WITH_OPENSSL isn't set
|
| #
4ae7035e |
| 25-Jul-2018 |
deraadt <deraadt@openbsd.org> |
Don't redefine Makefile choices which come correct from bsd.*.mk
ok markus
|
| #
7f8ae3c2 |
| 11-Jul-2018 |
markus <markus@openbsd.org> |
remove legacy key emulation layer; ok djm@
|
| #
a74252e9 |
| 09-Jul-2018 |
markus <markus@openbsd.org> |
remove legacy buffer API emulation layer; ok djm@
|
| #
9938e17f |
| 08-Jan-2018 |
markus <markus@openbsd.org> |
group shared source files (e.g. SRCS_KEX) and allow compilation w/o OPENSSL
ok djm@
|
| #
c0c5a1b7 |
| 14-Dec-2017 |
naddy <naddy@openbsd.org> |
Replace ED25519's private SHA-512 implementation with a call to the
regular digest code. This speeds up compilation considerably.
ok markus@
|
| #
e34d2894 |
| 10-Dec-2017 |
deraadt <deraadt@openbsd.org> |
ssh/lib hasn't worked towards our code-sharing goals for a quit while,
perhaps it is too verbose? Change each */Makefile to specifying exactly
what sources that program requires, compiling it sepera
ssh/lib hasn't worked towards our code-sharing goals for a quit while,
perhaps it is too verbose? Change each */Makefile to specifying exactly
what sources that program requires, compiling it seperate. Maybe we'll
iterate by sorting those into seperatable chunks, splitting up files
which contain common code + server/client specific code, or whatnot. But
this isn't one step, or we'd have done it a long time ago..
ok dtucker markus djm
show more ...
|
| #
db0c671b |
| 10-Jul-2017 |
espie <espie@openbsd.org> |
zap redundant Makefile variables.
okay djm@
|
| #
55b8f34c |
| 09-Feb-2010 |
markus <markus@openbsd.org> |
enable PKCS#11 code; ok djm
|
| #
41503faf |
| 08-Feb-2010 |
markus <markus@openbsd.org> |
replace our obsolete smartcard code with PKCS#11.
ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf
ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11
provider (sha
replace our obsolete smartcard code with PKCS#11.
ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf
ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11
provider (shared library) while ssh-agent(1) delegates PKCS#11 to
a forked a ssh-pkcs11-helper process.
PKCS#11 is currently a compile time option.
feedback and ok djm@; inspired by patches from Alon Bar-Lev
show more ...
|
| #
d45fe334 |
| 12-Aug-2002 |
markus <markus@openbsd.org> |
make ssh-agent setgid, disallow ptrace.
|
| #
b89b612b |
| 27-Jun-2001 |
markus <markus@openbsd.org> |
move -lsectok to Makefile.inc for now
|
| #
10bfcb1d |
| 26-Jun-2001 |
markus <markus@openbsd.org> |
add smartcard support to the makefiles (commented out);
the smartcard support is based on work by itoi@eecs.umich.edu
|
| #
ab7a97f4 |
| 26-Jun-2001 |
markus <markus@openbsd.org> |
unbreak
|
| #
790315b0 |
| 26-Jun-2001 |
markus <markus@openbsd.org> |
more smartcard support.
|
| #
076d84dc |
| 04-Mar-2001 |
markus <markus@openbsd.org> |
don't link unused libs
|
| #
9a241266 |
| 03-Mar-2001 |
markus <markus@openbsd.org> |
log*.c -> log.c
|