History log of /openbsd-src/usr.bin/ssh/ssh-keysign.c (Results 51 – 74 of 74)
Revision Date Author Comments
# d57915d6 06-Jul-2006 stevesk <stevesk@openbsd.org>

move #include <pwd.h> out of includes.h; ok markus@


# 374bfa89 02-Apr-2006 dtucker <dtucker@openbsd.org>

sessionid can be 32 bytes now too when sha256 kex is used; ok djm@


# 7ef31a41 25-Mar-2006 djm <djm@openbsd.org>

Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that
Theo nuked - our scripts to sync -portable need them in the files


# 4bfeb04e 19-Mar-2006 deraadt <deraadt@openbsd.org>

RCSID() can die


# a0b0b69d 08-Feb-2006 stevesk <stevesk@openbsd.org>

move #include <paths.h> out of includes.h; ok markus@


# 399d21a6 13-Sep-2005 djm <djm@openbsd.org>

ensure that stdio fds are attached; ok deraadt@


# 761e1af9 23-Aug-2004 dtucker <dtucker@openbsd.org>

Remove duplicate getuid(), suggested by & ok markus@


# e059ceb3 23-Aug-2004 dtucker <dtucker@openbsd.org>

Use permanently_set_uid() in ssh and ssh-keysign for consistency, matches
change in Portable; ok markus@


# 8de77409 18-Apr-2004 djm <djm@openbsd.org>

perform strict ownership and modes checks for ~/.ssh/config files, as these
can be used to execute arbitrary programs; ok markus@

NB. ssh will now exit when it detects a config with poor permissions


# 3205e54a 19-Jan-2004 markus <markus@openbsd.org>

fix mem leaks; some fixes from Pete Flugstad; tested dtucker@


# 3c7791bd 17-Nov-2003 djm <djm@openbsd.org>

return error on msg send/receive failure (rather than fatal); ok markus@


# aea7b5d8 03-Jul-2003 djm <djm@openbsd.org>

fix AddressFamily option in config file, from brent@graveland.net; ok markus@


# 93c38a72 16-May-2003 djm <djm@openbsd.org>

add AddressFamily option to ssh_config (like -4, -6 on commandline).
Portable bug #534; ok markus@


# 9f88b722 02-Apr-2003 markus <markus@openbsd.org>

potential segfault if KEY_UNSPEC; cjwatson@debian.org; bug #526


# 4f51379f 13-Mar-2003 markus <markus@openbsd.org>

move RSA_blinding_on to generic key load method


# cc11bcf2 19-Dec-2002 djm <djm@openbsd.org>

s/msg_send/ssh_msg_send/ to avoid namespace clashes in portable; ok markus@


# 87c2e2c1 07-Nov-2002 markus <markus@openbsd.org>

we cannot use HostbasedAuthentication for enabling ssh-keysign(8),
because HostbasedAuthentication might be enabled based on the
target host and ssh-keysign(8) does not know the remote hostname
and n

we cannot use HostbasedAuthentication for enabling ssh-keysign(8),
because HostbasedAuthentication might be enabled based on the
target host and ssh-keysign(8) does not know the remote hostname
and not trust ssh(1) about the hostname, so we add a new option
EnableSSHKeysign; ok djm@, report from zierke@informatik.uni-hamburg.de

show more ...


# d851c2be 03-Jul-2002 markus <markus@openbsd.org>

re-enable ssh-keysign's sbit, but make ssh-keysign read /etc/ssh/ssh_config
and exit if HostbasedAuthentication is disabled globally. based on discussions
with deraadt, itojun and sommerfeld; ok itoj

re-enable ssh-keysign's sbit, but make ssh-keysign read /etc/ssh/ssh_config
and exit if HostbasedAuthentication is disabled globally. based on discussions
with deraadt, itojun and sommerfeld; ok itojun@

show more ...


# 1666c37d 03-Jul-2002 markus <markus@openbsd.org>

use RSA_blinding_on() for rsa hostkeys (suggested by Bill Sommerfeld)
in order to avoid a possible Kocher timing attack pointed out by Charles
Hannum; ok provos@


# cf478148 26-Jun-2002 markus <markus@openbsd.org>

bug #304, xfree(data) called to early; openssh@sigint.cs.purdue.edu


# 4d92f097 19-Jun-2002 deraadt <deraadt@openbsd.org>

KNF done automatically while reading....


# e6471dca 08-Jun-2002 markus <markus@openbsd.org>

only accept 20 byte session ids


# 6e8cec49 31-May-2002 markus <markus@openbsd.org>

extent ssh-keysign protocol:
pass # of socket-fd to ssh-keysign, keysign verfies locally used
ip-address using this socket-fd, restricts fake local hostnames
to actual local hostnames; ok stevesk@


# 44c8244e 23-May-2002 markus <markus@openbsd.org>

add /usr/libexec/ssh-keysign: a setuid helper program for hostbased authentication
in protocol v2 (needs to access the hostkeys).


123