| #
6e2e0391 |
| 03-Apr-2020 |
djm <djm@openbsd.org> |
give ssh-keygen the ability to dump the contents of a binary key
revocation list: ssh-keygen -lQf /path bz#3132; ok dtucker
|
| #
62af2284 |
| 25-Jan-2020 |
djm <djm@openbsd.org> |
factor out reading/writing sshbufs to dedicated functions;
feedback and ok markus@
|
| #
d2d1ddc0 |
| 23-Jan-2020 |
dtucker <dtucker@openbsd.org> |
Make zlib optional. This adds a "ZLIB" build time option that allows
building without zlib compression and associated options. With feedback
from markus@, ok djm@
|
| #
4852100a |
| 13-Dec-2019 |
djm <djm@openbsd.org> |
use ssh-sk-helper for all security key signing operations
This extracts and refactors the client interface for ssh-sk-helper
from ssh-agent and generalises it for use by the other programs.
This mea
use ssh-sk-helper for all security key signing operations
This extracts and refactors the client interface for ssh-sk-helper
from ssh-agent and generalises it for use by the other programs.
This means that most OpenSSH tools no longer need to link against
libfido2 or directly interact with /dev/uhid*
requested by, feedback and ok markus@
show more ...
|
| #
094c80e0 |
| 14-Nov-2019 |
djm <djm@openbsd.org> |
directly support U2F/FIDO2 security keys in OpenSSH by linking
against the (previously external) USB HID middleware. The dlopen()
capability still exists for alternate middlewares, e.g. for
Bluetooth
directly support U2F/FIDO2 security keys in OpenSSH by linking
against the (previously external) USB HID middleware. The dlopen()
capability still exists for alternate middlewares, e.g. for
Bluetooth, NFC and test/debugging.
show more ...
|
| #
01cfcf25 |
| 27-Dec-2018 |
djm <djm@openbsd.org> |
move client/server SSH-* banners to buffers under ssh->kex and factor
out the banner exchange. This eliminates some common code from the
client and server.
Also be more strict about handling \r char
move client/server SSH-* banners to buffers under ssh->kex and factor
out the banner exchange. This eliminates some common code from the
client and server.
Also be more strict about handling \r characters - these should only
be accepted immediately before \n (pointed out by Jann Horn).
Inspired by a patch from Markus Schmidt.
(lots of) feedback and ok markus@
show more ...
|
| #
4ae7035e |
| 25-Jul-2018 |
deraadt <deraadt@openbsd.org> |
Don't redefine Makefile choices which come correct from bsd.*.mk
ok markus
|
| #
be0d4aa5 |
| 18-Jul-2018 |
dtucker <dtucker@openbsd.org> |
Remove support for running ssh(1) setuid and fatal if attempted.
Do not link uidwap.c into ssh any more. Neuters UsePrivilegedPort,
which will be marked as deprecated shortly. ok markus@ djm@
|
| #
9938e17f |
| 08-Jan-2018 |
markus <markus@openbsd.org> |
group shared source files (e.g. SRCS_KEX) and allow compilation w/o OPENSSL
ok djm@
|
| #
c0c5a1b7 |
| 14-Dec-2017 |
naddy <naddy@openbsd.org> |
Replace ED25519's private SHA-512 implementation with a call to the
regular digest code. This speeds up compilation considerably.
ok markus@
|
| #
a3ef2fce |
| 12-Dec-2017 |
naddy <naddy@openbsd.org> |
Create a persistent umac128.c source file: #define the output size and
the name of the entry points for UMAC-128 before including umac.c.
Idea from FreeBSD.
ok dtucker@
|
| #
e34d2894 |
| 10-Dec-2017 |
deraadt <deraadt@openbsd.org> |
ssh/lib hasn't worked towards our code-sharing goals for a quit while,
perhaps it is too verbose? Change each */Makefile to specifying exactly
what sources that program requires, compiling it sepera
ssh/lib hasn't worked towards our code-sharing goals for a quit while,
perhaps it is too verbose? Change each */Makefile to specifying exactly
what sources that program requires, compiling it seperate. Maybe we'll
iterate by sorting those into seperatable chunks, splitting up files
which contain common code + server/client specific code, or whatnot. But
this isn't one step, or we'd have done it a long time ago..
ok dtucker markus djm
show more ...
|
| #
9068ae8f |
| 14-Jan-2016 |
markus <markus@openbsd.org> |
remove roaming support; ok djm@
|
| #
21662c96 |
| 02-Jul-2013 |
markus <markus@openbsd.org> |
add missing library dependencies
|
| #
ef2ed092 |
| 16-May-2013 |
dtucker <dtucker@openbsd.org> |
switch RekeyLimit traffic volume parsing to scan_scaled. ok djm@
|
| #
46b8043e |
| 28-May-2009 |
andreas <andreas@openbsd.org> |
Keep track of number of bytes read and written. Needed for upcoming
changes. Most code from Martin Forssen, maf at appgate dot com.
ok markus@
|
| #
d851c2be |
| 03-Jul-2002 |
markus <markus@openbsd.org> |
re-enable ssh-keysign's sbit, but make ssh-keysign read /etc/ssh/ssh_config
and exit if HostbasedAuthentication is disabled globally. based on discussions
with deraadt, itojun and sommerfeld; ok itoj
re-enable ssh-keysign's sbit, but make ssh-keysign read /etc/ssh/ssh_config
and exit if HostbasedAuthentication is disabled globally. based on discussions
with deraadt, itojun and sommerfeld; ok itojun@
show more ...
|
| #
749f8979 |
| 01-Jul-2002 |
markus <markus@openbsd.org> |
disable ssh-keysign for now (no sbit); netbsd via itojun
|
| #
6e8cec49 |
| 31-May-2002 |
markus <markus@openbsd.org> |
extent ssh-keysign protocol:
pass # of socket-fd to ssh-keysign, keysign verfies locally used
ip-address using this socket-fd, restricts fake local hostnames
to actual local hostnames; ok stevesk@
|
| #
8bc1c32f |
| 25-May-2002 |
markus <markus@openbsd.org> |
first version of ssh-keysign manpage, ok deraadt@
|
| #
44c8244e |
| 23-May-2002 |
markus <markus@openbsd.org> |
add /usr/libexec/ssh-keysign: a setuid helper program for hostbased authentication
in protocol v2 (needs to access the hostkeys).
|