#
1.74 |
|
30-Apr-2024 |
djm |
stricter validation of messaging socket fd number; disallow usage of stderr. Based on GHPR492 by RealHurrison
|
Revision tags: OPENBSD_7_5_BASE
|
#
1.73 |
|
11-Jan-2024 |
djm |
ensure key_fd is filled when DSA is disabled; spotted by tb@
|
#
1.72 |
|
11-Jan-2024 |
djm |
make DSA key support compile-time optional, defaulting to on
ok markus@
|
Revision tags: OPENBSD_7_2_BASE OPENBSD_7_3_BASE OPENBSD_7_4_BASE
|
#
1.71 |
|
01-Aug-2022 |
djm |
avoid double-free in error path introduced in r1.70; report and fix based on GHPR#332 by v-rzh ok dtucker@
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.70 |
|
06-Jan-2022 |
djm |
make ssh-keysign use the requested signature algorithm and not the default for the keytype. Part of unbreaking hostbased auth for RSA/SHA2 keys. ok markus@
|
#
1.69 |
|
13-Nov-2021 |
deraadt |
It really looks like pledge "stdio dns" is possible earlier. Discussed with mestre
|
#
1.68 |
|
10-Nov-2021 |
djm |
fix ssh-keysign for KEX algorithms that use SHA384/512 exchange hashes; feedback/ok markus@
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.67 |
|
05-Jul-2021 |
dtucker |
Order includes as per style(9). Portable already has these so this removes a handful of diffs between the two.
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.66 |
|
17-Dec-2020 |
djm |
prepare readconf.c for fuzzing; remove fatal calls and fix some (one-off) memory leaks; ok markus@
|
#
1.65 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.64 |
|
27-Aug-2020 |
djm |
support for user-verified FIDO keys
FIDO2 supports a notion of "user verification" where the user is required to demonstrate their identity to the token before particular operations (e.g. signing). Typically this is done by authenticating themselves using a PIN that has been set on the token.
This adds support for generating and using user verified keys where the verification happens via PIN (other options might be added in the future, but none are in common use now). Practically, this adds another key generation option "verify-required" that yields a key that requires a PIN before each authentication.
feedback markus@ and Pedro Martelletto; ok markus@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.63 |
|
18-Nov-2019 |
naddy |
additional missing stdarg.h includes when built without WITH_OPENSSL; ok djm@
|
#
1.62 |
|
31-Oct-2019 |
djm |
Refactor signing - use sshkey_sign for everything, including the new U2F signatures.
Don't use sshsk_ecdsa_sign() directly, instead make it reachable via sshkey_sign() like all other signature operations. This means that we need to add a provider argument to sshkey_sign(), so most of this change is mechanically adding that.
Suggested by / ok markus@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.61 |
|
02-Oct-2019 |
djm |
remove some duplicate #includes
|
#
1.60 |
|
06-Sep-2019 |
djm |
fixes for !WITH_OPENSSL compilation; ok dtucker@
|
#
1.59 |
|
06-Sep-2019 |
djm |
lots of things were relying on libcrypto headers to transitively include various system headers (mostly stdlib.h); include them explicitly
|
#
1.58 |
|
14-Jun-2019 |
djm |
if passed a bad fd, log what it was
|
#
1.57 |
|
06-Jun-2019 |
otto |
Replace calls to ssh_malloc_init() by a static init of malloc_options. Prepares for changes in the way malloc is initialized. ok guenther@ dtucker@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.56 |
|
23-Nov-2018 |
djm |
add a ssh_config "Match final" predicate
Matches in same pass as "Match canonical" but doesn't require hostname canonicalisation be enabled. bz#2906 ok markus
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.55 |
|
27-Jul-2018 |
dtucker |
Now that ssh can't be setuid, remove the original_real_uid and original_effective_uid globals and replace with calls to plain getuid(). ok djm@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.54 |
|
23-Feb-2018 |
markus |
Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@
|
#
1.53 |
|
07-Feb-2018 |
dtucker |
ssh_free checks for and handles NULL args, remove NULL checks from remaining callers. ok djm@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.52 |
|
15-Feb-2016 |
dtucker |
Add a function to enable security-related malloc_options. With and ok deraadt@, something similar has been in the snaps for a while.
|
#
1.51 |
|
04-Dec-2015 |
markus |
implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt; with & ok djm@
|
#
1.50 |
|
29-Nov-2015 |
djm |
pledge, better fatal() messages; feedback deraadt@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.49 |
|
03-Jul-2015 |
djm |
add an XXX reminder for getting correct key paths from sshd_config
|
#
1.48 |
|
24-Mar-2015 |
markus |
consistent check for NULL as noted by Nicholas Lemonias; ok djm@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.47 |
|
28-Jan-2015 |
djm |
update to new API (key_fingerprint => sshkey_fingerprint) check sshkey_fingerprint return values; ok markus
|
#
1.46 |
|
15-Jan-2015 |
djm |
sync ssh-keysign, ssh-keygen and some dependencies to the new buffer/key API; mostly mechanical, ok markus@
|
#
1.45 |
|
08-Jan-2015 |
djm |
deprecate key_load_private_pem() and sshkey_load_private_pem() interfaces. Refactor the generic key loading API to not require pathnames to be specified (they weren't really used).
Fixes a few other things en passant:
Makes ed25519 keys work for hostbased authentication (ssh-keysign previously used the PEM-only routines).
Fixes key comment regression bz#2306: key pathnames were being lost as comment fields.
ok markus@
|
#
1.44 |
|
21-Dec-2014 |
djm |
Add FingerprintHash option to control algorithm used for key fingerprints. Default changes from MD5 to SHA256 and format from hex to base64.
Feedback and ok naddy@ markus@
|
#
1.43 |
|
08-Oct-2014 |
djm |
Tweak config reparsing with host canonicalisation
Make the second pass through the config files always run when hostname canonicalisation is enabled.
Add a "Match canonical" criteria that allows ssh_config Match blocks to trigger only in the second config pass.
Add a -G option to ssh that causes it to parse its configuration and dump the result to stdout, similar to "sshd -T"
Allow ssh_config Port options set in the second config parse phase to be applied (they were being ignored).
bz#2267 bz#2286; ok markus
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.42 |
|
29-Apr-2014 |
markus |
make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
|
#
1.41 |
|
19-Apr-2014 |
tedu |
Delete futile calls to RAND_seed. ok djm
|
#
1.40 |
|
01-Apr-2014 |
djm |
include fingerprint of key not found use arc4random_buf() instead of loop+arc4random()
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.39 |
|
06-Dec-2013 |
markus |
support ed25519 keys (hostkeys and user identities) using the public domain ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html feedback, help & ok djm@
|
#
1.38 |
|
14-Oct-2013 |
djm |
add a "Match" keyword to ssh_config that allows matching on hostname, user and result of arbitrary commands. "nice work" markus@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.37 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.36 |
|
16-Feb-2011 |
djm |
make hostbased auth with ECDSA keys work correctly. Based on patch by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock)
|
#
1.35 |
|
31-Aug-2010 |
djm |
reintroduce commit from tedu@, which I pulled out for release engineering:
OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
|
#
1.34 |
|
16-Aug-2010 |
djm |
backout previous temporarily; discussed with deraadt@
|
#
1.33 |
|
12-Aug-2010 |
tedu |
OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.32 |
|
04-Aug-2010 |
djm |
clean for -Wuninitialized
|
#
1.31 |
|
04-Aug-2010 |
djm |
enable certificates for hostbased authentication, from Iain Morgan; "looks ok" markus@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.30 |
|
13-Jan-2010 |
dtucker |
Make HostBased authentication work with a ProxyCommand. bz #1569, patch from imorgan at nas nasa gov, ok djm@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.29 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.28 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.27 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.26 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.25 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.24 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.23 |
|
02-Apr-2006 |
dtucker |
sessionid can be 32 bytes now too when sha256 kex is used; ok djm@
|
#
1.22 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.21 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.20 |
|
08-Feb-2006 |
stevesk |
branches: 1.20.2; move #include <paths.h> out of includes.h; ok markus@
|
#
1.19 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE
|
#
1.18 |
|
23-Aug-2004 |
dtucker |
branches: 1.18.4; 1.18.6; Remove duplicate getuid(), suggested by & ok markus@
|
#
1.17 |
|
23-Aug-2004 |
dtucker |
Use permanently_set_uid() in ssh and ssh-keysign for consistency, matches change in Portable; ok markus@
|
#
1.16 |
|
18-Apr-2004 |
djm |
perform strict ownership and modes checks for ~/.ssh/config files, as these can be used to execute arbitrary programs; ok markus@
NB. ssh will now exit when it detects a config with poor permissions
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.15 |
|
19-Jan-2004 |
markus |
branches: 1.15.2; fix mem leaks; some fixes from Pete Flugstad; tested dtucker@
|
#
1.14 |
|
17-Nov-2003 |
djm |
return error on msg send/receive failure (rather than fatal); ok markus@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.13 |
|
03-Jul-2003 |
djm |
branches: 1.13.2; fix AddressFamily option in config file, from brent@graveland.net; ok markus@
|
#
1.12 |
|
16-May-2003 |
djm |
add AddressFamily option to ssh_config (like -4, -6 on commandline). Portable bug #534; ok markus@
|
#
1.11 |
|
02-Apr-2003 |
markus |
potential segfault if KEY_UNSPEC; cjwatson@debian.org; bug #526
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.10 |
|
13-Mar-2003 |
markus |
branches: 1.10.2; move RSA_blinding_on to generic key load method
|
#
1.9 |
|
19-Dec-2002 |
djm |
s/msg_send/ssh_msg_send/ to avoid namespace clashes in portable; ok markus@
|
#
1.8 |
|
07-Nov-2002 |
markus |
we cannot use HostbasedAuthentication for enabling ssh-keysign(8), because HostbasedAuthentication might be enabled based on the target host and ssh-keysign(8) does not know the remote hostname and not trust ssh(1) about the hostname, so we add a new option EnableSSHKeysign; ok djm@, report from zierke@informatik.uni-hamburg.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.7 |
|
03-Jul-2002 |
markus |
branches: 1.7.2; re-enable ssh-keysign's sbit, but make ssh-keysign read /etc/ssh/ssh_config and exit if HostbasedAuthentication is disabled globally. based on discussions with deraadt, itojun and sommerfeld; ok itojun@
|
#
1.6 |
|
03-Jul-2002 |
markus |
use RSA_blinding_on() for rsa hostkeys (suggested by Bill Sommerfeld) in order to avoid a possible Kocher timing attack pointed out by Charles Hannum; ok provos@
|
#
1.5 |
|
26-Jun-2002 |
markus |
bug #304, xfree(data) called to early; openssh@sigint.cs.purdue.edu
|
#
1.4 |
|
19-Jun-2002 |
deraadt |
branches: 1.4.2; 1.4.4; KNF done automatically while reading....
|
#
1.3 |
|
08-Jun-2002 |
markus |
only accept 20 byte session ids
|
#
1.2 |
|
31-May-2002 |
markus |
extent ssh-keysign protocol: pass # of socket-fd to ssh-keysign, keysign verfies locally used ip-address using this socket-fd, restricts fake local hostnames to actual local hostnames; ok stevesk@
|
#
1.1 |
|
23-May-2002 |
markus |
add /usr/libexec/ssh-keysign: a setuid helper program for hostbased authentication in protocol v2 (needs to access the hostkeys).
|
#
1.73 |
|
11-Jan-2024 |
djm |
ensure key_fd is filled when DSA is disabled; spotted by tb@
|
#
1.72 |
|
11-Jan-2024 |
djm |
make DSA key support compile-time optional, defaulting to on
ok markus@
|
Revision tags: OPENBSD_7_2_BASE OPENBSD_7_3_BASE OPENBSD_7_4_BASE
|
#
1.71 |
|
01-Aug-2022 |
djm |
avoid double-free in error path introduced in r1.70; report and fix based on GHPR#332 by v-rzh ok dtucker@
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.70 |
|
06-Jan-2022 |
djm |
make ssh-keysign use the requested signature algorithm and not the default for the keytype. Part of unbreaking hostbased auth for RSA/SHA2 keys. ok markus@
|
#
1.69 |
|
13-Nov-2021 |
deraadt |
It really looks like pledge "stdio dns" is possible earlier. Discussed with mestre
|
#
1.68 |
|
10-Nov-2021 |
djm |
fix ssh-keysign for KEX algorithms that use SHA384/512 exchange hashes; feedback/ok markus@
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.67 |
|
05-Jul-2021 |
dtucker |
Order includes as per style(9). Portable already has these so this removes a handful of diffs between the two.
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.66 |
|
17-Dec-2020 |
djm |
prepare readconf.c for fuzzing; remove fatal calls and fix some (one-off) memory leaks; ok markus@
|
#
1.65 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.64 |
|
27-Aug-2020 |
djm |
support for user-verified FIDO keys
FIDO2 supports a notion of "user verification" where the user is required to demonstrate their identity to the token before particular operations (e.g. signing). Typically this is done by authenticating themselves using a PIN that has been set on the token.
This adds support for generating and using user verified keys where the verification happens via PIN (other options might be added in the future, but none are in common use now). Practically, this adds another key generation option "verify-required" that yields a key that requires a PIN before each authentication.
feedback markus@ and Pedro Martelletto; ok markus@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.63 |
|
18-Nov-2019 |
naddy |
additional missing stdarg.h includes when built without WITH_OPENSSL; ok djm@
|
#
1.62 |
|
31-Oct-2019 |
djm |
Refactor signing - use sshkey_sign for everything, including the new U2F signatures.
Don't use sshsk_ecdsa_sign() directly, instead make it reachable via sshkey_sign() like all other signature operations. This means that we need to add a provider argument to sshkey_sign(), so most of this change is mechanically adding that.
Suggested by / ok markus@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.61 |
|
02-Oct-2019 |
djm |
remove some duplicate #includes
|
#
1.60 |
|
06-Sep-2019 |
djm |
fixes for !WITH_OPENSSL compilation; ok dtucker@
|
#
1.59 |
|
06-Sep-2019 |
djm |
lots of things were relying on libcrypto headers to transitively include various system headers (mostly stdlib.h); include them explicitly
|
#
1.58 |
|
14-Jun-2019 |
djm |
if passed a bad fd, log what it was
|
#
1.57 |
|
06-Jun-2019 |
otto |
Replace calls to ssh_malloc_init() by a static init of malloc_options. Prepares for changes in the way malloc is initialized. ok guenther@ dtucker@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.56 |
|
23-Nov-2018 |
djm |
add a ssh_config "Match final" predicate
Matches in same pass as "Match canonical" but doesn't require hostname canonicalisation be enabled. bz#2906 ok markus
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.55 |
|
27-Jul-2018 |
dtucker |
Now that ssh can't be setuid, remove the original_real_uid and original_effective_uid globals and replace with calls to plain getuid(). ok djm@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.54 |
|
23-Feb-2018 |
markus |
Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@
|
#
1.53 |
|
07-Feb-2018 |
dtucker |
ssh_free checks for and handles NULL args, remove NULL checks from remaining callers. ok djm@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.52 |
|
15-Feb-2016 |
dtucker |
Add a function to enable security-related malloc_options. With and ok deraadt@, something similar has been in the snaps for a while.
|
#
1.51 |
|
04-Dec-2015 |
markus |
implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt; with & ok djm@
|
#
1.50 |
|
29-Nov-2015 |
djm |
pledge, better fatal() messages; feedback deraadt@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.49 |
|
03-Jul-2015 |
djm |
add an XXX reminder for getting correct key paths from sshd_config
|
#
1.48 |
|
24-Mar-2015 |
markus |
consistent check for NULL as noted by Nicholas Lemonias; ok djm@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.47 |
|
28-Jan-2015 |
djm |
update to new API (key_fingerprint => sshkey_fingerprint) check sshkey_fingerprint return values; ok markus
|
#
1.46 |
|
15-Jan-2015 |
djm |
sync ssh-keysign, ssh-keygen and some dependencies to the new buffer/key API; mostly mechanical, ok markus@
|
#
1.45 |
|
08-Jan-2015 |
djm |
deprecate key_load_private_pem() and sshkey_load_private_pem() interfaces. Refactor the generic key loading API to not require pathnames to be specified (they weren't really used).
Fixes a few other things en passant:
Makes ed25519 keys work for hostbased authentication (ssh-keysign previously used the PEM-only routines).
Fixes key comment regression bz#2306: key pathnames were being lost as comment fields.
ok markus@
|
#
1.44 |
|
21-Dec-2014 |
djm |
Add FingerprintHash option to control algorithm used for key fingerprints. Default changes from MD5 to SHA256 and format from hex to base64.
Feedback and ok naddy@ markus@
|
#
1.43 |
|
08-Oct-2014 |
djm |
Tweak config reparsing with host canonicalisation
Make the second pass through the config files always run when hostname canonicalisation is enabled.
Add a "Match canonical" criteria that allows ssh_config Match blocks to trigger only in the second config pass.
Add a -G option to ssh that causes it to parse its configuration and dump the result to stdout, similar to "sshd -T"
Allow ssh_config Port options set in the second config parse phase to be applied (they were being ignored).
bz#2267 bz#2286; ok markus
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.42 |
|
29-Apr-2014 |
markus |
make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
|
#
1.41 |
|
19-Apr-2014 |
tedu |
Delete futile calls to RAND_seed. ok djm
|
#
1.40 |
|
01-Apr-2014 |
djm |
include fingerprint of key not found use arc4random_buf() instead of loop+arc4random()
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.39 |
|
06-Dec-2013 |
markus |
support ed25519 keys (hostkeys and user identities) using the public domain ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html feedback, help & ok djm@
|
#
1.38 |
|
14-Oct-2013 |
djm |
add a "Match" keyword to ssh_config that allows matching on hostname, user and result of arbitrary commands. "nice work" markus@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.37 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.36 |
|
16-Feb-2011 |
djm |
make hostbased auth with ECDSA keys work correctly. Based on patch by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock)
|
#
1.35 |
|
31-Aug-2010 |
djm |
reintroduce commit from tedu@, which I pulled out for release engineering:
OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
|
#
1.34 |
|
16-Aug-2010 |
djm |
backout previous temporarily; discussed with deraadt@
|
#
1.33 |
|
12-Aug-2010 |
tedu |
OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.32 |
|
04-Aug-2010 |
djm |
clean for -Wuninitialized
|
#
1.31 |
|
04-Aug-2010 |
djm |
enable certificates for hostbased authentication, from Iain Morgan; "looks ok" markus@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.30 |
|
13-Jan-2010 |
dtucker |
Make HostBased authentication work with a ProxyCommand. bz #1569, patch from imorgan at nas nasa gov, ok djm@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.29 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.28 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.27 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.26 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.25 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.24 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.23 |
|
02-Apr-2006 |
dtucker |
sessionid can be 32 bytes now too when sha256 kex is used; ok djm@
|
#
1.22 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.21 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.20 |
|
08-Feb-2006 |
stevesk |
branches: 1.20.2; move #include <paths.h> out of includes.h; ok markus@
|
#
1.19 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE
|
#
1.18 |
|
23-Aug-2004 |
dtucker |
branches: 1.18.4; 1.18.6; Remove duplicate getuid(), suggested by & ok markus@
|
#
1.17 |
|
23-Aug-2004 |
dtucker |
Use permanently_set_uid() in ssh and ssh-keysign for consistency, matches change in Portable; ok markus@
|
#
1.16 |
|
18-Apr-2004 |
djm |
perform strict ownership and modes checks for ~/.ssh/config files, as these can be used to execute arbitrary programs; ok markus@
NB. ssh will now exit when it detects a config with poor permissions
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.15 |
|
19-Jan-2004 |
markus |
branches: 1.15.2; fix mem leaks; some fixes from Pete Flugstad; tested dtucker@
|
#
1.14 |
|
17-Nov-2003 |
djm |
return error on msg send/receive failure (rather than fatal); ok markus@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.13 |
|
03-Jul-2003 |
djm |
branches: 1.13.2; fix AddressFamily option in config file, from brent@graveland.net; ok markus@
|
#
1.12 |
|
16-May-2003 |
djm |
add AddressFamily option to ssh_config (like -4, -6 on commandline). Portable bug #534; ok markus@
|
#
1.11 |
|
02-Apr-2003 |
markus |
potential segfault if KEY_UNSPEC; cjwatson@debian.org; bug #526
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.10 |
|
13-Mar-2003 |
markus |
branches: 1.10.2; move RSA_blinding_on to generic key load method
|
#
1.9 |
|
19-Dec-2002 |
djm |
s/msg_send/ssh_msg_send/ to avoid namespace clashes in portable; ok markus@
|
#
1.8 |
|
07-Nov-2002 |
markus |
we cannot use HostbasedAuthentication for enabling ssh-keysign(8), because HostbasedAuthentication might be enabled based on the target host and ssh-keysign(8) does not know the remote hostname and not trust ssh(1) about the hostname, so we add a new option EnableSSHKeysign; ok djm@, report from zierke@informatik.uni-hamburg.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.7 |
|
03-Jul-2002 |
markus |
branches: 1.7.2; re-enable ssh-keysign's sbit, but make ssh-keysign read /etc/ssh/ssh_config and exit if HostbasedAuthentication is disabled globally. based on discussions with deraadt, itojun and sommerfeld; ok itojun@
|
#
1.6 |
|
03-Jul-2002 |
markus |
use RSA_blinding_on() for rsa hostkeys (suggested by Bill Sommerfeld) in order to avoid a possible Kocher timing attack pointed out by Charles Hannum; ok provos@
|
#
1.5 |
|
26-Jun-2002 |
markus |
bug #304, xfree(data) called to early; openssh@sigint.cs.purdue.edu
|
#
1.4 |
|
19-Jun-2002 |
deraadt |
branches: 1.4.2; 1.4.4; KNF done automatically while reading....
|
#
1.3 |
|
08-Jun-2002 |
markus |
only accept 20 byte session ids
|
#
1.2 |
|
31-May-2002 |
markus |
extent ssh-keysign protocol: pass # of socket-fd to ssh-keysign, keysign verfies locally used ip-address using this socket-fd, restricts fake local hostnames to actual local hostnames; ok stevesk@
|
#
1.1 |
|
23-May-2002 |
markus |
add /usr/libexec/ssh-keysign: a setuid helper program for hostbased authentication in protocol v2 (needs to access the hostkeys).
|
#
1.71 |
|
01-Aug-2022 |
djm |
avoid double-free in error path introduced in r1.70; report and fix based on GHPR#332 by v-rzh ok dtucker@
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.70 |
|
06-Jan-2022 |
djm |
make ssh-keysign use the requested signature algorithm and not the default for the keytype. Part of unbreaking hostbased auth for RSA/SHA2 keys. ok markus@
|
#
1.69 |
|
13-Nov-2021 |
deraadt |
It really looks like pledge "stdio dns" is possible earlier. Discussed with mestre
|
#
1.68 |
|
10-Nov-2021 |
djm |
fix ssh-keysign for KEX algorithms that use SHA384/512 exchange hashes; feedback/ok markus@
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.67 |
|
05-Jul-2021 |
dtucker |
Order includes as per style(9). Portable already has these so this removes a handful of diffs between the two.
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.66 |
|
17-Dec-2020 |
djm |
prepare readconf.c for fuzzing; remove fatal calls and fix some (one-off) memory leaks; ok markus@
|
#
1.65 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.64 |
|
27-Aug-2020 |
djm |
support for user-verified FIDO keys
FIDO2 supports a notion of "user verification" where the user is required to demonstrate their identity to the token before particular operations (e.g. signing). Typically this is done by authenticating themselves using a PIN that has been set on the token.
This adds support for generating and using user verified keys where the verification happens via PIN (other options might be added in the future, but none are in common use now). Practically, this adds another key generation option "verify-required" that yields a key that requires a PIN before each authentication.
feedback markus@ and Pedro Martelletto; ok markus@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.63 |
|
18-Nov-2019 |
naddy |
additional missing stdarg.h includes when built without WITH_OPENSSL; ok djm@
|
#
1.62 |
|
31-Oct-2019 |
djm |
Refactor signing - use sshkey_sign for everything, including the new U2F signatures.
Don't use sshsk_ecdsa_sign() directly, instead make it reachable via sshkey_sign() like all other signature operations. This means that we need to add a provider argument to sshkey_sign(), so most of this change is mechanically adding that.
Suggested by / ok markus@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.61 |
|
02-Oct-2019 |
djm |
remove some duplicate #includes
|
#
1.60 |
|
06-Sep-2019 |
djm |
fixes for !WITH_OPENSSL compilation; ok dtucker@
|
#
1.59 |
|
06-Sep-2019 |
djm |
lots of things were relying on libcrypto headers to transitively include various system headers (mostly stdlib.h); include them explicitly
|
#
1.58 |
|
14-Jun-2019 |
djm |
if passed a bad fd, log what it was
|
#
1.57 |
|
06-Jun-2019 |
otto |
Replace calls to ssh_malloc_init() by a static init of malloc_options. Prepares for changes in the way malloc is initialized. ok guenther@ dtucker@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.56 |
|
23-Nov-2018 |
djm |
add a ssh_config "Match final" predicate
Matches in same pass as "Match canonical" but doesn't require hostname canonicalisation be enabled. bz#2906 ok markus
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.55 |
|
27-Jul-2018 |
dtucker |
Now that ssh can't be setuid, remove the original_real_uid and original_effective_uid globals and replace with calls to plain getuid(). ok djm@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.54 |
|
23-Feb-2018 |
markus |
Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@
|
#
1.53 |
|
07-Feb-2018 |
dtucker |
ssh_free checks for and handles NULL args, remove NULL checks from remaining callers. ok djm@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.52 |
|
15-Feb-2016 |
dtucker |
Add a function to enable security-related malloc_options. With and ok deraadt@, something similar has been in the snaps for a while.
|
#
1.51 |
|
04-Dec-2015 |
markus |
implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt; with & ok djm@
|
#
1.50 |
|
29-Nov-2015 |
djm |
pledge, better fatal() messages; feedback deraadt@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.49 |
|
03-Jul-2015 |
djm |
add an XXX reminder for getting correct key paths from sshd_config
|
#
1.48 |
|
24-Mar-2015 |
markus |
consistent check for NULL as noted by Nicholas Lemonias; ok djm@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.47 |
|
28-Jan-2015 |
djm |
update to new API (key_fingerprint => sshkey_fingerprint) check sshkey_fingerprint return values; ok markus
|
#
1.46 |
|
15-Jan-2015 |
djm |
sync ssh-keysign, ssh-keygen and some dependencies to the new buffer/key API; mostly mechanical, ok markus@
|
#
1.45 |
|
08-Jan-2015 |
djm |
deprecate key_load_private_pem() and sshkey_load_private_pem() interfaces. Refactor the generic key loading API to not require pathnames to be specified (they weren't really used).
Fixes a few other things en passant:
Makes ed25519 keys work for hostbased authentication (ssh-keysign previously used the PEM-only routines).
Fixes key comment regression bz#2306: key pathnames were being lost as comment fields.
ok markus@
|
#
1.44 |
|
21-Dec-2014 |
djm |
Add FingerprintHash option to control algorithm used for key fingerprints. Default changes from MD5 to SHA256 and format from hex to base64.
Feedback and ok naddy@ markus@
|
#
1.43 |
|
08-Oct-2014 |
djm |
Tweak config reparsing with host canonicalisation
Make the second pass through the config files always run when hostname canonicalisation is enabled.
Add a "Match canonical" criteria that allows ssh_config Match blocks to trigger only in the second config pass.
Add a -G option to ssh that causes it to parse its configuration and dump the result to stdout, similar to "sshd -T"
Allow ssh_config Port options set in the second config parse phase to be applied (they were being ignored).
bz#2267 bz#2286; ok markus
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.42 |
|
29-Apr-2014 |
markus |
make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
|
#
1.41 |
|
19-Apr-2014 |
tedu |
Delete futile calls to RAND_seed. ok djm
|
#
1.40 |
|
01-Apr-2014 |
djm |
include fingerprint of key not found use arc4random_buf() instead of loop+arc4random()
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.39 |
|
06-Dec-2013 |
markus |
support ed25519 keys (hostkeys and user identities) using the public domain ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html feedback, help & ok djm@
|
#
1.38 |
|
14-Oct-2013 |
djm |
add a "Match" keyword to ssh_config that allows matching on hostname, user and result of arbitrary commands. "nice work" markus@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.37 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.36 |
|
16-Feb-2011 |
djm |
make hostbased auth with ECDSA keys work correctly. Based on patch by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock)
|
#
1.35 |
|
31-Aug-2010 |
djm |
reintroduce commit from tedu@, which I pulled out for release engineering:
OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
|
#
1.34 |
|
16-Aug-2010 |
djm |
backout previous temporarily; discussed with deraadt@
|
#
1.33 |
|
12-Aug-2010 |
tedu |
OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.32 |
|
04-Aug-2010 |
djm |
clean for -Wuninitialized
|
#
1.31 |
|
04-Aug-2010 |
djm |
enable certificates for hostbased authentication, from Iain Morgan; "looks ok" markus@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.30 |
|
13-Jan-2010 |
dtucker |
Make HostBased authentication work with a ProxyCommand. bz #1569, patch from imorgan at nas nasa gov, ok djm@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.29 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.28 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.27 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.26 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.25 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.24 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.23 |
|
02-Apr-2006 |
dtucker |
sessionid can be 32 bytes now too when sha256 kex is used; ok djm@
|
#
1.22 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.21 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.20 |
|
08-Feb-2006 |
stevesk |
branches: 1.20.2; move #include <paths.h> out of includes.h; ok markus@
|
#
1.19 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE
|
#
1.18 |
|
23-Aug-2004 |
dtucker |
branches: 1.18.4; 1.18.6; Remove duplicate getuid(), suggested by & ok markus@
|
#
1.17 |
|
23-Aug-2004 |
dtucker |
Use permanently_set_uid() in ssh and ssh-keysign for consistency, matches change in Portable; ok markus@
|
#
1.16 |
|
18-Apr-2004 |
djm |
perform strict ownership and modes checks for ~/.ssh/config files, as these can be used to execute arbitrary programs; ok markus@
NB. ssh will now exit when it detects a config with poor permissions
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.15 |
|
19-Jan-2004 |
markus |
branches: 1.15.2; fix mem leaks; some fixes from Pete Flugstad; tested dtucker@
|
#
1.14 |
|
17-Nov-2003 |
djm |
return error on msg send/receive failure (rather than fatal); ok markus@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.13 |
|
03-Jul-2003 |
djm |
branches: 1.13.2; fix AddressFamily option in config file, from brent@graveland.net; ok markus@
|
#
1.12 |
|
16-May-2003 |
djm |
add AddressFamily option to ssh_config (like -4, -6 on commandline). Portable bug #534; ok markus@
|
#
1.11 |
|
02-Apr-2003 |
markus |
potential segfault if KEY_UNSPEC; cjwatson@debian.org; bug #526
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.10 |
|
13-Mar-2003 |
markus |
branches: 1.10.2; move RSA_blinding_on to generic key load method
|
#
1.9 |
|
19-Dec-2002 |
djm |
s/msg_send/ssh_msg_send/ to avoid namespace clashes in portable; ok markus@
|
#
1.8 |
|
07-Nov-2002 |
markus |
we cannot use HostbasedAuthentication for enabling ssh-keysign(8), because HostbasedAuthentication might be enabled based on the target host and ssh-keysign(8) does not know the remote hostname and not trust ssh(1) about the hostname, so we add a new option EnableSSHKeysign; ok djm@, report from zierke@informatik.uni-hamburg.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.7 |
|
03-Jul-2002 |
markus |
branches: 1.7.2; re-enable ssh-keysign's sbit, but make ssh-keysign read /etc/ssh/ssh_config and exit if HostbasedAuthentication is disabled globally. based on discussions with deraadt, itojun and sommerfeld; ok itojun@
|
#
1.6 |
|
03-Jul-2002 |
markus |
use RSA_blinding_on() for rsa hostkeys (suggested by Bill Sommerfeld) in order to avoid a possible Kocher timing attack pointed out by Charles Hannum; ok provos@
|
#
1.5 |
|
26-Jun-2002 |
markus |
bug #304, xfree(data) called to early; openssh@sigint.cs.purdue.edu
|
#
1.4 |
|
19-Jun-2002 |
deraadt |
branches: 1.4.2; 1.4.4; KNF done automatically while reading....
|
#
1.3 |
|
08-Jun-2002 |
markus |
only accept 20 byte session ids
|
#
1.2 |
|
31-May-2002 |
markus |
extent ssh-keysign protocol: pass # of socket-fd to ssh-keysign, keysign verfies locally used ip-address using this socket-fd, restricts fake local hostnames to actual local hostnames; ok stevesk@
|
#
1.1 |
|
23-May-2002 |
markus |
add /usr/libexec/ssh-keysign: a setuid helper program for hostbased authentication in protocol v2 (needs to access the hostkeys).
|
#
1.70 |
|
06-Jan-2022 |
djm |
make ssh-keysign use the requested signature algorithm and not the default for the keytype. Part of unbreaking hostbased auth for RSA/SHA2 keys. ok markus@
|
#
1.69 |
|
13-Nov-2021 |
deraadt |
It really looks like pledge "stdio dns" is possible earlier. Discussed with mestre
|
#
1.68 |
|
10-Nov-2021 |
djm |
fix ssh-keysign for KEX algorithms that use SHA384/512 exchange hashes; feedback/ok markus@
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.67 |
|
05-Jul-2021 |
dtucker |
Order includes as per style(9). Portable already has these so this removes a handful of diffs between the two.
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.66 |
|
17-Dec-2020 |
djm |
prepare readconf.c for fuzzing; remove fatal calls and fix some (one-off) memory leaks; ok markus@
|
#
1.65 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.64 |
|
27-Aug-2020 |
djm |
support for user-verified FIDO keys
FIDO2 supports a notion of "user verification" where the user is required to demonstrate their identity to the token before particular operations (e.g. signing). Typically this is done by authenticating themselves using a PIN that has been set on the token.
This adds support for generating and using user verified keys where the verification happens via PIN (other options might be added in the future, but none are in common use now). Practically, this adds another key generation option "verify-required" that yields a key that requires a PIN before each authentication.
feedback markus@ and Pedro Martelletto; ok markus@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.63 |
|
18-Nov-2019 |
naddy |
additional missing stdarg.h includes when built without WITH_OPENSSL; ok djm@
|
#
1.62 |
|
31-Oct-2019 |
djm |
Refactor signing - use sshkey_sign for everything, including the new U2F signatures.
Don't use sshsk_ecdsa_sign() directly, instead make it reachable via sshkey_sign() like all other signature operations. This means that we need to add a provider argument to sshkey_sign(), so most of this change is mechanically adding that.
Suggested by / ok markus@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.61 |
|
02-Oct-2019 |
djm |
remove some duplicate #includes
|
#
1.60 |
|
06-Sep-2019 |
djm |
fixes for !WITH_OPENSSL compilation; ok dtucker@
|
#
1.59 |
|
06-Sep-2019 |
djm |
lots of things were relying on libcrypto headers to transitively include various system headers (mostly stdlib.h); include them explicitly
|
#
1.58 |
|
14-Jun-2019 |
djm |
if passed a bad fd, log what it was
|
#
1.57 |
|
06-Jun-2019 |
otto |
Replace calls to ssh_malloc_init() by a static init of malloc_options. Prepares for changes in the way malloc is initialized. ok guenther@ dtucker@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.56 |
|
23-Nov-2018 |
djm |
add a ssh_config "Match final" predicate
Matches in same pass as "Match canonical" but doesn't require hostname canonicalisation be enabled. bz#2906 ok markus
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.55 |
|
27-Jul-2018 |
dtucker |
Now that ssh can't be setuid, remove the original_real_uid and original_effective_uid globals and replace with calls to plain getuid(). ok djm@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.54 |
|
23-Feb-2018 |
markus |
Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@
|
#
1.53 |
|
07-Feb-2018 |
dtucker |
ssh_free checks for and handles NULL args, remove NULL checks from remaining callers. ok djm@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.52 |
|
15-Feb-2016 |
dtucker |
Add a function to enable security-related malloc_options. With and ok deraadt@, something similar has been in the snaps for a while.
|
#
1.51 |
|
04-Dec-2015 |
markus |
implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt; with & ok djm@
|
#
1.50 |
|
29-Nov-2015 |
djm |
pledge, better fatal() messages; feedback deraadt@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.49 |
|
03-Jul-2015 |
djm |
add an XXX reminder for getting correct key paths from sshd_config
|
#
1.48 |
|
24-Mar-2015 |
markus |
consistent check for NULL as noted by Nicholas Lemonias; ok djm@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.47 |
|
28-Jan-2015 |
djm |
update to new API (key_fingerprint => sshkey_fingerprint) check sshkey_fingerprint return values; ok markus
|
#
1.46 |
|
15-Jan-2015 |
djm |
sync ssh-keysign, ssh-keygen and some dependencies to the new buffer/key API; mostly mechanical, ok markus@
|
#
1.45 |
|
08-Jan-2015 |
djm |
deprecate key_load_private_pem() and sshkey_load_private_pem() interfaces. Refactor the generic key loading API to not require pathnames to be specified (they weren't really used).
Fixes a few other things en passant:
Makes ed25519 keys work for hostbased authentication (ssh-keysign previously used the PEM-only routines).
Fixes key comment regression bz#2306: key pathnames were being lost as comment fields.
ok markus@
|
#
1.44 |
|
21-Dec-2014 |
djm |
Add FingerprintHash option to control algorithm used for key fingerprints. Default changes from MD5 to SHA256 and format from hex to base64.
Feedback and ok naddy@ markus@
|
#
1.43 |
|
08-Oct-2014 |
djm |
Tweak config reparsing with host canonicalisation
Make the second pass through the config files always run when hostname canonicalisation is enabled.
Add a "Match canonical" criteria that allows ssh_config Match blocks to trigger only in the second config pass.
Add a -G option to ssh that causes it to parse its configuration and dump the result to stdout, similar to "sshd -T"
Allow ssh_config Port options set in the second config parse phase to be applied (they were being ignored).
bz#2267 bz#2286; ok markus
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.42 |
|
29-Apr-2014 |
markus |
make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
|
#
1.41 |
|
19-Apr-2014 |
tedu |
Delete futile calls to RAND_seed. ok djm
|
#
1.40 |
|
01-Apr-2014 |
djm |
include fingerprint of key not found use arc4random_buf() instead of loop+arc4random()
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.39 |
|
06-Dec-2013 |
markus |
support ed25519 keys (hostkeys and user identities) using the public domain ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html feedback, help & ok djm@
|
#
1.38 |
|
14-Oct-2013 |
djm |
add a "Match" keyword to ssh_config that allows matching on hostname, user and result of arbitrary commands. "nice work" markus@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.37 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.36 |
|
16-Feb-2011 |
djm |
make hostbased auth with ECDSA keys work correctly. Based on patch by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock)
|
#
1.35 |
|
31-Aug-2010 |
djm |
reintroduce commit from tedu@, which I pulled out for release engineering:
OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
|
#
1.34 |
|
16-Aug-2010 |
djm |
backout previous temporarily; discussed with deraadt@
|
#
1.33 |
|
12-Aug-2010 |
tedu |
OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.32 |
|
04-Aug-2010 |
djm |
clean for -Wuninitialized
|
#
1.31 |
|
04-Aug-2010 |
djm |
enable certificates for hostbased authentication, from Iain Morgan; "looks ok" markus@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.30 |
|
13-Jan-2010 |
dtucker |
Make HostBased authentication work with a ProxyCommand. bz #1569, patch from imorgan at nas nasa gov, ok djm@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.29 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.28 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.27 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.26 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.25 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.24 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.23 |
|
02-Apr-2006 |
dtucker |
sessionid can be 32 bytes now too when sha256 kex is used; ok djm@
|
#
1.22 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.21 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.20 |
|
08-Feb-2006 |
stevesk |
branches: 1.20.2; move #include <paths.h> out of includes.h; ok markus@
|
#
1.19 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE
|
#
1.18 |
|
23-Aug-2004 |
dtucker |
branches: 1.18.4; 1.18.6; Remove duplicate getuid(), suggested by & ok markus@
|
#
1.17 |
|
23-Aug-2004 |
dtucker |
Use permanently_set_uid() in ssh and ssh-keysign for consistency, matches change in Portable; ok markus@
|
#
1.16 |
|
18-Apr-2004 |
djm |
perform strict ownership and modes checks for ~/.ssh/config files, as these can be used to execute arbitrary programs; ok markus@
NB. ssh will now exit when it detects a config with poor permissions
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.15 |
|
19-Jan-2004 |
markus |
branches: 1.15.2; fix mem leaks; some fixes from Pete Flugstad; tested dtucker@
|
#
1.14 |
|
17-Nov-2003 |
djm |
return error on msg send/receive failure (rather than fatal); ok markus@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.13 |
|
03-Jul-2003 |
djm |
branches: 1.13.2; fix AddressFamily option in config file, from brent@graveland.net; ok markus@
|
#
1.12 |
|
16-May-2003 |
djm |
add AddressFamily option to ssh_config (like -4, -6 on commandline). Portable bug #534; ok markus@
|
#
1.11 |
|
02-Apr-2003 |
markus |
potential segfault if KEY_UNSPEC; cjwatson@debian.org; bug #526
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.10 |
|
13-Mar-2003 |
markus |
branches: 1.10.2; move RSA_blinding_on to generic key load method
|
#
1.9 |
|
19-Dec-2002 |
djm |
s/msg_send/ssh_msg_send/ to avoid namespace clashes in portable; ok markus@
|
#
1.8 |
|
07-Nov-2002 |
markus |
we cannot use HostbasedAuthentication for enabling ssh-keysign(8), because HostbasedAuthentication might be enabled based on the target host and ssh-keysign(8) does not know the remote hostname and not trust ssh(1) about the hostname, so we add a new option EnableSSHKeysign; ok djm@, report from zierke@informatik.uni-hamburg.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.7 |
|
03-Jul-2002 |
markus |
branches: 1.7.2; re-enable ssh-keysign's sbit, but make ssh-keysign read /etc/ssh/ssh_config and exit if HostbasedAuthentication is disabled globally. based on discussions with deraadt, itojun and sommerfeld; ok itojun@
|
#
1.6 |
|
03-Jul-2002 |
markus |
use RSA_blinding_on() for rsa hostkeys (suggested by Bill Sommerfeld) in order to avoid a possible Kocher timing attack pointed out by Charles Hannum; ok provos@
|
#
1.5 |
|
26-Jun-2002 |
markus |
bug #304, xfree(data) called to early; openssh@sigint.cs.purdue.edu
|
#
1.4 |
|
19-Jun-2002 |
deraadt |
branches: 1.4.2; 1.4.4; KNF done automatically while reading....
|
#
1.3 |
|
08-Jun-2002 |
markus |
only accept 20 byte session ids
|
#
1.2 |
|
31-May-2002 |
markus |
extent ssh-keysign protocol: pass # of socket-fd to ssh-keysign, keysign verfies locally used ip-address using this socket-fd, restricts fake local hostnames to actual local hostnames; ok stevesk@
|
#
1.1 |
|
23-May-2002 |
markus |
add /usr/libexec/ssh-keysign: a setuid helper program for hostbased authentication in protocol v2 (needs to access the hostkeys).
|
#
1.69 |
|
13-Nov-2021 |
deraadt |
It really looks like pledge "stdio dns" is possible earlier. Discussed with mestre
|
#
1.68 |
|
10-Nov-2021 |
djm |
fix ssh-keysign for KEX algorithms that use SHA384/512 exchange hashes; feedback/ok markus@
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.67 |
|
05-Jul-2021 |
dtucker |
Order includes as per style(9). Portable already has these so this removes a handful of diffs between the two.
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.66 |
|
17-Dec-2020 |
djm |
prepare readconf.c for fuzzing; remove fatal calls and fix some (one-off) memory leaks; ok markus@
|
#
1.65 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.64 |
|
27-Aug-2020 |
djm |
support for user-verified FIDO keys
FIDO2 supports a notion of "user verification" where the user is required to demonstrate their identity to the token before particular operations (e.g. signing). Typically this is done by authenticating themselves using a PIN that has been set on the token.
This adds support for generating and using user verified keys where the verification happens via PIN (other options might be added in the future, but none are in common use now). Practically, this adds another key generation option "verify-required" that yields a key that requires a PIN before each authentication.
feedback markus@ and Pedro Martelletto; ok markus@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.63 |
|
18-Nov-2019 |
naddy |
additional missing stdarg.h includes when built without WITH_OPENSSL; ok djm@
|
#
1.62 |
|
31-Oct-2019 |
djm |
Refactor signing - use sshkey_sign for everything, including the new U2F signatures.
Don't use sshsk_ecdsa_sign() directly, instead make it reachable via sshkey_sign() like all other signature operations. This means that we need to add a provider argument to sshkey_sign(), so most of this change is mechanically adding that.
Suggested by / ok markus@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.61 |
|
02-Oct-2019 |
djm |
remove some duplicate #includes
|
#
1.60 |
|
06-Sep-2019 |
djm |
fixes for !WITH_OPENSSL compilation; ok dtucker@
|
#
1.59 |
|
06-Sep-2019 |
djm |
lots of things were relying on libcrypto headers to transitively include various system headers (mostly stdlib.h); include them explicitly
|
#
1.58 |
|
14-Jun-2019 |
djm |
if passed a bad fd, log what it was
|
#
1.57 |
|
06-Jun-2019 |
otto |
Replace calls to ssh_malloc_init() by a static init of malloc_options. Prepares for changes in the way malloc is initialized. ok guenther@ dtucker@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.56 |
|
23-Nov-2018 |
djm |
add a ssh_config "Match final" predicate
Matches in same pass as "Match canonical" but doesn't require hostname canonicalisation be enabled. bz#2906 ok markus
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.55 |
|
27-Jul-2018 |
dtucker |
Now that ssh can't be setuid, remove the original_real_uid and original_effective_uid globals and replace with calls to plain getuid(). ok djm@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.54 |
|
23-Feb-2018 |
markus |
Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@
|
#
1.53 |
|
07-Feb-2018 |
dtucker |
ssh_free checks for and handles NULL args, remove NULL checks from remaining callers. ok djm@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.52 |
|
15-Feb-2016 |
dtucker |
Add a function to enable security-related malloc_options. With and ok deraadt@, something similar has been in the snaps for a while.
|
#
1.51 |
|
04-Dec-2015 |
markus |
implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt; with & ok djm@
|
#
1.50 |
|
29-Nov-2015 |
djm |
pledge, better fatal() messages; feedback deraadt@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.49 |
|
03-Jul-2015 |
djm |
add an XXX reminder for getting correct key paths from sshd_config
|
#
1.48 |
|
24-Mar-2015 |
markus |
consistent check for NULL as noted by Nicholas Lemonias; ok djm@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.47 |
|
28-Jan-2015 |
djm |
update to new API (key_fingerprint => sshkey_fingerprint) check sshkey_fingerprint return values; ok markus
|
#
1.46 |
|
15-Jan-2015 |
djm |
sync ssh-keysign, ssh-keygen and some dependencies to the new buffer/key API; mostly mechanical, ok markus@
|
#
1.45 |
|
08-Jan-2015 |
djm |
deprecate key_load_private_pem() and sshkey_load_private_pem() interfaces. Refactor the generic key loading API to not require pathnames to be specified (they weren't really used).
Fixes a few other things en passant:
Makes ed25519 keys work for hostbased authentication (ssh-keysign previously used the PEM-only routines).
Fixes key comment regression bz#2306: key pathnames were being lost as comment fields.
ok markus@
|
#
1.44 |
|
21-Dec-2014 |
djm |
Add FingerprintHash option to control algorithm used for key fingerprints. Default changes from MD5 to SHA256 and format from hex to base64.
Feedback and ok naddy@ markus@
|
#
1.43 |
|
08-Oct-2014 |
djm |
Tweak config reparsing with host canonicalisation
Make the second pass through the config files always run when hostname canonicalisation is enabled.
Add a "Match canonical" criteria that allows ssh_config Match blocks to trigger only in the second config pass.
Add a -G option to ssh that causes it to parse its configuration and dump the result to stdout, similar to "sshd -T"
Allow ssh_config Port options set in the second config parse phase to be applied (they were being ignored).
bz#2267 bz#2286; ok markus
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.42 |
|
29-Apr-2014 |
markus |
make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
|
#
1.41 |
|
19-Apr-2014 |
tedu |
Delete futile calls to RAND_seed. ok djm
|
#
1.40 |
|
01-Apr-2014 |
djm |
include fingerprint of key not found use arc4random_buf() instead of loop+arc4random()
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.39 |
|
06-Dec-2013 |
markus |
support ed25519 keys (hostkeys and user identities) using the public domain ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html feedback, help & ok djm@
|
#
1.38 |
|
14-Oct-2013 |
djm |
add a "Match" keyword to ssh_config that allows matching on hostname, user and result of arbitrary commands. "nice work" markus@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.37 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.36 |
|
16-Feb-2011 |
djm |
make hostbased auth with ECDSA keys work correctly. Based on patch by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock)
|
#
1.35 |
|
31-Aug-2010 |
djm |
reintroduce commit from tedu@, which I pulled out for release engineering:
OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
|
#
1.34 |
|
16-Aug-2010 |
djm |
backout previous temporarily; discussed with deraadt@
|
#
1.33 |
|
12-Aug-2010 |
tedu |
OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.32 |
|
04-Aug-2010 |
djm |
clean for -Wuninitialized
|
#
1.31 |
|
04-Aug-2010 |
djm |
enable certificates for hostbased authentication, from Iain Morgan; "looks ok" markus@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.30 |
|
13-Jan-2010 |
dtucker |
Make HostBased authentication work with a ProxyCommand. bz #1569, patch from imorgan at nas nasa gov, ok djm@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.29 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.28 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.27 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.26 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.25 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.24 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.23 |
|
02-Apr-2006 |
dtucker |
sessionid can be 32 bytes now too when sha256 kex is used; ok djm@
|
#
1.22 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.21 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.20 |
|
08-Feb-2006 |
stevesk |
branches: 1.20.2; move #include <paths.h> out of includes.h; ok markus@
|
#
1.19 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE
|
#
1.18 |
|
23-Aug-2004 |
dtucker |
branches: 1.18.4; 1.18.6; Remove duplicate getuid(), suggested by & ok markus@
|
#
1.17 |
|
23-Aug-2004 |
dtucker |
Use permanently_set_uid() in ssh and ssh-keysign for consistency, matches change in Portable; ok markus@
|
#
1.16 |
|
18-Apr-2004 |
djm |
perform strict ownership and modes checks for ~/.ssh/config files, as these can be used to execute arbitrary programs; ok markus@
NB. ssh will now exit when it detects a config with poor permissions
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.15 |
|
19-Jan-2004 |
markus |
branches: 1.15.2; fix mem leaks; some fixes from Pete Flugstad; tested dtucker@
|
#
1.14 |
|
17-Nov-2003 |
djm |
return error on msg send/receive failure (rather than fatal); ok markus@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.13 |
|
03-Jul-2003 |
djm |
branches: 1.13.2; fix AddressFamily option in config file, from brent@graveland.net; ok markus@
|
#
1.12 |
|
16-May-2003 |
djm |
add AddressFamily option to ssh_config (like -4, -6 on commandline). Portable bug #534; ok markus@
|
#
1.11 |
|
02-Apr-2003 |
markus |
potential segfault if KEY_UNSPEC; cjwatson@debian.org; bug #526
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.10 |
|
13-Mar-2003 |
markus |
branches: 1.10.2; move RSA_blinding_on to generic key load method
|
#
1.9 |
|
19-Dec-2002 |
djm |
s/msg_send/ssh_msg_send/ to avoid namespace clashes in portable; ok markus@
|
#
1.8 |
|
07-Nov-2002 |
markus |
we cannot use HostbasedAuthentication for enabling ssh-keysign(8), because HostbasedAuthentication might be enabled based on the target host and ssh-keysign(8) does not know the remote hostname and not trust ssh(1) about the hostname, so we add a new option EnableSSHKeysign; ok djm@, report from zierke@informatik.uni-hamburg.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.7 |
|
03-Jul-2002 |
markus |
branches: 1.7.2; re-enable ssh-keysign's sbit, but make ssh-keysign read /etc/ssh/ssh_config and exit if HostbasedAuthentication is disabled globally. based on discussions with deraadt, itojun and sommerfeld; ok itojun@
|
#
1.6 |
|
03-Jul-2002 |
markus |
use RSA_blinding_on() for rsa hostkeys (suggested by Bill Sommerfeld) in order to avoid a possible Kocher timing attack pointed out by Charles Hannum; ok provos@
|
#
1.5 |
|
26-Jun-2002 |
markus |
bug #304, xfree(data) called to early; openssh@sigint.cs.purdue.edu
|
#
1.4 |
|
19-Jun-2002 |
deraadt |
branches: 1.4.2; 1.4.4; KNF done automatically while reading....
|
#
1.3 |
|
08-Jun-2002 |
markus |
only accept 20 byte session ids
|
#
1.2 |
|
31-May-2002 |
markus |
extent ssh-keysign protocol: pass # of socket-fd to ssh-keysign, keysign verfies locally used ip-address using this socket-fd, restricts fake local hostnames to actual local hostnames; ok stevesk@
|
#
1.1 |
|
23-May-2002 |
markus |
add /usr/libexec/ssh-keysign: a setuid helper program for hostbased authentication in protocol v2 (needs to access the hostkeys).
|
#
1.68 |
|
10-Nov-2021 |
djm |
fix ssh-keysign for KEX algorithms that use SHA384/512 exchange hashes; feedback/ok markus@
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.67 |
|
05-Jul-2021 |
dtucker |
Order includes as per style(9). Portable already has these so this removes a handful of diffs between the two.
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.66 |
|
17-Dec-2020 |
djm |
prepare readconf.c for fuzzing; remove fatal calls and fix some (one-off) memory leaks; ok markus@
|
#
1.65 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.64 |
|
27-Aug-2020 |
djm |
support for user-verified FIDO keys
FIDO2 supports a notion of "user verification" where the user is required to demonstrate their identity to the token before particular operations (e.g. signing). Typically this is done by authenticating themselves using a PIN that has been set on the token.
This adds support for generating and using user verified keys where the verification happens via PIN (other options might be added in the future, but none are in common use now). Practically, this adds another key generation option "verify-required" that yields a key that requires a PIN before each authentication.
feedback markus@ and Pedro Martelletto; ok markus@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.63 |
|
18-Nov-2019 |
naddy |
additional missing stdarg.h includes when built without WITH_OPENSSL; ok djm@
|
#
1.62 |
|
31-Oct-2019 |
djm |
Refactor signing - use sshkey_sign for everything, including the new U2F signatures.
Don't use sshsk_ecdsa_sign() directly, instead make it reachable via sshkey_sign() like all other signature operations. This means that we need to add a provider argument to sshkey_sign(), so most of this change is mechanically adding that.
Suggested by / ok markus@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.61 |
|
02-Oct-2019 |
djm |
remove some duplicate #includes
|
#
1.60 |
|
06-Sep-2019 |
djm |
fixes for !WITH_OPENSSL compilation; ok dtucker@
|
#
1.59 |
|
06-Sep-2019 |
djm |
lots of things were relying on libcrypto headers to transitively include various system headers (mostly stdlib.h); include them explicitly
|
#
1.58 |
|
14-Jun-2019 |
djm |
if passed a bad fd, log what it was
|
#
1.57 |
|
06-Jun-2019 |
otto |
Replace calls to ssh_malloc_init() by a static init of malloc_options. Prepares for changes in the way malloc is initialized. ok guenther@ dtucker@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.56 |
|
23-Nov-2018 |
djm |
add a ssh_config "Match final" predicate
Matches in same pass as "Match canonical" but doesn't require hostname canonicalisation be enabled. bz#2906 ok markus
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.55 |
|
27-Jul-2018 |
dtucker |
Now that ssh can't be setuid, remove the original_real_uid and original_effective_uid globals and replace with calls to plain getuid(). ok djm@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.54 |
|
23-Feb-2018 |
markus |
Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@
|
#
1.53 |
|
07-Feb-2018 |
dtucker |
ssh_free checks for and handles NULL args, remove NULL checks from remaining callers. ok djm@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.52 |
|
15-Feb-2016 |
dtucker |
Add a function to enable security-related malloc_options. With and ok deraadt@, something similar has been in the snaps for a while.
|
#
1.51 |
|
04-Dec-2015 |
markus |
implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt; with & ok djm@
|
#
1.50 |
|
29-Nov-2015 |
djm |
pledge, better fatal() messages; feedback deraadt@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.49 |
|
03-Jul-2015 |
djm |
add an XXX reminder for getting correct key paths from sshd_config
|
#
1.48 |
|
24-Mar-2015 |
markus |
consistent check for NULL as noted by Nicholas Lemonias; ok djm@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.47 |
|
28-Jan-2015 |
djm |
update to new API (key_fingerprint => sshkey_fingerprint) check sshkey_fingerprint return values; ok markus
|
#
1.46 |
|
15-Jan-2015 |
djm |
sync ssh-keysign, ssh-keygen and some dependencies to the new buffer/key API; mostly mechanical, ok markus@
|
#
1.45 |
|
08-Jan-2015 |
djm |
deprecate key_load_private_pem() and sshkey_load_private_pem() interfaces. Refactor the generic key loading API to not require pathnames to be specified (they weren't really used).
Fixes a few other things en passant:
Makes ed25519 keys work for hostbased authentication (ssh-keysign previously used the PEM-only routines).
Fixes key comment regression bz#2306: key pathnames were being lost as comment fields.
ok markus@
|
#
1.44 |
|
21-Dec-2014 |
djm |
Add FingerprintHash option to control algorithm used for key fingerprints. Default changes from MD5 to SHA256 and format from hex to base64.
Feedback and ok naddy@ markus@
|
#
1.43 |
|
08-Oct-2014 |
djm |
Tweak config reparsing with host canonicalisation
Make the second pass through the config files always run when hostname canonicalisation is enabled.
Add a "Match canonical" criteria that allows ssh_config Match blocks to trigger only in the second config pass.
Add a -G option to ssh that causes it to parse its configuration and dump the result to stdout, similar to "sshd -T"
Allow ssh_config Port options set in the second config parse phase to be applied (they were being ignored).
bz#2267 bz#2286; ok markus
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.42 |
|
29-Apr-2014 |
markus |
make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
|
#
1.41 |
|
19-Apr-2014 |
tedu |
Delete futile calls to RAND_seed. ok djm
|
#
1.40 |
|
01-Apr-2014 |
djm |
include fingerprint of key not found use arc4random_buf() instead of loop+arc4random()
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.39 |
|
06-Dec-2013 |
markus |
support ed25519 keys (hostkeys and user identities) using the public domain ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html feedback, help & ok djm@
|
#
1.38 |
|
14-Oct-2013 |
djm |
add a "Match" keyword to ssh_config that allows matching on hostname, user and result of arbitrary commands. "nice work" markus@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.37 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.36 |
|
16-Feb-2011 |
djm |
make hostbased auth with ECDSA keys work correctly. Based on patch by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock)
|
#
1.35 |
|
31-Aug-2010 |
djm |
reintroduce commit from tedu@, which I pulled out for release engineering:
OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
|
#
1.34 |
|
16-Aug-2010 |
djm |
backout previous temporarily; discussed with deraadt@
|
#
1.33 |
|
12-Aug-2010 |
tedu |
OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.32 |
|
04-Aug-2010 |
djm |
clean for -Wuninitialized
|
#
1.31 |
|
04-Aug-2010 |
djm |
enable certificates for hostbased authentication, from Iain Morgan; "looks ok" markus@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.30 |
|
13-Jan-2010 |
dtucker |
Make HostBased authentication work with a ProxyCommand. bz #1569, patch from imorgan at nas nasa gov, ok djm@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.29 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.28 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.27 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.26 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.25 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.24 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.23 |
|
02-Apr-2006 |
dtucker |
sessionid can be 32 bytes now too when sha256 kex is used; ok djm@
|
#
1.22 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.21 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.20 |
|
08-Feb-2006 |
stevesk |
branches: 1.20.2; move #include <paths.h> out of includes.h; ok markus@
|
#
1.19 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE
|
#
1.18 |
|
23-Aug-2004 |
dtucker |
branches: 1.18.4; 1.18.6; Remove duplicate getuid(), suggested by & ok markus@
|
#
1.17 |
|
23-Aug-2004 |
dtucker |
Use permanently_set_uid() in ssh and ssh-keysign for consistency, matches change in Portable; ok markus@
|
#
1.16 |
|
18-Apr-2004 |
djm |
perform strict ownership and modes checks for ~/.ssh/config files, as these can be used to execute arbitrary programs; ok markus@
NB. ssh will now exit when it detects a config with poor permissions
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.15 |
|
19-Jan-2004 |
markus |
branches: 1.15.2; fix mem leaks; some fixes from Pete Flugstad; tested dtucker@
|
#
1.14 |
|
17-Nov-2003 |
djm |
return error on msg send/receive failure (rather than fatal); ok markus@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.13 |
|
03-Jul-2003 |
djm |
branches: 1.13.2; fix AddressFamily option in config file, from brent@graveland.net; ok markus@
|
#
1.12 |
|
16-May-2003 |
djm |
add AddressFamily option to ssh_config (like -4, -6 on commandline). Portable bug #534; ok markus@
|
#
1.11 |
|
02-Apr-2003 |
markus |
potential segfault if KEY_UNSPEC; cjwatson@debian.org; bug #526
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.10 |
|
13-Mar-2003 |
markus |
branches: 1.10.2; move RSA_blinding_on to generic key load method
|
#
1.9 |
|
19-Dec-2002 |
djm |
s/msg_send/ssh_msg_send/ to avoid namespace clashes in portable; ok markus@
|
#
1.8 |
|
07-Nov-2002 |
markus |
we cannot use HostbasedAuthentication for enabling ssh-keysign(8), because HostbasedAuthentication might be enabled based on the target host and ssh-keysign(8) does not know the remote hostname and not trust ssh(1) about the hostname, so we add a new option EnableSSHKeysign; ok djm@, report from zierke@informatik.uni-hamburg.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.7 |
|
03-Jul-2002 |
markus |
branches: 1.7.2; re-enable ssh-keysign's sbit, but make ssh-keysign read /etc/ssh/ssh_config and exit if HostbasedAuthentication is disabled globally. based on discussions with deraadt, itojun and sommerfeld; ok itojun@
|
#
1.6 |
|
03-Jul-2002 |
markus |
use RSA_blinding_on() for rsa hostkeys (suggested by Bill Sommerfeld) in order to avoid a possible Kocher timing attack pointed out by Charles Hannum; ok provos@
|
#
1.5 |
|
26-Jun-2002 |
markus |
bug #304, xfree(data) called to early; openssh@sigint.cs.purdue.edu
|
#
1.4 |
|
19-Jun-2002 |
deraadt |
branches: 1.4.2; 1.4.4; KNF done automatically while reading....
|
#
1.3 |
|
08-Jun-2002 |
markus |
only accept 20 byte session ids
|
#
1.2 |
|
31-May-2002 |
markus |
extent ssh-keysign protocol: pass # of socket-fd to ssh-keysign, keysign verfies locally used ip-address using this socket-fd, restricts fake local hostnames to actual local hostnames; ok stevesk@
|
#
1.1 |
|
23-May-2002 |
markus |
add /usr/libexec/ssh-keysign: a setuid helper program for hostbased authentication in protocol v2 (needs to access the hostkeys).
|
#
1.67 |
|
05-Jul-2021 |
dtucker |
Order includes as per style(9). Portable already has these so this removes a handful of diffs between the two.
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.66 |
|
17-Dec-2020 |
djm |
prepare readconf.c for fuzzing; remove fatal calls and fix some (one-off) memory leaks; ok markus@
|
#
1.65 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.64 |
|
27-Aug-2020 |
djm |
support for user-verified FIDO keys
FIDO2 supports a notion of "user verification" where the user is required to demonstrate their identity to the token before particular operations (e.g. signing). Typically this is done by authenticating themselves using a PIN that has been set on the token.
This adds support for generating and using user verified keys where the verification happens via PIN (other options might be added in the future, but none are in common use now). Practically, this adds another key generation option "verify-required" that yields a key that requires a PIN before each authentication.
feedback markus@ and Pedro Martelletto; ok markus@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.63 |
|
18-Nov-2019 |
naddy |
additional missing stdarg.h includes when built without WITH_OPENSSL; ok djm@
|
#
1.62 |
|
31-Oct-2019 |
djm |
Refactor signing - use sshkey_sign for everything, including the new U2F signatures.
Don't use sshsk_ecdsa_sign() directly, instead make it reachable via sshkey_sign() like all other signature operations. This means that we need to add a provider argument to sshkey_sign(), so most of this change is mechanically adding that.
Suggested by / ok markus@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.61 |
|
02-Oct-2019 |
djm |
remove some duplicate #includes
|
#
1.60 |
|
06-Sep-2019 |
djm |
fixes for !WITH_OPENSSL compilation; ok dtucker@
|
#
1.59 |
|
06-Sep-2019 |
djm |
lots of things were relying on libcrypto headers to transitively include various system headers (mostly stdlib.h); include them explicitly
|
#
1.58 |
|
14-Jun-2019 |
djm |
if passed a bad fd, log what it was
|
#
1.57 |
|
06-Jun-2019 |
otto |
Replace calls to ssh_malloc_init() by a static init of malloc_options. Prepares for changes in the way malloc is initialized. ok guenther@ dtucker@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.56 |
|
23-Nov-2018 |
djm |
add a ssh_config "Match final" predicate
Matches in same pass as "Match canonical" but doesn't require hostname canonicalisation be enabled. bz#2906 ok markus
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.55 |
|
27-Jul-2018 |
dtucker |
Now that ssh can't be setuid, remove the original_real_uid and original_effective_uid globals and replace with calls to plain getuid(). ok djm@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.54 |
|
23-Feb-2018 |
markus |
Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@
|
#
1.53 |
|
07-Feb-2018 |
dtucker |
ssh_free checks for and handles NULL args, remove NULL checks from remaining callers. ok djm@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.52 |
|
15-Feb-2016 |
dtucker |
Add a function to enable security-related malloc_options. With and ok deraadt@, something similar has been in the snaps for a while.
|
#
1.51 |
|
04-Dec-2015 |
markus |
implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt; with & ok djm@
|
#
1.50 |
|
29-Nov-2015 |
djm |
pledge, better fatal() messages; feedback deraadt@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.49 |
|
03-Jul-2015 |
djm |
add an XXX reminder for getting correct key paths from sshd_config
|
#
1.48 |
|
24-Mar-2015 |
markus |
consistent check for NULL as noted by Nicholas Lemonias; ok djm@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.47 |
|
28-Jan-2015 |
djm |
update to new API (key_fingerprint => sshkey_fingerprint) check sshkey_fingerprint return values; ok markus
|
#
1.46 |
|
15-Jan-2015 |
djm |
sync ssh-keysign, ssh-keygen and some dependencies to the new buffer/key API; mostly mechanical, ok markus@
|
#
1.45 |
|
08-Jan-2015 |
djm |
deprecate key_load_private_pem() and sshkey_load_private_pem() interfaces. Refactor the generic key loading API to not require pathnames to be specified (they weren't really used).
Fixes a few other things en passant:
Makes ed25519 keys work for hostbased authentication (ssh-keysign previously used the PEM-only routines).
Fixes key comment regression bz#2306: key pathnames were being lost as comment fields.
ok markus@
|
#
1.44 |
|
21-Dec-2014 |
djm |
Add FingerprintHash option to control algorithm used for key fingerprints. Default changes from MD5 to SHA256 and format from hex to base64.
Feedback and ok naddy@ markus@
|
#
1.43 |
|
08-Oct-2014 |
djm |
Tweak config reparsing with host canonicalisation
Make the second pass through the config files always run when hostname canonicalisation is enabled.
Add a "Match canonical" criteria that allows ssh_config Match blocks to trigger only in the second config pass.
Add a -G option to ssh that causes it to parse its configuration and dump the result to stdout, similar to "sshd -T"
Allow ssh_config Port options set in the second config parse phase to be applied (they were being ignored).
bz#2267 bz#2286; ok markus
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.42 |
|
29-Apr-2014 |
markus |
make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
|
#
1.41 |
|
19-Apr-2014 |
tedu |
Delete futile calls to RAND_seed. ok djm
|
#
1.40 |
|
01-Apr-2014 |
djm |
include fingerprint of key not found use arc4random_buf() instead of loop+arc4random()
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.39 |
|
06-Dec-2013 |
markus |
support ed25519 keys (hostkeys and user identities) using the public domain ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html feedback, help & ok djm@
|
#
1.38 |
|
14-Oct-2013 |
djm |
add a "Match" keyword to ssh_config that allows matching on hostname, user and result of arbitrary commands. "nice work" markus@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.37 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.36 |
|
16-Feb-2011 |
djm |
make hostbased auth with ECDSA keys work correctly. Based on patch by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock)
|
#
1.35 |
|
31-Aug-2010 |
djm |
reintroduce commit from tedu@, which I pulled out for release engineering:
OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
|
#
1.34 |
|
16-Aug-2010 |
djm |
backout previous temporarily; discussed with deraadt@
|
#
1.33 |
|
12-Aug-2010 |
tedu |
OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.32 |
|
04-Aug-2010 |
djm |
clean for -Wuninitialized
|
#
1.31 |
|
04-Aug-2010 |
djm |
enable certificates for hostbased authentication, from Iain Morgan; "looks ok" markus@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.30 |
|
13-Jan-2010 |
dtucker |
Make HostBased authentication work with a ProxyCommand. bz #1569, patch from imorgan at nas nasa gov, ok djm@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.29 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.28 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.27 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.26 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.25 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.24 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.23 |
|
02-Apr-2006 |
dtucker |
sessionid can be 32 bytes now too when sha256 kex is used; ok djm@
|
#
1.22 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.21 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.20 |
|
08-Feb-2006 |
stevesk |
branches: 1.20.2; move #include <paths.h> out of includes.h; ok markus@
|
#
1.19 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE
|
#
1.18 |
|
23-Aug-2004 |
dtucker |
branches: 1.18.4; 1.18.6; Remove duplicate getuid(), suggested by & ok markus@
|
#
1.17 |
|
23-Aug-2004 |
dtucker |
Use permanently_set_uid() in ssh and ssh-keysign for consistency, matches change in Portable; ok markus@
|
#
1.16 |
|
18-Apr-2004 |
djm |
perform strict ownership and modes checks for ~/.ssh/config files, as these can be used to execute arbitrary programs; ok markus@
NB. ssh will now exit when it detects a config with poor permissions
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.15 |
|
19-Jan-2004 |
markus |
branches: 1.15.2; fix mem leaks; some fixes from Pete Flugstad; tested dtucker@
|
#
1.14 |
|
17-Nov-2003 |
djm |
return error on msg send/receive failure (rather than fatal); ok markus@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.13 |
|
03-Jul-2003 |
djm |
branches: 1.13.2; fix AddressFamily option in config file, from brent@graveland.net; ok markus@
|
#
1.12 |
|
16-May-2003 |
djm |
add AddressFamily option to ssh_config (like -4, -6 on commandline). Portable bug #534; ok markus@
|
#
1.11 |
|
02-Apr-2003 |
markus |
potential segfault if KEY_UNSPEC; cjwatson@debian.org; bug #526
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.10 |
|
13-Mar-2003 |
markus |
branches: 1.10.2; move RSA_blinding_on to generic key load method
|
#
1.9 |
|
19-Dec-2002 |
djm |
s/msg_send/ssh_msg_send/ to avoid namespace clashes in portable; ok markus@
|
#
1.8 |
|
07-Nov-2002 |
markus |
we cannot use HostbasedAuthentication for enabling ssh-keysign(8), because HostbasedAuthentication might be enabled based on the target host and ssh-keysign(8) does not know the remote hostname and not trust ssh(1) about the hostname, so we add a new option EnableSSHKeysign; ok djm@, report from zierke@informatik.uni-hamburg.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.7 |
|
03-Jul-2002 |
markus |
branches: 1.7.2; re-enable ssh-keysign's sbit, but make ssh-keysign read /etc/ssh/ssh_config and exit if HostbasedAuthentication is disabled globally. based on discussions with deraadt, itojun and sommerfeld; ok itojun@
|
#
1.6 |
|
03-Jul-2002 |
markus |
use RSA_blinding_on() for rsa hostkeys (suggested by Bill Sommerfeld) in order to avoid a possible Kocher timing attack pointed out by Charles Hannum; ok provos@
|
#
1.5 |
|
26-Jun-2002 |
markus |
bug #304, xfree(data) called to early; openssh@sigint.cs.purdue.edu
|
#
1.4 |
|
19-Jun-2002 |
deraadt |
branches: 1.4.2; 1.4.4; KNF done automatically while reading....
|
#
1.3 |
|
08-Jun-2002 |
markus |
only accept 20 byte session ids
|
#
1.2 |
|
31-May-2002 |
markus |
extent ssh-keysign protocol: pass # of socket-fd to ssh-keysign, keysign verfies locally used ip-address using this socket-fd, restricts fake local hostnames to actual local hostnames; ok stevesk@
|
#
1.1 |
|
23-May-2002 |
markus |
add /usr/libexec/ssh-keysign: a setuid helper program for hostbased authentication in protocol v2 (needs to access the hostkeys).
|
#
1.66 |
|
17-Dec-2020 |
djm |
prepare readconf.c for fuzzing; remove fatal calls and fix some (one-off) memory leaks; ok markus@
|
#
1.65 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.64 |
|
27-Aug-2020 |
djm |
support for user-verified FIDO keys
FIDO2 supports a notion of "user verification" where the user is required to demonstrate their identity to the token before particular operations (e.g. signing). Typically this is done by authenticating themselves using a PIN that has been set on the token.
This adds support for generating and using user verified keys where the verification happens via PIN (other options might be added in the future, but none are in common use now). Practically, this adds another key generation option "verify-required" that yields a key that requires a PIN before each authentication.
feedback markus@ and Pedro Martelletto; ok markus@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.63 |
|
18-Nov-2019 |
naddy |
additional missing stdarg.h includes when built without WITH_OPENSSL; ok djm@
|
#
1.62 |
|
31-Oct-2019 |
djm |
Refactor signing - use sshkey_sign for everything, including the new U2F signatures.
Don't use sshsk_ecdsa_sign() directly, instead make it reachable via sshkey_sign() like all other signature operations. This means that we need to add a provider argument to sshkey_sign(), so most of this change is mechanically adding that.
Suggested by / ok markus@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.61 |
|
02-Oct-2019 |
djm |
remove some duplicate #includes
|
#
1.60 |
|
06-Sep-2019 |
djm |
fixes for !WITH_OPENSSL compilation; ok dtucker@
|
#
1.59 |
|
06-Sep-2019 |
djm |
lots of things were relying on libcrypto headers to transitively include various system headers (mostly stdlib.h); include them explicitly
|
#
1.58 |
|
14-Jun-2019 |
djm |
if passed a bad fd, log what it was
|
#
1.57 |
|
06-Jun-2019 |
otto |
Replace calls to ssh_malloc_init() by a static init of malloc_options. Prepares for changes in the way malloc is initialized. ok guenther@ dtucker@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.56 |
|
23-Nov-2018 |
djm |
add a ssh_config "Match final" predicate
Matches in same pass as "Match canonical" but doesn't require hostname canonicalisation be enabled. bz#2906 ok markus
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.55 |
|
27-Jul-2018 |
dtucker |
Now that ssh can't be setuid, remove the original_real_uid and original_effective_uid globals and replace with calls to plain getuid(). ok djm@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.54 |
|
23-Feb-2018 |
markus |
Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@
|
#
1.53 |
|
07-Feb-2018 |
dtucker |
ssh_free checks for and handles NULL args, remove NULL checks from remaining callers. ok djm@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.52 |
|
15-Feb-2016 |
dtucker |
Add a function to enable security-related malloc_options. With and ok deraadt@, something similar has been in the snaps for a while.
|
#
1.51 |
|
04-Dec-2015 |
markus |
implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt; with & ok djm@
|
#
1.50 |
|
29-Nov-2015 |
djm |
pledge, better fatal() messages; feedback deraadt@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.49 |
|
03-Jul-2015 |
djm |
add an XXX reminder for getting correct key paths from sshd_config
|
#
1.48 |
|
24-Mar-2015 |
markus |
consistent check for NULL as noted by Nicholas Lemonias; ok djm@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.47 |
|
28-Jan-2015 |
djm |
update to new API (key_fingerprint => sshkey_fingerprint) check sshkey_fingerprint return values; ok markus
|
#
1.46 |
|
15-Jan-2015 |
djm |
sync ssh-keysign, ssh-keygen and some dependencies to the new buffer/key API; mostly mechanical, ok markus@
|
#
1.45 |
|
08-Jan-2015 |
djm |
deprecate key_load_private_pem() and sshkey_load_private_pem() interfaces. Refactor the generic key loading API to not require pathnames to be specified (they weren't really used).
Fixes a few other things en passant:
Makes ed25519 keys work for hostbased authentication (ssh-keysign previously used the PEM-only routines).
Fixes key comment regression bz#2306: key pathnames were being lost as comment fields.
ok markus@
|
#
1.44 |
|
21-Dec-2014 |
djm |
Add FingerprintHash option to control algorithm used for key fingerprints. Default changes from MD5 to SHA256 and format from hex to base64.
Feedback and ok naddy@ markus@
|
#
1.43 |
|
08-Oct-2014 |
djm |
Tweak config reparsing with host canonicalisation
Make the second pass through the config files always run when hostname canonicalisation is enabled.
Add a "Match canonical" criteria that allows ssh_config Match blocks to trigger only in the second config pass.
Add a -G option to ssh that causes it to parse its configuration and dump the result to stdout, similar to "sshd -T"
Allow ssh_config Port options set in the second config parse phase to be applied (they were being ignored).
bz#2267 bz#2286; ok markus
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.42 |
|
29-Apr-2014 |
markus |
make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
|
#
1.41 |
|
19-Apr-2014 |
tedu |
Delete futile calls to RAND_seed. ok djm
|
#
1.40 |
|
01-Apr-2014 |
djm |
include fingerprint of key not found use arc4random_buf() instead of loop+arc4random()
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.39 |
|
06-Dec-2013 |
markus |
support ed25519 keys (hostkeys and user identities) using the public domain ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html feedback, help & ok djm@
|
#
1.38 |
|
14-Oct-2013 |
djm |
add a "Match" keyword to ssh_config that allows matching on hostname, user and result of arbitrary commands. "nice work" markus@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.37 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.36 |
|
16-Feb-2011 |
djm |
make hostbased auth with ECDSA keys work correctly. Based on patch by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock)
|
#
1.35 |
|
31-Aug-2010 |
djm |
reintroduce commit from tedu@, which I pulled out for release engineering:
OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
|
#
1.34 |
|
16-Aug-2010 |
djm |
backout previous temporarily; discussed with deraadt@
|
#
1.33 |
|
12-Aug-2010 |
tedu |
OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.32 |
|
04-Aug-2010 |
djm |
clean for -Wuninitialized
|
#
1.31 |
|
04-Aug-2010 |
djm |
enable certificates for hostbased authentication, from Iain Morgan; "looks ok" markus@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.30 |
|
13-Jan-2010 |
dtucker |
Make HostBased authentication work with a ProxyCommand. bz #1569, patch from imorgan at nas nasa gov, ok djm@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.29 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.28 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.27 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.26 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.25 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.24 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.23 |
|
02-Apr-2006 |
dtucker |
sessionid can be 32 bytes now too when sha256 kex is used; ok djm@
|
#
1.22 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.21 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.20 |
|
08-Feb-2006 |
stevesk |
branches: 1.20.2; move #include <paths.h> out of includes.h; ok markus@
|
#
1.19 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE
|
#
1.18 |
|
23-Aug-2004 |
dtucker |
branches: 1.18.4; 1.18.6; Remove duplicate getuid(), suggested by & ok markus@
|
#
1.17 |
|
23-Aug-2004 |
dtucker |
Use permanently_set_uid() in ssh and ssh-keysign for consistency, matches change in Portable; ok markus@
|
#
1.16 |
|
18-Apr-2004 |
djm |
perform strict ownership and modes checks for ~/.ssh/config files, as these can be used to execute arbitrary programs; ok markus@
NB. ssh will now exit when it detects a config with poor permissions
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.15 |
|
19-Jan-2004 |
markus |
branches: 1.15.2; fix mem leaks; some fixes from Pete Flugstad; tested dtucker@
|
#
1.14 |
|
17-Nov-2003 |
djm |
return error on msg send/receive failure (rather than fatal); ok markus@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.13 |
|
03-Jul-2003 |
djm |
branches: 1.13.2; fix AddressFamily option in config file, from brent@graveland.net; ok markus@
|
#
1.12 |
|
16-May-2003 |
djm |
add AddressFamily option to ssh_config (like -4, -6 on commandline). Portable bug #534; ok markus@
|
#
1.11 |
|
02-Apr-2003 |
markus |
potential segfault if KEY_UNSPEC; cjwatson@debian.org; bug #526
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.10 |
|
13-Mar-2003 |
markus |
branches: 1.10.2; move RSA_blinding_on to generic key load method
|
#
1.9 |
|
19-Dec-2002 |
djm |
s/msg_send/ssh_msg_send/ to avoid namespace clashes in portable; ok markus@
|
#
1.8 |
|
07-Nov-2002 |
markus |
we cannot use HostbasedAuthentication for enabling ssh-keysign(8), because HostbasedAuthentication might be enabled based on the target host and ssh-keysign(8) does not know the remote hostname and not trust ssh(1) about the hostname, so we add a new option EnableSSHKeysign; ok djm@, report from zierke@informatik.uni-hamburg.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.7 |
|
03-Jul-2002 |
markus |
branches: 1.7.2; re-enable ssh-keysign's sbit, but make ssh-keysign read /etc/ssh/ssh_config and exit if HostbasedAuthentication is disabled globally. based on discussions with deraadt, itojun and sommerfeld; ok itojun@
|
#
1.6 |
|
03-Jul-2002 |
markus |
use RSA_blinding_on() for rsa hostkeys (suggested by Bill Sommerfeld) in order to avoid a possible Kocher timing attack pointed out by Charles Hannum; ok provos@
|
#
1.5 |
|
26-Jun-2002 |
markus |
bug #304, xfree(data) called to early; openssh@sigint.cs.purdue.edu
|
#
1.4 |
|
19-Jun-2002 |
deraadt |
branches: 1.4.2; 1.4.4; KNF done automatically while reading....
|
#
1.3 |
|
08-Jun-2002 |
markus |
only accept 20 byte session ids
|
#
1.2 |
|
31-May-2002 |
markus |
extent ssh-keysign protocol: pass # of socket-fd to ssh-keysign, keysign verfies locally used ip-address using this socket-fd, restricts fake local hostnames to actual local hostnames; ok stevesk@
|
#
1.1 |
|
23-May-2002 |
markus |
add /usr/libexec/ssh-keysign: a setuid helper program for hostbased authentication in protocol v2 (needs to access the hostkeys).
|
#
1.65 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.64 |
|
27-Aug-2020 |
djm |
support for user-verified FIDO keys
FIDO2 supports a notion of "user verification" where the user is required to demonstrate their identity to the token before particular operations (e.g. signing). Typically this is done by authenticating themselves using a PIN that has been set on the token.
This adds support for generating and using user verified keys where the verification happens via PIN (other options might be added in the future, but none are in common use now). Practically, this adds another key generation option "verify-required" that yields a key that requires a PIN before each authentication.
feedback markus@ and Pedro Martelletto; ok markus@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.63 |
|
18-Nov-2019 |
naddy |
additional missing stdarg.h includes when built without WITH_OPENSSL; ok djm@
|
#
1.62 |
|
31-Oct-2019 |
djm |
Refactor signing - use sshkey_sign for everything, including the new U2F signatures.
Don't use sshsk_ecdsa_sign() directly, instead make it reachable via sshkey_sign() like all other signature operations. This means that we need to add a provider argument to sshkey_sign(), so most of this change is mechanically adding that.
Suggested by / ok markus@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.61 |
|
02-Oct-2019 |
djm |
remove some duplicate #includes
|
#
1.60 |
|
06-Sep-2019 |
djm |
fixes for !WITH_OPENSSL compilation; ok dtucker@
|
#
1.59 |
|
06-Sep-2019 |
djm |
lots of things were relying on libcrypto headers to transitively include various system headers (mostly stdlib.h); include them explicitly
|
#
1.58 |
|
14-Jun-2019 |
djm |
if passed a bad fd, log what it was
|
#
1.57 |
|
06-Jun-2019 |
otto |
Replace calls to ssh_malloc_init() by a static init of malloc_options. Prepares for changes in the way malloc is initialized. ok guenther@ dtucker@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.56 |
|
23-Nov-2018 |
djm |
add a ssh_config "Match final" predicate
Matches in same pass as "Match canonical" but doesn't require hostname canonicalisation be enabled. bz#2906 ok markus
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.55 |
|
27-Jul-2018 |
dtucker |
Now that ssh can't be setuid, remove the original_real_uid and original_effective_uid globals and replace with calls to plain getuid(). ok djm@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.54 |
|
23-Feb-2018 |
markus |
Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@
|
#
1.53 |
|
07-Feb-2018 |
dtucker |
ssh_free checks for and handles NULL args, remove NULL checks from remaining callers. ok djm@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.52 |
|
15-Feb-2016 |
dtucker |
Add a function to enable security-related malloc_options. With and ok deraadt@, something similar has been in the snaps for a while.
|
#
1.51 |
|
04-Dec-2015 |
markus |
implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt; with & ok djm@
|
#
1.50 |
|
29-Nov-2015 |
djm |
pledge, better fatal() messages; feedback deraadt@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.49 |
|
03-Jul-2015 |
djm |
add an XXX reminder for getting correct key paths from sshd_config
|
#
1.48 |
|
24-Mar-2015 |
markus |
consistent check for NULL as noted by Nicholas Lemonias; ok djm@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.47 |
|
28-Jan-2015 |
djm |
update to new API (key_fingerprint => sshkey_fingerprint) check sshkey_fingerprint return values; ok markus
|
#
1.46 |
|
15-Jan-2015 |
djm |
sync ssh-keysign, ssh-keygen and some dependencies to the new buffer/key API; mostly mechanical, ok markus@
|
#
1.45 |
|
08-Jan-2015 |
djm |
deprecate key_load_private_pem() and sshkey_load_private_pem() interfaces. Refactor the generic key loading API to not require pathnames to be specified (they weren't really used).
Fixes a few other things en passant:
Makes ed25519 keys work for hostbased authentication (ssh-keysign previously used the PEM-only routines).
Fixes key comment regression bz#2306: key pathnames were being lost as comment fields.
ok markus@
|
#
1.44 |
|
21-Dec-2014 |
djm |
Add FingerprintHash option to control algorithm used for key fingerprints. Default changes from MD5 to SHA256 and format from hex to base64.
Feedback and ok naddy@ markus@
|
#
1.43 |
|
08-Oct-2014 |
djm |
Tweak config reparsing with host canonicalisation
Make the second pass through the config files always run when hostname canonicalisation is enabled.
Add a "Match canonical" criteria that allows ssh_config Match blocks to trigger only in the second config pass.
Add a -G option to ssh that causes it to parse its configuration and dump the result to stdout, similar to "sshd -T"
Allow ssh_config Port options set in the second config parse phase to be applied (they were being ignored).
bz#2267 bz#2286; ok markus
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.42 |
|
29-Apr-2014 |
markus |
make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
|
#
1.41 |
|
19-Apr-2014 |
tedu |
Delete futile calls to RAND_seed. ok djm
|
#
1.40 |
|
01-Apr-2014 |
djm |
include fingerprint of key not found use arc4random_buf() instead of loop+arc4random()
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.39 |
|
06-Dec-2013 |
markus |
support ed25519 keys (hostkeys and user identities) using the public domain ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html feedback, help & ok djm@
|
#
1.38 |
|
14-Oct-2013 |
djm |
add a "Match" keyword to ssh_config that allows matching on hostname, user and result of arbitrary commands. "nice work" markus@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.37 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.36 |
|
16-Feb-2011 |
djm |
make hostbased auth with ECDSA keys work correctly. Based on patch by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock)
|
#
1.35 |
|
31-Aug-2010 |
djm |
reintroduce commit from tedu@, which I pulled out for release engineering:
OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
|
#
1.34 |
|
16-Aug-2010 |
djm |
backout previous temporarily; discussed with deraadt@
|
#
1.33 |
|
12-Aug-2010 |
tedu |
OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.32 |
|
04-Aug-2010 |
djm |
clean for -Wuninitialized
|
#
1.31 |
|
04-Aug-2010 |
djm |
enable certificates for hostbased authentication, from Iain Morgan; "looks ok" markus@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.30 |
|
13-Jan-2010 |
dtucker |
Make HostBased authentication work with a ProxyCommand. bz #1569, patch from imorgan at nas nasa gov, ok djm@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.29 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.28 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.27 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.26 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.25 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.24 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.23 |
|
02-Apr-2006 |
dtucker |
sessionid can be 32 bytes now too when sha256 kex is used; ok djm@
|
#
1.22 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.21 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.20 |
|
08-Feb-2006 |
stevesk |
branches: 1.20.2; move #include <paths.h> out of includes.h; ok markus@
|
#
1.19 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE
|
#
1.18 |
|
23-Aug-2004 |
dtucker |
branches: 1.18.4; 1.18.6; Remove duplicate getuid(), suggested by & ok markus@
|
#
1.17 |
|
23-Aug-2004 |
dtucker |
Use permanently_set_uid() in ssh and ssh-keysign for consistency, matches change in Portable; ok markus@
|
#
1.16 |
|
18-Apr-2004 |
djm |
perform strict ownership and modes checks for ~/.ssh/config files, as these can be used to execute arbitrary programs; ok markus@
NB. ssh will now exit when it detects a config with poor permissions
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.15 |
|
19-Jan-2004 |
markus |
branches: 1.15.2; fix mem leaks; some fixes from Pete Flugstad; tested dtucker@
|
#
1.14 |
|
17-Nov-2003 |
djm |
return error on msg send/receive failure (rather than fatal); ok markus@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.13 |
|
03-Jul-2003 |
djm |
branches: 1.13.2; fix AddressFamily option in config file, from brent@graveland.net; ok markus@
|
#
1.12 |
|
16-May-2003 |
djm |
add AddressFamily option to ssh_config (like -4, -6 on commandline). Portable bug #534; ok markus@
|
#
1.11 |
|
02-Apr-2003 |
markus |
potential segfault if KEY_UNSPEC; cjwatson@debian.org; bug #526
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.10 |
|
13-Mar-2003 |
markus |
branches: 1.10.2; move RSA_blinding_on to generic key load method
|
#
1.9 |
|
19-Dec-2002 |
djm |
s/msg_send/ssh_msg_send/ to avoid namespace clashes in portable; ok markus@
|
#
1.8 |
|
07-Nov-2002 |
markus |
we cannot use HostbasedAuthentication for enabling ssh-keysign(8), because HostbasedAuthentication might be enabled based on the target host and ssh-keysign(8) does not know the remote hostname and not trust ssh(1) about the hostname, so we add a new option EnableSSHKeysign; ok djm@, report from zierke@informatik.uni-hamburg.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.7 |
|
03-Jul-2002 |
markus |
branches: 1.7.2; re-enable ssh-keysign's sbit, but make ssh-keysign read /etc/ssh/ssh_config and exit if HostbasedAuthentication is disabled globally. based on discussions with deraadt, itojun and sommerfeld; ok itojun@
|
#
1.6 |
|
03-Jul-2002 |
markus |
use RSA_blinding_on() for rsa hostkeys (suggested by Bill Sommerfeld) in order to avoid a possible Kocher timing attack pointed out by Charles Hannum; ok provos@
|
#
1.5 |
|
26-Jun-2002 |
markus |
bug #304, xfree(data) called to early; openssh@sigint.cs.purdue.edu
|
#
1.4 |
|
19-Jun-2002 |
deraadt |
branches: 1.4.2; 1.4.4; KNF done automatically while reading....
|
#
1.3 |
|
08-Jun-2002 |
markus |
only accept 20 byte session ids
|
#
1.2 |
|
31-May-2002 |
markus |
extent ssh-keysign protocol: pass # of socket-fd to ssh-keysign, keysign verfies locally used ip-address using this socket-fd, restricts fake local hostnames to actual local hostnames; ok stevesk@
|
#
1.1 |
|
23-May-2002 |
markus |
add /usr/libexec/ssh-keysign: a setuid helper program for hostbased authentication in protocol v2 (needs to access the hostkeys).
|
#
1.64 |
|
27-Aug-2020 |
djm |
support for user-verified FIDO keys
FIDO2 supports a notion of "user verification" where the user is required to demonstrate their identity to the token before particular operations (e.g. signing). Typically this is done by authenticating themselves using a PIN that has been set on the token.
This adds support for generating and using user verified keys where the verification happens via PIN (other options might be added in the future, but none are in common use now). Practically, this adds another key generation option "verify-required" that yields a key that requires a PIN before each authentication.
feedback markus@ and Pedro Martelletto; ok markus@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.63 |
|
18-Nov-2019 |
naddy |
additional missing stdarg.h includes when built without WITH_OPENSSL; ok djm@
|
#
1.62 |
|
31-Oct-2019 |
djm |
Refactor signing - use sshkey_sign for everything, including the new U2F signatures.
Don't use sshsk_ecdsa_sign() directly, instead make it reachable via sshkey_sign() like all other signature operations. This means that we need to add a provider argument to sshkey_sign(), so most of this change is mechanically adding that.
Suggested by / ok markus@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.61 |
|
02-Oct-2019 |
djm |
remove some duplicate #includes
|
#
1.60 |
|
06-Sep-2019 |
djm |
fixes for !WITH_OPENSSL compilation; ok dtucker@
|
#
1.59 |
|
06-Sep-2019 |
djm |
lots of things were relying on libcrypto headers to transitively include various system headers (mostly stdlib.h); include them explicitly
|
#
1.58 |
|
14-Jun-2019 |
djm |
if passed a bad fd, log what it was
|
#
1.57 |
|
06-Jun-2019 |
otto |
Replace calls to ssh_malloc_init() by a static init of malloc_options. Prepares for changes in the way malloc is initialized. ok guenther@ dtucker@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.56 |
|
23-Nov-2018 |
djm |
add a ssh_config "Match final" predicate
Matches in same pass as "Match canonical" but doesn't require hostname canonicalisation be enabled. bz#2906 ok markus
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.55 |
|
27-Jul-2018 |
dtucker |
Now that ssh can't be setuid, remove the original_real_uid and original_effective_uid globals and replace with calls to plain getuid(). ok djm@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.54 |
|
23-Feb-2018 |
markus |
Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@
|
#
1.53 |
|
07-Feb-2018 |
dtucker |
ssh_free checks for and handles NULL args, remove NULL checks from remaining callers. ok djm@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.52 |
|
15-Feb-2016 |
dtucker |
Add a function to enable security-related malloc_options. With and ok deraadt@, something similar has been in the snaps for a while.
|
#
1.51 |
|
04-Dec-2015 |
markus |
implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt; with & ok djm@
|
#
1.50 |
|
29-Nov-2015 |
djm |
pledge, better fatal() messages; feedback deraadt@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.49 |
|
03-Jul-2015 |
djm |
add an XXX reminder for getting correct key paths from sshd_config
|
#
1.48 |
|
24-Mar-2015 |
markus |
consistent check for NULL as noted by Nicholas Lemonias; ok djm@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.47 |
|
28-Jan-2015 |
djm |
update to new API (key_fingerprint => sshkey_fingerprint) check sshkey_fingerprint return values; ok markus
|
#
1.46 |
|
15-Jan-2015 |
djm |
sync ssh-keysign, ssh-keygen and some dependencies to the new buffer/key API; mostly mechanical, ok markus@
|
#
1.45 |
|
08-Jan-2015 |
djm |
deprecate key_load_private_pem() and sshkey_load_private_pem() interfaces. Refactor the generic key loading API to not require pathnames to be specified (they weren't really used).
Fixes a few other things en passant:
Makes ed25519 keys work for hostbased authentication (ssh-keysign previously used the PEM-only routines).
Fixes key comment regression bz#2306: key pathnames were being lost as comment fields.
ok markus@
|
#
1.44 |
|
21-Dec-2014 |
djm |
Add FingerprintHash option to control algorithm used for key fingerprints. Default changes from MD5 to SHA256 and format from hex to base64.
Feedback and ok naddy@ markus@
|
#
1.43 |
|
08-Oct-2014 |
djm |
Tweak config reparsing with host canonicalisation
Make the second pass through the config files always run when hostname canonicalisation is enabled.
Add a "Match canonical" criteria that allows ssh_config Match blocks to trigger only in the second config pass.
Add a -G option to ssh that causes it to parse its configuration and dump the result to stdout, similar to "sshd -T"
Allow ssh_config Port options set in the second config parse phase to be applied (they were being ignored).
bz#2267 bz#2286; ok markus
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.42 |
|
29-Apr-2014 |
markus |
make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
|
#
1.41 |
|
19-Apr-2014 |
tedu |
Delete futile calls to RAND_seed. ok djm
|
#
1.40 |
|
01-Apr-2014 |
djm |
include fingerprint of key not found use arc4random_buf() instead of loop+arc4random()
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.39 |
|
06-Dec-2013 |
markus |
support ed25519 keys (hostkeys and user identities) using the public domain ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html feedback, help & ok djm@
|
#
1.38 |
|
14-Oct-2013 |
djm |
add a "Match" keyword to ssh_config that allows matching on hostname, user and result of arbitrary commands. "nice work" markus@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.37 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.36 |
|
16-Feb-2011 |
djm |
make hostbased auth with ECDSA keys work correctly. Based on patch by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock)
|
#
1.35 |
|
31-Aug-2010 |
djm |
reintroduce commit from tedu@, which I pulled out for release engineering:
OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
|
#
1.34 |
|
16-Aug-2010 |
djm |
backout previous temporarily; discussed with deraadt@
|
#
1.33 |
|
12-Aug-2010 |
tedu |
OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.32 |
|
04-Aug-2010 |
djm |
clean for -Wuninitialized
|
#
1.31 |
|
04-Aug-2010 |
djm |
enable certificates for hostbased authentication, from Iain Morgan; "looks ok" markus@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.30 |
|
13-Jan-2010 |
dtucker |
Make HostBased authentication work with a ProxyCommand. bz #1569, patch from imorgan at nas nasa gov, ok djm@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.29 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.28 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.27 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.26 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.25 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.24 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.23 |
|
02-Apr-2006 |
dtucker |
sessionid can be 32 bytes now too when sha256 kex is used; ok djm@
|
#
1.22 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.21 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.20 |
|
08-Feb-2006 |
stevesk |
branches: 1.20.2; move #include <paths.h> out of includes.h; ok markus@
|
#
1.19 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE
|
#
1.18 |
|
23-Aug-2004 |
dtucker |
branches: 1.18.4; 1.18.6; Remove duplicate getuid(), suggested by & ok markus@
|
#
1.17 |
|
23-Aug-2004 |
dtucker |
Use permanently_set_uid() in ssh and ssh-keysign for consistency, matches change in Portable; ok markus@
|
#
1.16 |
|
18-Apr-2004 |
djm |
perform strict ownership and modes checks for ~/.ssh/config files, as these can be used to execute arbitrary programs; ok markus@
NB. ssh will now exit when it detects a config with poor permissions
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.15 |
|
19-Jan-2004 |
markus |
branches: 1.15.2; fix mem leaks; some fixes from Pete Flugstad; tested dtucker@
|
#
1.14 |
|
17-Nov-2003 |
djm |
return error on msg send/receive failure (rather than fatal); ok markus@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.13 |
|
03-Jul-2003 |
djm |
branches: 1.13.2; fix AddressFamily option in config file, from brent@graveland.net; ok markus@
|
#
1.12 |
|
16-May-2003 |
djm |
add AddressFamily option to ssh_config (like -4, -6 on commandline). Portable bug #534; ok markus@
|
#
1.11 |
|
02-Apr-2003 |
markus |
potential segfault if KEY_UNSPEC; cjwatson@debian.org; bug #526
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.10 |
|
13-Mar-2003 |
markus |
branches: 1.10.2; move RSA_blinding_on to generic key load method
|
#
1.9 |
|
19-Dec-2002 |
djm |
s/msg_send/ssh_msg_send/ to avoid namespace clashes in portable; ok markus@
|
#
1.8 |
|
07-Nov-2002 |
markus |
we cannot use HostbasedAuthentication for enabling ssh-keysign(8), because HostbasedAuthentication might be enabled based on the target host and ssh-keysign(8) does not know the remote hostname and not trust ssh(1) about the hostname, so we add a new option EnableSSHKeysign; ok djm@, report from zierke@informatik.uni-hamburg.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.7 |
|
03-Jul-2002 |
markus |
branches: 1.7.2; re-enable ssh-keysign's sbit, but make ssh-keysign read /etc/ssh/ssh_config and exit if HostbasedAuthentication is disabled globally. based on discussions with deraadt, itojun and sommerfeld; ok itojun@
|
#
1.6 |
|
03-Jul-2002 |
markus |
use RSA_blinding_on() for rsa hostkeys (suggested by Bill Sommerfeld) in order to avoid a possible Kocher timing attack pointed out by Charles Hannum; ok provos@
|
#
1.5 |
|
26-Jun-2002 |
markus |
bug #304, xfree(data) called to early; openssh@sigint.cs.purdue.edu
|
#
1.4 |
|
19-Jun-2002 |
deraadt |
branches: 1.4.2; 1.4.4; KNF done automatically while reading....
|
#
1.3 |
|
08-Jun-2002 |
markus |
only accept 20 byte session ids
|
#
1.2 |
|
31-May-2002 |
markus |
extent ssh-keysign protocol: pass # of socket-fd to ssh-keysign, keysign verfies locally used ip-address using this socket-fd, restricts fake local hostnames to actual local hostnames; ok stevesk@
|
#
1.1 |
|
23-May-2002 |
markus |
add /usr/libexec/ssh-keysign: a setuid helper program for hostbased authentication in protocol v2 (needs to access the hostkeys).
|
#
1.63 |
|
18-Nov-2019 |
naddy |
additional missing stdarg.h includes when built without WITH_OPENSSL; ok djm@
|
#
1.62 |
|
31-Oct-2019 |
djm |
Refactor signing - use sshkey_sign for everything, including the new U2F signatures.
Don't use sshsk_ecdsa_sign() directly, instead make it reachable via sshkey_sign() like all other signature operations. This means that we need to add a provider argument to sshkey_sign(), so most of this change is mechanically adding that.
Suggested by / ok markus@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.61 |
|
02-Oct-2019 |
djm |
remove some duplicate #includes
|
#
1.60 |
|
06-Sep-2019 |
djm |
fixes for !WITH_OPENSSL compilation; ok dtucker@
|
#
1.59 |
|
06-Sep-2019 |
djm |
lots of things were relying on libcrypto headers to transitively include various system headers (mostly stdlib.h); include them explicitly
|
#
1.58 |
|
14-Jun-2019 |
djm |
if passed a bad fd, log what it was
|
#
1.57 |
|
06-Jun-2019 |
otto |
Replace calls to ssh_malloc_init() by a static init of malloc_options. Prepares for changes in the way malloc is initialized. ok guenther@ dtucker@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.56 |
|
23-Nov-2018 |
djm |
add a ssh_config "Match final" predicate
Matches in same pass as "Match canonical" but doesn't require hostname canonicalisation be enabled. bz#2906 ok markus
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.55 |
|
27-Jul-2018 |
dtucker |
Now that ssh can't be setuid, remove the original_real_uid and original_effective_uid globals and replace with calls to plain getuid(). ok djm@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.54 |
|
23-Feb-2018 |
markus |
Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@
|
#
1.53 |
|
07-Feb-2018 |
dtucker |
ssh_free checks for and handles NULL args, remove NULL checks from remaining callers. ok djm@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.52 |
|
15-Feb-2016 |
dtucker |
Add a function to enable security-related malloc_options. With and ok deraadt@, something similar has been in the snaps for a while.
|
#
1.51 |
|
04-Dec-2015 |
markus |
implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt; with & ok djm@
|
#
1.50 |
|
29-Nov-2015 |
djm |
pledge, better fatal() messages; feedback deraadt@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.49 |
|
03-Jul-2015 |
djm |
add an XXX reminder for getting correct key paths from sshd_config
|
#
1.48 |
|
24-Mar-2015 |
markus |
consistent check for NULL as noted by Nicholas Lemonias; ok djm@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.47 |
|
28-Jan-2015 |
djm |
update to new API (key_fingerprint => sshkey_fingerprint) check sshkey_fingerprint return values; ok markus
|
#
1.46 |
|
15-Jan-2015 |
djm |
sync ssh-keysign, ssh-keygen and some dependencies to the new buffer/key API; mostly mechanical, ok markus@
|
#
1.45 |
|
08-Jan-2015 |
djm |
deprecate key_load_private_pem() and sshkey_load_private_pem() interfaces. Refactor the generic key loading API to not require pathnames to be specified (they weren't really used).
Fixes a few other things en passant:
Makes ed25519 keys work for hostbased authentication (ssh-keysign previously used the PEM-only routines).
Fixes key comment regression bz#2306: key pathnames were being lost as comment fields.
ok markus@
|
#
1.44 |
|
21-Dec-2014 |
djm |
Add FingerprintHash option to control algorithm used for key fingerprints. Default changes from MD5 to SHA256 and format from hex to base64.
Feedback and ok naddy@ markus@
|
#
1.43 |
|
08-Oct-2014 |
djm |
Tweak config reparsing with host canonicalisation
Make the second pass through the config files always run when hostname canonicalisation is enabled.
Add a "Match canonical" criteria that allows ssh_config Match blocks to trigger only in the second config pass.
Add a -G option to ssh that causes it to parse its configuration and dump the result to stdout, similar to "sshd -T"
Allow ssh_config Port options set in the second config parse phase to be applied (they were being ignored).
bz#2267 bz#2286; ok markus
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.42 |
|
29-Apr-2014 |
markus |
make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
|
#
1.41 |
|
19-Apr-2014 |
tedu |
Delete futile calls to RAND_seed. ok djm
|
#
1.40 |
|
01-Apr-2014 |
djm |
include fingerprint of key not found use arc4random_buf() instead of loop+arc4random()
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.39 |
|
06-Dec-2013 |
markus |
support ed25519 keys (hostkeys and user identities) using the public domain ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html feedback, help & ok djm@
|
#
1.38 |
|
14-Oct-2013 |
djm |
add a "Match" keyword to ssh_config that allows matching on hostname, user and result of arbitrary commands. "nice work" markus@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.37 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.36 |
|
16-Feb-2011 |
djm |
make hostbased auth with ECDSA keys work correctly. Based on patch by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock)
|
#
1.35 |
|
31-Aug-2010 |
djm |
reintroduce commit from tedu@, which I pulled out for release engineering:
OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
|
#
1.34 |
|
16-Aug-2010 |
djm |
backout previous temporarily; discussed with deraadt@
|
#
1.33 |
|
12-Aug-2010 |
tedu |
OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.32 |
|
04-Aug-2010 |
djm |
clean for -Wuninitialized
|
#
1.31 |
|
04-Aug-2010 |
djm |
enable certificates for hostbased authentication, from Iain Morgan; "looks ok" markus@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.30 |
|
13-Jan-2010 |
dtucker |
Make HostBased authentication work with a ProxyCommand. bz #1569, patch from imorgan at nas nasa gov, ok djm@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.29 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.28 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.27 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.26 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.25 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.24 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.23 |
|
02-Apr-2006 |
dtucker |
sessionid can be 32 bytes now too when sha256 kex is used; ok djm@
|
#
1.22 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.21 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.20 |
|
08-Feb-2006 |
stevesk |
branches: 1.20.2; move #include <paths.h> out of includes.h; ok markus@
|
#
1.19 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE
|
#
1.18 |
|
23-Aug-2004 |
dtucker |
branches: 1.18.4; 1.18.6; Remove duplicate getuid(), suggested by & ok markus@
|
#
1.17 |
|
23-Aug-2004 |
dtucker |
Use permanently_set_uid() in ssh and ssh-keysign for consistency, matches change in Portable; ok markus@
|
#
1.16 |
|
18-Apr-2004 |
djm |
perform strict ownership and modes checks for ~/.ssh/config files, as these can be used to execute arbitrary programs; ok markus@
NB. ssh will now exit when it detects a config with poor permissions
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.15 |
|
19-Jan-2004 |
markus |
branches: 1.15.2; fix mem leaks; some fixes from Pete Flugstad; tested dtucker@
|
#
1.14 |
|
17-Nov-2003 |
djm |
return error on msg send/receive failure (rather than fatal); ok markus@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.13 |
|
03-Jul-2003 |
djm |
branches: 1.13.2; fix AddressFamily option in config file, from brent@graveland.net; ok markus@
|
#
1.12 |
|
16-May-2003 |
djm |
add AddressFamily option to ssh_config (like -4, -6 on commandline). Portable bug #534; ok markus@
|
#
1.11 |
|
02-Apr-2003 |
markus |
potential segfault if KEY_UNSPEC; cjwatson@debian.org; bug #526
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.10 |
|
13-Mar-2003 |
markus |
branches: 1.10.2; move RSA_blinding_on to generic key load method
|
#
1.9 |
|
19-Dec-2002 |
djm |
s/msg_send/ssh_msg_send/ to avoid namespace clashes in portable; ok markus@
|
#
1.8 |
|
07-Nov-2002 |
markus |
we cannot use HostbasedAuthentication for enabling ssh-keysign(8), because HostbasedAuthentication might be enabled based on the target host and ssh-keysign(8) does not know the remote hostname and not trust ssh(1) about the hostname, so we add a new option EnableSSHKeysign; ok djm@, report from zierke@informatik.uni-hamburg.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.7 |
|
03-Jul-2002 |
markus |
branches: 1.7.2; re-enable ssh-keysign's sbit, but make ssh-keysign read /etc/ssh/ssh_config and exit if HostbasedAuthentication is disabled globally. based on discussions with deraadt, itojun and sommerfeld; ok itojun@
|
#
1.6 |
|
03-Jul-2002 |
markus |
use RSA_blinding_on() for rsa hostkeys (suggested by Bill Sommerfeld) in order to avoid a possible Kocher timing attack pointed out by Charles Hannum; ok provos@
|
#
1.5 |
|
26-Jun-2002 |
markus |
bug #304, xfree(data) called to early; openssh@sigint.cs.purdue.edu
|
#
1.4 |
|
19-Jun-2002 |
deraadt |
branches: 1.4.2; 1.4.4; KNF done automatically while reading....
|
#
1.3 |
|
08-Jun-2002 |
markus |
only accept 20 byte session ids
|
#
1.2 |
|
31-May-2002 |
markus |
extent ssh-keysign protocol: pass # of socket-fd to ssh-keysign, keysign verfies locally used ip-address using this socket-fd, restricts fake local hostnames to actual local hostnames; ok stevesk@
|
#
1.1 |
|
23-May-2002 |
markus |
add /usr/libexec/ssh-keysign: a setuid helper program for hostbased authentication in protocol v2 (needs to access the hostkeys).
|
#
1.62 |
|
31-Oct-2019 |
djm |
Refactor signing - use sshkey_sign for everything, including the new U2F signatures.
Don't use sshsk_ecdsa_sign() directly, instead make it reachable via sshkey_sign() like all other signature operations. This means that we need to add a provider argument to sshkey_sign(), so most of this change is mechanically adding that.
Suggested by / ok markus@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.61 |
|
02-Oct-2019 |
djm |
remove some duplicate #includes
|
#
1.60 |
|
06-Sep-2019 |
djm |
fixes for !WITH_OPENSSL compilation; ok dtucker@
|
#
1.59 |
|
06-Sep-2019 |
djm |
lots of things were relying on libcrypto headers to transitively include various system headers (mostly stdlib.h); include them explicitly
|
#
1.58 |
|
14-Jun-2019 |
djm |
if passed a bad fd, log what it was
|
#
1.57 |
|
06-Jun-2019 |
otto |
Replace calls to ssh_malloc_init() by a static init of malloc_options. Prepares for changes in the way malloc is initialized. ok guenther@ dtucker@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.56 |
|
23-Nov-2018 |
djm |
add a ssh_config "Match final" predicate
Matches in same pass as "Match canonical" but doesn't require hostname canonicalisation be enabled. bz#2906 ok markus
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.55 |
|
27-Jul-2018 |
dtucker |
Now that ssh can't be setuid, remove the original_real_uid and original_effective_uid globals and replace with calls to plain getuid(). ok djm@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.54 |
|
23-Feb-2018 |
markus |
Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@
|
#
1.53 |
|
07-Feb-2018 |
dtucker |
ssh_free checks for and handles NULL args, remove NULL checks from remaining callers. ok djm@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.52 |
|
15-Feb-2016 |
dtucker |
Add a function to enable security-related malloc_options. With and ok deraadt@, something similar has been in the snaps for a while.
|
#
1.51 |
|
04-Dec-2015 |
markus |
implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt; with & ok djm@
|
#
1.50 |
|
29-Nov-2015 |
djm |
pledge, better fatal() messages; feedback deraadt@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.49 |
|
03-Jul-2015 |
djm |
add an XXX reminder for getting correct key paths from sshd_config
|
#
1.48 |
|
24-Mar-2015 |
markus |
consistent check for NULL as noted by Nicholas Lemonias; ok djm@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.47 |
|
28-Jan-2015 |
djm |
update to new API (key_fingerprint => sshkey_fingerprint) check sshkey_fingerprint return values; ok markus
|
#
1.46 |
|
15-Jan-2015 |
djm |
sync ssh-keysign, ssh-keygen and some dependencies to the new buffer/key API; mostly mechanical, ok markus@
|
#
1.45 |
|
08-Jan-2015 |
djm |
deprecate key_load_private_pem() and sshkey_load_private_pem() interfaces. Refactor the generic key loading API to not require pathnames to be specified (they weren't really used).
Fixes a few other things en passant:
Makes ed25519 keys work for hostbased authentication (ssh-keysign previously used the PEM-only routines).
Fixes key comment regression bz#2306: key pathnames were being lost as comment fields.
ok markus@
|
#
1.44 |
|
21-Dec-2014 |
djm |
Add FingerprintHash option to control algorithm used for key fingerprints. Default changes from MD5 to SHA256 and format from hex to base64.
Feedback and ok naddy@ markus@
|
#
1.43 |
|
08-Oct-2014 |
djm |
Tweak config reparsing with host canonicalisation
Make the second pass through the config files always run when hostname canonicalisation is enabled.
Add a "Match canonical" criteria that allows ssh_config Match blocks to trigger only in the second config pass.
Add a -G option to ssh that causes it to parse its configuration and dump the result to stdout, similar to "sshd -T"
Allow ssh_config Port options set in the second config parse phase to be applied (they were being ignored).
bz#2267 bz#2286; ok markus
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.42 |
|
29-Apr-2014 |
markus |
make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
|
#
1.41 |
|
19-Apr-2014 |
tedu |
Delete futile calls to RAND_seed. ok djm
|
#
1.40 |
|
01-Apr-2014 |
djm |
include fingerprint of key not found use arc4random_buf() instead of loop+arc4random()
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.39 |
|
06-Dec-2013 |
markus |
support ed25519 keys (hostkeys and user identities) using the public domain ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html feedback, help & ok djm@
|
#
1.38 |
|
14-Oct-2013 |
djm |
add a "Match" keyword to ssh_config that allows matching on hostname, user and result of arbitrary commands. "nice work" markus@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.37 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.36 |
|
16-Feb-2011 |
djm |
make hostbased auth with ECDSA keys work correctly. Based on patch by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock)
|
#
1.35 |
|
31-Aug-2010 |
djm |
reintroduce commit from tedu@, which I pulled out for release engineering:
OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
|
#
1.34 |
|
16-Aug-2010 |
djm |
backout previous temporarily; discussed with deraadt@
|
#
1.33 |
|
12-Aug-2010 |
tedu |
OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.32 |
|
04-Aug-2010 |
djm |
clean for -Wuninitialized
|
#
1.31 |
|
04-Aug-2010 |
djm |
enable certificates for hostbased authentication, from Iain Morgan; "looks ok" markus@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.30 |
|
13-Jan-2010 |
dtucker |
Make HostBased authentication work with a ProxyCommand. bz #1569, patch from imorgan at nas nasa gov, ok djm@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.29 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.28 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.27 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.26 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.25 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.24 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.23 |
|
02-Apr-2006 |
dtucker |
sessionid can be 32 bytes now too when sha256 kex is used; ok djm@
|
#
1.22 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.21 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.20 |
|
08-Feb-2006 |
stevesk |
branches: 1.20.2; move #include <paths.h> out of includes.h; ok markus@
|
#
1.19 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE
|
#
1.18 |
|
23-Aug-2004 |
dtucker |
branches: 1.18.4; 1.18.6; Remove duplicate getuid(), suggested by & ok markus@
|
#
1.17 |
|
23-Aug-2004 |
dtucker |
Use permanently_set_uid() in ssh and ssh-keysign for consistency, matches change in Portable; ok markus@
|
#
1.16 |
|
18-Apr-2004 |
djm |
perform strict ownership and modes checks for ~/.ssh/config files, as these can be used to execute arbitrary programs; ok markus@
NB. ssh will now exit when it detects a config with poor permissions
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.15 |
|
19-Jan-2004 |
markus |
branches: 1.15.2; fix mem leaks; some fixes from Pete Flugstad; tested dtucker@
|
#
1.14 |
|
17-Nov-2003 |
djm |
return error on msg send/receive failure (rather than fatal); ok markus@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.13 |
|
03-Jul-2003 |
djm |
branches: 1.13.2; fix AddressFamily option in config file, from brent@graveland.net; ok markus@
|
#
1.12 |
|
16-May-2003 |
djm |
add AddressFamily option to ssh_config (like -4, -6 on commandline). Portable bug #534; ok markus@
|
#
1.11 |
|
02-Apr-2003 |
markus |
potential segfault if KEY_UNSPEC; cjwatson@debian.org; bug #526
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.10 |
|
13-Mar-2003 |
markus |
branches: 1.10.2; move RSA_blinding_on to generic key load method
|
#
1.9 |
|
19-Dec-2002 |
djm |
s/msg_send/ssh_msg_send/ to avoid namespace clashes in portable; ok markus@
|
#
1.8 |
|
07-Nov-2002 |
markus |
we cannot use HostbasedAuthentication for enabling ssh-keysign(8), because HostbasedAuthentication might be enabled based on the target host and ssh-keysign(8) does not know the remote hostname and not trust ssh(1) about the hostname, so we add a new option EnableSSHKeysign; ok djm@, report from zierke@informatik.uni-hamburg.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.7 |
|
03-Jul-2002 |
markus |
branches: 1.7.2; re-enable ssh-keysign's sbit, but make ssh-keysign read /etc/ssh/ssh_config and exit if HostbasedAuthentication is disabled globally. based on discussions with deraadt, itojun and sommerfeld; ok itojun@
|
#
1.6 |
|
03-Jul-2002 |
markus |
use RSA_blinding_on() for rsa hostkeys (suggested by Bill Sommerfeld) in order to avoid a possible Kocher timing attack pointed out by Charles Hannum; ok provos@
|
#
1.5 |
|
26-Jun-2002 |
markus |
bug #304, xfree(data) called to early; openssh@sigint.cs.purdue.edu
|
#
1.4 |
|
19-Jun-2002 |
deraadt |
branches: 1.4.2; 1.4.4; KNF done automatically while reading....
|
#
1.3 |
|
08-Jun-2002 |
markus |
only accept 20 byte session ids
|
#
1.2 |
|
31-May-2002 |
markus |
extent ssh-keysign protocol: pass # of socket-fd to ssh-keysign, keysign verfies locally used ip-address using this socket-fd, restricts fake local hostnames to actual local hostnames; ok stevesk@
|
#
1.1 |
|
23-May-2002 |
markus |
add /usr/libexec/ssh-keysign: a setuid helper program for hostbased authentication in protocol v2 (needs to access the hostkeys).
|
#
1.61 |
|
02-Oct-2019 |
djm |
remove some duplicate #includes
|
#
1.60 |
|
06-Sep-2019 |
djm |
fixes for !WITH_OPENSSL compilation; ok dtucker@
|
#
1.59 |
|
06-Sep-2019 |
djm |
lots of things were relying on libcrypto headers to transitively include various system headers (mostly stdlib.h); include them explicitly
|
#
1.58 |
|
14-Jun-2019 |
djm |
if passed a bad fd, log what it was
|
#
1.57 |
|
06-Jun-2019 |
otto |
Replace calls to ssh_malloc_init() by a static init of malloc_options. Prepares for changes in the way malloc is initialized. ok guenther@ dtucker@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.56 |
|
23-Nov-2018 |
djm |
add a ssh_config "Match final" predicate
Matches in same pass as "Match canonical" but doesn't require hostname canonicalisation be enabled. bz#2906 ok markus
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.55 |
|
27-Jul-2018 |
dtucker |
Now that ssh can't be setuid, remove the original_real_uid and original_effective_uid globals and replace with calls to plain getuid(). ok djm@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.54 |
|
23-Feb-2018 |
markus |
Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@
|
#
1.53 |
|
07-Feb-2018 |
dtucker |
ssh_free checks for and handles NULL args, remove NULL checks from remaining callers. ok djm@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.52 |
|
15-Feb-2016 |
dtucker |
Add a function to enable security-related malloc_options. With and ok deraadt@, something similar has been in the snaps for a while.
|
#
1.51 |
|
04-Dec-2015 |
markus |
implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt; with & ok djm@
|
#
1.50 |
|
29-Nov-2015 |
djm |
pledge, better fatal() messages; feedback deraadt@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.49 |
|
03-Jul-2015 |
djm |
add an XXX reminder for getting correct key paths from sshd_config
|
#
1.48 |
|
24-Mar-2015 |
markus |
consistent check for NULL as noted by Nicholas Lemonias; ok djm@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.47 |
|
28-Jan-2015 |
djm |
update to new API (key_fingerprint => sshkey_fingerprint) check sshkey_fingerprint return values; ok markus
|
#
1.46 |
|
15-Jan-2015 |
djm |
sync ssh-keysign, ssh-keygen and some dependencies to the new buffer/key API; mostly mechanical, ok markus@
|
#
1.45 |
|
08-Jan-2015 |
djm |
deprecate key_load_private_pem() and sshkey_load_private_pem() interfaces. Refactor the generic key loading API to not require pathnames to be specified (they weren't really used).
Fixes a few other things en passant:
Makes ed25519 keys work for hostbased authentication (ssh-keysign previously used the PEM-only routines).
Fixes key comment regression bz#2306: key pathnames were being lost as comment fields.
ok markus@
|
#
1.44 |
|
21-Dec-2014 |
djm |
Add FingerprintHash option to control algorithm used for key fingerprints. Default changes from MD5 to SHA256 and format from hex to base64.
Feedback and ok naddy@ markus@
|
#
1.43 |
|
08-Oct-2014 |
djm |
Tweak config reparsing with host canonicalisation
Make the second pass through the config files always run when hostname canonicalisation is enabled.
Add a "Match canonical" criteria that allows ssh_config Match blocks to trigger only in the second config pass.
Add a -G option to ssh that causes it to parse its configuration and dump the result to stdout, similar to "sshd -T"
Allow ssh_config Port options set in the second config parse phase to be applied (they were being ignored).
bz#2267 bz#2286; ok markus
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.42 |
|
29-Apr-2014 |
markus |
make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
|
#
1.41 |
|
19-Apr-2014 |
tedu |
Delete futile calls to RAND_seed. ok djm
|
#
1.40 |
|
01-Apr-2014 |
djm |
include fingerprint of key not found use arc4random_buf() instead of loop+arc4random()
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.39 |
|
06-Dec-2013 |
markus |
support ed25519 keys (hostkeys and user identities) using the public domain ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html feedback, help & ok djm@
|
#
1.38 |
|
14-Oct-2013 |
djm |
add a "Match" keyword to ssh_config that allows matching on hostname, user and result of arbitrary commands. "nice work" markus@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.37 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.36 |
|
16-Feb-2011 |
djm |
make hostbased auth with ECDSA keys work correctly. Based on patch by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock)
|
#
1.35 |
|
31-Aug-2010 |
djm |
reintroduce commit from tedu@, which I pulled out for release engineering:
OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
|
#
1.34 |
|
16-Aug-2010 |
djm |
backout previous temporarily; discussed with deraadt@
|
#
1.33 |
|
12-Aug-2010 |
tedu |
OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.32 |
|
04-Aug-2010 |
djm |
clean for -Wuninitialized
|
#
1.31 |
|
04-Aug-2010 |
djm |
enable certificates for hostbased authentication, from Iain Morgan; "looks ok" markus@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.30 |
|
13-Jan-2010 |
dtucker |
Make HostBased authentication work with a ProxyCommand. bz #1569, patch from imorgan at nas nasa gov, ok djm@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.29 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.28 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.27 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.26 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.25 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.24 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.23 |
|
02-Apr-2006 |
dtucker |
sessionid can be 32 bytes now too when sha256 kex is used; ok djm@
|
#
1.22 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.21 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.20 |
|
08-Feb-2006 |
stevesk |
branches: 1.20.2; move #include <paths.h> out of includes.h; ok markus@
|
#
1.19 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE
|
#
1.18 |
|
23-Aug-2004 |
dtucker |
branches: 1.18.4; 1.18.6; Remove duplicate getuid(), suggested by & ok markus@
|
#
1.17 |
|
23-Aug-2004 |
dtucker |
Use permanently_set_uid() in ssh and ssh-keysign for consistency, matches change in Portable; ok markus@
|
#
1.16 |
|
18-Apr-2004 |
djm |
perform strict ownership and modes checks for ~/.ssh/config files, as these can be used to execute arbitrary programs; ok markus@
NB. ssh will now exit when it detects a config with poor permissions
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.15 |
|
19-Jan-2004 |
markus |
branches: 1.15.2; fix mem leaks; some fixes from Pete Flugstad; tested dtucker@
|
#
1.14 |
|
17-Nov-2003 |
djm |
return error on msg send/receive failure (rather than fatal); ok markus@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.13 |
|
03-Jul-2003 |
djm |
branches: 1.13.2; fix AddressFamily option in config file, from brent@graveland.net; ok markus@
|
#
1.12 |
|
16-May-2003 |
djm |
add AddressFamily option to ssh_config (like -4, -6 on commandline). Portable bug #534; ok markus@
|
#
1.11 |
|
02-Apr-2003 |
markus |
potential segfault if KEY_UNSPEC; cjwatson@debian.org; bug #526
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.10 |
|
13-Mar-2003 |
markus |
branches: 1.10.2; move RSA_blinding_on to generic key load method
|
#
1.9 |
|
19-Dec-2002 |
djm |
s/msg_send/ssh_msg_send/ to avoid namespace clashes in portable; ok markus@
|
#
1.8 |
|
07-Nov-2002 |
markus |
we cannot use HostbasedAuthentication for enabling ssh-keysign(8), because HostbasedAuthentication might be enabled based on the target host and ssh-keysign(8) does not know the remote hostname and not trust ssh(1) about the hostname, so we add a new option EnableSSHKeysign; ok djm@, report from zierke@informatik.uni-hamburg.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.7 |
|
03-Jul-2002 |
markus |
branches: 1.7.2; re-enable ssh-keysign's sbit, but make ssh-keysign read /etc/ssh/ssh_config and exit if HostbasedAuthentication is disabled globally. based on discussions with deraadt, itojun and sommerfeld; ok itojun@
|
#
1.6 |
|
03-Jul-2002 |
markus |
use RSA_blinding_on() for rsa hostkeys (suggested by Bill Sommerfeld) in order to avoid a possible Kocher timing attack pointed out by Charles Hannum; ok provos@
|
#
1.5 |
|
26-Jun-2002 |
markus |
bug #304, xfree(data) called to early; openssh@sigint.cs.purdue.edu
|
#
1.4 |
|
19-Jun-2002 |
deraadt |
branches: 1.4.2; 1.4.4; KNF done automatically while reading....
|
#
1.3 |
|
08-Jun-2002 |
markus |
only accept 20 byte session ids
|
#
1.2 |
|
31-May-2002 |
markus |
extent ssh-keysign protocol: pass # of socket-fd to ssh-keysign, keysign verfies locally used ip-address using this socket-fd, restricts fake local hostnames to actual local hostnames; ok stevesk@
|
#
1.1 |
|
23-May-2002 |
markus |
add /usr/libexec/ssh-keysign: a setuid helper program for hostbased authentication in protocol v2 (needs to access the hostkeys).
|
#
1.60 |
|
06-Sep-2019 |
djm |
fixes for !WITH_OPENSSL compilation; ok dtucker@
|
#
1.59 |
|
06-Sep-2019 |
djm |
lots of things were relying on libcrypto headers to transitively include various system headers (mostly stdlib.h); include them explicitly
|
#
1.58 |
|
14-Jun-2019 |
djm |
if passed a bad fd, log what it was
|
#
1.57 |
|
06-Jun-2019 |
otto |
Replace calls to ssh_malloc_init() by a static init of malloc_options. Prepares for changes in the way malloc is initialized. ok guenther@ dtucker@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.56 |
|
23-Nov-2018 |
djm |
add a ssh_config "Match final" predicate
Matches in same pass as "Match canonical" but doesn't require hostname canonicalisation be enabled. bz#2906 ok markus
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.55 |
|
27-Jul-2018 |
dtucker |
Now that ssh can't be setuid, remove the original_real_uid and original_effective_uid globals and replace with calls to plain getuid(). ok djm@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.54 |
|
23-Feb-2018 |
markus |
Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@
|
#
1.53 |
|
07-Feb-2018 |
dtucker |
ssh_free checks for and handles NULL args, remove NULL checks from remaining callers. ok djm@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.52 |
|
15-Feb-2016 |
dtucker |
Add a function to enable security-related malloc_options. With and ok deraadt@, something similar has been in the snaps for a while.
|
#
1.51 |
|
04-Dec-2015 |
markus |
implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt; with & ok djm@
|
#
1.50 |
|
29-Nov-2015 |
djm |
pledge, better fatal() messages; feedback deraadt@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.49 |
|
03-Jul-2015 |
djm |
add an XXX reminder for getting correct key paths from sshd_config
|
#
1.48 |
|
24-Mar-2015 |
markus |
consistent check for NULL as noted by Nicholas Lemonias; ok djm@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.47 |
|
28-Jan-2015 |
djm |
update to new API (key_fingerprint => sshkey_fingerprint) check sshkey_fingerprint return values; ok markus
|
#
1.46 |
|
15-Jan-2015 |
djm |
sync ssh-keysign, ssh-keygen and some dependencies to the new buffer/key API; mostly mechanical, ok markus@
|
#
1.45 |
|
08-Jan-2015 |
djm |
deprecate key_load_private_pem() and sshkey_load_private_pem() interfaces. Refactor the generic key loading API to not require pathnames to be specified (they weren't really used).
Fixes a few other things en passant:
Makes ed25519 keys work for hostbased authentication (ssh-keysign previously used the PEM-only routines).
Fixes key comment regression bz#2306: key pathnames were being lost as comment fields.
ok markus@
|
#
1.44 |
|
21-Dec-2014 |
djm |
Add FingerprintHash option to control algorithm used for key fingerprints. Default changes from MD5 to SHA256 and format from hex to base64.
Feedback and ok naddy@ markus@
|
#
1.43 |
|
08-Oct-2014 |
djm |
Tweak config reparsing with host canonicalisation
Make the second pass through the config files always run when hostname canonicalisation is enabled.
Add a "Match canonical" criteria that allows ssh_config Match blocks to trigger only in the second config pass.
Add a -G option to ssh that causes it to parse its configuration and dump the result to stdout, similar to "sshd -T"
Allow ssh_config Port options set in the second config parse phase to be applied (they were being ignored).
bz#2267 bz#2286; ok markus
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.42 |
|
29-Apr-2014 |
markus |
make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
|
#
1.41 |
|
19-Apr-2014 |
tedu |
Delete futile calls to RAND_seed. ok djm
|
#
1.40 |
|
01-Apr-2014 |
djm |
include fingerprint of key not found use arc4random_buf() instead of loop+arc4random()
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.39 |
|
06-Dec-2013 |
markus |
support ed25519 keys (hostkeys and user identities) using the public domain ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html feedback, help & ok djm@
|
#
1.38 |
|
14-Oct-2013 |
djm |
add a "Match" keyword to ssh_config that allows matching on hostname, user and result of arbitrary commands. "nice work" markus@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.37 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.36 |
|
16-Feb-2011 |
djm |
make hostbased auth with ECDSA keys work correctly. Based on patch by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock)
|
#
1.35 |
|
31-Aug-2010 |
djm |
reintroduce commit from tedu@, which I pulled out for release engineering:
OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
|
#
1.34 |
|
16-Aug-2010 |
djm |
backout previous temporarily; discussed with deraadt@
|
#
1.33 |
|
12-Aug-2010 |
tedu |
OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.32 |
|
04-Aug-2010 |
djm |
clean for -Wuninitialized
|
#
1.31 |
|
04-Aug-2010 |
djm |
enable certificates for hostbased authentication, from Iain Morgan; "looks ok" markus@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.30 |
|
13-Jan-2010 |
dtucker |
Make HostBased authentication work with a ProxyCommand. bz #1569, patch from imorgan at nas nasa gov, ok djm@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.29 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.28 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.27 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.26 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.25 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.24 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.23 |
|
02-Apr-2006 |
dtucker |
sessionid can be 32 bytes now too when sha256 kex is used; ok djm@
|
#
1.22 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.21 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.20 |
|
08-Feb-2006 |
stevesk |
branches: 1.20.2; move #include <paths.h> out of includes.h; ok markus@
|
#
1.19 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE
|
#
1.18 |
|
23-Aug-2004 |
dtucker |
branches: 1.18.4; 1.18.6; Remove duplicate getuid(), suggested by & ok markus@
|
#
1.17 |
|
23-Aug-2004 |
dtucker |
Use permanently_set_uid() in ssh and ssh-keysign for consistency, matches change in Portable; ok markus@
|
#
1.16 |
|
18-Apr-2004 |
djm |
perform strict ownership and modes checks for ~/.ssh/config files, as these can be used to execute arbitrary programs; ok markus@
NB. ssh will now exit when it detects a config with poor permissions
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.15 |
|
19-Jan-2004 |
markus |
branches: 1.15.2; fix mem leaks; some fixes from Pete Flugstad; tested dtucker@
|
#
1.14 |
|
17-Nov-2003 |
djm |
return error on msg send/receive failure (rather than fatal); ok markus@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.13 |
|
03-Jul-2003 |
djm |
branches: 1.13.2; fix AddressFamily option in config file, from brent@graveland.net; ok markus@
|
#
1.12 |
|
16-May-2003 |
djm |
add AddressFamily option to ssh_config (like -4, -6 on commandline). Portable bug #534; ok markus@
|
#
1.11 |
|
02-Apr-2003 |
markus |
potential segfault if KEY_UNSPEC; cjwatson@debian.org; bug #526
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.10 |
|
13-Mar-2003 |
markus |
branches: 1.10.2; move RSA_blinding_on to generic key load method
|
#
1.9 |
|
19-Dec-2002 |
djm |
s/msg_send/ssh_msg_send/ to avoid namespace clashes in portable; ok markus@
|
#
1.8 |
|
07-Nov-2002 |
markus |
we cannot use HostbasedAuthentication for enabling ssh-keysign(8), because HostbasedAuthentication might be enabled based on the target host and ssh-keysign(8) does not know the remote hostname and not trust ssh(1) about the hostname, so we add a new option EnableSSHKeysign; ok djm@, report from zierke@informatik.uni-hamburg.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.7 |
|
03-Jul-2002 |
markus |
branches: 1.7.2; re-enable ssh-keysign's sbit, but make ssh-keysign read /etc/ssh/ssh_config and exit if HostbasedAuthentication is disabled globally. based on discussions with deraadt, itojun and sommerfeld; ok itojun@
|
#
1.6 |
|
03-Jul-2002 |
markus |
use RSA_blinding_on() for rsa hostkeys (suggested by Bill Sommerfeld) in order to avoid a possible Kocher timing attack pointed out by Charles Hannum; ok provos@
|
#
1.5 |
|
26-Jun-2002 |
markus |
bug #304, xfree(data) called to early; openssh@sigint.cs.purdue.edu
|
#
1.4 |
|
19-Jun-2002 |
deraadt |
branches: 1.4.2; 1.4.4; KNF done automatically while reading....
|
#
1.3 |
|
08-Jun-2002 |
markus |
only accept 20 byte session ids
|
#
1.2 |
|
31-May-2002 |
markus |
extent ssh-keysign protocol: pass # of socket-fd to ssh-keysign, keysign verfies locally used ip-address using this socket-fd, restricts fake local hostnames to actual local hostnames; ok stevesk@
|
#
1.1 |
|
23-May-2002 |
markus |
add /usr/libexec/ssh-keysign: a setuid helper program for hostbased authentication in protocol v2 (needs to access the hostkeys).
|
#
1.58 |
|
14-Jun-2019 |
djm |
if passed a bad fd, log what it was
|
#
1.57 |
|
06-Jun-2019 |
otto |
Replace calls to ssh_malloc_init() by a static init of malloc_options. Prepares for changes in the way malloc is initialized. ok guenther@ dtucker@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.56 |
|
23-Nov-2018 |
djm |
add a ssh_config "Match final" predicate
Matches in same pass as "Match canonical" but doesn't require hostname canonicalisation be enabled. bz#2906 ok markus
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.55 |
|
27-Jul-2018 |
dtucker |
Now that ssh can't be setuid, remove the original_real_uid and original_effective_uid globals and replace with calls to plain getuid(). ok djm@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.54 |
|
23-Feb-2018 |
markus |
Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@
|
#
1.53 |
|
07-Feb-2018 |
dtucker |
ssh_free checks for and handles NULL args, remove NULL checks from remaining callers. ok djm@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.52 |
|
15-Feb-2016 |
dtucker |
Add a function to enable security-related malloc_options. With and ok deraadt@, something similar has been in the snaps for a while.
|
#
1.51 |
|
04-Dec-2015 |
markus |
implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt; with & ok djm@
|
#
1.50 |
|
29-Nov-2015 |
djm |
pledge, better fatal() messages; feedback deraadt@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.49 |
|
03-Jul-2015 |
djm |
add an XXX reminder for getting correct key paths from sshd_config
|
#
1.48 |
|
24-Mar-2015 |
markus |
consistent check for NULL as noted by Nicholas Lemonias; ok djm@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.47 |
|
28-Jan-2015 |
djm |
update to new API (key_fingerprint => sshkey_fingerprint) check sshkey_fingerprint return values; ok markus
|
#
1.46 |
|
15-Jan-2015 |
djm |
sync ssh-keysign, ssh-keygen and some dependencies to the new buffer/key API; mostly mechanical, ok markus@
|
#
1.45 |
|
08-Jan-2015 |
djm |
deprecate key_load_private_pem() and sshkey_load_private_pem() interfaces. Refactor the generic key loading API to not require pathnames to be specified (they weren't really used).
Fixes a few other things en passant:
Makes ed25519 keys work for hostbased authentication (ssh-keysign previously used the PEM-only routines).
Fixes key comment regression bz#2306: key pathnames were being lost as comment fields.
ok markus@
|
#
1.44 |
|
21-Dec-2014 |
djm |
Add FingerprintHash option to control algorithm used for key fingerprints. Default changes from MD5 to SHA256 and format from hex to base64.
Feedback and ok naddy@ markus@
|
#
1.43 |
|
08-Oct-2014 |
djm |
Tweak config reparsing with host canonicalisation
Make the second pass through the config files always run when hostname canonicalisation is enabled.
Add a "Match canonical" criteria that allows ssh_config Match blocks to trigger only in the second config pass.
Add a -G option to ssh that causes it to parse its configuration and dump the result to stdout, similar to "sshd -T"
Allow ssh_config Port options set in the second config parse phase to be applied (they were being ignored).
bz#2267 bz#2286; ok markus
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.42 |
|
29-Apr-2014 |
markus |
make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
|
#
1.41 |
|
19-Apr-2014 |
tedu |
Delete futile calls to RAND_seed. ok djm
|
#
1.40 |
|
01-Apr-2014 |
djm |
include fingerprint of key not found use arc4random_buf() instead of loop+arc4random()
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.39 |
|
06-Dec-2013 |
markus |
support ed25519 keys (hostkeys and user identities) using the public domain ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html feedback, help & ok djm@
|
#
1.38 |
|
14-Oct-2013 |
djm |
add a "Match" keyword to ssh_config that allows matching on hostname, user and result of arbitrary commands. "nice work" markus@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.37 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.36 |
|
16-Feb-2011 |
djm |
make hostbased auth with ECDSA keys work correctly. Based on patch by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock)
|
#
1.35 |
|
31-Aug-2010 |
djm |
reintroduce commit from tedu@, which I pulled out for release engineering:
OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
|
#
1.34 |
|
16-Aug-2010 |
djm |
backout previous temporarily; discussed with deraadt@
|
#
1.33 |
|
12-Aug-2010 |
tedu |
OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.32 |
|
04-Aug-2010 |
djm |
clean for -Wuninitialized
|
#
1.31 |
|
04-Aug-2010 |
djm |
enable certificates for hostbased authentication, from Iain Morgan; "looks ok" markus@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.30 |
|
13-Jan-2010 |
dtucker |
Make HostBased authentication work with a ProxyCommand. bz #1569, patch from imorgan at nas nasa gov, ok djm@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.29 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.28 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.27 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.26 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.25 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.24 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.23 |
|
02-Apr-2006 |
dtucker |
sessionid can be 32 bytes now too when sha256 kex is used; ok djm@
|
#
1.22 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.21 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.20 |
|
08-Feb-2006 |
stevesk |
branches: 1.20.2; move #include <paths.h> out of includes.h; ok markus@
|
#
1.19 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE
|
#
1.18 |
|
23-Aug-2004 |
dtucker |
branches: 1.18.4; 1.18.6; Remove duplicate getuid(), suggested by & ok markus@
|
#
1.17 |
|
23-Aug-2004 |
dtucker |
Use permanently_set_uid() in ssh and ssh-keysign for consistency, matches change in Portable; ok markus@
|
#
1.16 |
|
18-Apr-2004 |
djm |
perform strict ownership and modes checks for ~/.ssh/config files, as these can be used to execute arbitrary programs; ok markus@
NB. ssh will now exit when it detects a config with poor permissions
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.15 |
|
19-Jan-2004 |
markus |
branches: 1.15.2; fix mem leaks; some fixes from Pete Flugstad; tested dtucker@
|
#
1.14 |
|
17-Nov-2003 |
djm |
return error on msg send/receive failure (rather than fatal); ok markus@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.13 |
|
03-Jul-2003 |
djm |
branches: 1.13.2; fix AddressFamily option in config file, from brent@graveland.net; ok markus@
|
#
1.12 |
|
16-May-2003 |
djm |
add AddressFamily option to ssh_config (like -4, -6 on commandline). Portable bug #534; ok markus@
|
#
1.11 |
|
02-Apr-2003 |
markus |
potential segfault if KEY_UNSPEC; cjwatson@debian.org; bug #526
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.10 |
|
13-Mar-2003 |
markus |
branches: 1.10.2; move RSA_blinding_on to generic key load method
|
#
1.9 |
|
19-Dec-2002 |
djm |
s/msg_send/ssh_msg_send/ to avoid namespace clashes in portable; ok markus@
|
#
1.8 |
|
07-Nov-2002 |
markus |
we cannot use HostbasedAuthentication for enabling ssh-keysign(8), because HostbasedAuthentication might be enabled based on the target host and ssh-keysign(8) does not know the remote hostname and not trust ssh(1) about the hostname, so we add a new option EnableSSHKeysign; ok djm@, report from zierke@informatik.uni-hamburg.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.7 |
|
03-Jul-2002 |
markus |
branches: 1.7.2; re-enable ssh-keysign's sbit, but make ssh-keysign read /etc/ssh/ssh_config and exit if HostbasedAuthentication is disabled globally. based on discussions with deraadt, itojun and sommerfeld; ok itojun@
|
#
1.6 |
|
03-Jul-2002 |
markus |
use RSA_blinding_on() for rsa hostkeys (suggested by Bill Sommerfeld) in order to avoid a possible Kocher timing attack pointed out by Charles Hannum; ok provos@
|
#
1.5 |
|
26-Jun-2002 |
markus |
bug #304, xfree(data) called to early; openssh@sigint.cs.purdue.edu
|
#
1.4 |
|
19-Jun-2002 |
deraadt |
branches: 1.4.2; 1.4.4; KNF done automatically while reading....
|
#
1.3 |
|
08-Jun-2002 |
markus |
only accept 20 byte session ids
|
#
1.2 |
|
31-May-2002 |
markus |
extent ssh-keysign protocol: pass # of socket-fd to ssh-keysign, keysign verfies locally used ip-address using this socket-fd, restricts fake local hostnames to actual local hostnames; ok stevesk@
|
#
1.1 |
|
23-May-2002 |
markus |
add /usr/libexec/ssh-keysign: a setuid helper program for hostbased authentication in protocol v2 (needs to access the hostkeys).
|
#
1.57 |
|
06-Jun-2019 |
otto |
Replace calls to ssh_malloc_init() by a static init of malloc_options. Prepares for changes in the way malloc is initialized. ok guenther@ dtucker@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.56 |
|
23-Nov-2018 |
djm |
add a ssh_config "Match final" predicate
Matches in same pass as "Match canonical" but doesn't require hostname canonicalisation be enabled. bz#2906 ok markus
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.55 |
|
27-Jul-2018 |
dtucker |
Now that ssh can't be setuid, remove the original_real_uid and original_effective_uid globals and replace with calls to plain getuid(). ok djm@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.54 |
|
23-Feb-2018 |
markus |
Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@
|
#
1.53 |
|
07-Feb-2018 |
dtucker |
ssh_free checks for and handles NULL args, remove NULL checks from remaining callers. ok djm@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.52 |
|
15-Feb-2016 |
dtucker |
Add a function to enable security-related malloc_options. With and ok deraadt@, something similar has been in the snaps for a while.
|
#
1.51 |
|
04-Dec-2015 |
markus |
implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt; with & ok djm@
|
#
1.50 |
|
29-Nov-2015 |
djm |
pledge, better fatal() messages; feedback deraadt@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.49 |
|
03-Jul-2015 |
djm |
add an XXX reminder for getting correct key paths from sshd_config
|
#
1.48 |
|
24-Mar-2015 |
markus |
consistent check for NULL as noted by Nicholas Lemonias; ok djm@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.47 |
|
28-Jan-2015 |
djm |
update to new API (key_fingerprint => sshkey_fingerprint) check sshkey_fingerprint return values; ok markus
|
#
1.46 |
|
15-Jan-2015 |
djm |
sync ssh-keysign, ssh-keygen and some dependencies to the new buffer/key API; mostly mechanical, ok markus@
|
#
1.45 |
|
08-Jan-2015 |
djm |
deprecate key_load_private_pem() and sshkey_load_private_pem() interfaces. Refactor the generic key loading API to not require pathnames to be specified (they weren't really used).
Fixes a few other things en passant:
Makes ed25519 keys work for hostbased authentication (ssh-keysign previously used the PEM-only routines).
Fixes key comment regression bz#2306: key pathnames were being lost as comment fields.
ok markus@
|
#
1.44 |
|
21-Dec-2014 |
djm |
Add FingerprintHash option to control algorithm used for key fingerprints. Default changes from MD5 to SHA256 and format from hex to base64.
Feedback and ok naddy@ markus@
|
#
1.43 |
|
08-Oct-2014 |
djm |
Tweak config reparsing with host canonicalisation
Make the second pass through the config files always run when hostname canonicalisation is enabled.
Add a "Match canonical" criteria that allows ssh_config Match blocks to trigger only in the second config pass.
Add a -G option to ssh that causes it to parse its configuration and dump the result to stdout, similar to "sshd -T"
Allow ssh_config Port options set in the second config parse phase to be applied (they were being ignored).
bz#2267 bz#2286; ok markus
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.42 |
|
29-Apr-2014 |
markus |
make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
|
#
1.41 |
|
19-Apr-2014 |
tedu |
Delete futile calls to RAND_seed. ok djm
|
#
1.40 |
|
01-Apr-2014 |
djm |
include fingerprint of key not found use arc4random_buf() instead of loop+arc4random()
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.39 |
|
06-Dec-2013 |
markus |
support ed25519 keys (hostkeys and user identities) using the public domain ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html feedback, help & ok djm@
|
#
1.38 |
|
14-Oct-2013 |
djm |
add a "Match" keyword to ssh_config that allows matching on hostname, user and result of arbitrary commands. "nice work" markus@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.37 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.36 |
|
16-Feb-2011 |
djm |
make hostbased auth with ECDSA keys work correctly. Based on patch by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock)
|
#
1.35 |
|
31-Aug-2010 |
djm |
reintroduce commit from tedu@, which I pulled out for release engineering:
OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
|
#
1.34 |
|
16-Aug-2010 |
djm |
backout previous temporarily; discussed with deraadt@
|
#
1.33 |
|
12-Aug-2010 |
tedu |
OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.32 |
|
04-Aug-2010 |
djm |
clean for -Wuninitialized
|
#
1.31 |
|
04-Aug-2010 |
djm |
enable certificates for hostbased authentication, from Iain Morgan; "looks ok" markus@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.30 |
|
13-Jan-2010 |
dtucker |
Make HostBased authentication work with a ProxyCommand. bz #1569, patch from imorgan at nas nasa gov, ok djm@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.29 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.28 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.27 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.26 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.25 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.24 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.23 |
|
02-Apr-2006 |
dtucker |
sessionid can be 32 bytes now too when sha256 kex is used; ok djm@
|
#
1.22 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.21 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.20 |
|
08-Feb-2006 |
stevesk |
branches: 1.20.2; move #include <paths.h> out of includes.h; ok markus@
|
#
1.19 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE
|
#
1.18 |
|
23-Aug-2004 |
dtucker |
branches: 1.18.4; 1.18.6; Remove duplicate getuid(), suggested by & ok markus@
|
#
1.17 |
|
23-Aug-2004 |
dtucker |
Use permanently_set_uid() in ssh and ssh-keysign for consistency, matches change in Portable; ok markus@
|
#
1.16 |
|
18-Apr-2004 |
djm |
perform strict ownership and modes checks for ~/.ssh/config files, as these can be used to execute arbitrary programs; ok markus@
NB. ssh will now exit when it detects a config with poor permissions
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.15 |
|
19-Jan-2004 |
markus |
branches: 1.15.2; fix mem leaks; some fixes from Pete Flugstad; tested dtucker@
|
#
1.14 |
|
17-Nov-2003 |
djm |
return error on msg send/receive failure (rather than fatal); ok markus@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.13 |
|
03-Jul-2003 |
djm |
branches: 1.13.2; fix AddressFamily option in config file, from brent@graveland.net; ok markus@
|
#
1.12 |
|
16-May-2003 |
djm |
add AddressFamily option to ssh_config (like -4, -6 on commandline). Portable bug #534; ok markus@
|
#
1.11 |
|
02-Apr-2003 |
markus |
potential segfault if KEY_UNSPEC; cjwatson@debian.org; bug #526
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.10 |
|
13-Mar-2003 |
markus |
branches: 1.10.2; move RSA_blinding_on to generic key load method
|
#
1.9 |
|
19-Dec-2002 |
djm |
s/msg_send/ssh_msg_send/ to avoid namespace clashes in portable; ok markus@
|
#
1.8 |
|
07-Nov-2002 |
markus |
we cannot use HostbasedAuthentication for enabling ssh-keysign(8), because HostbasedAuthentication might be enabled based on the target host and ssh-keysign(8) does not know the remote hostname and not trust ssh(1) about the hostname, so we add a new option EnableSSHKeysign; ok djm@, report from zierke@informatik.uni-hamburg.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.7 |
|
03-Jul-2002 |
markus |
branches: 1.7.2; re-enable ssh-keysign's sbit, but make ssh-keysign read /etc/ssh/ssh_config and exit if HostbasedAuthentication is disabled globally. based on discussions with deraadt, itojun and sommerfeld; ok itojun@
|
#
1.6 |
|
03-Jul-2002 |
markus |
use RSA_blinding_on() for rsa hostkeys (suggested by Bill Sommerfeld) in order to avoid a possible Kocher timing attack pointed out by Charles Hannum; ok provos@
|
#
1.5 |
|
26-Jun-2002 |
markus |
bug #304, xfree(data) called to early; openssh@sigint.cs.purdue.edu
|
#
1.4 |
|
19-Jun-2002 |
deraadt |
branches: 1.4.2; 1.4.4; KNF done automatically while reading....
|
#
1.3 |
|
08-Jun-2002 |
markus |
only accept 20 byte session ids
|
#
1.2 |
|
31-May-2002 |
markus |
extent ssh-keysign protocol: pass # of socket-fd to ssh-keysign, keysign verfies locally used ip-address using this socket-fd, restricts fake local hostnames to actual local hostnames; ok stevesk@
|
#
1.1 |
|
23-May-2002 |
markus |
add /usr/libexec/ssh-keysign: a setuid helper program for hostbased authentication in protocol v2 (needs to access the hostkeys).
|
#
1.56 |
|
23-Nov-2018 |
djm |
add a ssh_config "Match final" predicate
Matches in same pass as "Match canonical" but doesn't require hostname canonicalisation be enabled. bz#2906 ok markus
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.55 |
|
27-Jul-2018 |
dtucker |
Now that ssh can't be setuid, remove the original_real_uid and original_effective_uid globals and replace with calls to plain getuid(). ok djm@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.54 |
|
23-Feb-2018 |
markus |
Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@
|
#
1.53 |
|
07-Feb-2018 |
dtucker |
ssh_free checks for and handles NULL args, remove NULL checks from remaining callers. ok djm@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.52 |
|
15-Feb-2016 |
dtucker |
Add a function to enable security-related malloc_options. With and ok deraadt@, something similar has been in the snaps for a while.
|
#
1.51 |
|
04-Dec-2015 |
markus |
implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt; with & ok djm@
|
#
1.50 |
|
29-Nov-2015 |
djm |
pledge, better fatal() messages; feedback deraadt@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.49 |
|
03-Jul-2015 |
djm |
add an XXX reminder for getting correct key paths from sshd_config
|
#
1.48 |
|
24-Mar-2015 |
markus |
consistent check for NULL as noted by Nicholas Lemonias; ok djm@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.47 |
|
28-Jan-2015 |
djm |
update to new API (key_fingerprint => sshkey_fingerprint) check sshkey_fingerprint return values; ok markus
|
#
1.46 |
|
15-Jan-2015 |
djm |
sync ssh-keysign, ssh-keygen and some dependencies to the new buffer/key API; mostly mechanical, ok markus@
|
#
1.45 |
|
08-Jan-2015 |
djm |
deprecate key_load_private_pem() and sshkey_load_private_pem() interfaces. Refactor the generic key loading API to not require pathnames to be specified (they weren't really used).
Fixes a few other things en passant:
Makes ed25519 keys work for hostbased authentication (ssh-keysign previously used the PEM-only routines).
Fixes key comment regression bz#2306: key pathnames were being lost as comment fields.
ok markus@
|
#
1.44 |
|
21-Dec-2014 |
djm |
Add FingerprintHash option to control algorithm used for key fingerprints. Default changes from MD5 to SHA256 and format from hex to base64.
Feedback and ok naddy@ markus@
|
#
1.43 |
|
08-Oct-2014 |
djm |
Tweak config reparsing with host canonicalisation
Make the second pass through the config files always run when hostname canonicalisation is enabled.
Add a "Match canonical" criteria that allows ssh_config Match blocks to trigger only in the second config pass.
Add a -G option to ssh that causes it to parse its configuration and dump the result to stdout, similar to "sshd -T"
Allow ssh_config Port options set in the second config parse phase to be applied (they were being ignored).
bz#2267 bz#2286; ok markus
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.42 |
|
29-Apr-2014 |
markus |
make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
|
#
1.41 |
|
19-Apr-2014 |
tedu |
Delete futile calls to RAND_seed. ok djm
|
#
1.40 |
|
01-Apr-2014 |
djm |
include fingerprint of key not found use arc4random_buf() instead of loop+arc4random()
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.39 |
|
06-Dec-2013 |
markus |
support ed25519 keys (hostkeys and user identities) using the public domain ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html feedback, help & ok djm@
|
#
1.38 |
|
14-Oct-2013 |
djm |
add a "Match" keyword to ssh_config that allows matching on hostname, user and result of arbitrary commands. "nice work" markus@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.37 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.36 |
|
16-Feb-2011 |
djm |
make hostbased auth with ECDSA keys work correctly. Based on patch by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock)
|
#
1.35 |
|
31-Aug-2010 |
djm |
reintroduce commit from tedu@, which I pulled out for release engineering:
OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
|
#
1.34 |
|
16-Aug-2010 |
djm |
backout previous temporarily; discussed with deraadt@
|
#
1.33 |
|
12-Aug-2010 |
tedu |
OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.32 |
|
04-Aug-2010 |
djm |
clean for -Wuninitialized
|
#
1.31 |
|
04-Aug-2010 |
djm |
enable certificates for hostbased authentication, from Iain Morgan; "looks ok" markus@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.30 |
|
13-Jan-2010 |
dtucker |
Make HostBased authentication work with a ProxyCommand. bz #1569, patch from imorgan at nas nasa gov, ok djm@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.29 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.28 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.27 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.26 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.25 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.24 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.23 |
|
02-Apr-2006 |
dtucker |
sessionid can be 32 bytes now too when sha256 kex is used; ok djm@
|
#
1.22 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.21 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.20 |
|
08-Feb-2006 |
stevesk |
branches: 1.20.2; move #include <paths.h> out of includes.h; ok markus@
|
#
1.19 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE
|
#
1.18 |
|
23-Aug-2004 |
dtucker |
branches: 1.18.4; 1.18.6; Remove duplicate getuid(), suggested by & ok markus@
|
#
1.17 |
|
23-Aug-2004 |
dtucker |
Use permanently_set_uid() in ssh and ssh-keysign for consistency, matches change in Portable; ok markus@
|
#
1.16 |
|
18-Apr-2004 |
djm |
perform strict ownership and modes checks for ~/.ssh/config files, as these can be used to execute arbitrary programs; ok markus@
NB. ssh will now exit when it detects a config with poor permissions
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.15 |
|
19-Jan-2004 |
markus |
branches: 1.15.2; fix mem leaks; some fixes from Pete Flugstad; tested dtucker@
|
#
1.14 |
|
17-Nov-2003 |
djm |
return error on msg send/receive failure (rather than fatal); ok markus@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.13 |
|
03-Jul-2003 |
djm |
branches: 1.13.2; fix AddressFamily option in config file, from brent@graveland.net; ok markus@
|
#
1.12 |
|
16-May-2003 |
djm |
add AddressFamily option to ssh_config (like -4, -6 on commandline). Portable bug #534; ok markus@
|
#
1.11 |
|
02-Apr-2003 |
markus |
potential segfault if KEY_UNSPEC; cjwatson@debian.org; bug #526
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.10 |
|
13-Mar-2003 |
markus |
branches: 1.10.2; move RSA_blinding_on to generic key load method
|
#
1.9 |
|
19-Dec-2002 |
djm |
s/msg_send/ssh_msg_send/ to avoid namespace clashes in portable; ok markus@
|
#
1.8 |
|
07-Nov-2002 |
markus |
we cannot use HostbasedAuthentication for enabling ssh-keysign(8), because HostbasedAuthentication might be enabled based on the target host and ssh-keysign(8) does not know the remote hostname and not trust ssh(1) about the hostname, so we add a new option EnableSSHKeysign; ok djm@, report from zierke@informatik.uni-hamburg.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.7 |
|
03-Jul-2002 |
markus |
branches: 1.7.2; re-enable ssh-keysign's sbit, but make ssh-keysign read /etc/ssh/ssh_config and exit if HostbasedAuthentication is disabled globally. based on discussions with deraadt, itojun and sommerfeld; ok itojun@
|
#
1.6 |
|
03-Jul-2002 |
markus |
use RSA_blinding_on() for rsa hostkeys (suggested by Bill Sommerfeld) in order to avoid a possible Kocher timing attack pointed out by Charles Hannum; ok provos@
|
#
1.5 |
|
26-Jun-2002 |
markus |
bug #304, xfree(data) called to early; openssh@sigint.cs.purdue.edu
|
#
1.4 |
|
19-Jun-2002 |
deraadt |
branches: 1.4.2; 1.4.4; KNF done automatically while reading....
|
#
1.3 |
|
08-Jun-2002 |
markus |
only accept 20 byte session ids
|
#
1.2 |
|
31-May-2002 |
markus |
extent ssh-keysign protocol: pass # of socket-fd to ssh-keysign, keysign verfies locally used ip-address using this socket-fd, restricts fake local hostnames to actual local hostnames; ok stevesk@
|
#
1.1 |
|
23-May-2002 |
markus |
add /usr/libexec/ssh-keysign: a setuid helper program for hostbased authentication in protocol v2 (needs to access the hostkeys).
|
#
1.55 |
|
27-Jul-2018 |
dtucker |
Now that ssh can't be setuid, remove the original_real_uid and original_effective_uid globals and replace with calls to plain getuid(). ok djm@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.54 |
|
23-Feb-2018 |
markus |
Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@
|
#
1.53 |
|
07-Feb-2018 |
dtucker |
ssh_free checks for and handles NULL args, remove NULL checks from remaining callers. ok djm@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.52 |
|
15-Feb-2016 |
dtucker |
Add a function to enable security-related malloc_options. With and ok deraadt@, something similar has been in the snaps for a while.
|
#
1.51 |
|
04-Dec-2015 |
markus |
implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt; with & ok djm@
|
#
1.50 |
|
29-Nov-2015 |
djm |
pledge, better fatal() messages; feedback deraadt@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.49 |
|
03-Jul-2015 |
djm |
add an XXX reminder for getting correct key paths from sshd_config
|
#
1.48 |
|
24-Mar-2015 |
markus |
consistent check for NULL as noted by Nicholas Lemonias; ok djm@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.47 |
|
28-Jan-2015 |
djm |
update to new API (key_fingerprint => sshkey_fingerprint) check sshkey_fingerprint return values; ok markus
|
#
1.46 |
|
15-Jan-2015 |
djm |
sync ssh-keysign, ssh-keygen and some dependencies to the new buffer/key API; mostly mechanical, ok markus@
|
#
1.45 |
|
08-Jan-2015 |
djm |
deprecate key_load_private_pem() and sshkey_load_private_pem() interfaces. Refactor the generic key loading API to not require pathnames to be specified (they weren't really used).
Fixes a few other things en passant:
Makes ed25519 keys work for hostbased authentication (ssh-keysign previously used the PEM-only routines).
Fixes key comment regression bz#2306: key pathnames were being lost as comment fields.
ok markus@
|
#
1.44 |
|
21-Dec-2014 |
djm |
Add FingerprintHash option to control algorithm used for key fingerprints. Default changes from MD5 to SHA256 and format from hex to base64.
Feedback and ok naddy@ markus@
|
#
1.43 |
|
08-Oct-2014 |
djm |
Tweak config reparsing with host canonicalisation
Make the second pass through the config files always run when hostname canonicalisation is enabled.
Add a "Match canonical" criteria that allows ssh_config Match blocks to trigger only in the second config pass.
Add a -G option to ssh that causes it to parse its configuration and dump the result to stdout, similar to "sshd -T"
Allow ssh_config Port options set in the second config parse phase to be applied (they were being ignored).
bz#2267 bz#2286; ok markus
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.42 |
|
29-Apr-2014 |
markus |
make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
|
#
1.41 |
|
19-Apr-2014 |
tedu |
Delete futile calls to RAND_seed. ok djm
|
#
1.40 |
|
01-Apr-2014 |
djm |
include fingerprint of key not found use arc4random_buf() instead of loop+arc4random()
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.39 |
|
06-Dec-2013 |
markus |
support ed25519 keys (hostkeys and user identities) using the public domain ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html feedback, help & ok djm@
|
#
1.38 |
|
14-Oct-2013 |
djm |
add a "Match" keyword to ssh_config that allows matching on hostname, user and result of arbitrary commands. "nice work" markus@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.37 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.36 |
|
16-Feb-2011 |
djm |
make hostbased auth with ECDSA keys work correctly. Based on patch by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock)
|
#
1.35 |
|
31-Aug-2010 |
djm |
reintroduce commit from tedu@, which I pulled out for release engineering:
OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
|
#
1.34 |
|
16-Aug-2010 |
djm |
backout previous temporarily; discussed with deraadt@
|
#
1.33 |
|
12-Aug-2010 |
tedu |
OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.32 |
|
04-Aug-2010 |
djm |
clean for -Wuninitialized
|
#
1.31 |
|
04-Aug-2010 |
djm |
enable certificates for hostbased authentication, from Iain Morgan; "looks ok" markus@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.30 |
|
13-Jan-2010 |
dtucker |
Make HostBased authentication work with a ProxyCommand. bz #1569, patch from imorgan at nas nasa gov, ok djm@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.29 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.28 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.27 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.26 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.25 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.24 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.23 |
|
02-Apr-2006 |
dtucker |
sessionid can be 32 bytes now too when sha256 kex is used; ok djm@
|
#
1.22 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.21 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.20 |
|
08-Feb-2006 |
stevesk |
branches: 1.20.2; move #include <paths.h> out of includes.h; ok markus@
|
#
1.19 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE
|
#
1.18 |
|
23-Aug-2004 |
dtucker |
branches: 1.18.4; 1.18.6; Remove duplicate getuid(), suggested by & ok markus@
|
#
1.17 |
|
23-Aug-2004 |
dtucker |
Use permanently_set_uid() in ssh and ssh-keysign for consistency, matches change in Portable; ok markus@
|
#
1.16 |
|
18-Apr-2004 |
djm |
perform strict ownership and modes checks for ~/.ssh/config files, as these can be used to execute arbitrary programs; ok markus@
NB. ssh will now exit when it detects a config with poor permissions
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.15 |
|
19-Jan-2004 |
markus |
branches: 1.15.2; fix mem leaks; some fixes from Pete Flugstad; tested dtucker@
|
#
1.14 |
|
17-Nov-2003 |
djm |
return error on msg send/receive failure (rather than fatal); ok markus@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.13 |
|
03-Jul-2003 |
djm |
branches: 1.13.2; fix AddressFamily option in config file, from brent@graveland.net; ok markus@
|
#
1.12 |
|
16-May-2003 |
djm |
add AddressFamily option to ssh_config (like -4, -6 on commandline). Portable bug #534; ok markus@
|
#
1.11 |
|
02-Apr-2003 |
markus |
potential segfault if KEY_UNSPEC; cjwatson@debian.org; bug #526
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.10 |
|
13-Mar-2003 |
markus |
branches: 1.10.2; move RSA_blinding_on to generic key load method
|
#
1.9 |
|
19-Dec-2002 |
djm |
s/msg_send/ssh_msg_send/ to avoid namespace clashes in portable; ok markus@
|
#
1.8 |
|
07-Nov-2002 |
markus |
we cannot use HostbasedAuthentication for enabling ssh-keysign(8), because HostbasedAuthentication might be enabled based on the target host and ssh-keysign(8) does not know the remote hostname and not trust ssh(1) about the hostname, so we add a new option EnableSSHKeysign; ok djm@, report from zierke@informatik.uni-hamburg.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.7 |
|
03-Jul-2002 |
markus |
branches: 1.7.2; re-enable ssh-keysign's sbit, but make ssh-keysign read /etc/ssh/ssh_config and exit if HostbasedAuthentication is disabled globally. based on discussions with deraadt, itojun and sommerfeld; ok itojun@
|
#
1.6 |
|
03-Jul-2002 |
markus |
use RSA_blinding_on() for rsa hostkeys (suggested by Bill Sommerfeld) in order to avoid a possible Kocher timing attack pointed out by Charles Hannum; ok provos@
|
#
1.5 |
|
26-Jun-2002 |
markus |
bug #304, xfree(data) called to early; openssh@sigint.cs.purdue.edu
|
#
1.4 |
|
19-Jun-2002 |
deraadt |
branches: 1.4.2; 1.4.4; KNF done automatically while reading....
|
#
1.3 |
|
08-Jun-2002 |
markus |
only accept 20 byte session ids
|
#
1.2 |
|
31-May-2002 |
markus |
extent ssh-keysign protocol: pass # of socket-fd to ssh-keysign, keysign verfies locally used ip-address using this socket-fd, restricts fake local hostnames to actual local hostnames; ok stevesk@
|
#
1.1 |
|
23-May-2002 |
markus |
add /usr/libexec/ssh-keysign: a setuid helper program for hostbased authentication in protocol v2 (needs to access the hostkeys).
|
#
1.54 |
|
23-Feb-2018 |
markus |
Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@
|
#
1.53 |
|
07-Feb-2018 |
dtucker |
ssh_free checks for and handles NULL args, remove NULL checks from remaining callers. ok djm@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.52 |
|
15-Feb-2016 |
dtucker |
Add a function to enable security-related malloc_options. With and ok deraadt@, something similar has been in the snaps for a while.
|
#
1.51 |
|
04-Dec-2015 |
markus |
implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt; with & ok djm@
|
#
1.50 |
|
29-Nov-2015 |
djm |
pledge, better fatal() messages; feedback deraadt@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.49 |
|
03-Jul-2015 |
djm |
add an XXX reminder for getting correct key paths from sshd_config
|
#
1.48 |
|
24-Mar-2015 |
markus |
consistent check for NULL as noted by Nicholas Lemonias; ok djm@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.47 |
|
28-Jan-2015 |
djm |
update to new API (key_fingerprint => sshkey_fingerprint) check sshkey_fingerprint return values; ok markus
|
#
1.46 |
|
15-Jan-2015 |
djm |
sync ssh-keysign, ssh-keygen and some dependencies to the new buffer/key API; mostly mechanical, ok markus@
|
#
1.45 |
|
08-Jan-2015 |
djm |
deprecate key_load_private_pem() and sshkey_load_private_pem() interfaces. Refactor the generic key loading API to not require pathnames to be specified (they weren't really used).
Fixes a few other things en passant:
Makes ed25519 keys work for hostbased authentication (ssh-keysign previously used the PEM-only routines).
Fixes key comment regression bz#2306: key pathnames were being lost as comment fields.
ok markus@
|
#
1.44 |
|
21-Dec-2014 |
djm |
Add FingerprintHash option to control algorithm used for key fingerprints. Default changes from MD5 to SHA256 and format from hex to base64.
Feedback and ok naddy@ markus@
|
#
1.43 |
|
08-Oct-2014 |
djm |
Tweak config reparsing with host canonicalisation
Make the second pass through the config files always run when hostname canonicalisation is enabled.
Add a "Match canonical" criteria that allows ssh_config Match blocks to trigger only in the second config pass.
Add a -G option to ssh that causes it to parse its configuration and dump the result to stdout, similar to "sshd -T"
Allow ssh_config Port options set in the second config parse phase to be applied (they were being ignored).
bz#2267 bz#2286; ok markus
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.42 |
|
29-Apr-2014 |
markus |
make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
|
#
1.41 |
|
19-Apr-2014 |
tedu |
Delete futile calls to RAND_seed. ok djm
|
#
1.40 |
|
01-Apr-2014 |
djm |
include fingerprint of key not found use arc4random_buf() instead of loop+arc4random()
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.39 |
|
06-Dec-2013 |
markus |
support ed25519 keys (hostkeys and user identities) using the public domain ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html feedback, help & ok djm@
|
#
1.38 |
|
14-Oct-2013 |
djm |
add a "Match" keyword to ssh_config that allows matching on hostname, user and result of arbitrary commands. "nice work" markus@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.37 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.36 |
|
16-Feb-2011 |
djm |
make hostbased auth with ECDSA keys work correctly. Based on patch by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock)
|
#
1.35 |
|
31-Aug-2010 |
djm |
reintroduce commit from tedu@, which I pulled out for release engineering:
OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
|
#
1.34 |
|
16-Aug-2010 |
djm |
backout previous temporarily; discussed with deraadt@
|
#
1.33 |
|
12-Aug-2010 |
tedu |
OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.32 |
|
04-Aug-2010 |
djm |
clean for -Wuninitialized
|
#
1.31 |
|
04-Aug-2010 |
djm |
enable certificates for hostbased authentication, from Iain Morgan; "looks ok" markus@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.30 |
|
13-Jan-2010 |
dtucker |
Make HostBased authentication work with a ProxyCommand. bz #1569, patch from imorgan at nas nasa gov, ok djm@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.29 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.28 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.27 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.26 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.25 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.24 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.23 |
|
02-Apr-2006 |
dtucker |
sessionid can be 32 bytes now too when sha256 kex is used; ok djm@
|
#
1.22 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.21 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.20 |
|
08-Feb-2006 |
stevesk |
branches: 1.20.2; move #include <paths.h> out of includes.h; ok markus@
|
#
1.19 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE
|
#
1.18 |
|
23-Aug-2004 |
dtucker |
branches: 1.18.4; 1.18.6; Remove duplicate getuid(), suggested by & ok markus@
|
#
1.17 |
|
23-Aug-2004 |
dtucker |
Use permanently_set_uid() in ssh and ssh-keysign for consistency, matches change in Portable; ok markus@
|
#
1.16 |
|
18-Apr-2004 |
djm |
perform strict ownership and modes checks for ~/.ssh/config files, as these can be used to execute arbitrary programs; ok markus@
NB. ssh will now exit when it detects a config with poor permissions
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.15 |
|
19-Jan-2004 |
markus |
branches: 1.15.2; fix mem leaks; some fixes from Pete Flugstad; tested dtucker@
|
#
1.14 |
|
17-Nov-2003 |
djm |
return error on msg send/receive failure (rather than fatal); ok markus@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.13 |
|
03-Jul-2003 |
djm |
branches: 1.13.2; fix AddressFamily option in config file, from brent@graveland.net; ok markus@
|
#
1.12 |
|
16-May-2003 |
djm |
add AddressFamily option to ssh_config (like -4, -6 on commandline). Portable bug #534; ok markus@
|
#
1.11 |
|
02-Apr-2003 |
markus |
potential segfault if KEY_UNSPEC; cjwatson@debian.org; bug #526
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.10 |
|
13-Mar-2003 |
markus |
branches: 1.10.2; move RSA_blinding_on to generic key load method
|
#
1.9 |
|
19-Dec-2002 |
djm |
s/msg_send/ssh_msg_send/ to avoid namespace clashes in portable; ok markus@
|
#
1.8 |
|
07-Nov-2002 |
markus |
we cannot use HostbasedAuthentication for enabling ssh-keysign(8), because HostbasedAuthentication might be enabled based on the target host and ssh-keysign(8) does not know the remote hostname and not trust ssh(1) about the hostname, so we add a new option EnableSSHKeysign; ok djm@, report from zierke@informatik.uni-hamburg.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.7 |
|
03-Jul-2002 |
markus |
branches: 1.7.2; re-enable ssh-keysign's sbit, but make ssh-keysign read /etc/ssh/ssh_config and exit if HostbasedAuthentication is disabled globally. based on discussions with deraadt, itojun and sommerfeld; ok itojun@
|
#
1.6 |
|
03-Jul-2002 |
markus |
use RSA_blinding_on() for rsa hostkeys (suggested by Bill Sommerfeld) in order to avoid a possible Kocher timing attack pointed out by Charles Hannum; ok provos@
|
#
1.5 |
|
26-Jun-2002 |
markus |
bug #304, xfree(data) called to early; openssh@sigint.cs.purdue.edu
|
#
1.4 |
|
19-Jun-2002 |
deraadt |
branches: 1.4.2; 1.4.4; KNF done automatically while reading....
|
#
1.3 |
|
08-Jun-2002 |
markus |
only accept 20 byte session ids
|
#
1.2 |
|
31-May-2002 |
markus |
extent ssh-keysign protocol: pass # of socket-fd to ssh-keysign, keysign verfies locally used ip-address using this socket-fd, restricts fake local hostnames to actual local hostnames; ok stevesk@
|
#
1.1 |
|
23-May-2002 |
markus |
add /usr/libexec/ssh-keysign: a setuid helper program for hostbased authentication in protocol v2 (needs to access the hostkeys).
|
#
1.53 |
|
07-Feb-2018 |
dtucker |
ssh_free checks for and handles NULL args, remove NULL checks from remaining callers. ok djm@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.52 |
|
15-Feb-2016 |
dtucker |
Add a function to enable security-related malloc_options. With and ok deraadt@, something similar has been in the snaps for a while.
|
#
1.51 |
|
04-Dec-2015 |
markus |
implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt; with & ok djm@
|
#
1.50 |
|
29-Nov-2015 |
djm |
pledge, better fatal() messages; feedback deraadt@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.49 |
|
03-Jul-2015 |
djm |
add an XXX reminder for getting correct key paths from sshd_config
|
#
1.48 |
|
24-Mar-2015 |
markus |
consistent check for NULL as noted by Nicholas Lemonias; ok djm@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.47 |
|
28-Jan-2015 |
djm |
update to new API (key_fingerprint => sshkey_fingerprint) check sshkey_fingerprint return values; ok markus
|
#
1.46 |
|
15-Jan-2015 |
djm |
sync ssh-keysign, ssh-keygen and some dependencies to the new buffer/key API; mostly mechanical, ok markus@
|
#
1.45 |
|
08-Jan-2015 |
djm |
deprecate key_load_private_pem() and sshkey_load_private_pem() interfaces. Refactor the generic key loading API to not require pathnames to be specified (they weren't really used).
Fixes a few other things en passant:
Makes ed25519 keys work for hostbased authentication (ssh-keysign previously used the PEM-only routines).
Fixes key comment regression bz#2306: key pathnames were being lost as comment fields.
ok markus@
|
#
1.44 |
|
21-Dec-2014 |
djm |
Add FingerprintHash option to control algorithm used for key fingerprints. Default changes from MD5 to SHA256 and format from hex to base64.
Feedback and ok naddy@ markus@
|
#
1.43 |
|
08-Oct-2014 |
djm |
Tweak config reparsing with host canonicalisation
Make the second pass through the config files always run when hostname canonicalisation is enabled.
Add a "Match canonical" criteria that allows ssh_config Match blocks to trigger only in the second config pass.
Add a -G option to ssh that causes it to parse its configuration and dump the result to stdout, similar to "sshd -T"
Allow ssh_config Port options set in the second config parse phase to be applied (they were being ignored).
bz#2267 bz#2286; ok markus
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.42 |
|
29-Apr-2014 |
markus |
make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
|
#
1.41 |
|
19-Apr-2014 |
tedu |
Delete futile calls to RAND_seed. ok djm
|
#
1.40 |
|
01-Apr-2014 |
djm |
include fingerprint of key not found use arc4random_buf() instead of loop+arc4random()
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.39 |
|
06-Dec-2013 |
markus |
support ed25519 keys (hostkeys and user identities) using the public domain ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html feedback, help & ok djm@
|
#
1.38 |
|
14-Oct-2013 |
djm |
add a "Match" keyword to ssh_config that allows matching on hostname, user and result of arbitrary commands. "nice work" markus@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.37 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.36 |
|
16-Feb-2011 |
djm |
make hostbased auth with ECDSA keys work correctly. Based on patch by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock)
|
#
1.35 |
|
31-Aug-2010 |
djm |
reintroduce commit from tedu@, which I pulled out for release engineering:
OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
|
#
1.34 |
|
16-Aug-2010 |
djm |
backout previous temporarily; discussed with deraadt@
|
#
1.33 |
|
12-Aug-2010 |
tedu |
OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.32 |
|
04-Aug-2010 |
djm |
clean for -Wuninitialized
|
#
1.31 |
|
04-Aug-2010 |
djm |
enable certificates for hostbased authentication, from Iain Morgan; "looks ok" markus@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.30 |
|
13-Jan-2010 |
dtucker |
Make HostBased authentication work with a ProxyCommand. bz #1569, patch from imorgan at nas nasa gov, ok djm@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.29 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.28 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.27 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.26 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.25 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.24 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.23 |
|
02-Apr-2006 |
dtucker |
sessionid can be 32 bytes now too when sha256 kex is used; ok djm@
|
#
1.22 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.21 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.20 |
|
08-Feb-2006 |
stevesk |
branches: 1.20.2; move #include <paths.h> out of includes.h; ok markus@
|
#
1.19 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE
|
#
1.18 |
|
23-Aug-2004 |
dtucker |
branches: 1.18.4; 1.18.6; Remove duplicate getuid(), suggested by & ok markus@
|
#
1.17 |
|
23-Aug-2004 |
dtucker |
Use permanently_set_uid() in ssh and ssh-keysign for consistency, matches change in Portable; ok markus@
|
#
1.16 |
|
18-Apr-2004 |
djm |
perform strict ownership and modes checks for ~/.ssh/config files, as these can be used to execute arbitrary programs; ok markus@
NB. ssh will now exit when it detects a config with poor permissions
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.15 |
|
19-Jan-2004 |
markus |
branches: 1.15.2; fix mem leaks; some fixes from Pete Flugstad; tested dtucker@
|
#
1.14 |
|
17-Nov-2003 |
djm |
return error on msg send/receive failure (rather than fatal); ok markus@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.13 |
|
03-Jul-2003 |
djm |
branches: 1.13.2; fix AddressFamily option in config file, from brent@graveland.net; ok markus@
|
#
1.12 |
|
16-May-2003 |
djm |
add AddressFamily option to ssh_config (like -4, -6 on commandline). Portable bug #534; ok markus@
|
#
1.11 |
|
02-Apr-2003 |
markus |
potential segfault if KEY_UNSPEC; cjwatson@debian.org; bug #526
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.10 |
|
13-Mar-2003 |
markus |
branches: 1.10.2; move RSA_blinding_on to generic key load method
|
#
1.9 |
|
19-Dec-2002 |
djm |
s/msg_send/ssh_msg_send/ to avoid namespace clashes in portable; ok markus@
|
#
1.8 |
|
07-Nov-2002 |
markus |
we cannot use HostbasedAuthentication for enabling ssh-keysign(8), because HostbasedAuthentication might be enabled based on the target host and ssh-keysign(8) does not know the remote hostname and not trust ssh(1) about the hostname, so we add a new option EnableSSHKeysign; ok djm@, report from zierke@informatik.uni-hamburg.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.7 |
|
03-Jul-2002 |
markus |
branches: 1.7.2; re-enable ssh-keysign's sbit, but make ssh-keysign read /etc/ssh/ssh_config and exit if HostbasedAuthentication is disabled globally. based on discussions with deraadt, itojun and sommerfeld; ok itojun@
|
#
1.6 |
|
03-Jul-2002 |
markus |
use RSA_blinding_on() for rsa hostkeys (suggested by Bill Sommerfeld) in order to avoid a possible Kocher timing attack pointed out by Charles Hannum; ok provos@
|
#
1.5 |
|
26-Jun-2002 |
markus |
bug #304, xfree(data) called to early; openssh@sigint.cs.purdue.edu
|
#
1.4 |
|
19-Jun-2002 |
deraadt |
branches: 1.4.2; 1.4.4; KNF done automatically while reading....
|
#
1.3 |
|
08-Jun-2002 |
markus |
only accept 20 byte session ids
|
#
1.2 |
|
31-May-2002 |
markus |
extent ssh-keysign protocol: pass # of socket-fd to ssh-keysign, keysign verfies locally used ip-address using this socket-fd, restricts fake local hostnames to actual local hostnames; ok stevesk@
|
#
1.1 |
|
23-May-2002 |
markus |
add /usr/libexec/ssh-keysign: a setuid helper program for hostbased authentication in protocol v2 (needs to access the hostkeys).
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.52 |
|
15-Feb-2016 |
dtucker |
Add a function to enable security-related malloc_options. With and ok deraadt@, something similar has been in the snaps for a while.
|
#
1.51 |
|
04-Dec-2015 |
markus |
implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt; with & ok djm@
|
#
1.50 |
|
29-Nov-2015 |
djm |
pledge, better fatal() messages; feedback deraadt@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.49 |
|
03-Jul-2015 |
djm |
add an XXX reminder for getting correct key paths from sshd_config
|
#
1.48 |
|
24-Mar-2015 |
markus |
consistent check for NULL as noted by Nicholas Lemonias; ok djm@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.47 |
|
28-Jan-2015 |
djm |
update to new API (key_fingerprint => sshkey_fingerprint) check sshkey_fingerprint return values; ok markus
|
#
1.46 |
|
15-Jan-2015 |
djm |
sync ssh-keysign, ssh-keygen and some dependencies to the new buffer/key API; mostly mechanical, ok markus@
|
#
1.45 |
|
08-Jan-2015 |
djm |
deprecate key_load_private_pem() and sshkey_load_private_pem() interfaces. Refactor the generic key loading API to not require pathnames to be specified (they weren't really used).
Fixes a few other things en passant:
Makes ed25519 keys work for hostbased authentication (ssh-keysign previously used the PEM-only routines).
Fixes key comment regression bz#2306: key pathnames were being lost as comment fields.
ok markus@
|
#
1.44 |
|
21-Dec-2014 |
djm |
Add FingerprintHash option to control algorithm used for key fingerprints. Default changes from MD5 to SHA256 and format from hex to base64.
Feedback and ok naddy@ markus@
|
#
1.43 |
|
08-Oct-2014 |
djm |
Tweak config reparsing with host canonicalisation
Make the second pass through the config files always run when hostname canonicalisation is enabled.
Add a "Match canonical" criteria that allows ssh_config Match blocks to trigger only in the second config pass.
Add a -G option to ssh that causes it to parse its configuration and dump the result to stdout, similar to "sshd -T"
Allow ssh_config Port options set in the second config parse phase to be applied (they were being ignored).
bz#2267 bz#2286; ok markus
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.42 |
|
29-Apr-2014 |
markus |
make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
|
#
1.41 |
|
19-Apr-2014 |
tedu |
Delete futile calls to RAND_seed. ok djm
|
#
1.40 |
|
01-Apr-2014 |
djm |
include fingerprint of key not found use arc4random_buf() instead of loop+arc4random()
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.39 |
|
06-Dec-2013 |
markus |
support ed25519 keys (hostkeys and user identities) using the public domain ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html feedback, help & ok djm@
|
#
1.38 |
|
14-Oct-2013 |
djm |
add a "Match" keyword to ssh_config that allows matching on hostname, user and result of arbitrary commands. "nice work" markus@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.37 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.36 |
|
16-Feb-2011 |
djm |
make hostbased auth with ECDSA keys work correctly. Based on patch by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock)
|
#
1.35 |
|
31-Aug-2010 |
djm |
reintroduce commit from tedu@, which I pulled out for release engineering:
OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
|
#
1.34 |
|
16-Aug-2010 |
djm |
backout previous temporarily; discussed with deraadt@
|
#
1.33 |
|
12-Aug-2010 |
tedu |
OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.32 |
|
04-Aug-2010 |
djm |
clean for -Wuninitialized
|
#
1.31 |
|
04-Aug-2010 |
djm |
enable certificates for hostbased authentication, from Iain Morgan; "looks ok" markus@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.30 |
|
13-Jan-2010 |
dtucker |
Make HostBased authentication work with a ProxyCommand. bz #1569, patch from imorgan at nas nasa gov, ok djm@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.29 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.28 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.27 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.26 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.25 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.24 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.23 |
|
02-Apr-2006 |
dtucker |
sessionid can be 32 bytes now too when sha256 kex is used; ok djm@
|
#
1.22 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.21 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.20 |
|
08-Feb-2006 |
stevesk |
branches: 1.20.2; move #include <paths.h> out of includes.h; ok markus@
|
#
1.19 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE
|
#
1.18 |
|
23-Aug-2004 |
dtucker |
branches: 1.18.4; 1.18.6; Remove duplicate getuid(), suggested by & ok markus@
|
#
1.17 |
|
23-Aug-2004 |
dtucker |
Use permanently_set_uid() in ssh and ssh-keysign for consistency, matches change in Portable; ok markus@
|
#
1.16 |
|
18-Apr-2004 |
djm |
perform strict ownership and modes checks for ~/.ssh/config files, as these can be used to execute arbitrary programs; ok markus@
NB. ssh will now exit when it detects a config with poor permissions
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.15 |
|
19-Jan-2004 |
markus |
branches: 1.15.2; fix mem leaks; some fixes from Pete Flugstad; tested dtucker@
|
#
1.14 |
|
17-Nov-2003 |
djm |
return error on msg send/receive failure (rather than fatal); ok markus@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.13 |
|
03-Jul-2003 |
djm |
branches: 1.13.2; fix AddressFamily option in config file, from brent@graveland.net; ok markus@
|
#
1.12 |
|
16-May-2003 |
djm |
add AddressFamily option to ssh_config (like -4, -6 on commandline). Portable bug #534; ok markus@
|
#
1.11 |
|
02-Apr-2003 |
markus |
potential segfault if KEY_UNSPEC; cjwatson@debian.org; bug #526
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.10 |
|
13-Mar-2003 |
markus |
branches: 1.10.2; move RSA_blinding_on to generic key load method
|
#
1.9 |
|
19-Dec-2002 |
djm |
s/msg_send/ssh_msg_send/ to avoid namespace clashes in portable; ok markus@
|
#
1.8 |
|
07-Nov-2002 |
markus |
we cannot use HostbasedAuthentication for enabling ssh-keysign(8), because HostbasedAuthentication might be enabled based on the target host and ssh-keysign(8) does not know the remote hostname and not trust ssh(1) about the hostname, so we add a new option EnableSSHKeysign; ok djm@, report from zierke@informatik.uni-hamburg.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.7 |
|
03-Jul-2002 |
markus |
branches: 1.7.2; re-enable ssh-keysign's sbit, but make ssh-keysign read /etc/ssh/ssh_config and exit if HostbasedAuthentication is disabled globally. based on discussions with deraadt, itojun and sommerfeld; ok itojun@
|
#
1.6 |
|
03-Jul-2002 |
markus |
use RSA_blinding_on() for rsa hostkeys (suggested by Bill Sommerfeld) in order to avoid a possible Kocher timing attack pointed out by Charles Hannum; ok provos@
|
#
1.5 |
|
26-Jun-2002 |
markus |
bug #304, xfree(data) called to early; openssh@sigint.cs.purdue.edu
|
#
1.4 |
|
19-Jun-2002 |
deraadt |
branches: 1.4.2; 1.4.4; KNF done automatically while reading....
|
#
1.3 |
|
08-Jun-2002 |
markus |
only accept 20 byte session ids
|
#
1.2 |
|
31-May-2002 |
markus |
extent ssh-keysign protocol: pass # of socket-fd to ssh-keysign, keysign verfies locally used ip-address using this socket-fd, restricts fake local hostnames to actual local hostnames; ok stevesk@
|
#
1.1 |
|
23-May-2002 |
markus |
add /usr/libexec/ssh-keysign: a setuid helper program for hostbased authentication in protocol v2 (needs to access the hostkeys).
|