Up to [local] / src / usr.bin / ssh
Request diff between arbitrary revisions
Default branch: MAIN
Current tag: OPENBSD_6_8
Revision 1.147.4.1 / (download) - annotate - [select for diffs], Sun Sep 26 14:04:53 2021 UTC (2 years, 8 months ago) by deraadt
Branch: OPENBSD_6_8
Changes since 1.147: +7 -1 lines
Diff to previous 1.147 (colored) next main 1.148 (colored)
need initgroups() before setresgid(); reported by anton@, ok deraadt@ this is 6.8 errata 030: sshd(8) failed to clear supplemental groups when executing an AuthorizedUsersCommand or AuthorizedPrincipalsCommand helper program.
Revision 1.147 / (download) - annotate - [select for diffs], Thu Aug 27 01:07:09 2020 UTC (3 years, 9 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE
Branch point for: OPENBSD_6_8
Changes since 1.146: +5 -4 lines
Diff to previous 1.146 (colored)
support for requiring user verified FIDO keys in sshd This adds a "verify-required" authorized_keys flag and a corresponding sshd_config option that tells sshd to require that FIDO keys verify the user identity before completing the signing/authentication attempt. Whether or not user verification was performed is already baked into the signature made on the FIDO token, so this is just plumbing that flag through and adding ways to require it. feedback and ok markus@