![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.bin / ssh
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.472 / (download) - annotate - [select for diffs], Thu Jan 11 01:45:36 2024 UTC (3 months, 2 weeks ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
HEAD
Changes since 1.471: +22 -4 lines
Diff to previous 1.471 (colored)
make DSA key support compile-time optional, defaulting to on ok markus@
Revision 1.471 / (download) - annotate - [select for diffs], Mon Sep 4 10:29:58 2023 UTC (7 months, 3 weeks ago) by job
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE,
OPENBSD_7_4
Changes since 1.470: +3 -7 lines
Diff to previous 1.470 (colored)
Generate Ed25519 keys when invoked without arguments Ed25519 public keys are very convenient due to their small size. OpenSSH has supported Ed25519 since version 6.5 (January 2014). OK djm@ markus@ sthen@ deraadt@
Revision 1.470 / (download) - annotate - [select for diffs], Mon Jul 17 04:01:10 2023 UTC (9 months, 2 weeks ago) by djm
Branch: MAIN
Changes since 1.469: +3 -3 lines
Diff to previous 1.469 (colored)
remove vestigal support for KRL signatures When the KRL format was originally defined, it included support for signing of KRL objects. However, the code to sign KRLs and verify KRL signatues was never completed in OpenSSH. Now, some years later, we have SSHSIG support in ssh-keygen that is more general, well tested and actually works. So this removes the semi-finished KRL signing/verification support from OpenSSH and refactors the remaining code to realise the benefit - primarily, we no longer need to perform multiple parsing passes over KRL objects. ok markus@
Revision 1.469 / (download) - annotate - [select for diffs], Fri Jul 14 05:31:44 2023 UTC (9 months, 2 weeks ago) by djm
Branch: MAIN
Changes since 1.468: +7 -2 lines
Diff to previous 1.468 (colored)
add defence-in-depth checks for some unreachable integer overflows reported by Yair Mizrahi @ JFrog; feedback/ok millert@
Revision 1.468 / (download) - annotate - [select for diffs], Tue Jun 20 00:05:09 2023 UTC (10 months, 1 week ago) by djm
Branch: MAIN
Changes since 1.467: +2 -1 lines
Diff to previous 1.467 (colored)
reset comment=NULL for each key in do_fingerprint(); fixes "no comment" not showing on when running `ssh-keygen -l` on multiple keys where one has a comment and other following keys do not. Patch from Markus Kuhn via GHPR407, bz3580
Revision 1.467 / (download) - annotate - [select for diffs], Wed Apr 12 08:53:54 2023 UTC (12 months, 2 weeks ago) by jsg
Branch: MAIN
Changes since 1.466: +2 -2 lines
Diff to previous 1.466 (colored)
fix double words ok dtucker@
Revision 1.466 / (download) - annotate - [select for diffs], Wed Mar 8 00:05:37 2023 UTC (13 months, 3 weeks ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.465: +5 -3 lines
Diff to previous 1.465 (colored)
use RSA/SHA256 when testing usability of private key; based on fix in bz3546 by Dmitry Belyavskiy; with/ok dtucker
Revision 1.465 / (download) - annotate - [select for diffs], Sun Mar 5 09:24:35 2023 UTC (13 months, 3 weeks ago) by dtucker
Branch: MAIN
Changes since 1.464: +4 -1 lines
Diff to previous 1.464 (colored)
Fix mem and FILE leaks in moduli screening. If multiple -Ocheckpoint= options are passed, the earlier ones would be overwritten and leaked. If we use an input file that wasn't stdin, close that. From Coverity CIDs 291884 and 291894.
Revision 1.464 / (download) - annotate - [select for diffs], Sun Mar 5 08:18:58 2023 UTC (13 months, 3 weeks ago) by dtucker
Branch: MAIN
Changes since 1.463: +2 -1 lines
Diff to previous 1.463 (colored)
Plug mem leak in moduli checkpoint option parsing. From Coverity CID 291894.
Revision 1.463 / (download) - annotate - [select for diffs], Tue Feb 28 08:45:24 2023 UTC (14 months ago) by dtucker
Branch: MAIN
Changes since 1.462: +2 -2 lines
Diff to previous 1.462 (colored)
Explicitly ignore return from fchmod similar to other calls to prevent warning.
Revision 1.462 / (download) - annotate - [select for diffs], Fri Feb 10 04:56:30 2023 UTC (14 months, 2 weeks ago) by djm
Branch: MAIN
Changes since 1.461: +20 -10 lines
Diff to previous 1.461 (colored)
let ssh-keygen and ssh-keyscan accept -Ohashalg=sha1|sha256 when outputting SSHFP fingerprints to allow algorithm selection. bz3493 ok dtucker@
Revision 1.461 / (download) - annotate - [select for diffs], Sun Dec 4 23:50:49 2022 UTC (16 months, 3 weeks ago) by cheloha
Branch: MAIN
Changes since 1.460: +1 -2 lines
Diff to previous 1.460 (colored)
userspace: remove vestigial '?' cases from top-level getopt(3) loops getopt(3) returns '?' when it encounters a flag not present in the in the optstring or if a flag is missing its option argument. We can handle this case with the "default" failure case with no loss of legibility. Hence, remove all the redundant "case '?':" lines. Prompted by dlg@. With help from dlg@ and millert@. Link: https://marc.info/?l=openbsd-tech&m=167011979726449&w=2 ok naddy@ millert@ dlg@
Revision 1.460 / (download) - annotate - [select for diffs], Mon Nov 7 04:04:40 2022 UTC (17 months, 3 weeks ago) by djm
Branch: MAIN
Changes since 1.459: +2 -2 lines
Diff to previous 1.459 (colored)
fix parsing of hex cert expiry time; was checking whether the start time began with "0x", not the expiry time. from Ed Maste
Revision 1.459 / (download) - annotate - [select for diffs], Thu Aug 11 01:56:51 2022 UTC (20 months, 3 weeks ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.458: +22 -3 lines
Diff to previous 1.458 (colored)
allow certificate validity intervals, sshsig verification times and authorized_keys expiry-time options to accept dates in the UTC time zone in addition to the default of interpreting them in the system time zone. YYYYMMDD and YYMMDDHHMM[SS] dates/times will be interpreted as UTC if suffixed with a 'Z' character. Also allow certificate validity intervals to be specified in raw seconds-since-epoch as hex value, e.g. -V 0x1234:0x4567890. This is intended for use by regress tests and other tools that call ssh-keygen as part of a CA workflow. bz3468 ok dtucker
Revision 1.458 / (download) - annotate - [select for diffs], Fri Aug 5 05:01:40 2022 UTC (20 months, 3 weeks ago) by djm
Branch: MAIN
Changes since 1.457: +2 -9 lines
Diff to previous 1.457 (colored)
don't prompt for FIDO passphrase before attempting to enroll the credential, just let the enroll operating fail and we'll attempt to get a PIN anyway. Might avoid some unneccessary PIN prompts. Part of GHPR#302 from Corinna Vinschen; ok dtucker@
Revision 1.457 / (download) - annotate - [select for diffs], Wed Jul 20 03:33:22 2022 UTC (21 months, 1 week ago) by djm
Branch: MAIN
Changes since 1.456: +10 -13 lines
Diff to previous 1.456 (colored)
ssh-keygen: fix touch prompt, pin retries; part of GHPR329 from Pedro Martelletto
Revision 1.456 / (download) - annotate - [select for diffs], Wed Jul 20 03:29:14 2022 UTC (21 months, 1 week ago) by djm
Branch: MAIN
Changes since 1.455: +26 -1 lines
Diff to previous 1.455 (colored)
when enrolling a resident key on a security token, check if a credential with matching application and user ID strings already exists. if so, prompt the user for confirmation before overwriting the credential. patch from Pedro Martelletto via GHPR329 NB. cranks SSH_SK_VERSION_MAJOR, so any third-party FIDO middleware implementations will need to adjust
Revision 1.455 / (download) - annotate - [select for diffs], Wed Jul 20 03:13:04 2022 UTC (21 months, 1 week ago) by djm
Branch: MAIN
Changes since 1.454: +37 -28 lines
Diff to previous 1.454 (colored)
pull passphrase reading and confirmation into a separate function so it can be used for FIDO2 PINs; no functional change
Revision 1.454 / (download) - annotate - [select for diffs], Fri Jun 3 03:17:42 2022 UTC (22 months, 4 weeks ago) by dtucker
Branch: MAIN
Changes since 1.453: +1 -2 lines
Diff to previous 1.453 (colored)
ssh-keygen -A: do not generate DSA keys by default. Based on github PR#303 from jsegitz with man page text from jmc@, ok markus@ djm@
Revision 1.453 / (download) - annotate - [select for diffs], Tue May 31 14:05:12 2022 UTC (23 months ago) by naddy
Branch: MAIN
Changes since 1.452: +11 -1 lines
Diff to previous 1.452 (colored)
ssh-keygen: implement "verify-required" certificate option This was already documented when support for user-verified FIDO keys was added, but the ssh-keygen(1) code was missing. ok djm@
Revision 1.452 / (download) - annotate - [select for diffs], Mon May 9 03:09:53 2022 UTC (23 months, 3 weeks ago) by djm
Branch: MAIN
Changes since 1.451: +12 -7 lines
Diff to previous 1.451 (colored)
Allow existing -U (use agent) flag to work with "-Y sign" operations, where it will be interpreted to require that the private keys is hosted in an agent; bz3429, suggested by Adam Szkoda; ok dtucker@
Revision 1.451 / (download) - annotate - [select for diffs], Sun May 8 22:58:35 2022 UTC (23 months, 3 weeks ago) by djm
Branch: MAIN
Changes since 1.450: +13 -6 lines
Diff to previous 1.450 (colored)
improve error message when 'ssh-keygen -Y sign' is unable to load a private key; bz3429, reported by Adam Szkoda ok dtucker@
Revision 1.450 / (download) - annotate - [select for diffs], Fri Mar 18 02:32:22 2022 UTC (2 years, 1 month ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.449: +2 -1 lines
Diff to previous 1.449 (colored)
helpful comment
Revision 1.449 / (download) - annotate - [select for diffs], Fri Mar 18 02:31:25 2022 UTC (2 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.448: +7 -1 lines
Diff to previous 1.448 (colored)
ssh-keygen -Y check-novalidate requires namespace or SEGV will ensue. Patch from Mateusz Adamowski via GHPR#307
Revision 1.448 / (download) - annotate - [select for diffs], Tue Feb 1 23:32:51 2022 UTC (2 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.447: +2 -2 lines
Diff to previous 1.447 (colored)
mark const string array contents const too, i.e. static const char *array => static const char * const array from Mike Frysinger
Revision 1.447 / (download) - annotate - [select for diffs], Wed Jan 5 21:54:37 2022 UTC (2 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.446: +5 -3 lines
Diff to previous 1.446 (colored)
add a comment so I don't make this mistake again
Revision 1.446 / (download) - annotate - [select for diffs], Wed Jan 5 21:50:00 2022 UTC (2 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.445: +2 -2 lines
Diff to previous 1.445 (colored)
fix cut-and-pasto in error message
Revision 1.445 / (download) - annotate - [select for diffs], Wed Jan 5 04:50:11 2022 UTC (2 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.444: +28 -15 lines
Diff to previous 1.444 (colored)
allow selection of hash at sshsig signing time; code already supported either sha512 (default) or sha256, but plumbing wasn't there mostly by Linus Nordberg
Revision 1.444 / (download) - annotate - [select for diffs], Wed Jan 5 04:27:54 2022 UTC (2 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.443: +2 -2 lines
Diff to previous 1.443 (colored)
add missing -O option to usage() for ssh-keygen -Y sign; from Linus Nordberg
Revision 1.443 / (download) - annotate - [select for diffs], Wed Jan 5 04:27:01 2022 UTC (2 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.442: +39 -38 lines
Diff to previous 1.442 (colored)
move sig_process_opts() to before sig_sign(); no functional code change
Revision 1.442 / (download) - annotate - [select for diffs], Sun Nov 28 07:14:29 2021 UTC (2 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.441: +2 -2 lines
Diff to previous 1.441 (colored)
fix indenting in last commit
Revision 1.441 / (download) - annotate - [select for diffs], Sat Nov 27 07:14:46 2021 UTC (2 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.440: +41 -1 lines
Diff to previous 1.440 (colored)
Add ssh-keygen -Y match-principals operation to perform matching of principals names against an allowed signers file. Requested by and mostly written by Fabian Stelzer, towards a TOFU model for SSH signatures in git. Some tweaks by me. "doesn't bother me" deraadt@
Revision 1.440 / (download) - annotate - [select for diffs], Fri Oct 29 03:20:46 2021 UTC (2 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.439: +6 -4 lines
Diff to previous 1.439 (colored)
ssh-keygen: make verify-time argument parsing optional From Fabian Stelzer
Revision 1.439 / (download) - annotate - [select for diffs], Thu Oct 28 02:54:18 2021 UTC (2 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.438: +59 -34 lines
Diff to previous 1.438 (colored)
When downloading resident keys from a FIDO token, pass back the user ID that was used when the key was created and append it to the filename the key is written to (if it is not the default). Avoids keys being clobbered if the user created multiple resident keys with the same application string but different user IDs. feedback Pedro Martelletto; ok markus NB. increments SSH_SK_VERSION_MAJOR
Revision 1.438 / (download) - annotate - [select for diffs], Sat Oct 2 03:17:01 2021 UTC (2 years, 6 months ago) by dtucker
Branch: MAIN
Changes since 1.437: +2 -1 lines
Diff to previous 1.437 (colored)
Dynamically allocate encoded HashKnownHosts and free as appropriate. Saves 1k of static storage and prevents snprintf "possible truncation" warnings from newer compilers (although in this case it's false positive since the actual sizes are limited by the output size of the SHA1). ok djm@
Revision 1.437 / (download) - annotate - [select for diffs], Wed Sep 8 03:23:44 2021 UTC (2 years, 7 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.436: +2 -2 lines
Diff to previous 1.436 (colored)
correct my mistake in previous fix; spotted by halex
Revision 1.436 / (download) - annotate - [select for diffs], Tue Sep 7 06:03:51 2021 UTC (2 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.435: +3 -2 lines
Diff to previous 1.435 (colored)
avoid NULL deref in -Y find-principals. Report and fix from Carlo Marcelo Arenas Belón
Revision 1.435 / (download) - annotate - [select for diffs], Wed Aug 11 08:54:17 2021 UTC (2 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.434: +19 -4 lines
Diff to previous 1.434 (colored)
when verifying sshsig signatures, support an option (-Oprint-pubkey) to dump the full public key to stdout; based on patch from Fabian Stelzer; ok markus@
Revision 1.434 / (download) - annotate - [select for diffs], Sat Jul 24 02:51:14 2021 UTC (2 years, 9 months ago) by dtucker
Branch: MAIN
Changes since 1.433: +2 -2 lines
Diff to previous 1.433 (colored)
Don't omit ssh-keygen -y from usage when built without OpenSSL. It is actually available, albeit only for ed25519 keys.
Revision 1.433 / (download) - annotate - [select for diffs], Sat Jul 24 02:08:13 2021 UTC (2 years, 9 months ago) by dtucker
Branch: MAIN
Changes since 1.432: +3 -1 lines
Diff to previous 1.432 (colored)
Exclude key conversion options from usage when built without OpenSSL since those are not available, similar to what we currently do with the moduli screening options. We can also use this to skip the conversion regression tests in this case.
Revision 1.432 / (download) - annotate - [select for diffs], Fri Jul 23 03:37:52 2021 UTC (2 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.431: +50 -8 lines
Diff to previous 1.431 (colored)
Let allowed signers files used by ssh-keygen(1) signatures support key lifetimes, and allow the verification mode to specify a signature time to check at. This is intended for use by git to support signing objects using ssh keys. ok dtucker@
Revision 1.431 / (download) - annotate - [select for diffs], Fri Jul 9 09:55:56 2021 UTC (2 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.430: +3 -2 lines
Diff to previous 1.430 (colored)
silence redundant error message; reported by Fabian Stelzer
Revision 1.430 / (download) - annotate - [select for diffs], Mon Jul 5 01:16:46 2021 UTC (2 years, 9 months ago) by dtucker
Branch: MAIN
Changes since 1.429: +2 -2 lines
Diff to previous 1.429 (colored)
Order includes as per style(9). Portable already has these so this removes a handful of diffs between the two.
Revision 1.429 / (download) - annotate - [select for diffs], Sat Apr 3 06:18:41 2021 UTC (3 years ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.428: +8 -8 lines
Diff to previous 1.428 (colored)
highly polished whitespace, mostly fixing spaces-for-tab and bad indentation on continuation lines. Prompted by GHPR#185
Revision 1.428 / (download) - annotate - [select for diffs], Fri Mar 12 03:43:40 2021 UTC (3 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.427: +2 -1 lines
Diff to previous 1.427 (colored)
pwcopy() struct passwd that we're going to reuse across a bunch of library calls; bz3273 ok dtucker@
Revision 1.427 / (download) - annotate - [select for diffs], Sun Dec 20 23:36:51 2020 UTC (3 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.426: +2 -2 lines
Diff to previous 1.426 (colored)
load_hostkeys()/hostkeys_foreach() variants for FILE* Add load_hostkeys_file() and hostkeys_foreach_file() that accept a FILE* argument instead of opening the file directly. Original load_hostkeys() and hostkeys_foreach() are implemented using these new interfaces. Add a u_int note field to the hostkey_entry and hostkey_foreach_line structs that is passed directly from the load_hostkeys() and hostkeys_foreach() call. This is a lightweight way to annotate results between different invocations of load_hostkeys(). ok markus@
Revision 1.426 / (download) - annotate - [select for diffs], Sat Nov 28 12:52:32 2020 UTC (3 years, 5 months ago) by dtucker
Branch: MAIN
Changes since 1.425: +2 -1 lines
Diff to previous 1.425 (colored)
Include cipher.h for declaration of cipher_by_name.
Revision 1.425 / (download) - annotate - [select for diffs], Fri Nov 27 10:12:30 2020 UTC (3 years, 5 months ago) by dtucker
Branch: MAIN
Changes since 1.424: +6 -3 lines
Diff to previous 1.424 (colored)
Document ssh-keygen -Z, sanity check its argument earlier and provide a better error message if it's not correct. Prompted by bz#2879, ok djm@ jmc@
Revision 1.424 / (download) - annotate - [select for diffs], Sun Nov 8 22:37:24 2020 UTC (3 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.423: +2 -2 lines
Diff to previous 1.423 (colored)
when requesting a security key touch on stderr, inform the user once the touch has been recorded; requested by claudio@ ok markus@
Revision 1.423 / (download) - annotate - [select for diffs], Thu Oct 29 03:01:18 2020 UTC (3 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.422: +2 -2 lines
Diff to previous 1.422 (colored)
fix type of nid in type_bits_valid(); github PR#202 from github user thingsconnected
Revision 1.422 / (download) - annotate - [select for diffs], Thu Oct 29 02:52:43 2020 UTC (3 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.421: +2 -2 lines
Diff to previous 1.421 (colored)
whitespace; no code change
Revision 1.421 / (download) - annotate - [select for diffs], Sun Oct 18 11:32:02 2020 UTC (3 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.420: +134 -170 lines
Diff to previous 1.420 (colored)
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
Revision 1.420 / (download) - annotate - [select for diffs], Wed Sep 9 03:08:01 2020 UTC (3 years, 7 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.419: +27 -17 lines
Diff to previous 1.419 (colored)
when writing an attestation blob for a FIDO key, record all the data needed to verify the attestation. Previously we were missing the "authenticator data" that is included in the signature. spotted by Ian Haken feedback Pedro Martelletto and Ian Haken; ok markus@
Revision 1.419 / (download) - annotate - [select for diffs], Thu Aug 27 09:46:04 2020 UTC (3 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.418: +6 -2 lines
Diff to previous 1.418 (colored)
debug()-print a little info about FIDO-specific key fields via "ssh-keygen -vyf /path/key"
Revision 1.418 / (download) - annotate - [select for diffs], Thu Aug 27 01:08:45 2020 UTC (3 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.417: +20 -18 lines
Diff to previous 1.417 (colored)
Request PIN ahead of time for certain FIDO actions When we know that a particular action will require a PIN, such as downloading resident keys or generating a verify-required key, request the PIN before attempting it. joint work with Pedro Martelletto; ok markus@
Revision 1.417 / (download) - annotate - [select for diffs], Thu Aug 27 01:07:51 2020 UTC (3 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.416: +6 -1 lines
Diff to previous 1.416 (colored)
major rework of FIDO token selection logic When PINs are in use and multiple FIDO tokens are attached to a host, we cannot just blast requests at all attached tokens with the PIN specified as this will cause the per-token PIN failure counter to increment. If this retry counter hits the token's limit (usually 3 attempts), then the token will lock itself and render all (web and SSH) of its keys invalid. We don't want this. So this reworks the key selection logic for the specific case of multiple keys being attached. When multiple keys are attached and the operation requires a PIN, then the user must touch the key that they wish to use first in order to identify it. This may require multiple touches, but only if there are multiple keys attached AND (usually) the operation requires a PIN. The usual case of a single key attached should be unaffected. Work by Pedro Martelletto; ok myself and markus@
Revision 1.416 / (download) - annotate - [select for diffs], Thu Aug 27 01:06:18 2020 UTC (3 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.415: +39 -16 lines
Diff to previous 1.415 (colored)
support for user-verified FIDO keys FIDO2 supports a notion of "user verification" where the user is required to demonstrate their identity to the token before particular operations (e.g. signing). Typically this is done by authenticating themselves using a PIN that has been set on the token. This adds support for generating and using user verified keys where the verification happens via PIN (other options might be added in the future, but none are in common use now). Practically, this adds another key generation option "verify-required" that yields a key that requires a PIN before each authentication. feedback markus@ and Pedro Martelletto; ok markus@
Revision 1.415 / (download) - annotate - [select for diffs], Mon Aug 3 02:53:51 2020 UTC (3 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.414: +85 -67 lines
Diff to previous 1.414 (colored)
ensure that certificate extensions are lexically sorted. Previously if the user specified a custom extension then the everything would be in order except the custom ones. bz3198 ok dtucker markus
Revision 1.414 / (download) - annotate - [select for diffs], Wed Jul 15 07:50:46 2020 UTC (3 years, 9 months ago) by solene
Branch: MAIN
Changes since 1.413: +8 -7 lines
Diff to previous 1.413 (colored)
- Add [-a rounds] in ssh-keygen man page and usage() - Reorder parameters list in the first usage() case - Sentence rewording ok dtucker@ jmc@ noticed usage() missed -a flag too
Revision 1.413 / (download) - annotate - [select for diffs], Fri Jun 26 05:02:03 2020 UTC (3 years, 10 months ago) by dtucker
Branch: MAIN
Changes since 1.412: +4 -17 lines
Diff to previous 1.412 (colored)
Defer creation of ~/.ssh by ssh(1) until we attempt to write to it so we don't leave an empty .ssh directory when it's not needed. Use the same function to replace the code in ssh-keygen that does the same thing. bz#3156, ok djm@
Revision 1.412 / (download) - annotate - [select for diffs], Fri May 29 03:11:54 2020 UTC (3 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.411: +4 -4 lines
Diff to previous 1.411 (colored)
fix exit status for downloading of FIDO resident keys; from Pedro Martelletto, ok markus@
Revision 1.409.2.1 / (download) - annotate - [select for diffs], Mon May 18 19:02:13 2020 UTC (3 years, 11 months ago) by benno
Branch: OPENBSD_6_7
Changes since 1.409: +5 -3 lines
Diff to previous 1.409 (colored) next main 1.410 (colored)
this is errata 6.7/003_ssh.patch.sig original commit: revision 1.411 date: 2020/05/18 04:29:35; author: djm; state: Exp; lines: +5 -3; commitid: hsmHXBVmzuBuNxlN; avoid possible NULL deref; from Pedro Martelletto
Revision 1.411 / (download) - annotate - [select for diffs], Mon May 18 04:29:35 2020 UTC (3 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.410: +5 -3 lines
Diff to previous 1.410 (colored)
avoid possible NULL deref; from Pedro Martelletto
Revision 1.410 / (download) - annotate - [select for diffs], Wed May 13 09:55:57 2020 UTC (3 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.409: +5 -1 lines
Diff to previous 1.409 (colored)
preserve group/world read permission on known_hosts file across runs of "ssh-keygen -Rf /path". The old behaviour was to remove all rights for group/other. bz#3146 ok dtucker@
Revision 1.409 / (download) - annotate - [select for diffs], Sat May 2 07:19:43 2020 UTC (4 years ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE
Branch point for: OPENBSD_6_7
Changes since 1.408: +18 -49 lines
Diff to previous 1.408 (colored)
we have a sshkey_save_public() function to save public keys; use it and save a bunch of redundant code. Patch from loic AT venez.fr; ok markus@ djm@
Revision 1.408 / (download) - annotate - [select for diffs], Fri May 1 04:23:11 2020 UTC (4 years ago) by djm
Branch: MAIN
Changes since 1.407: +5 -4 lines
Diff to previous 1.407 (colored)
avoid NULL dereference when attempting to convert invalid ssh.com private keys using "ssh-keygen -i"; spotted by Michael Forney
Revision 1.407 / (download) - annotate - [select for diffs], Mon Apr 20 04:43:57 2020 UTC (4 years ago) by djm
Branch: MAIN
Changes since 1.406: +16 -12 lines
Diff to previous 1.406 (colored)
fix a bug I introduced in r1.406: when printing private key fingerprint of old-format key, key comments were not being displayed. Spotted by loic AT venez.fr, ok dtucker
Revision 1.406 / (download) - annotate - [select for diffs], Fri Apr 17 07:16:07 2020 UTC (4 years ago) by djm
Branch: MAIN
Changes since 1.405: +8 -9 lines
Diff to previous 1.405 (colored)
repair private key fingerprint printing to also print comment after regression caused by my recent pubkey loading refactor. Reported by loic AT venez.fr, ok dtucker@
Revision 1.405 / (download) - annotate - [select for diffs], Fri Apr 3 02:26:56 2020 UTC (4 years ago) by djm
Branch: MAIN
Changes since 1.404: +6 -4 lines
Diff to previous 1.404 (colored)
give ssh-keygen the ability to dump the contents of a binary key revocation list: ssh-keygen -lQf /path bz#3132; ok dtucker
Revision 1.404 / (download) - annotate - [select for diffs], Fri Mar 13 03:17:07 2020 UTC (4 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.403: +2 -2 lines
Diff to previous 1.403 (colored)
spelling errors in comments; no code change from https://fossies.org/linux/misc/openssh-8.2p1.tar.gz/codespell.html
Revision 1.403 / (download) - annotate - [select for diffs], Fri Mar 13 03:12:17 2020 UTC (4 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.402: +15 -8 lines
Diff to previous 1.402 (colored)
when downloading FIDO2 resident keys from a token, don't prompt for a PIN until the token has told us that it needs one. Avoids double-prompting on devices that implement on-device authentication (e.g. a touchscreen PIN pad on the Trezor Model T). ok dtucker@
Revision 1.402 / (download) - annotate - [select for diffs], Fri Mar 6 18:29:14 2020 UTC (4 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.401: +2 -2 lines
Diff to previous 1.401 (colored)
fix use-after-free in do_download_sk; ok djm
Revision 1.401 / (download) - annotate - [select for diffs], Fri Mar 6 18:15:04 2020 UTC (4 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.400: +4 -1 lines
Diff to previous 1.400 (colored)
exit if ssh_krl_revoke_key_sha256 fails; ok djm
Revision 1.400 / (download) - annotate - [select for diffs], Fri Feb 28 01:07:28 2020 UTC (4 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.399: +2 -2 lines
Diff to previous 1.399 (colored)
no-touch-required certificate option should be an extension, not a critical option.
Revision 1.399 / (download) - annotate - [select for diffs], Wed Feb 26 13:40:09 2020 UTC (4 years, 2 months ago) by jsg
Branch: MAIN
Changes since 1.398: +9 -17 lines
Diff to previous 1.398 (colored)
change explicit_bzero();free() to freezero() While freezero() returns early if the pointer is NULL the tests for NULL in callers are left to avoid warnings about passing an uninitialised size argument across a function boundry. ok deraadt@ djm@
Revision 1.398 / (download) - annotate - [select for diffs], Fri Feb 7 03:27:54 2020 UTC (4 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.397: +12 -6 lines
Diff to previous 1.397 (colored)
fix two PIN entry bugs on FIDO keygen: 1) it would allow more than the intended number of prompts (3) and 2) it would SEGV too many incorrect PINs were entered; based on patch by Gabriel Kihlman
Revision 1.397 / (download) - annotate - [select for diffs], Thu Feb 6 22:30:54 2020 UTC (4 years, 2 months ago) by naddy
Branch: MAIN
Changes since 1.396: +5 -5 lines
Diff to previous 1.396 (colored)
Replace "security key" with "authenticator" in program messages. This replaces "security key" in error/usage/verbose messages and distinguishes between "authenticator" and "authenticator-hosted key". ok djm@
Revision 1.396 / (download) - annotate - [select for diffs], Tue Feb 4 09:58:04 2020 UTC (4 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.395: +5 -1 lines
Diff to previous 1.395 (colored)
require FIDO application strings to start with "ssh:"; ok markus@
Revision 1.395 / (download) - annotate - [select for diffs], Tue Jan 28 08:01:34 2020 UTC (4 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.394: +33 -3 lines
Diff to previous 1.394 (colored)
changes to support FIDO attestation Allow writing to disk the attestation certificate that is generated by the FIDO token at key enrollment time. These certificates may be used by an out-of-band workflow to prove that a particular key is held in trustworthy hardware. Allow passing in a challenge that will be sent to the card during key enrollment. These are needed to build an attestation workflow that resists replay attacks. ok markus@
Revision 1.394 / (download) - annotate - [select for diffs], Sat Jan 25 23:13:09 2020 UTC (4 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.393: +2 -2 lines
Diff to previous 1.393 (colored)
improve the error message for u2f enrollment errors by making ssh-keygen be solely responsible for printing the error message and convertint some more common error responses from the middleware to a useful ssherr.h status code. more detail remains visible via -v of course. also remove indepedent copy of sk-api.h declarations in sk-usbhid.c and just include it. feedback & ok markus@
Revision 1.393 / (download) - annotate - [select for diffs], Sat Jan 25 23:02:13 2020 UTC (4 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.392: +10 -38 lines
Diff to previous 1.392 (colored)
factor out reading/writing sshbufs to dedicated functions; feedback and ok markus@
Revision 1.392 / (download) - annotate - [select for diffs], Sat Jan 25 00:03:36 2020 UTC (4 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.391: +9 -5 lines
Diff to previous 1.391 (colored)
expose PKCS#11 key labels/X.509 subjects as comments Extract the key label or X.509 subject string when PKCS#11 keys are retrieved from the token and plumb this through to places where it may be used as a comment. based on https://github.com/openssh/openssh-portable/pull/138 by Danielle Church feedback and ok markus@
Revision 1.391 / (download) - annotate - [select for diffs], Fri Jan 24 05:33:01 2020 UTC (4 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.390: +21 -11 lines
Diff to previous 1.390 (colored)
minor tweaks to ssh-keygen -Y find-principals: emit matched principals one per line to stdout rather than as comma- separated and with a free-text preamble (easy confusion opportunity) emit "not found" error to stderr fix up argument testing for -Y operations and improve error message for unsupported operations
Revision 1.390 / (download) - annotate - [select for diffs], Fri Jan 24 00:27:04 2020 UTC (4 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.389: +9 -5 lines
Diff to previous 1.389 (colored)
when signing a certificate with an RSA key, default to a safe signature algorithm (rsa-sha-512) if not is explicitly specified by the user; ok markus@
Revision 1.389 / (download) - annotate - [select for diffs], Fri Jan 24 00:00:31 2020 UTC (4 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.388: +9 -1 lines
Diff to previous 1.388 (colored)
allow PEM export of DSA and ECDSA keys; bz3091, patch from Jakub Jelen ok markus@
Revision 1.388 / (download) - annotate - [select for diffs], Thu Jan 23 23:31:52 2020 UTC (4 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.387: +13 -14 lines
Diff to previous 1.387 (colored)
ssh-keygen -Y find-principals fixes based on feedback from Markus: use "principals" instead of principal, as allowed_signers lines may list multiple. When the signing key is a certificate, emit only principals that match the certificate principal list. NB. the command -Y name changes: "find-principal" => "find-principals" ok markus@
Revision 1.387 / (download) - annotate - [select for diffs], Thu Jan 23 07:54:04 2020 UTC (4 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.386: +3 -3 lines
Diff to previous 1.386 (colored)
remove trailing period characters from pub/priv key pathnames - they make them needlessly more difficult to cut and paste without error; ok markus@ & dtucker@
Revision 1.386 / (download) - annotate - [select for diffs], Thu Jan 23 02:43:48 2020 UTC (4 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.385: +75 -9 lines
Diff to previous 1.385 (colored)
add a new signature operations "find-principal" to look up the principal associated with a signature from an allowed-signers file. Work by Sebastian Kinne; ok dtucker@
Revision 1.385 / (download) - annotate - [select for diffs], Wed Jan 22 04:51:51 2020 UTC (4 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.384: +5 -3 lines
Diff to previous 1.384 (colored)
For ssh-keygen -lF only add a space after key fingerprint when there is a comment. This makes copy-paste of fingerprints into ssh easier. OK djm@
Revision 1.384 / (download) - annotate - [select for diffs], Tue Jan 21 11:06:09 2020 UTC (4 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.383: +1 -11 lines
Diff to previous 1.383 (colored)
don't #ifdef out the KRL code when compiling without libcrypto support; it works just fine and disabling it breaks a few tests. ok dtucker@
Revision 1.383 / (download) - annotate - [select for diffs], Tue Jan 14 15:07:30 2020 UTC (4 years, 3 months ago) by naddy
Branch: MAIN
Changes since 1.382: +5 -6 lines
Diff to previous 1.382 (colored)
sync ssh-keygen.1 and ssh-keygen's usage() with each other and reality ok markus@
Revision 1.382 / (download) - annotate - [select for diffs], Mon Jan 6 02:00:46 2020 UTC (4 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.381: +27 -12 lines
Diff to previous 1.381 (colored)
Extends the SK API to accept a set of key/value options for all operations. These are intended to future-proof the API a little by making it easier to specify additional fields for without having to change the API version for each. At present, only two options are defined: one to explicitly specify the device for an operation (rather than accepting the middleware's autoselection) and another to specify the FIDO2 username that may be used when generating a resident key. These new options may be invoked at key generation time via ssh-keygen -O This also implements a suggestion from Markus to avoid "int" in favour of uint32_t for the algorithm argument in the API, to make implementation of ssh-sk-client/helper a little easier. feedback, fixes and ok markus@
Revision 1.381 / (download) - annotate - [select for diffs], Thu Jan 2 22:40:09 2020 UTC (4 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.380: +162 -60 lines
Diff to previous 1.380 (colored)
ability to download FIDO2 resident keys from a token via "ssh-keygen -K". This will save public/private keys into the current directory. This is handy if you move a token between hosts. feedback & ok markus@
Revision 1.380 / (download) - annotate - [select for diffs], Mon Dec 30 09:49:52 2019 UTC (4 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.379: +22 -23 lines
Diff to previous 1.379 (colored)
Remove the -x option currently used for FIDO/U2F-specific key flags. Instead these flags may be specified via -O. ok markus@
Revision 1.379 / (download) - annotate - [select for diffs], Mon Dec 30 09:24:45 2019 UTC (4 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.378: +19 -9 lines
Diff to previous 1.378 (colored)
translate and return error codes; retry on bad PIN Define some well-known error codes in the SK API and pass them back via ssh-sk-helper. Use the new "wrong PIN" error code to retry PIN prompting during ssh-keygen of resident keys. feedback and ok markus@
Revision 1.378 / (download) - annotate - [select for diffs], Mon Dec 30 09:23:28 2019 UTC (4 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.377: +2 -2 lines
Diff to previous 1.377 (colored)
SK API and sk-helper error/PIN passing Allow passing a PIN via the SK API (API major crank) and let the ssh-sk-helper API follow. Also enhance the ssh-sk-helper API to support passing back an error code instead of a complete reply. Will be used to signal "wrong PIN", etc. feedback and ok markus@
Revision 1.377 / (download) - annotate - [select for diffs], Mon Dec 30 09:19:52 2019 UTC (4 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.376: +3 -1 lines
Diff to previous 1.376 (colored)
basic support for generating FIDO2 resident keys "ssh-keygen -t ecdsa-sk|ed25519-sk -x resident" will generate a device-resident key. feedback and ok markus@
Revision 1.376 / (download) - annotate - [select for diffs], Mon Dec 30 03:30:09 2019 UTC (4 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.375: +150 -101 lines
Diff to previous 1.375 (colored)
remove single-letter flags for moduli options Move all moduli generation options to live under the -O flag. Frees up seven single-letter flags. NB. this change break existing ssh-keygen commandline syntax for moduli- related operations. Very few people use these fortunately. feedback and ok markus@
Revision 1.375 / (download) - annotate - [select for diffs], Mon Dec 30 03:28:41 2019 UTC (4 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.374: +8 -3 lines
Diff to previous 1.374 (colored)
prepare for use of ssh-keygen -O flag beyond certs Move list of available certificate options in ssh-keygen.1 to the CERTIFICATES section. Collect options specified by -O but delay parsing/validation of certificate options until we're sure that we're acting as a CA. ok markus@
Revision 1.374 / (download) - annotate - [select for diffs], Tue Dec 10 22:37:20 2019 UTC (4 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.373: +16 -4 lines
Diff to previous 1.373 (colored)
when acting as a CA and using a security key as the CA key, remind the user to touch they key to authorise the signature.
Revision 1.373 / (download) - annotate - [select for diffs], Mon Nov 25 00:57:27 2019 UTC (4 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.372: +6 -1 lines
Diff to previous 1.372 (colored)
Print a key touch reminder when generating a security key. Most keys require a touch to authorize the operation.
Revision 1.372 / (download) - annotate - [select for diffs], Mon Nov 25 00:55:58 2019 UTC (4 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.371: +14 -8 lines
Diff to previous 1.371 (colored)
allow "ssh-keygen -x no-touch-required" when generating a security key keypair to request one that does not require a touch for each authentication attempt. The default remains to require touch. feedback deraadt; ok markus@
Revision 1.371 / (download) - annotate - [select for diffs], Mon Nov 25 00:54:23 2019 UTC (4 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.370: +17 -8 lines
Diff to previous 1.370 (colored)
add a "no-touch-required" option for authorized_keys and a similar extension for certificates. This option disables the default requirement that security key signatures attest that the user touched their key to authorize them. feedback deraadt, ok markus
Revision 1.370 / (download) - annotate - [select for diffs], Mon Nov 25 00:51:37 2019 UTC (4 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.369: +10 -3 lines
Diff to previous 1.369 (colored)
Add new structure for signature options This is populated during signature verification with additional fields that are present in and covered by the signature. At the moment, it is only used to record security key-specific options, especially the flags field. with and ok markus@
Revision 1.369 / (download) - annotate - [select for diffs], Mon Nov 18 23:16:49 2019 UTC (4 years, 5 months ago) by naddy
Branch: MAIN
Changes since 1.368: +2 -2 lines
Diff to previous 1.368 (colored)
more missing mentions of ed25519-sk; ok djm@
Revision 1.368 / (download) - annotate - [select for diffs], Mon Nov 18 16:10:05 2019 UTC (4 years, 5 months ago) by naddy
Branch: MAIN
Changes since 1.367: +2 -1 lines
Diff to previous 1.367 (colored)
additional missing stdarg.h includes when built without WITH_OPENSSL; ok djm@
Revision 1.367 / (download) - annotate - [select for diffs], Mon Nov 18 06:39:36 2019 UTC (4 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.366: +2 -2 lines
Diff to previous 1.366 (colored)
Fix incorrect error message when key certification fails
Revision 1.366 / (download) - annotate - [select for diffs], Mon Nov 18 06:24:17 2019 UTC (4 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.365: +2 -4 lines
Diff to previous 1.365 (colored)
allow *-sk key types to be turned into certificates
Revision 1.365 / (download) - annotate - [select for diffs], Mon Nov 18 01:59:48 2019 UTC (4 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.364: +2 -1 lines
Diff to previous 1.364 (colored)
missing break in getopt switch; spotted by Sebastian Kinne
Revision 1.364 / (download) - annotate - [select for diffs], Thu Nov 14 21:27:30 2019 UTC (4 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.363: +4 -1 lines
Diff to previous 1.363 (colored)
directly support U2F/FIDO2 security keys in OpenSSH by linking against the (previously external) USB HID middleware. The dlopen() capability still exists for alternate middlewares, e.g. for Bluetooth, NFC and test/debugging.
Revision 1.363 / (download) - annotate - [select for diffs], Tue Nov 12 22:36:44 2019 UTC (4 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.362: +11 -3 lines
Diff to previous 1.362 (colored)
security keys typically need to be tapped/touched in order to perform a signature operation. Notify the user when this is expected via the TTY (if available) or $SSH_ASKPASS if we can. ok markus@
Revision 1.362 / (download) - annotate - [select for diffs], Tue Nov 12 19:33:08 2019 UTC (4 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.361: +15 -5 lines
Diff to previous 1.361 (colored)
enable ed25519 support; ok djm
Revision 1.361 / (download) - annotate - [select for diffs], Fri Nov 8 03:54:02 2019 UTC (4 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.360: +2 -2 lines
Diff to previous 1.360 (colored)
duplicate 'x' character in getopt(3) optstring
Revision 1.360 / (download) - annotate - [select for diffs], Thu Nov 7 08:38:38 2019 UTC (4 years, 5 months ago) by naddy
Branch: MAIN
Changes since 1.359: +3 -2 lines
Diff to previous 1.359 (colored)
Fill in missing man page bits for U2F security key support: Mention the new key types, the ~/.ssh/id_ecdsa_sk file, ssh's SecurityKeyProvider keyword, the SSH_SK_PROVIDER environment variable, and ssh-keygen's new -w and -x options. Copy the ssh-sk-helper man page from ssh-pkcs11-helper with minimal substitutions. ok djm@
Revision 1.359 / (download) - annotate - [select for diffs], Thu Oct 31 21:28:27 2019 UTC (4 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.358: +2 -2 lines
Diff to previous 1.358 (colored)
fix -Wshadow warning
Revision 1.358 / (download) - annotate - [select for diffs], Thu Oct 31 21:23:19 2019 UTC (4 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.357: +11 -7 lines
Diff to previous 1.357 (colored)
Refactor signing - use sshkey_sign for everything, including the new U2F signatures. Don't use sshsk_ecdsa_sign() directly, instead make it reachable via sshkey_sign() like all other signature operations. This means that we need to add a provider argument to sshkey_sign(), so most of this change is mechanically adding that. Suggested by / ok markus@
Revision 1.357 / (download) - annotate - [select for diffs], Thu Oct 31 21:17:09 2019 UTC (4 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.356: +35 -6 lines
Diff to previous 1.356 (colored)
ssh-keygen support for generating U2F/FIDO keys
Revision 1.356 / (download) - annotate - [select for diffs], Wed Oct 16 06:03:30 2019 UTC (4 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.355: +2 -1 lines
Diff to previous 1.355 (colored)
free buf before return; reported by krishnaiah bommu
Revision 1.355 / (download) - annotate - [select for diffs], Thu Oct 3 17:07:50 2019 UTC (4 years, 6 months ago) by jmc
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.354: +17 -17 lines
Diff to previous 1.354 (colored)
use a more common options order in SYNOPSIS and sync usage(); while here, no need for Bk/Ek; ok dtucker
Revision 1.354 / (download) - annotate - [select for diffs], Wed Oct 2 09:50:50 2019 UTC (4 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.353: +2 -2 lines
Diff to previous 1.353 (colored)
thinko in previous; spotted by Mantas Mikulėnas
Revision 1.353 / (download) - annotate - [select for diffs], Wed Oct 2 08:05:50 2019 UTC (4 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.352: +2 -2 lines
Diff to previous 1.352 (colored)
ban empty namespace strings for sshsig; spotted by Mantas Mikulėnas
Revision 1.352 / (download) - annotate - [select for diffs], Sun Sep 29 16:31:57 2019 UTC (4 years, 7 months ago) by jmc
Branch: MAIN
Changes since 1.351: +4 -4 lines
Diff to previous 1.351 (colored)
group and sort single letter options; ok deraadt
Revision 1.351 / (download) - annotate - [select for diffs], Tue Sep 24 12:50:46 2019 UTC (4 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.350: +2 -2 lines
Diff to previous 1.350 (colored)
identity_file[] should be PATH_MAX, not the arbitrary number 1024
Revision 1.350 / (download) - annotate - [select for diffs], Mon Sep 16 03:23:02 2019 UTC (4 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.349: +23 -7 lines
Diff to previous 1.349 (colored)
Allow testing signature syntax and validity without verifying that a signature came from a trusted signer. To discourage accidental or unintentional use, this is invoked by the deliberately ugly option name "check-novalidate" from Sebastian Kinne
Revision 1.349 / (download) - annotate - [select for diffs], Fri Sep 6 07:53:40 2019 UTC (4 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.348: +5 -2 lines
Diff to previous 1.348 (colored)
key conversion should fail for !openssl builds, not fall through to the key generation code
Revision 1.348 / (download) - annotate - [select for diffs], Fri Sep 6 05:23:55 2019 UTC (4 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.347: +5 -1 lines
Diff to previous 1.347 (colored)
fixes for !WITH_OPENSSL compilation; ok dtucker@
Revision 1.347 / (download) - annotate - [select for diffs], Fri Sep 6 04:53:27 2019 UTC (4 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.346: +2 -1 lines
Diff to previous 1.346 (colored)
lots of things were relying on libcrypto headers to transitively include various system headers (mostly stdlib.h); include them explicitly
Revision 1.346 / (download) - annotate - [select for diffs], Tue Sep 3 20:51:49 2019 UTC (4 years, 7 months ago) by naddy
Branch: MAIN
Changes since 1.345: +2 -2 lines
Diff to previous 1.345 (colored)
repair typo and editing mishap
Revision 1.345 / (download) - annotate - [select for diffs], Tue Sep 3 08:35:27 2019 UTC (4 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.344: +5 -5 lines
Diff to previous 1.344 (colored)
sshsig tweaks and improvements from and suggested by Markus ok markus/me
Revision 1.344 / (download) - annotate - [select for diffs], Tue Sep 3 08:34:19 2019 UTC (4 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.343: +321 -4 lines
Diff to previous 1.343 (colored)
sshsig: lightweight signature and verification ability for OpenSSH This adds a simple manual signature scheme to OpenSSH. Signatures can be made and verified using ssh-keygen -Y sign|verify Signatures embed the key used to make them. At verification time, this is matched via principal name against an authorized_keys-like list of allowed signers. Mostly by Sebastian Kinne w/ some tweaks by me ok markus@
Revision 1.343 / (download) - annotate - [select for diffs], Tue Sep 3 08:27:52 2019 UTC (4 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.342: +27 -11 lines
Diff to previous 1.342 (colored)
factor out confirm_overwrite(); ok markus@
Revision 1.342 / (download) - annotate - [select for diffs], Mon Sep 2 23:46:46 2019 UTC (4 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.341: +2 -2 lines
Diff to previous 1.341 (colored)
constify an argument
Revision 1.341 / (download) - annotate - [select for diffs], Sun Sep 1 23:47:32 2019 UTC (4 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.340: +13 -7 lines
Diff to previous 1.340 (colored)
print comment when printing pubkey from private bz#3052; ok dtucker
Revision 1.340 / (download) - annotate - [select for diffs], Thu Aug 8 08:02:57 2019 UTC (4 years, 8 months ago) by dtucker
Branch: MAIN
Changes since 1.339: +5 -4 lines
Diff to previous 1.339 (colored)
Allow the maximimum uint32 value for the argument passed to -b which allows better error messages from later validation. bz#3050, ok djm@
Revision 1.339 / (download) - annotate - [select for diffs], Mon Aug 5 21:45:27 2019 UTC (4 years, 8 months ago) by naddy
Branch: MAIN
Changes since 1.338: +15 -13 lines
Diff to previous 1.338 (colored)
Many key types are supported now, so take care to check the size restrictions and apply the default size only to the matching key type. tweak and ok dtucker@
Revision 1.338 / (download) - annotate - [select for diffs], Fri Jul 19 03:38:01 2019 UTC (4 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.337: +10 -2 lines
Diff to previous 1.337 (colored)
Accept the verbose flag when searching for host keys in known hosts (i.e. "ssh-keygen -vF host") to print the matching host's random- art signature too. bz#3003 "amusing, pretty" deraadt@
Revision 1.337 / (download) - annotate - [select for diffs], Tue Jul 16 13:18:39 2019 UTC (4 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.336: +25 -28 lines
Diff to previous 1.336 (colored)
remove mostly vestigal uuencode.[ch]; moving the only unique functionality there (wrapping of base64-encoded data) to sshbuf functions; feedback and ok markus@
Revision 1.336 / (download) - annotate - [select for diffs], Mon Jul 15 13:16:29 2019 UTC (4 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.335: +14 -11 lines
Diff to previous 1.335 (colored)
support PKCS8 as an optional format for storage of private keys, enabled via "ssh-keygen -m PKCS8" on operations that save private keys to disk. The OpenSSH native key format remains the default, but PKCS8 is a superior format to PEM if interoperability with non-OpenSSH software is required, as it may use a less terrible KDF (IIRC PEM uses a single round of MD5 as a KDF). adapted from patch by Jakub Jelen via bz3013; ok markus
Revision 1.335 / (download) - annotate - [select for diffs], Fri Jul 5 07:32:01 2019 UTC (4 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.334: +2 -1 lines
Diff to previous 1.334 (colored)
revert header removal that snuck into previous
Revision 1.334 / (download) - annotate - [select for diffs], Fri Jul 5 04:55:40 2019 UTC (4 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.333: +1 -2 lines
Diff to previous 1.333 (colored)
add a local implementation of BSD realpath() for sftp-server use ahead of OpenBSD's realpath changing to match POSIX; ok deraadt@ (thanks for snaps testing)
Revision 1.333 / (download) - annotate - [select for diffs], Fri Jun 28 13:35:04 2019 UTC (4 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.332: +12 -12 lines
Diff to previous 1.332 (colored)
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
Revision 1.332 / (download) - annotate - [select for diffs], Fri Jun 21 04:21:04 2019 UTC (4 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.331: +2 -2 lines
Diff to previous 1.331 (colored)
Add protection for private keys at rest in RAM against speculation and memory sidechannel attacks like Spectre, Meltdown, Rowhammer and Rambleed. This change encrypts private keys when they are not in use with a symmetic key that is derived from a relatively large "prekey" consisting of random data (currently 16KB). Attackers must recover the entire prekey with high accuracy before they can attempt to decrypt the shielded private key, but the current generation of attacks have bit error rates that, when applied cumulatively to the entire prekey, make this unlikely. Implementation-wise, keys are encrypted "shielded" when loaded and then automatically and transparently unshielded when used for signatures or when being saved/serialised. Hopefully we can remove this in a few years time when computer architecture has become less unsafe. been in snaps for a bit already; thanks deraadt@ ok dtucker@ deraadt@
Revision 1.331 / (download) - annotate - [select for diffs], Thu Jun 6 05:13:13 2019 UTC (4 years, 10 months ago) by otto
Branch: MAIN
Changes since 1.330: +1 -2 lines
Diff to previous 1.330 (colored)
Replace calls to ssh_malloc_init() by a static init of malloc_options. Prepares for changes in the way malloc is initialized. ok guenther@ dtucker@
Revision 1.330 / (download) - annotate - [select for diffs], Wed May 29 08:30:26 2019 UTC (4 years, 11 months ago) by lum
Branch: MAIN
Changes since 1.329: +16 -5 lines
Diff to previous 1.329 (colored)
Make the standard output messages of both methods of changing a key pair's comments (using -c and -C) more applicable to both methods. ok and suggestions djm@ dtucker@
Revision 1.329 / (download) - annotate - [select for diffs], Mon Mar 25 16:19:44 2019 UTC (5 years, 1 month ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.328: +9 -2 lines
Diff to previous 1.328 (colored)
Expand comment to document rationale for default key sizes. "seems worthwhile" deraadt.
Revision 1.328 / (download) - annotate - [select for diffs], Mon Mar 25 15:49:00 2019 UTC (5 years, 1 month ago) by dtucker
Branch: MAIN
Changes since 1.327: +6 -3 lines
Diff to previous 1.327 (colored)
Increase the default RSA key size to 3072 bits. Based on the estimates from NIST Special Publication 800-57, 3k bits provides security equivalent to 128 bits which is the smallest symmetric cipher we enable by default. ok markus@ deraadt@
Revision 1.327 / (download) - annotate - [select for diffs], Sun Feb 10 16:35:41 2019 UTC (5 years, 2 months ago) by benno
Branch: MAIN
Changes since 1.326: +2 -2 lines
Diff to previous 1.326 (colored)
ssh-keygen -D pkcs11.so needs to initialize pkcs11 interactive, so it can ask for the smartcards PIN. ok markus@
Revision 1.326 / (download) - annotate - [select for diffs], Wed Jan 23 04:51:02 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.325: +12 -5 lines
Diff to previous 1.325 (colored)
allow auto-incrementing certificate serial number for certs signed in a single commandline.
Revision 1.325 / (download) - annotate - [select for diffs], Wed Jan 23 04:16:22 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.324: +82 -94 lines
Diff to previous 1.324 (colored)
move a bunch of global flag variables to main(); make the rest static
Revision 1.324 / (download) - annotate - [select for diffs], Tue Jan 22 20:48:01 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.323: +4 -3 lines
Diff to previous 1.323 (colored)
add -m to usage(); reminded by jmc@
Revision 1.323 / (download) - annotate - [select for diffs], Fri Oct 19 03:12:42 2018 UTC (5 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.322: +4 -3 lines
Diff to previous 1.322 (colored)
when printing certificate contents "ssh-keygen -Lf /path/certificate", include the algorithm that the CA used to sign the cert.
Revision 1.322 / (download) - annotate - [select for diffs], Fri Sep 14 04:17:44 2018 UTC (5 years, 7 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.321: +3 -3 lines
Diff to previous 1.321 (colored)
garbage-collect moribund ssh_new_private() API.
Revision 1.321 / (download) - annotate - [select for diffs], Thu Sep 13 02:08:33 2018 UTC (5 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.320: +47 -16 lines
Diff to previous 1.320 (colored)
hold our collective noses and use the openssl-1.1.x API in OpenSSH; feedback and ok tb@ jsing@ markus@
Revision 1.320 / (download) - annotate - [select for diffs], Wed Sep 12 01:21:34 2018 UTC (5 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.319: +67 -8 lines
Diff to previous 1.319 (colored)
allow key revocation by SHA256 hash and allow ssh-keygen to create KRLs using SHA256/base64 key fingerprints; ok markus@
Revision 1.319 / (download) - annotate - [select for diffs], Wed Aug 8 01:16:01 2018 UTC (5 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.318: +4 -3 lines
Diff to previous 1.318 (colored)
Use new private key format by default. This format is suported by OpenSSH >= 6.5 (released January 2014), so it should be supported by most OpenSSH versions in active use. It is possible to convert new-format private keys to the older format using "ssh-keygen -f /path/key -pm PEM". ok deraadt dtucker
Revision 1.318 / (download) - annotate - [select for diffs], Mon Jul 9 21:59:10 2018 UTC (5 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.317: +2 -2 lines
Diff to previous 1.317 (colored)
replace cast with call to sshbuf_mutable_ptr(); ok djm@
Revision 1.317 / (download) - annotate - [select for diffs], Wed Jun 6 18:29:18 2018 UTC (5 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.316: +17 -8 lines
Diff to previous 1.316 (colored)
switch config file parsing to getline(3) as this avoids static limits noted by gerhard@; ok dtucker@, djm@
Revision 1.316 / (download) - annotate - [select for diffs], Fri Jun 1 04:21:29 2018 UTC (5 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.315: +2 -2 lines
Diff to previous 1.315 (colored)
whitespace
Revision 1.315 / (download) - annotate - [select for diffs], Fri Jun 1 03:51:34 2018 UTC (5 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.314: +4 -5 lines
Diff to previous 1.314 (colored)
return correct exit code when searching for and hashing known_hosts entries in a single operation (ssh-keygen -HF hostname); bz2772 Report and fix from Anton Kremenetsky
Revision 1.314 / (download) - annotate - [select for diffs], Mon Mar 12 00:52:01 2018 UTC (6 years, 1 month ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.313: +5 -39 lines
Diff to previous 1.313 (colored)
add valid-before="[time]" authorized_keys option. A simple way of giving a key an expiry date. ok markus@
Revision 1.313 / (download) - annotate - [select for diffs], Fri Feb 23 15:58:38 2018 UTC (6 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.312: +15 -4 lines
Diff to previous 1.312 (colored)
Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@
Revision 1.312 / (download) - annotate - [select for diffs], Sat Feb 10 05:48:46 2018 UTC (6 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.311: +3 -1 lines
Diff to previous 1.311 (colored)
Refuse to create a certificate with an unusable number of principals; Prompted by gdestuynder via github
Revision 1.311 / (download) - annotate - [select for diffs], Sat Feb 10 05:43:26 2018 UTC (6 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.310: +3 -2 lines
Diff to previous 1.310 (colored)
fatal if we're unable to write all the public key; previously we would silently ignore errors writing the comment and terminating newline. Prompted by github PR from WillerZ; ok dtucker
Revision 1.310 / (download) - annotate - [select for diffs], Wed Feb 7 05:15:49 2018 UTC (6 years, 2 months ago) by jsing
Branch: MAIN
Changes since 1.309: +1 -23 lines
Diff to previous 1.309 (colored)
Remove some #ifdef notyet code from OpenSSL 0.9.8 days. These functions have never appeared in OpenSSL and are likely never to do so. "kill it with fire" djm@
Revision 1.309 / (download) - annotate - [select for diffs], Mon Dec 18 02:25:15 2017 UTC (6 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.308: +2 -2 lines
Diff to previous 1.308 (colored)
pass negotiated signing algorithm though to sshkey_verify() and check that the negotiated algorithm matches the type in the signature (only matters for RSA SHA1/SHA2 sigs). ok markus@
Revision 1.308 / (download) - annotate - [select for diffs], Fri Nov 3 05:14:04 2017 UTC (6 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.307: +8 -4 lines
Diff to previous 1.307 (colored)
allow certificate validity intervals that specify only a start or stop time (we already support specifying both or neither)
Revision 1.307 / (download) - annotate - [select for diffs], Fri Jul 7 03:53:12 2017 UTC (6 years, 9 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.306: +72 -34 lines
Diff to previous 1.306 (colored)
When generating all hostkeys (ssh-keygen -A), clobber existing keys if they exist but are zero length. zero-length keys could previously be made if ssh-keygen failed part way through generating them, so avoid that case too. bz#2561 reported by Krzysztof Cieplucha; ok dtucker@
Revision 1.306 / (download) - annotate - [select for diffs], Sat Jul 1 13:50:45 2017 UTC (6 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.305: +2 -3 lines
Diff to previous 1.305 (colored)
remove post-SSHv1 removal dead code from rsa.c and merge the remaining bit that it still used into ssh-rsa.c; ok markus
Revision 1.305 / (download) - annotate - [select for diffs], Wed Jun 28 01:09:22 2017 UTC (6 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.304: +67 -9 lines
Diff to previous 1.304 (colored)
Allow ssh-keygen to use a key held in ssh-agent as a CA when signing certificates. bz#2377 ok markus
Revision 1.304 / (download) - annotate - [select for diffs], Tue May 30 14:16:41 2017 UTC (6 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.303: +10 -10 lines
Diff to previous 1.303 (colored)
remove unused wrapper functions from key.[ch]; ok djm@
Revision 1.303 / (download) - annotate - [select for diffs], Sun May 7 23:15:59 2017 UTC (6 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.302: +16 -8 lines
Diff to previous 1.302 (colored)
Refuse RSA keys <1024 bits in length. Improve reporting for keys that do not meet this requirement. ok markus@
Revision 1.302 / (download) - annotate - [select for diffs], Sun Apr 30 23:18:44 2017 UTC (7 years ago) by djm
Branch: MAIN
Changes since 1.301: +5 -22 lines
Diff to previous 1.301 (colored)
remove KEY_RSA1 ok markus@
Revision 1.301 / (download) - annotate - [select for diffs], Sun Apr 30 23:10:43 2017 UTC (7 years ago) by djm
Branch: MAIN
Changes since 1.300: +1 -8 lines
Diff to previous 1.300 (colored)
unifdef WITH_SSH1 ok markus@
Revision 1.300 / (download) - annotate - [select for diffs], Sat Apr 29 04:12:25 2017 UTC (7 years ago) by djm
Branch: MAIN
Changes since 1.299: +37 -2 lines
Diff to previous 1.299 (colored)
allow ssh-keygen to include arbitrary string or flag certificate extensions and critical options. ok markus@ dtucker@
Revision 1.299 / (download) - annotate - [select for diffs], Fri Mar 10 04:26:06 2017 UTC (7 years, 1 month ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.298: +2 -1 lines
Diff to previous 1.298 (colored)
ensure hostname is lower-case before hashing it; bz#2591 reported by Griff Miller II; ok dtucker@
Revision 1.298 / (download) - annotate - [select for diffs], Mon Mar 6 02:03:20 2017 UTC (7 years, 1 month ago) by dtucker
Branch: MAIN
Changes since 1.297: +2 -2 lines
Diff to previous 1.297 (colored)
Check l->hosts before dereferencing; fixes potential null pointer deref. ok djm@
Revision 1.297 / (download) - annotate - [select for diffs], Mon Mar 6 00:44:51 2017 UTC (7 years, 1 month ago) by dtucker
Branch: MAIN
Changes since 1.296: +6 -6 lines
Diff to previous 1.296 (colored)
linenum is unsigned long so use %lu in log formats. ok deraadt@
Revision 1.296 / (download) - annotate - [select for diffs], Fri Mar 3 06:13:11 2017 UTC (7 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.295: +3 -3 lines
Diff to previous 1.295 (colored)
fix ssh-keygen -H accidentally corrupting known_hosts that contained already-hashed entries. HKF_MATCH_HOST_HASHED is only set by hostkeys_foreach() when hostname matching is in use, so we need to look for the hash marker explicitly.
Revision 1.295 / (download) - annotate - [select for diffs], Fri Feb 17 02:32:05 2017 UTC (7 years, 2 months ago) by dtucker
Branch: MAIN
Changes since 1.294: +9 -3 lines
Diff to previous 1.294 (colored)
Do not show rsa1 key type in usage when compiled without SSH1 support.
Revision 1.294 / (download) - annotate - [select for diffs], Fri Feb 10 03:36:40 2017 UTC (7 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.293: +8 -4 lines
Diff to previous 1.293 (colored)
Sanitise escape sequences in key comments sent to printf but preserve valid UTF-8 when the locale supports it; bz#2520 ok dtucker@
Revision 1.293 / (download) - annotate - [select for diffs], Wed Feb 8 20:32:43 2017 UTC (7 years, 2 months ago) by millert
Branch: MAIN
Changes since 1.292: +5 -2 lines
Diff to previous 1.292 (colored)
Avoid printf %s NULL. From semarie@, OK djm@
Revision 1.292 / (download) - annotate - [select for diffs], Mon Sep 12 03:29:16 2016 UTC (7 years, 7 months ago) by dtucker
Branch: MAIN
Changes since 1.291: +3 -3 lines
Diff to previous 1.291 (colored)
Spaces->tabs.
Revision 1.291 / (download) - annotate - [select for diffs], Mon Sep 12 03:25:20 2016 UTC (7 years, 7 months ago) by dtucker
Branch: MAIN
Changes since 1.290: +2 -3 lines
Diff to previous 1.290 (colored)
Style whitespace fix. Also happens to remove a no-op diff with portable.
Revision 1.290 / (download) - annotate - [select for diffs], Mon May 2 09:36:42 2016 UTC (8 years ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0
Changes since 1.289: +9 -3 lines
Diff to previous 1.289 (colored)
support SHA256 and SHA512 RSA signatures in certificates; ok markus@
Revision 1.289 / (download) - annotate - [select for diffs], Mon May 2 08:49:03 2016 UTC (8 years ago) by djm
Branch: MAIN
Changes since 1.288: +4 -4 lines
Diff to previous 1.288 (colored)
fix signed/unsigned errors reported by clang-3.7; add sshbuf_dup_string() to replace a common idiom of strdup(sshbuf_ptr()) with better safety checking; feedback and ok markus@
Revision 1.288 / (download) - annotate - [select for diffs], Mon Feb 15 09:47:49 2016 UTC (8 years, 2 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.287: +2 -1 lines
Diff to previous 1.287 (colored)
Add a function to enable security-related malloc_options. With and ok deraadt@, something similar has been in the snaps for a while.
Revision 1.287 / (download) - annotate - [select for diffs], Fri Dec 11 03:19:09 2015 UTC (8 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.286: +3 -3 lines
Diff to previous 1.286 (colored)
use SSH_MAX_PUBKEY_BYTES consistently as buffer size when reading key files. Increase it to match the size of the buffers already being used.
Revision 1.286 / (download) - annotate - [select for diffs], Fri Dec 11 02:31:47 2015 UTC (8 years, 4 months ago) by mmcc
Branch: MAIN
Changes since 1.285: +2 -3 lines
Diff to previous 1.285 (colored)
Remove NULL-checks before sshkey_free(). ok djm@
Revision 1.285 / (download) - annotate - [select for diffs], Fri Dec 4 16:41:28 2015 UTC (8 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.284: +2 -2 lines
Diff to previous 1.284 (colored)
implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth)
based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt;
with & ok djm@
Revision 1.284 / (download) - annotate - [select for diffs], Sat Nov 28 06:50:52 2015 UTC (8 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.283: +5 -2 lines
Diff to previous 1.283 (colored)
do not leak temp file if there is no known_hosts file from craig leres, ok djm
Revision 1.283 / (download) - annotate - [select for diffs], Fri Nov 20 23:04:01 2015 UTC (8 years, 5 months ago) by halex
Branch: MAIN
Changes since 1.282: +6 -4 lines
Diff to previous 1.282 (colored)
allow comment change for all supported formats ok djm@
Revision 1.282 / (download) - annotate - [select for diffs], Thu Nov 19 01:12:32 2015 UTC (8 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.281: +4 -4 lines
Diff to previous 1.281 (colored)
trailing whitespace
Revision 1.281 / (download) - annotate - [select for diffs], Thu Nov 19 01:08:55 2015 UTC (8 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.280: +8 -44 lines
Diff to previous 1.280 (colored)
move the certificate validity formatting code to sshkey.[ch]
Revision 1.280 / (download) - annotate - [select for diffs], Wed Nov 18 08:37:28 2015 UTC (8 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.279: +11 -4 lines
Diff to previous 1.279 (colored)
fix "ssh-keygen -l" of private key, broken in support for multiple plain keys on stdin
Revision 1.279 / (download) - annotate - [select for diffs], Mon Nov 16 22:53:07 2015 UTC (8 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.278: +128 -89 lines
Diff to previous 1.278 (colored)
Allow fingerprinting from standard input "ssh-keygen -lf -" Support fingerprinting multiple plain keys in a file and authorized_keys files too (bz#1319) ok markus@
Revision 1.278 / (download) - annotate - [select for diffs], Fri Nov 13 04:34:15 2015 UTC (8 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.277: +56 -17 lines
Diff to previous 1.277 (colored)
support multiple certificates (one per line) and reading from standard input (using "-f -") for "ssh-keygen -L"; ok dtucker@
Revision 1.277 / (download) - annotate - [select for diffs], Wed Aug 19 23:17:51 2015 UTC (8 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.276: +3 -2 lines
Diff to previous 1.276 (colored)
fixed unlink([uninitialised memory]) reported by Mateusz Kocielski; ok markus@
Revision 1.276 / (download) - annotate - [select for diffs], Fri Jul 3 03:49:45 2015 UTC (8 years, 10 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8
Changes since 1.275: +3 -3 lines
Diff to previous 1.275 (colored)
refuse to generate or accept RSA keys smaller than 1024 bits; feedback and ok dtucker@
Revision 1.275 / (download) - annotate - [select for diffs], Fri Jul 3 03:43:18 2015 UTC (8 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.274: +17 -50 lines
Diff to previous 1.274 (colored)
delete support for legacy v00 certificates; "sure" markus@ dtucker@
Revision 1.274 / (download) - annotate - [select for diffs], Thu May 28 07:37:31 2015 UTC (8 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.273: +52 -39 lines
Diff to previous 1.273 (colored)
wrap all moduli-related code in #ifdef WITH_OPENSSL. based on patch from Reuben Hawkins; bz#2388 feedback and ok dtucker@
Revision 1.273 / (download) - annotate - [select for diffs], Thu May 28 04:40:13 2015 UTC (8 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.272: +8 -2 lines
Diff to previous 1.272 (colored)
make ssh-keygen default to ed25519 keys when compiled without OpenSSL; bz#2388, ok dtucker@
Revision 1.272 / (download) - annotate - [select for diffs], Thu May 21 12:01:19 2015 UTC (8 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.271: +17 -3 lines
Diff to previous 1.271 (colored)
Support "ssh-keygen -lF hostname" to find search known_hosts and print key hashes. Already advertised by ssh-keygen(1), but not delivered by code; ok dtucker@
Revision 1.271 / (download) - annotate - [select for diffs], Mon Apr 27 01:52:30 2015 UTC (9 years ago) by djm
Branch: MAIN
Changes since 1.270: +6 -2 lines
Diff to previous 1.270 (colored)
fix compilation with OPENSSL=no; ok dtucker@
Revision 1.270 / (download) - annotate - [select for diffs], Fri Apr 24 01:36:01 2015 UTC (9 years ago) by deraadt
Branch: MAIN
Changes since 1.269: +2 -2 lines
Diff to previous 1.269 (colored)
rename xrealloc() to xreallocarray() since it follows that form. ok djm
Revision 1.269 / (download) - annotate - [select for diffs], Fri Apr 17 13:19:22 2015 UTC (9 years ago) by djm
Branch: MAIN
Changes since 1.268: +94 -153 lines
Diff to previous 1.268 (colored)
use error/logit/fatal instead of fprintf(stderr, ...) and exit(0), fix a few errors that were being printed to stdout instead of stderr and a few non-errors that were going to stderr instead of stdout bz#2325; ok dtucker
Revision 1.268 / (download) - annotate - [select for diffs], Tue Mar 31 11:06:49 2015 UTC (9 years, 1 month ago) by tobias
Branch: MAIN
Changes since 1.267: +2 -1 lines
Diff to previous 1.267 (colored)
Comments are only supported for RSA1 keys. If a user tried to add one and entered his passphrase, explicitly clear it before exit. This is done in all other error paths, too. ok djm
Revision 1.267 / (download) - annotate - [select for diffs], Mon Mar 23 06:06:38 2015 UTC (9 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.266: +5 -1 lines
Diff to previous 1.266 (colored)
for ssh-keygen -A, don't try (and fail) to generate ssh v.1 keys when compiled without SSH1 support RSA/DSA/ECDSA keys when compiled without OpenSSL based on patch by Mike Frysinger; bz#2369
Revision 1.266 / (download) - annotate - [select for diffs], Thu Feb 26 20:45:47 2015 UTC (9 years, 2 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.265: +3 -2 lines
Diff to previous 1.265 (colored)
don't printf NULL key comments; reported by Tom Christensen
Revision 1.265 / (download) - annotate - [select for diffs], Tue Feb 24 15:24:05 2015 UTC (9 years, 2 months ago) by naddy
Branch: MAIN
Changes since 1.264: +2 -2 lines
Diff to previous 1.264 (colored)
add -v (show ASCII art) to -l's synopsis; ok djm@
Revision 1.264 / (download) - annotate - [select for diffs], Mon Feb 23 22:21:21 2015 UTC (9 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.263: +2 -2 lines
Diff to previous 1.263 (colored)
further silence spurious error message even when -v is specified (e.g. to get visual host keys); reported by naddy@
Revision 1.263 / (download) - annotate - [select for diffs], Mon Feb 23 16:55:31 2015 UTC (9 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.262: +2 -2 lines
Diff to previous 1.262 (colored)
silence a spurious error message when listing fingerprints for known_hosts; bz#2342
Revision 1.262 / (download) - annotate - [select for diffs], Mon Feb 16 22:08:57 2015 UTC (9 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.261: +39 -32 lines
Diff to previous 1.261 (colored)
Refactor hostkeys_foreach() and dependent code Deal with IP addresses (i.e. CheckHostIP) Don't clobber known_hosts when nothing changed ok markus@ as part of larger commit
Revision 1.261 / (download) - annotate - [select for diffs], Fri Jan 30 01:10:33 2015 UTC (9 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.260: +15 -11 lines
Diff to previous 1.260 (colored)
permit KRLs that revoke certificates by serial number or key ID without scoping to a particular CA; ok markus@
Revision 1.260 / (download) - annotate - [select for diffs], Fri Jan 30 00:59:19 2015 UTC (9 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.259: +3 -3 lines
Diff to previous 1.259 (colored)
missing parentheses after if in do_convert_from() broke private key conversion from other formats some time in 2010; bz#2345 reported by jjelen AT redhat.com
Revision 1.259 / (download) - annotate - [select for diffs], Wed Jan 28 22:36:00 2015 UTC (9 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.258: +14 -4 lines
Diff to previous 1.258 (colored)
update to new API (key_fingerprint => sshkey_fingerprint) check sshkey_fingerprint return values; ok markus
Revision 1.258 / (download) - annotate - [select for diffs], Mon Jan 19 00:32:54 2015 UTC (9 years, 3 months ago) by deraadt
Branch: MAIN
Changes since 1.257: +2 -2 lines
Diff to previous 1.257 (colored)
djm, your /usr/include tree is old
Revision 1.257 / (download) - annotate - [select for diffs], Sun Jan 18 21:51:19 2015 UTC (9 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.256: +11 -10 lines
Diff to previous 1.256 (colored)
some feedback from markus@: comment hostkeys_foreach() context and avoid a member in it.
Revision 1.256 / (download) - annotate - [select for diffs], Sun Jan 18 21:49:42 2015 UTC (9 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.255: +121 -205 lines
Diff to previous 1.255 (colored)
make ssh-keygen use hostkeys_foreach(). Removes some horrendous code; ok markus@
Revision 1.255 / (download) - annotate - [select for diffs], Sun Jan 18 13:22:28 2015 UTC (9 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.254: +12 -7 lines
Diff to previous 1.254 (colored)
infer key length correctly when user specified a fully- qualified key name instead of using the -b bits option; ok markus@
Revision 1.254 / (download) - annotate - [select for diffs], Fri Jan 16 15:55:07 2015 UTC (9 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.253: +3 -3 lines
Diff to previous 1.253 (colored)
regression: incorrect error message on otherwise-successful ssh-keygen -A. Reported by Dmitry Orlov, via deraadt@
Revision 1.253 / (download) - annotate - [select for diffs], Fri Jan 16 06:40:12 2015 UTC (9 years, 3 months ago) by deraadt
Branch: MAIN
Changes since 1.252: +6 -6 lines
Diff to previous 1.252 (colored)
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
Revision 1.252 / (download) - annotate - [select for diffs], Thu Jan 15 09:40:00 2015 UTC (9 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.251: +418 -351 lines
Diff to previous 1.251 (colored)
sync ssh-keysign, ssh-keygen and some dependencies to the new buffer/key API; mostly mechanical, ok markus@
Revision 1.251 / (download) - annotate - [select for diffs], Sun Dec 21 22:27:56 2014 UTC (9 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.250: +36 -22 lines
Diff to previous 1.250 (colored)
Add FingerprintHash option to control algorithm used for key fingerprints. Default changes from MD5 to SHA256 and format from hex to base64. Feedback and ok naddy@ markus@
Revision 1.250 / (download) - annotate - [select for diffs], Thu Aug 21 01:08:52 2014 UTC (9 years, 8 months ago) by doug
Branch: MAIN
Changes since 1.249: +3 -1 lines
Diff to previous 1.249 (colored)
Free resources on error in mkstemp and fdopen ok djm@
Revision 1.249 / (download) - annotate - [select for diffs], Thu Jul 3 03:47:27 2014 UTC (9 years, 10 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6
Changes since 1.248: +44 -26 lines
Diff to previous 1.248 (colored)
When hashing or removing hosts using ssh-keygen, don't choke on @revoked markers and don't remove @cert-authority markers; bz#2241, reported by mlindgren AT runelind.net
Revision 1.248 / (download) - annotate - [select for diffs], Thu Jul 3 03:34:09 2014 UTC (9 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.247: +3 -2 lines
Diff to previous 1.247 (colored)
standardise on NI_MAXHOST for gethostname() string lengths; about 1/2 the cases were using it already. Fixes bz#2239 en passant
Revision 1.247 / (download) - annotate - [select for diffs], Tue Jun 24 01:13:21 2014 UTC (9 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.246: +11 -9 lines
Diff to previous 1.246 (colored)
New key API: refactor key-related functions to be more library-like, existing API is offered as a set of wrappers. with and ok markus@ Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago.
Revision 1.246 / (download) - annotate - [select for diffs], Tue Apr 29 18:01:49 2014 UTC (10 years ago) by markus
Branch: MAIN
Changes since 1.245: +15 -1 lines
Diff to previous 1.245 (colored)
make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
Revision 1.245 / (download) - annotate - [select for diffs], Mon Apr 28 03:09:18 2014 UTC (10 years ago) by djm
Branch: MAIN
Changes since 1.244: +6 -6 lines
Diff to previous 1.244 (colored)
buffer_get_string_ptr's return should be const to remind callers that futzing with it will futz with the actual buffer contents
Revision 1.244 / (download) - annotate - [select for diffs], Sun Apr 20 09:24:26 2014 UTC (10 years ago) by logan
Branch: MAIN
Changes since 1.243: +3 -2 lines
Diff to previous 1.243 (colored)
Add support for SSHFP DNS records for ED25519 key types. OK from djm@
Revision 1.243 / (download) - annotate - [select for diffs], Sat Mar 15 17:28:26 2014 UTC (10 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.242: +28 -49 lines
Diff to previous 1.242 (colored)
Improve usage() and documentation towards the standard form. In particular,
this line saves a lot of man page reading time.
usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1]
[-N new_passphrase] [-C comment] [-f output_keyfile]
ok schwarze jmc
Revision 1.242 / (download) - annotate - [select for diffs], Wed Mar 12 04:50:32 2014 UTC (10 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.241: +2 -2 lines
Diff to previous 1.241 (colored)
don't count on things that accept arguments by reference to clear things for us on error; most things do, but it's unsafe form.
Revision 1.241 / (download) - annotate - [select for diffs], Wed Feb 5 20:13:25 2014 UTC (10 years, 2 months ago) by naddy
Branch: MAIN
CVS Tags: OPENBSD_5_5_BASE,
OPENBSD_5_5
Changes since 1.240: +2 -2 lines
Diff to previous 1.240 (colored)
tweak synopsis: calling ssh-keygen without any arguments is fine; ok jmc@ while here, fix ordering in usage(); requested by jmc@
Revision 1.240 / (download) - annotate - [select for diffs], Sun Feb 2 03:44:31 2014 UTC (10 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.239: +17 -17 lines
Diff to previous 1.239 (colored)
convert memset of potentially-private data to explicit_bzero()
Revision 1.239 / (download) - annotate - [select for diffs], Fri Jan 31 16:39:19 2014 UTC (10 years, 3 months ago) by tedu
Branch: MAIN
Changes since 1.238: +2 -2 lines
Diff to previous 1.238 (colored)
replace most bzero with explicit_bzero, except a few that cna be memset ok djm dtucker
Revision 1.238 / (download) - annotate - [select for diffs], Fri Dec 6 13:39:49 2013 UTC (10 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.237: +8 -3 lines
Diff to previous 1.237 (colored)
support ed25519 keys (hostkeys and user identities) using the public domain ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html feedback, help & ok djm@
Revision 1.237 / (download) - annotate - [select for diffs], Fri Dec 6 13:34:54 2013 UTC (10 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.236: +38 -13 lines
Diff to previous 1.236 (colored)
new private key format, bcrypt as KDF by default; details in PROTOCOL.key; feedback and lots help from djm; ok djm@
Revision 1.236 / (download) - annotate - [select for diffs], Fri Dec 6 03:40:51 2013 UTC (10 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.235: +3 -2 lines
Diff to previous 1.235 (colored)
remove duplicated character ('g') in getopt() string;
document the (few) remaining option characters so we don't have to rummage
next time.
Revision 1.235 / (download) - annotate - [select for diffs], Wed Oct 23 04:16:22 2013 UTC (10 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.234: +2 -2 lines
Diff to previous 1.234 (colored)
Make code match documentation: relative-specified certificate expiry time should be relative to current time and not the validity start time. Reported by Petr Lautrbach; ok deraadt@
Revision 1.234 / (download) - annotate - [select for diffs], Mon Sep 2 22:00:34 2013 UTC (10 years, 8 months ago) by deraadt
Branch: MAIN
Changes since 1.233: +1 -6 lines
Diff to previous 1.233 (colored)
All the instances of arc4random_stir() are bogus, since arc4random() does this itself, inside itself, and has for a very long time.. Actually, this was probably reducing the entropy available. ok djm
Revision 1.233 / (download) - annotate - [select for diffs], Wed Aug 28 12:34:27 2013 UTC (10 years, 8 months ago) by mikeb
Branch: MAIN
Changes since 1.232: +15 -10 lines
Diff to previous 1.232 (colored)
improve batch processing a bit by making use of the quite flag a bit more often and exit with a non zero code if asked to find a hostname in a known_hosts file and it wasn't there; originally from reyk@, ok djm
Revision 1.232 / (download) - annotate - [select for diffs], Tue Aug 13 18:33:08 2013 UTC (10 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.231: +2 -2 lines
Diff to previous 1.231 (colored)
another of the same typo
Revision 1.231 / (download) - annotate - [select for diffs], Tue Aug 13 18:32:08 2013 UTC (10 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.230: +2 -2 lines
Diff to previous 1.230 (colored)
typo in error message; from Stephan Rickauer
Revision 1.230 / (download) - annotate - [select for diffs], Sat Jul 20 01:44:37 2013 UTC (10 years, 9 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_4_BASE,
OPENBSD_5_4
Changes since 1.229: +2 -2 lines
Diff to previous 1.229 (colored)
More useful error message on missing current user in /etc/passwd
Revision 1.229 / (download) - annotate - [select for diffs], Fri Jul 12 05:42:03 2013 UTC (10 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.228: +2 -2 lines
Diff to previous 1.228 (colored)
do_print_resource_record() can never be called with a NULL filename, so don't attempt (and bungle) asking for one if it has not been specified bz#2127 ok dtucker@
Revision 1.228 / (download) - annotate - [select for diffs], Fri Jul 12 00:20:00 2013 UTC (10 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.227: +4 -3 lines
Diff to previous 1.227 (colored)
fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@
Revision 1.227 / (download) - annotate - [select for diffs], Fri May 17 00:13:14 2013 UTC (10 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.226: +52 -52 lines
Diff to previous 1.226 (colored)
bye, bye xfree(); ok markus@
Revision 1.226 / (download) - annotate - [select for diffs], Fri Apr 19 01:01:00 2013 UTC (11 years ago) by djm
Branch: MAIN
Changes since 1.225: +4 -1 lines
Diff to previous 1.225 (colored)
fix some memory leaks; bz#2088 ok dtucker@
Revision 1.225 / (download) - annotate - [select for diffs], Sun Feb 10 23:32:10 2013 UTC (11 years, 2 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_3_BASE,
OPENBSD_5_3
Changes since 1.224: +2 -2 lines
Diff to previous 1.224 (colored)
append to moduli file when screening candidates rather than overwriting. allows resumption of interrupted screen; patch from Christophe Garault in bz#1957; ok dtucker@
Revision 1.224 / (download) - annotate - [select for diffs], Fri Jan 18 07:59:46 2013 UTC (11 years, 3 months ago) by jmc
Branch: MAIN
Changes since 1.223: +2 -2 lines
Diff to previous 1.223 (colored)
-u before -V in usage();
Revision 1.223 / (download) - annotate - [select for diffs], Thu Jan 17 23:00:01 2013 UTC (11 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.222: +250 -7 lines
Diff to previous 1.222 (colored)
add support for Key Revocation Lists (KRLs). These are a compact way to represent lists of revoked keys and certificates, taking as little as a single bit of incremental cost to revoke a certificate by serial number. KRLs are loaded via the existing RevokedKeys sshd_config option. feedback and ok markus@
Revision 1.222 / (download) - annotate - [select for diffs], Wed Jan 9 05:40:17 2013 UTC (11 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.221: +4 -1 lines
Diff to previous 1.221 (colored)
correctly initialise fingerprint type for fingerprinting PKCS#11 keys
Revision 1.221 / (download) - annotate - [select for diffs], Thu Jan 3 23:22:58 2013 UTC (11 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.220: +21 -6 lines
Diff to previous 1.220 (colored)
allow fingerprinting of keys hosted in PKCS#11 tokens: ssh-keygen -lD ... ok markus@
Revision 1.220 / (download) - annotate - [select for diffs], Mon Dec 3 00:14:06 2012 UTC (11 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.219: +2 -2 lines
Diff to previous 1.219 (colored)
Fix compilation with -Wall -Werror (trivial type fixes)
Revision 1.219 / (download) - annotate - [select for diffs], Wed Nov 14 02:32:15 2012 UTC (11 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.218: +7 -5 lines
Diff to previous 1.218 (colored)
allow the full range of unsigned serial numbers; 'fine' deraadt@
Revision 1.218 / (download) - annotate - [select for diffs], Tue Oct 2 07:07:45 2012 UTC (11 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.217: +2 -2 lines
Diff to previous 1.217 (colored)
fix -z option, broken in revision 1.215
Revision 1.217 / (download) - annotate - [select for diffs], Fri Aug 17 01:25:58 2012 UTC (11 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.216: +17 -5 lines
Diff to previous 1.216 (colored)
print details of which host lines were deleted when using "ssh-keygen -R host"; ok markus@
Revision 1.216 / (download) - annotate - [select for diffs], Fri Jul 6 06:38:03 2012 UTC (11 years, 9 months ago) by jmc
Branch: MAIN
CVS Tags: OPENBSD_5_2_BASE,
OPENBSD_5_2
Changes since 1.215: +2 -2 lines
Diff to previous 1.215 (colored)
missing full stop in usage();
Revision 1.215 / (download) - annotate - [select for diffs], Fri Jul 6 00:41:59 2012 UTC (11 years, 9 months ago) by dtucker
Branch: MAIN
Changes since 1.214: +16 -6 lines
Diff to previous 1.214 (colored)
Add options to specify starting line number and number of lines to process when screening moduli candidates. This allows processing of different parts of a candidate moduli file in parallel. man page help jmc@, ok djm@
Revision 1.214 / (download) - annotate - [select for diffs], Wed May 23 03:28:28 2012 UTC (11 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.213: +3 -1 lines
Diff to previous 1.213 (colored)
add support for RFC6594 SSHFP DNS records for ECDSA key types. patch from bugzilla-m67 AT nulld.me in bz#1978; ok + tweak markus@
Revision 1.213 / (download) - annotate - [select for diffs], Wed Feb 29 11:21:26 2012 UTC (12 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.212: +7 -5 lines
Diff to previous 1.212 (colored)
allow conversion of RSA1 keys to public PEM and PKCS8; "nice" markus@
Revision 1.212 / (download) - annotate - [select for diffs], Sun Oct 16 15:02:41 2011 UTC (12 years, 6 months ago) by jmc
Branch: MAIN
CVS Tags: OPENBSD_5_1_BASE,
OPENBSD_5_1
Changes since 1.211: +2 -2 lines
Diff to previous 1.211 (colored)
put -K in the right place (usage());
Revision 1.211 / (download) - annotate - [select for diffs], Sun Oct 16 11:02:46 2011 UTC (12 years, 6 months ago) by dtucker
Branch: MAIN
Changes since 1.210: +12 -4 lines
Diff to previous 1.210 (colored)
Add optional checkpoints for moduli screening. feedback & ok deraadt
Revision 1.210 / (download) - annotate - [select for diffs], Mon Apr 18 00:46:05 2011 UTC (13 years ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_0_BASE,
OPENBSD_5_0
Changes since 1.209: +4 -4 lines
Diff to previous 1.209 (colored)
certificate options are supposed to be packed in lexical order of option name (though we don't actually enforce this at present). Move one up that was out of sequence
Revision 1.209 / (download) - annotate - [select for diffs], Tue Apr 12 04:23:50 2011 UTC (13 years ago) by djm
Branch: MAIN
Changes since 1.208: +10 -10 lines
Diff to previous 1.208 (colored)
fix -Wshadow
Revision 1.208 / (download) - annotate - [select for diffs], Thu Mar 24 22:14:54 2011 UTC (13 years, 1 month ago) by stevesk
Branch: MAIN
Changes since 1.207: +2 -2 lines
Diff to previous 1.207 (colored)
use strcasecmp() for "clear" cert permission option also; ok djm
Revision 1.207 / (download) - annotate - [select for diffs], Wed Mar 23 16:50:04 2011 UTC (13 years, 1 month ago) by stevesk
Branch: MAIN
Changes since 1.206: +2 -5 lines
Diff to previous 1.206 (colored)
remove -d, documentation removed >10 years ago; ok markus
Revision 1.206 / (download) - annotate - [select for diffs], Wed Mar 23 15:16:22 2011 UTC (13 years, 1 month ago) by stevesk
Branch: MAIN
Changes since 1.205: +138 -28 lines
Diff to previous 1.205 (colored)
Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys do not exist, generate the host keys with the default key file path, an empty passphrase, default bits for the key type, and default comment. This will be used by /etc/rc to generate new host keys. Idea from deraadt. ok deraadt
Revision 1.205 / (download) - annotate - [select for diffs], Tue Jan 11 06:13:10 2011 UTC (13 years, 3 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_9_BASE,
OPENBSD_4_9
Changes since 1.204: +7 -4 lines
Diff to previous 1.204 (colored)
some unsigned long long casts that make things a bit easier for portable without resorting to dropping PRIu64 formats everywhere
Revision 1.204 / (download) - annotate - [select for diffs], Thu Oct 28 11:22:09 2010 UTC (13 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.203: +2 -3 lines
Diff to previous 1.203 (colored)
fix a possible NULL deref on loading a corrupt ECDH key store ECDH group information in private keys files as "named groups" rather than as a set of explicit group parameters (by setting the OPENSSL_EC_NAMED_CURVE flag). This makes for shorter key files and retrieves the group's OpenSSL NID that we need for various things.
Revision 1.203 / (download) - annotate - [select for diffs], Thu Sep 2 17:21:50 2010 UTC (13 years, 8 months ago) by naddy
Branch: MAIN
Changes since 1.202: +2 -2 lines
Diff to previous 1.202 (colored)
Switch ECDSA default key size to 256 bits, which according to RFC5656 should still be better than our current RSA-2048 default. ok djm@, markus@
Revision 1.202 / (download) - annotate - [select for diffs], Thu Sep 2 16:07:25 2010 UTC (13 years, 8 months ago) by markus
Branch: MAIN
Changes since 1.201: +4 -2 lines
Diff to previous 1.201 (colored)
permit -b 256, 384 or 521 as key size for ECDSA; ok djm@
Revision 1.201 / (download) - annotate - [select for diffs], Tue Aug 31 12:33:38 2010 UTC (13 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.200: +2 -2 lines
Diff to previous 1.200 (colored)
reintroduce commit from tedu@, which I pulled out for release engineering: OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
Revision 1.200 / (download) - annotate - [select for diffs], Tue Aug 31 11:54:45 2010 UTC (13 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.199: +36 -4 lines
Diff to previous 1.199 (colored)
Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer better performance than plain DH and DSA at the same equivalent symmetric key length, as well as much shorter keys. Only the mandatory sections of RFC5656 are implemented, specifically the three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and ECDSA. Point compression (optional in RFC5656 is NOT implemented). Certificate host and user keys using the new ECDSA key types are supported. Note that this code has not been tested for interoperability and may be subject to change. feedback and ok markus@
Revision 1.199 / (download) - annotate - [select for diffs], Mon Aug 16 04:06:06 2010 UTC (13 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.198: +1 -1 lines
Diff to previous 1.198 (colored)
backout previous temporarily; discussed with deraadt@
Revision 1.198 / (download) - annotate - [select for diffs], Thu Aug 12 23:34:38 2010 UTC (13 years, 8 months ago) by tedu
Branch: MAIN
Changes since 1.197: +2 -2 lines
Diff to previous 1.197 (colored)
OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
Revision 1.197 / (download) - annotate - [select for diffs], Wed Aug 4 06:07:11 2010 UTC (13 years, 9 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_8_BASE,
OPENBSD_4_8
Changes since 1.196: +45 -10 lines
Diff to previous 1.196 (colored)
Support CA keys in PKCS#11 tokens; feedback and ok markus@
Revision 1.196 / (download) - annotate - [select for diffs], Wed Aug 4 05:40:39 2010 UTC (13 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.195: +7 -7 lines
Diff to previous 1.195 (colored)
tighten the rules for certificate encoding by requiring that options appear in lexical order and make our ssh-keygen comply. ok markus@
Revision 1.195 / (download) - annotate - [select for diffs], Fri Jul 16 04:45:30 2010 UTC (13 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.194: +2 -2 lines
Diff to previous 1.194 (colored)
avoid bogus compiler warning
Revision 1.194 / (download) - annotate - [select for diffs], Wed Jun 30 07:26:03 2010 UTC (13 years, 10 months ago) by jmc
Branch: MAIN
Changes since 1.193: +4 -4 lines
Diff to previous 1.193 (colored)
sort usage();
Revision 1.193 / (download) - annotate - [select for diffs], Tue Jun 29 23:15:30 2010 UTC (13 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.192: +228 -53 lines
Diff to previous 1.192 (colored)
allow import (-i) and export (-e) of PEM and PKCS#8 encoded keys; bz#1749; ok markus@
Revision 1.192 / (download) - annotate - [select for diffs], Wed Jun 23 02:59:02 2010 UTC (13 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.191: +46 -50 lines
Diff to previous 1.191 (colored)
fix printing of extensions in v01 certificates that I broke in r1.190
Revision 1.191 / (download) - annotate - [select for diffs], Tue Jun 22 04:32:06 2010 UTC (13 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.190: +61 -65 lines
Diff to previous 1.190 (colored)
standardise error messages when attempting to open private key files to include "progname: filename: error reason" bz#1783; ok dtucker@
Revision 1.190 / (download) - annotate - [select for diffs], Thu May 20 23:46:02 2010 UTC (13 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.189: +55 -39 lines
Diff to previous 1.189 (colored)
Move the permit-* options to the non-critical "extensions" field for v01 certificates. The logic is that if another implementation fails to implement them then the connection just loses features rather than fails outright. ok markus@
Revision 1.189 / (download) - annotate - [select for diffs], Fri Apr 23 22:48:31 2010 UTC (14 years ago) by djm
Branch: MAIN
Changes since 1.188: +8 -1 lines
Diff to previous 1.188 (colored)
refuse to generate keys longer than OPENSSL_[RD]SA_MAX_MODULUS_BITS, since we would refuse to use them anyway. bz#1516; ok dtucker@
Revision 1.188 / (download) - annotate - [select for diffs], Fri Apr 23 01:47:41 2010 UTC (14 years ago) by djm
Branch: MAIN
Changes since 1.187: +14 -8 lines
Diff to previous 1.187 (colored)
bz#1740: display a more helpful error message when $HOME is inaccessible while trying to create .ssh directory. Based on patch from jchadima AT redhat.com; ok dtucker@
Revision 1.187 / (download) - annotate - [select for diffs], Fri Apr 16 06:47:04 2010 UTC (14 years ago) by jmc
Branch: MAIN
Changes since 1.186: +3 -2 lines
Diff to previous 1.186 (colored)
tweak previous; ok djm
Revision 1.186 / (download) - annotate - [select for diffs], Fri Apr 16 01:47:26 2010 UTC (14 years ago) by djm
Branch: MAIN
Changes since 1.185: +146 -89 lines
Diff to previous 1.185 (colored)
revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with the
following changes:
move the nonce field to the beginning of the certificate where it can
better protect against chosen-prefix attacks on the signature hash
Rename "constraints" field to "critical options"
Add a new non-critical "extensions" field
Add a serial number
The older format is still support for authentication and cert generation
(use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate)
ok markus@
Revision 1.185 / (download) - annotate - [select for diffs], Mon Mar 15 19:40:02 2010 UTC (14 years, 1 month ago) by stevesk
Branch: MAIN
CVS Tags: OPENBSD_4_7_BASE,
OPENBSD_4_7
Changes since 1.184: +3 -2 lines
Diff to previous 1.184 (colored)
also print certificate type (user or host) for ssh-keygen -L ok djm kettenis
Revision 1.184 / (download) - annotate - [select for diffs], Sun Mar 7 22:16:01 2010 UTC (14 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.183: +5 -5 lines
Diff to previous 1.183 (colored)
make internal strptime string match strftime format; suggested by vinschen AT redhat.com and markus@
Revision 1.183 / (download) - annotate - [select for diffs], Thu Mar 4 23:27:25 2010 UTC (14 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.182: +2 -2 lines
Diff to previous 1.182 (colored)
"force-command" is not spelled "forced-command"; spotted by imorgan AT nas.nasa.gov
Revision 1.182 / (download) - annotate - [select for diffs], Thu Mar 4 20:35:08 2010 UTC (14 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.181: +103 -12 lines
Diff to previous 1.181 (colored)
Add a -L flag to print the contents of a certificate; ok markus@
Revision 1.181 / (download) - annotate - [select for diffs], Thu Mar 4 10:36:03 2010 UTC (14 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.180: +2 -2 lines
Diff to previous 1.180 (colored)
Add a TrustedUserCAKeys option to sshd_config to specify CA keys that are trusted to authenticate users (in addition than doing it per-user in authorized_keys). Add a RevokedKeys option to sshd_config and a @revoked marker to known_hosts to allow keys to me revoked and banned for user or host authentication. feedback and ok markus@
Revision 1.180 / (download) - annotate - [select for diffs], Tue Mar 2 23:20:57 2010 UTC (14 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.179: +20 -4 lines
Diff to previous 1.179 (colored)
POSIX strptime is stricter than OpenBSD's so do a little dance to appease it.
Revision 1.179 / (download) - annotate - [select for diffs], Fri Feb 26 20:29:54 2010 UTC (14 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.178: +404 -29 lines
Diff to previous 1.178 (colored)
Add support for certificate key types for users and hosts. OpenSSH certificate key types are not X.509 certificates, but a much simpler format that encodes a public key, identity information and some validity constraints and signs it with a CA key. CA keys are regular SSH keys. This certificate style avoids the attack surface of X.509 certificates and is very easy to deploy. Certified host keys allow automatic acceptance of new host keys when a CA certificate is marked as trusted in ~/.ssh/known_hosts. see VERIFYING HOST KEYS in ssh(1) for details. Certified user keys allow authentication of users when the signing CA key is marked as trusted in authorized_keys. See "AUTHORIZED_KEYS FILE FORMAT" in sshd(8) for details. Certificates are minted using ssh-keygen(1), documentation is in the "CERTIFICATES" section of that manpage. Documentation on the format of certificates is in the file PROTOCOL.certkeys feedback and ok markus@
Revision 1.178 / (download) - annotate - [select for diffs], Tue Feb 9 00:50:59 2010 UTC (14 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.177: +2 -2 lines
Diff to previous 1.177 (colored)
fix -Wall
Revision 1.177 / (download) - annotate - [select for diffs], Mon Feb 8 10:50:20 2010 UTC (14 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.176: +24 -60 lines
Diff to previous 1.176 (colored)
replace our obsolete smartcard code with PKCS#11. ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11 provider (shared library) while ssh-agent(1) delegates PKCS#11 to a forked a ssh-pkcs11-helper process. PKCS#11 is currently a compile time option. feedback and ok djm@; inspired by patches from Alon Bar-Lev
Revision 1.176 / (download) - annotate - [select for diffs], Mon Jan 11 10:51:07 2010 UTC (14 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.175: +8 -4 lines
Diff to previous 1.175 (colored)
when converting keys, truncate key comments at 72 chars as per RFC4716; bz#1630 reported by tj AT castaglia.org; ok markus@
Revision 1.175 / (download) - annotate - [select for diffs], Thu Aug 27 17:33:49 2009 UTC (14 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.174: +4 -4 lines
Diff to previous 1.174 (colored)
force use of correct hash function for random-art signature display as it was inheriting the wrong one when bubblebabble signatures were activated; bz#1611 report and patch from fwojcik+openssh AT besh.com; ok markus@
Revision 1.174 / (download) - annotate - [select for diffs], Mon Jun 22 05:39:28 2009 UTC (14 years, 10 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_4_6_BASE,
OPENBSD_4_6
Changes since 1.173: +2 -2 lines
Diff to previous 1.173 (colored)
alphabetize includes; reduces diff vs portable and style(9). ok stevesk djm
Revision 1.173 / (download) - annotate - [select for diffs], Sat Feb 21 19:32:04 2009 UTC (15 years, 2 months ago) by tobias
Branch: MAIN
CVS Tags: OPENBSD_4_5_BASE,
OPENBSD_4_5
Changes since 1.172: +8 -8 lines
Diff to previous 1.172 (colored)
Added missing newlines in error messages. ok dtucker
Revision 1.172 / (download) - annotate - [select for diffs], Fri Nov 7 00:42:12 2008 UTC (15 years, 5 months ago) by stevesk
Branch: MAIN
Changes since 1.171: +2 -2 lines
Diff to previous 1.171 (colored)
spelling/typo in comment
Revision 1.171 / (download) - annotate - [select for diffs], Sun Jul 13 21:22:52 2008 UTC (15 years, 9 months ago) by sthen
Branch: MAIN
CVS Tags: OPENBSD_4_4_BASE,
OPENBSD_4_4
Changes since 1.170: +5 -3 lines
Diff to previous 1.170 (colored)
Change "ssh-keygen -F [host] -l" to not display random art unless -v is also specified, making it consistent with the manual and other uses of -l. ok grunk@
Revision 1.170 / (download) - annotate - [select for diffs], Thu Jun 12 21:14:46 2008 UTC (15 years, 10 months ago) by grunk
Branch: MAIN
Changes since 1.169: +7 -5 lines
Diff to previous 1.169 (colored)
make ssh-keygen -lf show the key type just as ssh-add -l would do it ok djm@ markus@
Revision 1.169 / (download) - annotate - [select for diffs], Wed Jun 11 22:20:46 2008 UTC (15 years, 10 months ago) by grunk
Branch: MAIN
Changes since 1.168: +7 -4 lines
Diff to previous 1.168 (colored)
ssh-keygen would write fingerprints to STDOUT, and random art to STDERR, that is not how it was envisioned. Also correct manpage saying that -v is needed along with -l for it to work. spotted by naddy@
Revision 1.168 / (download) - annotate - [select for diffs], Wed Jun 11 21:38:25 2008 UTC (15 years, 10 months ago) by grunk
Branch: MAIN
Changes since 1.167: +3 -3 lines
Diff to previous 1.167 (colored)
ssh-keygen -lv -f /etc/ssh/ssh_host_rsa_key.pub would not display you the random art as intended, spotted by canacar@
Revision 1.167 / (download) - annotate - [select for diffs], Wed Jun 11 21:01:35 2008 UTC (15 years, 10 months ago) by grunk
Branch: MAIN
Changes since 1.166: +17 -4 lines
Diff to previous 1.166 (colored)
Introduce SSH Fingerprint ASCII Visualization, a technique inspired by the graphical hash visualization schemes known as "random art", and by Dan Kaminsky's musings on the subject during a BlackOp talk at the 23C3 in Berlin. Scientific publication (original paper): "Hash Visualization: a New Technique to improve Real-World Security", Perrig A. and Song D., 1999, International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC '99) http://sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf The algorithm used here is a worm crawling over a discrete plane, leaving a trace (augmenting the field) everywhere it goes. Movement is taken from dgst_raw 2bit-wise. Bumping into walls makes the respective movement vector be ignored for this turn, thus switching to the other color of the chessboard. Graphs are not unambiguous for now, because circles in graphs can be walked in either direction. discussions with several people, help, corrections and ok markus@ djm@
Revision 1.166 / (download) - annotate - [select for diffs], Mon May 19 15:46:31 2008 UTC (15 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.165: +23 -7 lines
Diff to previous 1.165 (colored)
support -l (print fingerprint) in combination with -F (find host) to search for a host in ~/.ssh/known_hosts and display its fingerprint; ok markus@
Revision 1.165 / (download) - annotate - [select for diffs], Sat Jan 19 22:37:19 2008 UTC (16 years, 3 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_3_BASE,
OPENBSD_4_3
Changes since 1.164: +7 -6 lines
Diff to previous 1.164 (colored)
unbreak line numbering (broken in revision 1.164), fix error message
Revision 1.164 / (download) - annotate - [select for diffs], Sat Jan 19 22:22:58 2008 UTC (16 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.163: +4 -3 lines
Diff to previous 1.163 (colored)
when hashing individual hosts (ssh-keygen -Hf hostname), make sure we hash just the specified hostname and not the entire hostspec from the keyfile. It may be of the form "hostname,ipaddr", which would lead to a hash that never matches. report and fix from jp AT devnull.cz
Revision 1.163 / (download) - annotate - [select for diffs], Tue Oct 2 17:49:58 2007 UTC (16 years, 7 months ago) by chl
Branch: MAIN
Changes since 1.162: +7 -9 lines
Diff to previous 1.162 (colored)
handles zero-sized strings that fgets can return properly removes trailing newline removes an unused variable correctly counts line number "looks ok" ray@ markus@
Revision 1.162 / (download) - annotate - [select for diffs], Tue Sep 11 15:47:17 2007 UTC (16 years, 7 months ago) by gilles
Branch: MAIN
Changes since 1.161: +3 -5 lines
Diff to previous 1.161 (colored)
use strcspn to properly overwrite '\n' in fgets returned buffer ok pyr@, ray@, millert@, moritz@, chl@
Revision 1.161 / (download) - annotate - [select for diffs], Sun Sep 9 11:38:01 2007 UTC (16 years, 7 months ago) by sobrado
Branch: MAIN
Changes since 1.160: +2 -2 lines
Diff to previous 1.160 (colored)
sort synopsis and options in ssh-agent(1); usage is lowercase ok jmc@
Revision 1.160 / (download) - annotate - [select for diffs], Sun Jan 21 01:41:54 2007 UTC (17 years, 3 months ago) by stevesk
Branch: MAIN
CVS Tags: OPENBSD_4_2_BASE,
OPENBSD_4_2,
OPENBSD_4_1_BASE,
OPENBSD_4_1
Changes since 1.159: +3 -3 lines
Diff to previous 1.159 (colored)
spaces
Revision 1.159 / (download) - annotate - [select for diffs], Fri Jan 12 20:20:41 2007 UTC (17 years, 3 months ago) by jmc
Branch: MAIN
Changes since 1.158: +3 -3 lines
Diff to previous 1.158 (colored)
more secsh -> rfc 4716 updates; spotted by wiz@netbsd ok markus
Revision 1.158 / (download) - annotate - [select for diffs], Wed Jan 3 03:01:40 2007 UTC (17 years, 4 months ago) by stevesk
Branch: MAIN
Changes since 1.157: +3 -3 lines
Diff to previous 1.157 (colored)
spaces
Revision 1.157 / (download) - annotate - [select for diffs], Wed Jan 3 00:53:38 2007 UTC (17 years, 4 months ago) by stevesk
Branch: MAIN
Changes since 1.156: +3 -4 lines
Diff to previous 1.156 (colored)
remove small dead code; arnaud.lacombe.1@ulaval.ca via Coverity scan
Revision 1.156 / (download) - annotate - [select for diffs], Tue Nov 14 19:41:04 2006 UTC (17 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.155: +6 -6 lines
Diff to previous 1.155 (colored)
use argc and argv not some made up short form
Revision 1.128.2.3 / (download) - annotate - [select for diffs], Wed Nov 8 00:44:05 2006 UTC (17 years, 5 months ago) by brad
Branch: OPENBSD_3_8
Changes since 1.128.2.2: +3 -2 lines
Diff to previous 1.128.2.2 (colored) to branchpoint 1.128 (colored) next main 1.129 (colored)
upgrade to OpenSSH 4.5
Revision 1.154.4.1 / (download) - annotate - [select for diffs], Wed Nov 8 00:42:11 2006 UTC (17 years, 5 months ago) by brad
Branch: OPENBSD_4_0
Changes since 1.154: +3 -2 lines
Diff to previous 1.154 (colored) next main 1.155 (colored)
upgrade to OpenSSH 4.5
Revision 1.136.2.2 / (download) - annotate - [select for diffs], Wed Nov 8 00:17:14 2006 UTC (17 years, 5 months ago) by brad
Branch: OPENBSD_3_9
Changes since 1.136.2.1: +3 -2 lines
Diff to previous 1.136.2.1 (colored) to branchpoint 1.136 (colored) next main 1.137 (colored)
upgrade to OpenSSH 4.5
Revision 1.155 / (download) - annotate - [select for diffs], Mon Nov 6 21:25:28 2006 UTC (17 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.154: +3 -2 lines
Diff to previous 1.154 (colored)
add missing checks for openssl return codes; with & ok djm@
Revision 1.128.2.2 / (download) - annotate - [select for diffs], Fri Oct 6 03:19:33 2006 UTC (17 years, 6 months ago) by brad
Branch: OPENBSD_3_8
Changes since 1.128.2.1: +90 -28 lines
Diff to previous 1.128.2.1 (colored) to branchpoint 1.128 (colored)
upgrade to OpenSSH 4.4
Revision 1.136.2.1 / (download) - annotate - [select for diffs], Sat Sep 30 04:06:51 2006 UTC (17 years, 7 months ago) by brad
Branch: OPENBSD_3_9
Changes since 1.136: +88 -29 lines
Diff to previous 1.136 (colored)
upgrade to OpenSSH 4.4
Revision 1.154 / (download) - annotate - [select for diffs], Thu Aug 3 03:34:42 2006 UTC (17 years, 9 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_4_0_BASE
Branch point for: OPENBSD_4_0
Changes since 1.153: +2 -4 lines
Diff to previous 1.153 (colored)
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
Revision 1.153 / (download) - annotate - [select for diffs], Tue Aug 1 23:22:47 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.152: +2 -1 lines
Diff to previous 1.152 (colored)
move #include <stdio.h> out of includes.h
Revision 1.152 / (download) - annotate - [select for diffs], Wed Jul 26 13:57:17 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.151: +2 -1 lines
Diff to previous 1.151 (colored)
move #include <stdlib.h> out of includes.h
Revision 1.151 / (download) - annotate - [select for diffs], Wed Jul 26 02:35:17 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.150: +2 -1 lines
Diff to previous 1.150 (colored)
move #include <sys/param.h> out of includes.h
Revision 1.150 / (download) - annotate - [select for diffs], Sat Jul 22 20:48:23 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.149: +2 -1 lines
Diff to previous 1.149 (colored)
move #include <string.h> out of includes.h
Revision 1.149 / (download) - annotate - [select for diffs], Mon Jul 17 01:31:10 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.148: +2 -1 lines
Diff to previous 1.148 (colored)
move #include <unistd.h> out of includes.h
Revision 1.148 / (download) - annotate - [select for diffs], Tue Jul 11 20:07:25 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.147: +2 -1 lines
Diff to previous 1.147 (colored)
move #include <errno.h> out of includes.h; ok markus@
Revision 1.147 / (download) - annotate - [select for diffs], Sun Jul 9 15:15:11 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.146: +2 -1 lines
Diff to previous 1.146 (colored)
move #include <fcntl.h> out of includes.h
Revision 1.146 / (download) - annotate - [select for diffs], Thu Jul 6 16:22:39 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.145: +2 -2 lines
Diff to previous 1.145 (colored)
move #include "dns.h" up
Revision 1.145 / (download) - annotate - [select for diffs], Thu Jul 6 16:03:53 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.144: +3 -1 lines
Diff to previous 1.144 (colored)
move #include <pwd.h> out of includes.h; ok markus@
Revision 1.144 / (download) - annotate - [select for diffs], Wed May 17 12:43:34 2006 UTC (17 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.143: +4 -2 lines
Diff to previous 1.143 (colored)
fix leak; coverity via Kylene Jo Hall
Revision 1.143 / (download) - annotate - [select for diffs], Thu Mar 30 11:05:17 2006 UTC (18 years, 1 month ago) by dtucker
Branch: MAIN
Changes since 1.142: +3 -1 lines
Diff to previous 1.142 (colored)
Correctly handle truncated files while converting keys; ok djm@
Revision 1.142 / (download) - annotate - [select for diffs], Sat Mar 25 18:40:14 2006 UTC (18 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.141: +6 -5 lines
Diff to previous 1.141 (colored)
cast strtonum() result to right type
Revision 1.141 / (download) - annotate - [select for diffs], Sat Mar 25 13:17:02 2006 UTC (18 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.140: +1 -0 lines
Diff to previous 1.140 (colored)
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
Revision 1.140 / (download) - annotate - [select for diffs], Mon Mar 20 18:26:55 2006 UTC (18 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.139: +4 -3 lines
Diff to previous 1.139 (colored)
annoying spacing fixes getting in the way of real diffs
Revision 1.139 / (download) - annotate - [select for diffs], Sun Mar 19 18:51:18 2006 UTC (18 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.138: +0 -1 lines
Diff to previous 1.138 (colored)
RCSID() can die
Revision 1.138 / (download) - annotate - [select for diffs], Wed Mar 15 08:46:44 2006 UTC (18 years, 1 month ago) by jakob
Branch: MAIN
Changes since 1.137: +32 -10 lines
Diff to previous 1.137 (colored)
if no key file are given when printing the DNS host record, use the host key file(s) as default. ok djm@
Revision 1.137 / (download) - annotate - [select for diffs], Mon Mar 13 08:43:16 2006 UTC (18 years, 1 month ago) by dtucker
Branch: MAIN
Changes since 1.136: +33 -9 lines
Diff to previous 1.136 (colored)
Make ssh-keygen handle CR and CRLF line termination when converting IETF format keys, in adition to vanilla LF. mindrot #1157, tested by Chris Pepper, ok djm@
Revision 1.136 / (download) - annotate - [select for diffs], Mon Feb 20 17:19:54 2006 UTC (18 years, 2 months ago) by stevesk
Branch: MAIN
CVS Tags: OPENBSD_3_9_BASE
Branch point for: OPENBSD_3_9
Changes since 1.135: +4 -1 lines
Diff to previous 1.135 (colored)
move #include <sys/stat.h> out of includes.h; ok markus@
Revision 1.128.2.1 / (download) - annotate - [select for diffs], Fri Feb 3 03:01:57 2006 UTC (18 years, 3 months ago) by brad
Branch: OPENBSD_3_8
Changes since 1.128: +21 -11 lines
Diff to previous 1.128 (colored)
upgrade to OpenSSH 4.3
Revision 1.122.2.2 / (download) - annotate - [select for diffs], Fri Feb 3 02:53:45 2006 UTC (18 years, 3 months ago) by brad
Branch: OPENBSD_3_7
Changes since 1.122.2.1: +21 -11 lines
Diff to previous 1.122.2.1 (colored) to branchpoint 1.122 (colored) next main 1.123 (colored)
upgrade to OpenSSH 4.3
Revision 1.135 / (download) - annotate - [select for diffs], Tue Nov 29 02:04:55 2005 UTC (18 years, 5 months ago) by dtucker
Branch: MAIN
Changes since 1.134: +3 -3 lines
Diff to previous 1.134 (colored)
Populate default key sizes before checking them; from & ok tim@
Revision 1.134 / (download) - annotate - [select for diffs], Mon Nov 28 05:16:53 2005 UTC (18 years, 5 months ago) by dtucker
Branch: MAIN
Changes since 1.133: +4 -2 lines
Diff to previous 1.133 (colored)
Enforce DSA key length of exactly 1024 bits to comply with FIPS-186-2, increase minumum RSA key size to 768 bits and update man page to reflect these. Patch originally bz#1119 (senthilkumar_sen at hotpop.com), ok djm@, grudging ok deraadt@.
Revision 1.133 / (download) - annotate - [select for diffs], Mon Oct 31 11:12:49 2005 UTC (18 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.132: +4 -5 lines
Diff to previous 1.132 (colored)
generate a protocol 2 RSA key by default
Revision 1.132 / (download) - annotate - [select for diffs], Sun Oct 30 08:52:18 2005 UTC (18 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.131: +2 -2 lines
Diff to previous 1.131 (colored)
no need to escape single quotes in comments, no binary change
Revision 1.131 / (download) - annotate - [select for diffs], Fri Oct 14 02:17:59 2005 UTC (18 years, 6 months ago) by stevesk
Branch: MAIN
Changes since 1.130: +3 -3 lines
Diff to previous 1.130 (colored)
no trailing "\n" for log functions; ok djm@
Revision 1.130 / (download) - annotate - [select for diffs], Fri Oct 7 11:13:57 2005 UTC (18 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.129: +9 -3 lines
Diff to previous 1.129 (colored)
change DSA default back to 1024, as it's defined for 1024 bits only and this causes interop problems with other clients. moreover, in order to improve the security of DSA you need to change more components of DSA key generation (e.g. the internal SHA1 hash); ok deraadt
Revision 1.129 / (download) - annotate - [select for diffs], Tue Sep 13 23:40:07 2005 UTC (18 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.128: +4 -1 lines
Diff to previous 1.128 (colored)
ensure that stdio fds are attached; ok deraadt@
Revision 1.122.2.1 / (download) - annotate - [select for diffs], Sun Sep 4 18:40:10 2005 UTC (18 years, 8 months ago) by brad
Branch: OPENBSD_3_7
Changes since 1.122: +51 -31 lines
Diff to previous 1.122 (colored)
upgrade to OpenSSH 4.2
Revision 1.117.2.3 / (download) - annotate - [select for diffs], Fri Sep 2 03:45:01 2005 UTC (18 years, 8 months ago) by brad
Branch: OPENBSD_3_6
Changes since 1.117.2.2: +51 -31 lines
Diff to previous 1.117.2.2 (colored) to branchpoint 1.117 (colored) next main 1.118 (colored)
upgrade to OpenSSH 4.2
Revision 1.128 / (download) - annotate - [select for diffs], Sun Jul 17 07:17:55 2005 UTC (18 years, 9 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_3_8_BASE
Branch point for: OPENBSD_3_8
Changes since 1.127: +2 -2 lines
Diff to previous 1.127 (colored)
knf says that a 2nd level indent is four (not three or five) spaces
Revision 1.127 / (download) - annotate - [select for diffs], Wed Jun 8 03:50:00 2005 UTC (18 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.126: +2 -2 lines
Diff to previous 1.126 (colored)
increase default rsa/dsa key length from 1024 to 2048 bits; ok markus@ deraadt@
Revision 1.117.2.2 / (download) - annotate - [select for diffs], Sun Jun 5 02:22:39 2005 UTC (18 years, 11 months ago) by brad
Branch: OPENBSD_3_6
Changes since 1.117.2.1: +3 -3 lines
Diff to previous 1.117.2.1 (colored) to branchpoint 1.117 (colored)
upgrade to OpenSSH 4.1
Revision 1.126 / (download) - annotate - [select for diffs], Thu May 26 09:08:12 2005 UTC (18 years, 11 months ago) by dtucker
Branch: MAIN
Changes since 1.125: +2 -2 lines
Diff to previous 1.125 (colored)
uint32_t -> u_int32_t for consistency; ok djm@
Revision 1.125 / (download) - annotate - [select for diffs], Tue May 24 02:05:09 2005 UTC (18 years, 11 months ago) by avsm
Branch: MAIN
Changes since 1.124: +6 -7 lines
Diff to previous 1.124 (colored)
some style nits from dmiller@, and use a fatal() instead of a printf()/exit
Revision 1.124 / (download) - annotate - [select for diffs], Mon May 23 22:44:01 2005 UTC (18 years, 11 months ago) by avsm
Branch: MAIN
Changes since 1.123: +30 -16 lines
Diff to previous 1.123 (colored)
- removes signed/unsigned comparisons in moduli generation - use strtonum instead of atoi where its easier - check some strlcpy overflow and fatal instead of truncate
Revision 1.123 / (download) - annotate - [select for diffs], Tue Apr 5 13:45:31 2005 UTC (19 years, 1 month ago) by otto
Branch: MAIN
Changes since 1.122: +20 -13 lines
Diff to previous 1.122 (colored)
sync and sort usage(). ok jmc@ markus@
Revision 1.122 / (download) - annotate - [select for diffs], Fri Mar 11 14:59:06 2005 UTC (19 years, 1 month ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_7_BASE
Branch point for: OPENBSD_3_7
Changes since 1.121: +2 -2 lines
Diff to previous 1.121 (colored)
typo, missing \n; mpech
Revision 1.121 / (download) - annotate - [select for diffs], Thu Mar 10 22:01:06 2005 UTC (19 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.120: +2 -2 lines
Diff to previous 1.120 (colored)
spacing
Revision 1.113.2.2 / (download) - annotate - [select for diffs], Thu Mar 10 17:15:05 2005 UTC (19 years, 1 month ago) by brad
Branch: OPENBSD_3_5
Changes since 1.113.2.1: +226 -10 lines
Diff to previous 1.113.2.1 (colored) to branchpoint 1.113 (colored) next main 1.114 (colored)
upgrade to OpenSSH 4.0
Revision 1.117.2.1 / (download) - annotate - [select for diffs], Thu Mar 10 16:28:28 2005 UTC (19 years, 1 month ago) by brad
Branch: OPENBSD_3_6
Changes since 1.117: +226 -10 lines
Diff to previous 1.117 (colored)
upgrade to OpenSSH 4.0
Revision 1.120 / (download) - annotate - [select for diffs], Wed Mar 2 01:27:41 2005 UTC (19 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.119: +10 -3 lines
Diff to previous 1.119 (colored)
ignore hostnames with metachars when hashing; ok deraadt@
Revision 1.119 / (download) - annotate - [select for diffs], Tue Mar 1 10:42:49 2005 UTC (19 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.118: +218 -10 lines
Diff to previous 1.118 (colored)
add tools for managing known_hosts files with hashed hostnames, including hashing existing files and deleting hosts by name; ok markus@ deraadt@
Revision 1.118 / (download) - annotate - [select for diffs], Thu Dec 23 17:38:07 2004 UTC (19 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.117: +2 -1 lines
Diff to previous 1.117 (colored)
leak; from mpech
Revision 1.108.2.2 / (download) - annotate - [select for diffs], Thu Aug 19 22:37:32 2004 UTC (19 years, 8 months ago) by brad
Branch: OPENBSD_3_4
Changes since 1.108.2.1: +11 -17 lines
Diff to previous 1.108.2.1 (colored) to branchpoint 1.108 (colored) next main 1.109 (colored)
upgrade to OpenSSH 3.9
Revision 1.113.2.1 / (download) - annotate - [select for diffs], Thu Aug 19 04:13:27 2004 UTC (19 years, 8 months ago) by brad
Branch: OPENBSD_3_5
Changes since 1.113: +11 -17 lines
Diff to previous 1.113 (colored)
upgrade to OpenSSH 3.9
Revision 1.117 / (download) - annotate - [select for diffs], Sun Jul 11 17:48:47 2004 UTC (19 years, 9 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_3_6_BASE
Branch point for: OPENBSD_3_6
Changes since 1.116: +2 -2 lines
Diff to previous 1.116 (colored)
spaces
Revision 1.116 / (download) - annotate - [select for diffs], Mon Jun 21 17:36:31 2004 UTC (19 years, 10 months ago) by avsm
Branch: MAIN
Changes since 1.115: +5 -5 lines
Diff to previous 1.115 (colored)
make ssh -Wshadow clean, no functional changes markus@ ok
Revision 1.115 / (download) - annotate - [select for diffs], Sun May 9 00:06:47 2004 UTC (19 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.114: +5 -11 lines
Diff to previous 1.114 (colored)
zap another tiny header; ok deraadt@
Revision 1.114 / (download) - annotate - [select for diffs], Sat May 8 00:21:31 2004 UTC (19 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.113: +2 -2 lines
Diff to previous 1.113 (colored)
kill a tiny header; ok deraadt@
Revision 1.102.2.2 / (download) - annotate - [select for diffs], Thu Mar 4 18:18:16 2004 UTC (20 years, 2 months ago) by brad
Branch: OPENBSD_3_3
Changes since 1.102.2.1: +23 -19 lines
Diff to previous 1.102.2.1 (colored) to branchpoint 1.102 (colored) next main 1.103 (colored)
upgrade to OpenSSH 3.8upgrade to OpenSSH 3.8upgrade to OpenSSH 3.8
Revision 1.108.2.1 / (download) - annotate - [select for diffs], Sat Feb 28 03:51:34 2004 UTC (20 years, 2 months ago) by brad
Branch: OPENBSD_3_4
Changes since 1.108: +23 -19 lines
Diff to previous 1.108 (colored)
upgrade to OpenSSH 3.8
Revision 1.113 / (download) - annotate - [select for diffs], Mon Dec 22 09:16:58 2003 UTC (20 years, 4 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_3_5_BASE
Branch point for: OPENBSD_3_5
Changes since 1.112: +16 -2 lines
Diff to previous 1.112 (colored)
tidy up moduli generation debugging, add -v (verbose/debug) option to ssh-keygen; ok markus@
Revision 1.112 / (download) - annotate - [select for diffs], Sun Nov 23 23:18:45 2003 UTC (20 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.111: +2 -2 lines
Diff to previous 1.111 (colored)
consistency PATH_MAX -> MAXPATHLEN; ok markus@
Revision 1.111 / (download) - annotate - [select for diffs], Fri Nov 21 11:57:03 2003 UTC (20 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.110: +5 -5 lines
Diff to previous 1.110 (colored)
unexpand and delete whitespace at EOL; ok markus@
Revision 1.110 / (download) - annotate - [select for diffs], Tue Oct 14 19:42:10 2003 UTC (20 years, 6 months ago) by jakob
Branch: MAIN
Changes since 1.109: +1 -11 lines
Diff to previous 1.109 (colored)
include SSHFP lookup code (not enabled by default). ok markus@
Revision 1.109 / (download) - annotate - [select for diffs], Thu Sep 18 13:02:21 2003 UTC (20 years, 7 months ago) by miod
Branch: MAIN
Changes since 1.108: +3 -3 lines
Diff to previous 1.108 (colored)
A few signedness fixes for harmless situations; markus@ ok
Revision 1.101.2.2 / (download) - annotate - [select for diffs], Tue Sep 16 21:20:28 2003 UTC (20 years, 7 months ago) by brad
Branch: OPENBSD_3_2
Changes since 1.101.2.1: +141 -5 lines
Diff to previous 1.101.2.1 (colored) to branchpoint 1.101 (colored) next main 1.102 (colored)
upgrade to OpenSSH 3.7
Revision 1.102.2.1 / (download) - annotate - [select for diffs], Tue Sep 16 20:50:44 2003 UTC (20 years, 7 months ago) by brad
Branch: OPENBSD_3_3
Changes since 1.102: +141 -5 lines
Diff to previous 1.102 (colored)
upgrade to OpenSSH 3.7
Revision 1.108 / (download) - annotate - [select for diffs], Thu Aug 14 16:08:58 2003 UTC (20 years, 8 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_4_BASE
Branch point for: OPENBSD_3_4
Changes since 1.107: +2 -1 lines
Diff to previous 1.107 (colored)
exit after primetest, ok djm@
Revision 1.107 / (download) - annotate - [select for diffs], Mon Jul 28 09:49:56 2003 UTC (20 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.106: +81 -4 lines
Diff to previous 1.106 (colored)
Support for generating Diffie-Hellman groups (/etc/moduli) from ssh-keygen. Based on code from Phil Karn, William Allen Simpson and Niels Provos. ok markus@, thanks jmc@
Revision 1.106 / (download) - annotate - [select for diffs], Thu May 15 03:10:52 2003 UTC (20 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.105: +4 -1 lines
Diff to previous 1.105 (colored)
avoid warning; ok jakob@
Revision 1.105 / (download) - annotate - [select for diffs], Wed May 14 18:16:20 2003 UTC (20 years, 11 months ago) by jakob
Branch: MAIN
Changes since 1.104: +53 -2 lines
Diff to previous 1.104 (colored)
add experimental support for verifying hos keys using DNS as described in draft-ietf-secsh-dns-xx.txt. more information in README.dns. ok markus@ and henning@
Revision 1.104 / (download) - annotate - [select for diffs], Sun May 11 16:56:48 2003 UTC (20 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.103: +5 -1 lines
Diff to previous 1.103 (colored)
change key_load_public to try to read a public from: rsa1 private or rsa1 public and ssh2 keys. this makes ssh-keygen -e fail for ssh1 keys more gracefully for example; report from itojun (netbsd pr 20550).
Revision 1.103 / (download) - annotate - [select for diffs], Tue Apr 8 20:21:29 2003 UTC (21 years ago) by itojun
Branch: MAIN
Changes since 1.102: +2 -2 lines
Diff to previous 1.102 (colored)
rename log() into logit() to avoid name conflict. markus ok, from netbsd
Revision 1.98.2.2 / (download) - annotate - [select for diffs], Thu Apr 3 22:35:18 2003 UTC (21 years, 1 month ago) by miod
Branch: OPENBSD_3_1
Changes since 1.98.2.1: +1 -2 lines
Diff to previous 1.98.2.1 (colored) to branchpoint 1.98 (colored) next main 1.99 (colored)
Merge OpenSSH 3.6.1
Revision 1.101.2.1 / (download) - annotate - [select for diffs], Tue Apr 1 00:12:14 2003 UTC (21 years, 1 month ago) by margarida
Branch: OPENBSD_3_2
Changes since 1.101: +1 -2 lines
Diff to previous 1.101 (colored)
Update to OpenSSH 3.6
Revision 1.102 / (download) - annotate - [select for diffs], Tue Nov 26 00:45:03 2002 UTC (21 years, 5 months ago) by wcobb
Branch: MAIN
CVS Tags: OPENBSD_3_3_BASE
Branch point for: OPENBSD_3_3
Changes since 1.101: +1 -2 lines
Diff to previous 1.101 (colored)
Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. ok markus@
Revision 1.82.2.5 / (download) - annotate - [select for diffs], Wed Jun 26 18:22:36 2002 UTC (21 years, 10 months ago) by miod
Branch: OPENBSD_3_0
Changes since 1.82.2.4: +6 -5 lines
Diff to previous 1.82.2.4 (colored) to branchpoint 1.82 (colored) next main 1.83 (colored)
There was an update to OpenSSH 3.4, and people rejoiced.
Revision 1.98.2.1 / (download) - annotate - [select for diffs], Wed Jun 26 15:30:39 2002 UTC (21 years, 10 months ago) by jason
Branch: OPENBSD_3_1
Changes since 1.98: +8 -7 lines
Diff to previous 1.98 (colored)
Pull in OpenSSH-3.4
Revision 1.101 / (download) - annotate - [select for diffs], Sun Jun 23 09:39:55 2002 UTC (21 years, 10 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_3_2_BASE
Branch point for: OPENBSD_3_2
Changes since 1.100: +6 -5 lines
Diff to previous 1.100 (colored)
u_int stuff
Revision 1.82.2.4 / (download) - annotate - [select for diffs], Sat Jun 22 07:23:18 2002 UTC (21 years, 10 months ago) by miod
Branch: OPENBSD_3_0
Changes since 1.82.2.3: +3 -3 lines
Diff to previous 1.82.2.3 (colored) to branchpoint 1.82 (colored)
Update OpenSSH to version 3.3 (with local changes, configuration files still living in /etc and privsep user being nobody).
Revision 1.100 / (download) - annotate - [select for diffs], Wed Jun 19 00:27:55 2002 UTC (21 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.99: +2 -2 lines
Diff to previous 1.99 (colored)
KNF done automatically while reading....
Revision 1.99 / (download) - annotate - [select for diffs], Sun Jun 9 13:32:01 2002 UTC (21 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.98: +2 -2 lines
Diff to previous 1.98 (colored)
use tab not spaces (|unexpand)
Revision 1.60.2.5 / (download) - annotate - [select for diffs], Sun Jun 2 22:56:11 2002 UTC (21 years, 11 months ago) by miod
Branch: OPENBSD_2_9
Changes since 1.60.2.4: +27 -120 lines
Diff to previous 1.60.2.4 (colored) to branchpoint 1.60 (colored) next main 1.61 (colored)
Upgrade to OpenSSH 3.2.3. Except for improbable compilation error fixes, this should be the last commit made to the 2.9-STABLE branche. Have fun upgrading.
Revision 1.82.2.3 / (download) - annotate - [select for diffs], Fri May 17 00:03:24 2002 UTC (21 years, 11 months ago) by miod
Branch: OPENBSD_3_0
Changes since 1.82.2.2: +27 -120 lines
Diff to previous 1.82.2.2 (colored) to branchpoint 1.82 (colored)
Update OpenSSH to version 3.2.2.
Revision 1.98 / (download) - annotate - [select for diffs], Wed Mar 27 22:21:45 2002 UTC (22 years, 1 month ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_1_BASE
Branch point for: OPENBSD_3_1
Changes since 1.97: +8 -1 lines
Diff to previous 1.97 (colored)
try to import keys with extra trailing === (seen with ssh.com < 2.0.12)
Revision 1.97 / (download) - annotate - [select for diffs], Mon Mar 25 17:34:27 2002 UTC (22 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.96: +11 -7 lines
Diff to previous 1.96 (colored)
change sc_get_key to sc_get_keys and hide smartcard details in scard.c
Revision 1.96 / (download) - annotate - [select for diffs], Thu Mar 21 21:54:34 2002 UTC (22 years, 1 month ago) by rees
Branch: MAIN
Changes since 1.95: +2 -2 lines
Diff to previous 1.95 (colored)
Add PIN-protection for secret key.
Revision 1.95 / (download) - annotate - [select for diffs], Thu Mar 21 16:54:53 2002 UTC (22 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.94: +10 -114 lines
Diff to previous 1.94 (colored)
move key upload to scard.[ch]
Revision 1.60.2.4 / (download) - annotate - [select for diffs], Sat Mar 9 00:20:45 2002 UTC (22 years, 1 month ago) by miod
Branch: OPENBSD_2_9
Changes since 1.60.2.3: +38 -28 lines
Diff to previous 1.60.2.3 (colored) to branchpoint 1.60 (colored)
Merge OpenSSH 3.1, keeping /etc as configuration files directory. (i.e. OpenSSH 3.1 + openbsd29_3.1.patch)
Revision 1.32.2.8 / (download) - annotate - [select for diffs], Fri Mar 8 17:04:43 2002 UTC (22 years, 1 month ago) by brad
Branch: OPENBSD_2_8
Changes since 1.32.2.7: +38 -28 lines
Diff to previous 1.32.2.7 (colored) to branchpoint 1.32 (colored) next main 1.33 (colored)
Merge OpenSSH 3.1.
Revision 1.82.2.2 / (download) - annotate - [select for diffs], Thu Mar 7 17:37:47 2002 UTC (22 years, 1 month ago) by jason
Branch: OPENBSD_3_0
Changes since 1.82.2.1: +38 -28 lines
Diff to previous 1.82.2.1 (colored) to branchpoint 1.82 (colored)
Update to OpenSSH-3.1 on 3.0-stable branch
Revision 1.94 / (download) - annotate - [select for diffs], Mon Feb 25 16:33:27 2002 UTC (22 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.93: +2 -2 lines
Diff to previous 1.93 (colored)
more u_* fixes
Revision 1.93 / (download) - annotate - [select for diffs], Sun Feb 24 19:14:59 2002 UTC (22 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.92: +2 -2 lines
Diff to previous 1.92 (colored)
signed vs. unsigned: make size arguments u_int, ok stevesk@
Revision 1.92 / (download) - annotate - [select for diffs], Sat Feb 16 20:40:08 2002 UTC (22 years, 2 months ago) by stevesk
Branch: MAIN
Changes since 1.91: +19 -15 lines
Diff to previous 1.91 (colored)
default to rsa keyfile path for non key generation operations where keyfile not specified. fixes core dump in those cases. ok markus@
Revision 1.91 / (download) - annotate - [select for diffs], Fri Jan 18 18:14:17 2002 UTC (22 years, 3 months ago) by stevesk
Branch: MAIN
Changes since 1.90: +2 -2 lines
Diff to previous 1.90 (colored)
unneeded cast cleanup; ok markus@
Revision 1.90 / (download) - annotate - [select for diffs], Wed Jan 9 13:49:27 2002 UTC (22 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.89: +3 -2 lines
Diff to previous 1.89 (colored)
append \n only for public keys
Revision 1.89 / (download) - annotate - [select for diffs], Sat Dec 29 21:56:01 2001 UTC (22 years, 4 months ago) by stevesk
Branch: MAIN
Changes since 1.88: +2 -2 lines
Diff to previous 1.88 (colored)
remove unneeded casts and some char->u_char cleanup; ok markus@
Revision 1.88 / (download) - annotate - [select for diffs], Thu Dec 27 18:10:29 2001 UTC (22 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.87: +5 -5 lines
Diff to previous 1.87 (colored)
-t is only needed for key generation (unbreaks -i, -e, etc).
Revision 1.87 / (download) - annotate - [select for diffs], Fri Dec 21 08:52:22 2001 UTC (22 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.86: +7 -4 lines
Diff to previous 1.86 (colored)
Remove default (rsa1) key type; ok markus@
Revision 1.86 / (download) - annotate - [select for diffs], Wed Dec 19 07:18:56 2001 UTC (22 years, 4 months ago) by deraadt
Branch: MAIN
Changes since 1.85: +3 -3 lines
Diff to previous 1.85 (colored)
basic KNF done while i was looking for something else
Revision 1.85 / (download) - annotate - [select for diffs], Wed Dec 5 10:06:12 2001 UTC (22 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.84: +3 -3 lines
Diff to previous 1.84 (colored)
minor KNF
Revision 1.84 / (download) - annotate - [select for diffs], Sat Nov 17 19:14:34 2001 UTC (22 years, 5 months ago) by stevesk
Branch: MAIN
Changes since 1.83: +4 -2 lines
Diff to previous 1.83 (colored)
enum/int type cleanup where it made sense to do so; ok markus@
Revision 1.60.2.3 / (download) - annotate - [select for diffs], Thu Nov 15 22:51:15 2001 UTC (22 years, 5 months ago) by miod
Branch: OPENBSD_2_9
Changes since 1.60.2.2: +2 -2 lines
Diff to previous 1.60.2.2 (colored) to branchpoint 1.60 (colored)
Merge OpenSSH 3.0.1.
Revision 1.32.2.7 / (download) - annotate - [select for diffs], Thu Nov 15 22:50:30 2001 UTC (22 years, 5 months ago) by miod
Branch: OPENBSD_2_8
Changes since 1.32.2.6: +2 -2 lines
Diff to previous 1.32.2.6 (colored) to branchpoint 1.32 (colored)
Merge OpenSSH 3.0.1. This is likely to be the last commit to the 2.8-STABLE branch.
Revision 1.60.2.2 / (download) - annotate - [select for diffs], Thu Nov 15 00:15:19 2001 UTC (22 years, 5 months ago) by miod
Branch: OPENBSD_2_9
Changes since 1.60.2.1: +9 -1 lines
Diff to previous 1.60.2.1 (colored) to branchpoint 1.60 (colored)
Merge OpenSSH 3.0
Revision 1.32.2.6 / (download) - annotate - [select for diffs], Thu Nov 15 00:15:00 2001 UTC (22 years, 5 months ago) by miod
Branch: OPENBSD_2_8
Changes since 1.32.2.5: +9 -1 lines
Diff to previous 1.32.2.5 (colored) to branchpoint 1.32 (colored)
Merge OpenSSH 3.0
Revision 1.82.2.1 / (download) - annotate - [select for diffs], Wed Nov 14 03:24:39 2001 UTC (22 years, 5 months ago) by jason
Branch: OPENBSD_3_0
Changes since 1.82: +2 -2 lines
Diff to previous 1.82 (colored)
Pull in patches from current (Errata 002): Update to OpenSSH-3.0.1 via errata patch (Instead of using release tarball)
Revision 1.83 / (download) - annotate - [select for diffs], Thu Oct 25 21:14:32 2001 UTC (22 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.82: +2 -2 lines
Diff to previous 1.82 (colored)
better docu for fingerprinting, ok deraadt@
Revision 1.82 / (download) - annotate - [select for diffs], Fri Sep 28 12:07:09 2001 UTC (22 years, 7 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_3_0_BASE
Branch point for: OPENBSD_3_0
Changes since 1.81: +9 -1 lines
Diff to previous 1.81 (colored)
bzero private key after loading to smartcard; ok markus@
Revision 1.60.2.1 / (download) - annotate - [select for diffs], Thu Sep 27 19:03:55 2001 UTC (22 years, 7 months ago) by jason
Branch: OPENBSD_2_9
Changes since 1.60: +255 -65 lines
Diff to previous 1.60 (colored)
Pull in OpenSSH-2.9.9
Revision 1.32.2.5 / (download) - annotate - [select for diffs], Thu Sep 27 00:15:42 2001 UTC (22 years, 7 months ago) by miod
Branch: OPENBSD_2_8
Changes since 1.32.2.4: +255 -65 lines
Diff to previous 1.32.2.4 (colored) to branchpoint 1.32 (colored)
Pull in OpenSSH 2.9.9 to the 2.8 branch.
Revision 1.81 / (download) - annotate - [select for diffs], Mon Sep 17 20:50:22 2001 UTC (22 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.80: +5 -2 lines
Diff to previous 1.80 (colored)
better error handling if you try to export a bad key to ssh.com
Revision 1.80 / (download) - annotate - [select for diffs], Mon Sep 17 19:27:15 2001 UTC (22 years, 7 months ago) by stevesk
Branch: MAIN
Changes since 1.79: +3 -3 lines
Diff to previous 1.79 (colored)
u_char*/char* cleanup; ok markus@
Revision 1.79 / (download) - annotate - [select for diffs], Thu Aug 2 16:14:05 2001 UTC (22 years, 9 months ago) by jakob
Branch: MAIN
Changes since 1.78: +2 -2 lines
Diff to previous 1.78 (colored)
clean up some /* SMARTCARD */. ok markus@
Revision 1.78 / (download) - annotate - [select for diffs], Thu Aug 2 15:43:57 2001 UTC (22 years, 9 months ago) by jakob
Branch: MAIN
Changes since 1.77: +5 -5 lines
Diff to previous 1.77 (colored)
add /* SMARTCARD */ to #else/#endif. ok markus@
Revision 1.77 / (download) - annotate - [select for diffs], Thu Aug 2 15:06:52 2001 UTC (22 years, 9 months ago) by jakob
Branch: MAIN
Changes since 1.76: +22 -3 lines
Diff to previous 1.76 (colored)
more verbose usage(). ok markus@
Revision 1.76 / (download) - annotate - [select for diffs], Thu Aug 2 08:58:35 2001 UTC (22 years, 9 months ago) by jakob
Branch: MAIN
Changes since 1.75: +3 -3 lines
Diff to previous 1.75 (colored)
change -u (upload smartcard key) to -U. ok markus@
Revision 1.75 / (download) - annotate - [select for diffs], Thu Aug 2 00:10:17 2001 UTC (22 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.74: +41 -14 lines
Diff to previous 1.74 (colored)
add -D readerid option (download, i.e. print public RSA key to stdout). check for card present when uploading keys. use strings instead of ints for smartcard reader ids, too.
Revision 1.74 / (download) - annotate - [select for diffs], Wed Aug 1 23:33:09 2001 UTC (22 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.73: +37 -12 lines
Diff to previous 1.73 (colored)
allow uploading RSA keys for non-default AUT0 (sha1 over passphrase like sectok).
Revision 1.73 / (download) - annotate - [select for diffs], Thu Jul 26 20:04:27 2001 UTC (22 years, 9 months ago) by rees
Branch: MAIN
Changes since 1.72: +3 -4 lines
Diff to previous 1.72 (colored)
Inquire Cyberflex class for 0xf0 cards change aid to conform to 7816-5 remove gratuitous fid selects
Revision 1.72 / (download) - annotate - [select for diffs], Mon Jul 2 22:40:18 2001 UTC (22 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.71: +20 -19 lines
Diff to previous 1.71 (colored)
update for sectok.h interface changes. improve error handling.
Revision 1.71 / (download) - annotate - [select for diffs], Fri Jun 29 07:11:01 2001 UTC (22 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.70: +3 -3 lines
Diff to previous 1.70 (colored)
initialize early
Revision 1.70 / (download) - annotate - [select for diffs], Fri Jun 29 07:06:34 2001 UTC (22 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.69: +17 -7 lines
Diff to previous 1.69 (colored)
new error handling for cyberflex_*
Revision 1.69 / (download) - annotate - [select for diffs], Thu Jun 28 19:57:35 2001 UTC (22 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.68: +2 -2 lines
Diff to previous 1.68 (colored)
'\0' terminated data[] is ok; ok markus@
Revision 1.68 / (download) - annotate - [select for diffs], Wed Jun 27 05:42:25 2001 UTC (22 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.67: +2 -2 lines
Diff to previous 1.67 (colored)
s/generate_additional_parameters/rsa_generate_additional_parameters/ http://www.humppa.com/
Revision 1.67 / (download) - annotate - [select for diffs], Wed Jun 27 05:35:42 2001 UTC (22 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.66: +5 -5 lines
Diff to previous 1.66 (colored)
use cyberflex_inq_class to inquire class.
Revision 1.66 / (download) - annotate - [select for diffs], Tue Jun 26 02:47:07 2001 UTC (22 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.65: +99 -19 lines
Diff to previous 1.65 (colored)
allow loading a private RSA key to a cyberflex card.
Revision 1.65 / (download) - annotate - [select for diffs], Sun Jun 24 05:35:33 2001 UTC (22 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.64: +22 -10 lines
Diff to previous 1.64 (colored)
switch to readpassphrase(3) 2.7/8-stable needs readpassphrase.[ch] from libc
Revision 1.64 / (download) - annotate - [select for diffs], Sat Jun 23 17:05:22 2001 UTC (22 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.63: +12 -12 lines
Diff to previous 1.63 (colored)
fix import for (broken?) ssh.com/f-secure private keys (i tested > 1000 RSA keys)
Revision 1.63 / (download) - annotate - [select for diffs], Sat Jun 23 15:12:20 2001 UTC (22 years, 10 months ago) by itojun
Branch: MAIN
Changes since 1.62: +12 -12 lines
Diff to previous 1.62 (colored)
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
Revision 1.62 / (download) - annotate - [select for diffs], Sat Jun 23 06:41:10 2001 UTC (22 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.61: +21 -10 lines
Diff to previous 1.61 (colored)
try to decode ssh-3.0.0 private rsa keys (allow migration to openssh, not vice versa), #910
Revision 1.61 / (download) - annotate - [select for diffs], Fri May 25 14:37:32 2001 UTC (22 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.60: +8 -5 lines
Diff to previous 1.60 (colored)
use -P for -e and -y, too.
Revision 1.32.2.4 / (download) - annotate - [select for diffs], Mon May 7 21:09:36 2001 UTC (22 years, 11 months ago) by jason
Branch: OPENBSD_2_8
Changes since 1.32.2.3: +118 -102 lines
Diff to previous 1.32.2.3 (colored) to branchpoint 1.32 (colored)
Pull in OpenSSH-2.9 to 2.8 branch.
Revision 1.60 / (download) - annotate - [select for diffs], Mon Apr 23 22:14:13 2001 UTC (23 years ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_2_9_BASE
Branch point for: OPENBSD_2_9
Changes since 1.59: +3 -3 lines
Diff to previous 1.59 (colored)
remove debug
Revision 1.59 / (download) - annotate - [select for diffs], Mon Apr 23 21:57:07 2001 UTC (23 years ago) by markus
Branch: MAIN
Changes since 1.58: +10 -9 lines
Diff to previous 1.58 (colored)
allow public key for -e, too
Revision 1.58 / (download) - annotate - [select for diffs], Sun Apr 22 13:41:02 2001 UTC (23 years ago) by markus
Branch: MAIN
Changes since 1.57: +2 -2 lines
Diff to previous 1.57 (colored)
style, noted by stevesk; sort flags in usage
Revision 1.57 / (download) - annotate - [select for diffs], Sun Apr 22 13:25:37 2001 UTC (23 years ago) by markus
Branch: MAIN
Changes since 1.56: +7 -3 lines
Diff to previous 1.56 (colored)
rename arguments -x -> -e (export key), -X -> -i (import key) xref draft-ietf-secsh-publickeyfile-01.txt
Revision 1.56 / (download) - annotate - [select for diffs], Sun Apr 15 16:58:03 2001 UTC (23 years ago) by markus
Branch: MAIN
Changes since 1.55: +4 -7 lines
Diff to previous 1.55 (colored)
don't use errno for key_{load,save}_private; discussion w/ solar@openwall
Revision 1.55 / (download) - annotate - [select for diffs], Thu Apr 5 10:42:54 2001 UTC (23 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.54: +2 -2 lines
Diff to previous 1.54 (colored)
fix whitespace: unexpand + trailing spaces.
Revision 1.54 / (download) - annotate - [select for diffs], Tue Apr 3 13:56:11 2001 UTC (23 years, 1 month ago) by stevesk
Branch: MAIN
Changes since 1.53: +2 -2 lines
Diff to previous 1.53 (colored)
free() -> xfree()
Revision 1.53 / (download) - annotate - [select for diffs], Mon Mar 26 23:23:24 2001 UTC (23 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.52: +53 -18 lines
Diff to previous 1.52 (colored)
try to read private f-secure ssh v2 rsa keys.
Revision 1.52 / (download) - annotate - [select for diffs], Mon Mar 26 08:07:09 2001 UTC (23 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.51: +56 -77 lines
Diff to previous 1.51 (colored)
simpler key load/save interface, see authfile.h
Revision 1.32.2.3 / (download) - annotate - [select for diffs], Wed Mar 21 19:46:30 2001 UTC (23 years, 1 month ago) by jason
Branch: OPENBSD_2_8
Changes since 1.32.2.2: +44 -22 lines
Diff to previous 1.32.2.2 (colored) to branchpoint 1.32 (colored)
Pull in OpenSSH-2.5.2 for 2.8 branch.
Revision 1.25.2.5 / (download) - annotate - [select for diffs], Wed Mar 21 18:53:09 2001 UTC (23 years, 1 month ago) by jason
Branch: OPENBSD_2_7
Changes since 1.25.2.4: +44 -22 lines
Diff to previous 1.25.2.4 (colored) to branchpoint 1.25 (colored) next main 1.26 (colored)
Pull in OpenSSH-2.5.2 for 2.7 branch.
Revision 1.51 / (download) - annotate - [select for diffs], Wed Mar 21 14:20:45 2001 UTC (23 years, 1 month ago) by jakob
Branch: MAIN
Changes since 1.50: +2 -2 lines
Diff to previous 1.50 (colored)
add -B flag to usage
Revision 1.50 / (download) - annotate - [select for diffs], Mon Mar 12 22:02:02 2001 UTC (23 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.49: +6 -4 lines
Diff to previous 1.49 (colored)
remove old key_fingerprint interface, s/_ex//
Revision 1.25.2.4 / (download) - annotate - [select for diffs], Mon Mar 12 15:44:16 2001 UTC (23 years, 1 month ago) by jason
Branch: OPENBSD_2_7
Changes since 1.25.2.3: +96 -83 lines
Diff to previous 1.25.2.3 (colored) to branchpoint 1.25 (colored)
OpenSSH-2.5.1 for 2.7 patch branch
Revision 1.49 / (download) - annotate - [select for diffs], Sun Mar 11 22:33:24 2001 UTC (23 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.48: +20 -31 lines
Diff to previous 1.48 (colored)
remove -v again. use -B instead for bubblebabble. make -B consistent with -l and make -B work with /path/to/known_hosts. ok deraadt@
Revision 1.48 / (download) - annotate - [select for diffs], Sun Mar 11 16:39:03 2001 UTC (23 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.47: +5 -7 lines
Diff to previous 1.47 (colored)
KNF, and SHA1 binary output is just creeping featurism
Revision 1.47 / (download) - annotate - [select for diffs], Sun Mar 11 15:04:16 2001 UTC (23 years, 1 month ago) by jakob
Branch: MAIN
Changes since 1.46: +27 -3 lines
Diff to previous 1.46 (colored)
print both md5, sha1 and bubblebabble fingerprints when using ssh-keygen -l -v. ok markus@.
Revision 1.46 / (download) - annotate - [select for diffs], Fri Mar 9 03:14:39 2001 UTC (23 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.45: +20 -12 lines
Diff to previous 1.45 (colored)
create *.pub files with umask 0644, so that you can mv them to authorized_keys
Revision 1.45 / (download) - annotate - [select for diffs], Thu Feb 22 08:03:51 2001 UTC (23 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.44: +2 -2 lines
Diff to previous 1.44 (colored)
bye bye -d
Revision 1.44 / (download) - annotate - [select for diffs], Thu Feb 22 06:43:55 2001 UTC (23 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.43: +3 -2 lines
Diff to previous 1.43 (colored)
document -d, and -t defaults to rsa1
Revision 1.32.2.2 / (download) - annotate - [select for diffs], Mon Feb 19 17:19:29 2001 UTC (23 years, 2 months ago) by jason
Branch: OPENBSD_2_8
Changes since 1.32.2.1: +0 -0 lines
Diff to previous 1.32.2.1 (colored) to branchpoint 1.32 (colored)
Pull in OpenSSH-2.5.1
Revision 1.32.2.1 / (download) - annotate - [select for diffs], Fri Feb 16 20:13:18 2001 UTC (23 years, 2 months ago) by jason
Branch: OPENBSD_2_8
Changes since 1.32: +96 -83 lines
Diff to previous 1.32 (colored)
Pull in OpenSSH 2.5.0
Revision 1.43 / (download) - annotate - [select for diffs], Mon Feb 12 16:16:23 2001 UTC (23 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.42: +2 -1 lines
Diff to previous 1.42 (colored)
PermitRootLogin={yes,without-password,forced-commands-only,no}
(before this change, root could login even if PermitRootLogin==no)
Revision 1.42 / (download) - annotate - [select for diffs], Sun Feb 4 15:32:26 2001 UTC (23 years, 3 months ago) by stevesk
Branch: MAIN
Changes since 1.41: +2 -2 lines
Diff to previous 1.41 (colored)
unexpand and remove end-of-line whitespace; ok markus@
Revision 1.41 / (download) - annotate - [select for diffs], Sun Jan 21 19:05:57 2001 UTC (23 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.40: +3 -6 lines
Diff to previous 1.40 (colored)
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
Revision 1.40 / (download) - annotate - [select for diffs], Fri Jan 19 15:55:11 2001 UTC (23 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.39: +6 -5 lines
Diff to previous 1.39 (colored)
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
Revision 1.39 / (download) - annotate - [select for diffs], Sat Jan 13 18:03:07 2001 UTC (23 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.38: +2 -2 lines
Diff to previous 1.38 (colored)
getopt() returns -1 not EOF; stevesk@pobox.com
Revision 1.38 / (download) - annotate - [select for diffs], Thu Dec 28 18:58:39 2000 UTC (23 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.37: +16 -12 lines
Diff to previous 1.37 (colored)
enable 'ssh-keygen -l -f ~/.ssh/{authorized_keys,known_hosts}{,2}'
Revision 1.37 / (download) - annotate - [select for diffs], Fri Dec 22 16:49:40 2000 UTC (23 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.36: +3 -3 lines
Diff to previous 1.36 (colored)
fix ssh-keygen -x -t type > file; from Roumen.Petrov@skalasoft.com
Revision 1.36 / (download) - annotate - [select for diffs], Tue Dec 19 23:17:58 2000 UTC (23 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.35: +5 -5 lines
Diff to previous 1.35 (colored)
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
Revision 1.35 / (download) - annotate - [select for diffs], Sat Nov 25 17:19:33 2000 UTC (23 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.34: +27 -18 lines
Diff to previous 1.34 (colored)
print keytype when generating a key. reasonable defaults for RSA1/RSA/DSA keys.
Revision 1.34 / (download) - annotate - [select for diffs], Wed Nov 15 20:24:43 2000 UTC (23 years, 5 months ago) by millert
Branch: MAIN
Changes since 1.33: +2 -2 lines
Diff to previous 1.33 (colored)
Add missing \n at the end of an error message.
Revision 1.33 / (download) - annotate - [select for diffs], Sun Nov 12 19:50:38 2000 UTC (23 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.32: +58 -57 lines
Diff to previous 1.32 (colored)
add support for RSA to SSH2. please test. there are now 3 types of keys: RSA1 is used by ssh-1 only, RSA and DSA are used by SSH2. you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA keys for SSH2 and use the RSA keys for hostkeys or for user keys. SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before. IdentityFile2, HostDsaKey and DSAAuthentication are obsolete. you can use multiple IdentityFile and HostKey for all types of keys. the option DSAAuthentication is replaced by PubkeyAuthetication.
Revision 1.25.2.3 / (download) - annotate - [select for diffs], Wed Nov 8 21:31:22 2000 UTC (23 years, 5 months ago) by jason
Branch: OPENBSD_2_7
Changes since 1.25.2.2: +100 -12 lines
Diff to previous 1.25.2.2 (colored) to branchpoint 1.25 (colored)
openssh-2.3.0 (again) for 2.7 branch
Revision 1.32 / (download) - annotate - [select for diffs], Mon Oct 9 21:30:44 2000 UTC (23 years, 6 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_2_8_BASE
Branch point for: OPENBSD_2_8
Changes since 1.31: +94 -11 lines
Diff to previous 1.31 (colored)
-X now reads private ssh.com DSA keys, too.
Revision 1.31 / (download) - annotate - [select for diffs], Thu Sep 7 20:27:54 2000 UTC (23 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.30: +7 -2 lines
Diff to previous 1.30 (colored)
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
Revision 1.25.2.2 / (download) - annotate - [select for diffs], Fri Sep 1 18:23:23 2000 UTC (23 years, 8 months ago) by jason
Branch: OPENBSD_2_7
Changes since 1.25.2.1: +10 -15 lines
Diff to previous 1.25.2.1 (colored) to branchpoint 1.25 (colored)
Pull in the rest of openssh-2.2.0 to 2.7 branch (luvin' cvs...)
Revision 1.30 / (download) - annotate - [select for diffs], Sat Aug 19 21:34:43 2000 UTC (23 years, 8 months ago) by markus
Branch: MAIN
Changes since 1.29: +7 -12 lines
Diff to previous 1.29 (colored)
add SSH2/DSA support to the agent and some other DSA related cleanups. (note that we cannot talk to ssh.com's ssh2 agents)
Revision 1.29 / (download) - annotate - [select for diffs], Sat Jul 15 04:01:37 2000 UTC (23 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.28: +2 -2 lines
Diff to previous 1.28 (colored)
Always create ~/.ssh with mode 700; ok Markus
Revision 1.28 / (download) - annotate - [select for diffs], Fri Jul 7 03:55:04 2000 UTC (23 years, 10 months ago) by todd
Branch: MAIN
Changes since 1.27: +2 -2 lines
Diff to previous 1.27 (colored)
clean code is good code
Revision 1.27 / (download) - annotate - [select for diffs], Tue Jun 20 01:39:44 2000 UTC (23 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.26: +1 -1 lines
Diff to previous 1.26 (colored)
OpenBSD tag
Revision 1.25.2.1 / (download) - annotate - [select for diffs], Mon Jun 12 02:37:35 2000 UTC (23 years, 10 months ago) by jason
Branch: OPENBSD_2_7
Changes since 1.25: +2 -2 lines
Diff to previous 1.25 (colored)
lovin' CVS... update patch branch to OpenSSH-2.1.1
Revision 1.26 / (download) - annotate - [select for diffs], Tue May 30 17:32:06 2000 UTC (23 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.25: +2 -2 lines
Diff to previous 1.25 (colored)
remove dependency on openssl-0.9.5a; green@FreeBSD.org via kris@FreeBSD.org
Revision 1.25 / (download) - annotate - [select for diffs], Mon May 8 18:23:07 2000 UTC (23 years, 11 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_2_7_BASE
Branch point for: OPENBSD_2_7
Changes since 1.24: +12 -4 lines
Diff to previous 1.24 (colored)
handle escapes in real and original key format, ok millert@
Revision 1.24 / (download) - annotate - [select for diffs], Wed May 3 02:52:56 2000 UTC (24 years ago) by deraadt
Branch: MAIN
Changes since 1.23: +2 -3 lines
Diff to previous 1.23 (colored)
simplify usage
Revision 1.23 / (download) - annotate - [select for diffs], Tue May 2 22:18:04 2000 UTC (24 years ago) by markus
Branch: MAIN
Changes since 1.22: +3 -2 lines
Diff to previous 1.22 (colored)
default DSA key file ~/.ssh/id_dsa
Revision 1.22 / (download) - annotate - [select for diffs], Mon May 1 08:20:56 2000 UTC (24 years ago) by hugh
Branch: MAIN
Changes since 1.21: +2 -2 lines
Diff to previous 1.21 (colored)
Put -d into usage and reorder. markus ok.
Revision 1.21 / (download) - annotate - [select for diffs], Thu Apr 27 08:01:27 2000 UTC (24 years ago) by markus
Branch: MAIN
Changes since 1.20: +3 -1 lines
Diff to previous 1.20 (colored)
xfree DSA blobs
Revision 1.20 / (download) - annotate - [select for diffs], Wed Apr 26 21:55:04 2000 UTC (24 years ago) by deraadt
Branch: MAIN
Changes since 1.19: +9 -2 lines
Diff to previous 1.19 (colored)
add -R flag: exit code indicates if RSA is alive
Revision 1.19 / (download) - annotate - [select for diffs], Wed Apr 26 20:56:29 2000 UTC (24 years ago) by markus
Branch: MAIN
Changes since 1.18: +256 -85 lines
Diff to previous 1.18 (colored)
add DSA pubkey auth and other SSH2 fixes. use ssh-keygen -[xX] for trading keys with the real and the original SSH, directly from the people who invented the SSH protocol.
Revision 1.18 / (download) - annotate - [select for diffs], Fri Apr 14 10:30:33 2000 UTC (24 years ago) by markus
Branch: MAIN
Changes since 1.17: +2 -2 lines
Diff to previous 1.17 (colored)
whitespace cleanup
Revision 1.17 / (download) - annotate - [select for diffs], Thu Mar 16 20:56:14 2000 UTC (24 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.16: +3 -2 lines
Diff to previous 1.16 (colored)
-pedantic: signed vs. unsigned, void*-arithm, etc
Revision 1.16 / (download) - annotate - [select for diffs], Fri Feb 4 14:34:09 2000 UTC (24 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.15: +2 -2 lines
Diff to previous 1.15 (colored)
typo
Revision 1.15 / (download) - annotate - [select for diffs], Fri Feb 4 13:16:16 2000 UTC (24 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.14: +65 -29 lines
Diff to previous 1.14 (colored)
enable ssh-keygen -l -f ~/.ssh/known_hosts, ok deraadt@
Revision 1.14 / (download) - annotate - [select for diffs], Wed Nov 24 19:53:52 1999 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.13: +18 -37 lines
Diff to previous 1.13 (colored)
KNF, final part 3
Revision 1.13 / (download) - annotate - [select for diffs], Wed Nov 24 00:26:03 1999 UTC (24 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.12: +17 -21 lines
Diff to previous 1.12 (colored)
much more KNF
Revision 1.12 / (download) - annotate - [select for diffs], Tue Nov 23 22:25:55 1999 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.11: +443 -490 lines
Diff to previous 1.11 (colored)
KNF part 1
Revision 1.11 / (download) - annotate - [select for diffs], Sun Nov 21 21:58:31 1999 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.10: +27 -29 lines
Diff to previous 1.10 (colored)
don't create ~/.ssh only if the user wants to store the private key there. show fingerprint instead of public-key after keygeneration. ok niels@
Revision 1.10 / (download) - annotate - [select for diffs], Sat Nov 20 19:53:40 1999 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.9: +81 -77 lines
Diff to previous 1.9 (colored)
replace xstrdup+strcat with strlcat+fixed buffer, fixes OF (bad me) exit if writing the key fails (no infinit loop) print usage() everytime we get bad options
Revision 1.9 / (download) - annotate - [select for diffs], Sat Nov 20 10:02:53 1999 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.8: +2 -1 lines
Diff to previous 1.8 (colored)
overflow, djm@mindrot.org
Revision 1.8 / (download) - annotate - [select for diffs], Tue Nov 16 22:49:28 1999 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.7: +63 -2 lines
Diff to previous 1.7 (colored)
rsa key fingerprints, idea from Bjoern Groenvall <bg@sics.se>
Revision 1.7 / (download) - annotate - [select for diffs], Tue Nov 16 22:27:54 1999 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.6: +54 -80 lines
Diff to previous 1.6 (colored)
move common prompt-for-filename-code into own function
Revision 1.6 / (download) - annotate - [select for diffs], Fri Oct 1 02:38:09 1999 UTC (24 years, 7 months ago) by provos
Branch: MAIN
CVS Tags: OPENBSD_2_6_BASE,
OPENBSD_2_6
Changes since 1.5: +1 -5 lines
Diff to previous 1.5 (colored)
get rid of references to randomseedfile we dont need it. for sshd just spit out a warning that the configuration option is obsolete.
Revision 1.5 / (download) - annotate - [select for diffs], Wed Sep 29 21:14:16 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.4: +8 -25 lines
Diff to previous 1.4 (colored)
numerous sprintf, strncpy, strcpy cleanups
Revision 1.4 / (download) - annotate - [select for diffs], Wed Sep 29 06:15:00 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.3: +11 -1 lines
Diff to previous 1.3 (colored)
test for RSA in the ssl library, real early on
Revision 1.3 / (download) - annotate - [select for diffs], Tue Sep 28 19:42:05 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.2: +2 -2 lines
Diff to previous 1.2 (colored)
put q in getopt
Revision 1.2 / (download) - annotate - [select for diffs], Tue Sep 28 04:45:37 1999 UTC (24 years, 7 months ago) by provos
Branch: MAIN
Changes since 1.1: +103 -92 lines
Diff to previous 1.1 (colored)
convert all uses of gmp to SSL bignum convert all used of rsa to SSL rsa functions remove all use of randomstate to OpenBSD arc4random() and arc4_stir() all this done at a long long night in Canada.
Revision 1.1 / (download) - annotate - [select for diffs], Sun Sep 26 20:53:37 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.