summaryrefslogtreecommitdiffstats
path: root/ssh-keyscan.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2018-10-04upstream: factor out channel status formatting fromdjm@openbsd.org1-13/+24
channel_open_message() so we can use it in other debug messages OpenBSD-Commit-ID: 9c3903ca28fcabad57f566c9d0045b41ab7d52ba
2018-10-04upstream: include a little more information about the status anddjm@openbsd.org4-29/+64
disposition of channel's extended (stderr) fd; makes debugging some things a bit easier. No behaviour change. OpenBSD-Commit-ID: 483eb6467dc7d5dbca8eb109c453e7a43075f7ce
2018-10-04upstream: explicit_bzero here to be consistent with other kex*.c;djm@openbsd.org1-1/+2
report from coolbugcheckers AT gmail.com OpenBSD-Commit-ID: a90f146c5b5f5b1408700395e394f70b440856cb
2018-10-03upstream: Allow ssh_config IdentityAgent directive to acceptdjm@openbsd.org6-16/+72
environment variable names as well as explicit paths. ok dtucker@ OpenBSD-Commit-ID: 2f0996e103876c53d8c9dd51dcce9889d700767b
2018-10-02upstream: mention INFO@openssh.com for sending SIGINFOdjm@openbsd.org1-1/+8
OpenBSD-Commit-ID: 132471eeb0df658210afd27852fe65131b26e900
2018-10-02only support SIGINFO on systems with SIGINFODamien Miller1-0/+2
2018-10-02upstream: Add server support for signalling sessions via the SSHdjm@openbsd.org2-2/+77
channel/ session protocol. Signalling is only supported to sesssions that are not subsystems and were not started with a forced command. Long requested in bz#1424 Based on a patch from markus@ and reworked by dtucker@; ok markus@ dtucker@ OpenBSD-Commit-ID: 4bea826f575862eaac569c4bedd1056a268be1c3
2018-09-26upstream: remove big ugly TODO comment from start of file. Some ofdjm@openbsd.org1-14/+1
the mentioned tasks are obsolete and, of the remainder, most are already captured in PROTOCOL.mux where they better belong OpenBSD-Commit-ID: 16d9d76dee42a5bb651c9d6740f7f0ef68aeb407
2018-09-26upstream: Document mux proxy mode; added by Markus in openssh-7.4djm@openbsd.org1-37/+107
Also add a little bit of information about the overall packet format OpenBSD-Commit-ID: bdb6f6ea8580ef96792e270cae7857786ad84a95
2018-09-26upstream: s/process_mux_master/mux_master_process/ in mux masterdjm@openbsd.org1-36/+38
function names, Gives better symmetry with the existing mux_client_*() names and makes it more obvious when a message comes from the master vs client (they are interleved in ControlMaster=auto mode). no functional change beyond prefixing a could of log messages with __func__ where they were previously lacking. OpenBSD-Commit-ID: b01f7c3fdf92692e1713a822a89dc499333daf75
2018-09-22Remove unused variable in _ssh_compat_fflush.Darren Tucker1-4/+4
2018-09-22Import updated moduli.Darren Tucker1-437/+427
2018-09-21upstream: Allow ssh_config ForwardX11Timeout=0 to disable thedjm@openbsd.org2-16/+33
timeout and allow X11 connections in untrusted mode indefinitely. ok dtucker@ OpenBSD-Commit-ID: ea1ceed3f540b48e5803f933e59a03b20db10c69
2018-09-21upstream: when compiled with GSSAPI support, cache supported methoddjm@openbsd.org1-3/+2
OIDs by calling ssh_gssapi_prepare_supported_oids() regardless of whether GSSAPI authentication is enabled in the main config. This avoids sandbox violations for configurations that enable GSSAPI auth later, e.g. Match user djm GSSAPIAuthentication yes bz#2107; ok dtucker@ OpenBSD-Commit-ID: a5dd42d87c74e27cfb712b15b0f97ab20e0afd1d
2018-09-21upstream: In sshkey_in_file(), ignore keys that are considered fordjm@openbsd.org1-4/+10
being too short (i.e. SSH_ERR_KEY_LENGTH). These keys will not be considered to be "in the file". This allows key revocation lists to contain short keys without the entire revocation list being considered invalid. bz#2897; ok dtucker OpenBSD-Commit-ID: d9f3d857d07194a42ad7e62889a74dc3f9d9924b
2018-09-21upstream: Treat connections with ProxyJump specified the same as onesdjm@openbsd.org2-7/+8
with a ProxyCommand set with regards to hostname canonicalisation (i.e. don't try to canonicalise the hostname unless CanonicalizeHostname is set to 'always'). Patch from Sven Wegener via bz#2896 OpenBSD-Commit-ID: 527ff501cf98bf65fb4b29ed0cb847dda10f4d37
2018-09-21upstream: actually make CASignatureAlgorithms available as a configdjm@openbsd.org1-1/+2
option OpenBSD-Commit-ID: 93fa7ff58314ed7b1ab7744090a6a91232e6ae52
2018-09-21upstream: Import updated moduli.dtucker@openbsd.org1-0/+1
OpenBSD-Commit-ID: 04431e8e7872f49a2129bf080a6b73c19d576d40
2018-09-21upstream: reorder CASignatureAlgorithms, and add them to thejmc@openbsd.org4-19/+22
various -o lists; ok djm OpenBSD-Commit-ID: ecb88baecc3c54988b4d1654446ea033da359288
2018-09-20upstream: fix "ssh -Q sig" to show correct signature algorithm listdjm@openbsd.org1-2/+2
(it was erroneously showing certificate algorithms); prompted by markus@ OpenBSD-Commit-ID: 1cdee002f2f0c21456979deeb887fc889afb154d
2018-09-20upstream: add CASignatureAlgorithms option for the client, allowingdjm@openbsd.org4-10/+42
it to specify which signature algorithms may be used by CAs when signing certificates. Useful if you want to ban RSA/SHA1; ok markus@ OpenBSD-Commit-ID: 9159e5e9f67504829bf53ff222057307a6e3230f
2018-09-20upstream: Add sshd_config CASignatureAlgorithms option to allowdjm@openbsd.org5-9/+45
control over which signature algorithms a CA may use when signing certificates. In particular, this allows a sshd to ban certificates signed with RSA/SHA1. ok markus@ OpenBSD-Commit-ID: b05c86ef8b52b913ed48d54a9b9c1a7714d96bac
2018-09-20upstream: Make "ssh-add -q" do what it says on the tin: silencedjm@openbsd.org1-23/+39
output from successful operations. Based on patch from Thijs van Dijk; ok dtucker@ deraadt@ OpenBSD-Commit-ID: c4f754ecc055c10af166116ce7515104aa8522e1
2018-09-20upstream: When choosing a prime from the moduli file, avoidmillert@openbsd.org1-6/+8
re-using the linenum variable for something that is not a line number to avoid the confusion that resulted in the bug in rev. 1.64. This also lets us pass the actual linenum to parse_prime() so the error messages include the correct line number. OK markus@ some time ago. OpenBSD-Commit-ID: 4d8e5d3e924d6e8eb70053e3defa23c151a00084
2018-09-15Fix openssl-1.1 fallout for --without-openssl.Darren Tucker1-0/+4
ok djm@
2018-09-15add futex(2) syscall to seccomp sandboxDamien Miller1-0/+3
Apparently needed for some glibc/openssl combinations. Patch from Arkadiusz Miƛkiewicz