make handling of AuthorizedPrincipalsFile=none more consistent
with other =none options; bz#2288 from Jakub Jelen; ok dtucker@

don't leak validity of user in "too many authentication failures"
disconnect message; reported by Sebastian Reitenbach

Reduce use of <sys/param.h> and transition to <limits.h> throughout.
ok djm markus

Add FingerprintHash option to control algorithm used for key
fingerprints. Default changes from MD5 to SHA256 and format
from hex to base64.

Feedback and ok naddy@ markus@

add RevokedHostKeys option for the client

Allow textfile or KRL-based revocation of hostkeys.

Add support for Unix domain socket forwarding. A remote TCP port
may be forwarded to a local Unix domain socket and vice versa or
both ends may be a Unix domain socket. This is a reimplementation
o

Add support for Unix domain socket forwarding. A remote TCP port
may be forwarded to a local Unix domain socket and vice versa or
both ends may be a Unix domain socket. This is a reimplementation
of the streamlocal patches by William Ahern from:
http://www.25thandclement.com/~william/projects/streamlocal.html
OK djm@ markus@

show more ...

make the "Too many authentication failures" message include the
user, source address, port and protocol in a format similar to the
authentication success / failure messages; bz#2199, ok dtucker

make compiling against OpenSSL optional (make OPENSSL=no);
reduces algorithms to curve25519, aes-ctr, chacha, ed25519;
allows us to explore further options; with and ok djm

Standardise logging of supplemental information during userauth. Keys
and ruser is now logged in the auth success/failure message alongside
the local username, remote host/port and protocol in use. C

Standardise logging of supplemental information during userauth. Keys
and ruser is now logged in the auth success/failure message alongside
the local username, remote host/port and protocol in use. Certificates
contents and CA are logged too.

Pushing all logging onto a single line simplifies log analysis as it is
no longer necessary to relate information scattered across multiple log
entries. "I like it" markus@

show more ...

bye, bye xfree(); ok markus@

Fix comment, from jfree.e1 at gmail

add support for Key Revocation Lists (KRLs). These are a compact way to
represent lists of revoked keys and certificates, taking as little as
a single bit of incremental cost to revoke a certificate

add support for Key Revocation Lists (KRLs). These are a compact way to
represent lists of revoked keys and certificates, taking as little as
a single bit of incremental cost to revoke a certificate by serial number.
KRLs are loaded via the existing RevokedKeys sshd_config option.

feedback and ok markus@

show more ...

use correct string in error message; from rustybsd at gmx.fr

Fixes logging of partial authentication when privsep is enabled
Previously, we recorded "Failed xxx" since we reset authenticated before
calling auth_log() in auth2.c. This adds an explcit "Partial"

Fixes logging of partial authentication when privsep is enabled
Previously, we recorded "Failed xxx" since we reset authenticated before
calling auth_log() in auth2.c. This adds an explcit "Partial" state.

Add a "submethod" to auth_log() to report which submethod is used
for keyboard-interactive.

Fix multiple authentication when one of the methods is
keyboard-interactive.

ok markus@

show more ...

new sshd_config option AuthorizedKeysCommand to support fetching
authorized_keys from a command in addition to (or instead of) from
the filesystem. The command is run as the target server user unless

new sshd_config option AuthorizedKeysCommand to support fetching
authorized_keys from a command in addition to (or instead of) from
the filesystem. The command is run as the target server user unless
another specified via a new AuthorizedKeysCommandUser option.

patch originally by jchadima AT redhat.com, reworked by me; feedback
and ok markus@

show more ...

Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests
to match. Feedback and ok djm@ markus@.

Support "none" as an argument for AuthorizedPrincipalsFile to indicate
no file should be read.

make secure_filename() spam debug logs less

allow AuthorizedKeysFile to specify multiple files, separated by spaces.
Bring back authorized_keys2 as a default search path (to avoid breaking
existing users of this file), but override this in ssh

allow AuthorizedKeysFile to specify multiple files, separated by spaces.
Bring back authorized_keys2 as a default search path (to avoid breaking
existing users of this file), but override this in sshd_config so it will
be no longer used on fresh installs. Maybe in 2015 we can remove it
entierly :)

feedback and ok markus@ dtucker@

show more ...

remove support for authorized_keys2; it is a relic from the early days
of protocol v.2 support and has been undocumented for many years;
ok markus@

automatically order the hostkeys requested by the client based on
which hostkeys are already recorded in known_hosts. This avoids
hostkey warnings when connecting to servers with new ECDSA keys
that

automatically order the hostkeys requested by the client based on
which hostkeys are already recorded in known_hosts. This avoids
hostkey warnings when connecting to servers with new ECDSA keys
that are preferred by default; with markus@

show more ...

use strict_modes already passed as function argument over referencing
global options.strict_modes

enable certificates for hostbased authentication, from Iain Morgan;
"looks ok" markus@

queue auth debug messages for bad ownership or permissions on the user's
keyfiles. These messages will be sent after the user has successfully
authenticated (where our client will display them with L

queue auth debug messages for bad ownership or permissions on the user's
keyfiles. These messages will be sent after the user has successfully
authenticated (where our client will display them with LogLevel=debug).
bz#1554; ok dtucker@

show more ...

add some optional indirection to matching of principal names listed
in certificates. Currently, a certificate must include the a user's name
to be accepted for authentication. This change adds the ab

add some optional indirection to matching of principal names listed
in certificates. Currently, a certificate must include the a user's name
to be accepted for authentication. This change adds the ability to
specify a list of certificate principal names that are acceptable.

When authenticating using a CA trusted through ~/.ssh/authorized_keys,
this adds a new principals="name1[,name2,...]" key option.

For CAs listed through sshd_config's TrustedCAKeys option, a new config
option "AuthorizedPrincipalsFile" specifies a per-user file containing
the list of acceptable names.

If either option is absent, the current behaviour of requiring the
username to appear in principals continues to apply.

These options are useful for role accounts, disjoint account namespaces
and "user@realm"-style naming policies in certificates.

feedback and ok markus@

show more ...