#
121654a5 |
| 16-Aug-2023 |
djm <djm@openbsd.org> |
defence-in-depth MaxAuthTries check in monitor; ok markus
|
#
1445c776 |
| 10-May-2023 |
dtucker <dtucker@openbsd.org> |
Remove now-unused prototypes for ssh1 RSA functions. From lengyijun via github PR#396.
|
#
ffc379c2 |
| 17-Feb-2023 |
dtucker <dtucker@openbsd.org> |
Remove now-unused compat bit SSH_BUG_RSASIGMD5. The code to set this was removed in OpenSSH 7.7 when support for SSH implementations dating back to before RFC standardization were removed. "burn it
Remove now-unused compat bit SSH_BUG_RSASIGMD5. The code to set this was removed in OpenSSH 7.7 when support for SSH implementations dating back to before RFC standardization were removed. "burn it all" djm@
show more ...
|
#
d81e1978 |
| 15-Jun-2022 |
djm <djm@openbsd.org> |
make sure that UseDNS hostname lookup happens in the monitor and not in the pledge(2)'d unprivileged process; fixes regression caused by recent refactoring spotted by henning@
|
#
b8669307 |
| 27-May-2022 |
djm <djm@openbsd.org> |
refactor authorized_keys/principals handling
remove "struct ssh *" from arguments - this was only used to pass the remote host/address. These can be passed in instead and the resulting code is less
refactor authorized_keys/principals handling
remove "struct ssh *" from arguments - this was only used to pass the remote host/address. These can be passed in instead and the resulting code is less tightly coupled to ssh_api.[ch]
ok dtucker@
show more ...
|
#
8ce4b3bd |
| 25-Feb-2022 |
djm <djm@openbsd.org> |
save an unneccessary alloc/free, based on patch from Martin Vahlensieck; ok dtucker@
|
#
7b1feaf2 |
| 28-Jan-2022 |
guenther <guenther@openbsd.org> |
When it's the possessive of 'it', it's spelled "its", without the apostrophe.
|
#
770a27c2 |
| 06-Jan-2022 |
djm <djm@openbsd.org> |
log signature algorithm during verification by monitor; ok markus
|
#
fcee231f |
| 19-Dec-2021 |
djm <djm@openbsd.org> |
sshd side of hostbound public key auth
This is identical to the standard "publickey" method, but it also includes the initial server hostkey in the message signed by the client.
feedback / ok marku
sshd side of hostbound public key auth
This is identical to the standard "publickey" method, but it also includes the initial server hostkey in the message signed by the client.
feedback / ok markus@
show more ...
|
#
efa52ff8 |
| 11-Aug-2021 |
djm <djm@openbsd.org> |
remove a bunch of %p in format strings; leftovers of debuggings past. prompted by Michael Forney, ok dtucker@
|
#
bdfa5c1b |
| 02-Jul-2021 |
dtucker <dtucker@openbsd.org> |
Remove references to ChallengeResponseAuthentication in favour of KbdInteractiveAuthentication. The former is what was in SSHv1, the latter is what is in SSHv2 (RFC4256) and they were treated as som
Remove references to ChallengeResponseAuthentication in favour of KbdInteractiveAuthentication. The former is what was in SSHv1, the latter is what is in SSHv2 (RFC4256) and they were treated as somewhat but not entirely equivalent. We retain the old name as deprecated alias so config files continue to work and a reference in the man page for people looking for it.
Prompted by bz#3303 which pointed out the discrepancy between the two when used with Match. Man page help & ok jmc@, with & ok djm@
show more ...
|
#
425cbb21 |
| 30-Apr-2021 |
dtucker <dtucker@openbsd.org> |
Remove now-unused skey function prototypes leftover from skey removal.
|
#
31d2fcf0 |
| 15-Apr-2021 |
markus <markus@openbsd.org> |
do not pass file/func to monitor; noted by Ilja van Sprundel; ok djm@
|
#
659bd631 |
| 03-Mar-2021 |
djm <djm@openbsd.org> |
don't sshbuf_get_u32() into an enum; reported by goetze AT dovetail.com via bz3269
|
#
94a54550 |
| 27-Jan-2021 |
djm <djm@openbsd.org> |
make ssh->kex->session_id a sshbuf instead of u_char*/size_t and use that instead of global variables containing copies of it. feedback/ok markus@
|
#
e9d14800 |
| 27-Jan-2021 |
djm <djm@openbsd.org> |
remove global variable used to stash compat flags and use the purpose-built ssh->compat variable instead; feedback/ok markus@
|
#
32b09e0a |
| 26-Jan-2021 |
dtucker <dtucker@openbsd.org> |
Rename HostbasedKeyTypes (ssh) and HostbasedAcceptedKeyTypes (sshd) to HostbasedAcceptedAlgorithms, which more accurately reflects its effect. This matches a previous change to PubkeyAcceptedAlgorith
Rename HostbasedKeyTypes (ssh) and HostbasedAcceptedKeyTypes (sshd) to HostbasedAcceptedAlgorithms, which more accurately reflects its effect. This matches a previous change to PubkeyAcceptedAlgorithms. The previous names are retained as aliases. ok djm@
show more ...
|
#
71ae1114 |
| 22-Jan-2021 |
dtucker <dtucker@openbsd.org> |
Rename PubkeyAcceptedKeyTypes keyword to PubkeyAcceptedAlgorithms. While the two were originally equivalent, this actually specifies the signature algorithms that are accepted. Some key types (eg RS
Rename PubkeyAcceptedKeyTypes keyword to PubkeyAcceptedAlgorithms. While the two were originally equivalent, this actually specifies the signature algorithms that are accepted. Some key types (eg RSA) can be used by multiple algorithms (eg ssh-rsa, rsa-sha2-512) so the old name is becoming increasingly misleading. The old name is retained as an alias. Prompted by bz#3253, help & ok djm@, man page help jmc@
show more ...
|
#
3e284e19 |
| 29-Dec-2020 |
djm <djm@openbsd.org> |
Update/replace the experimental post-quantim hybrid key exchange method based on Streamlined NTRU Prime (coupled with X25519).
The previous sntrup4591761x25519-sha512@tinyssh.org method is replaced
Update/replace the experimental post-quantim hybrid key exchange method based on Streamlined NTRU Prime (coupled with X25519).
The previous sntrup4591761x25519-sha512@tinyssh.org method is replaced with sntrup761x25519-sha512@openssh.com. Per the authors, sntrup4591761 was replaced almost two years ago by sntrup761.
The sntrup761 implementaion, like sntrup4591761 before it, is public domain code extracted from the SUPERCOP cryptography benchmark suite (https://bench.cr.yp.to/supercop.html).
Thanks for Daniel J Bernstein for guidance on algorithm selection. Patch from Tobias Heider; feedback & ok markus@ and myself
(note this both the updated method and the one that it replaced are disabled by default)
show more ...
|
#
5582ada2 |
| 27-Nov-2020 |
djm <djm@openbsd.org> |
clean up passing of struct passwd from monitor to preauth privsep process. No longer copy entire struct w/ pointer addresses, but pass remaining scalar fields explicitly,
Prompted by Yuichiro NAITO,
clean up passing of struct passwd from monitor to preauth privsep process. No longer copy entire struct w/ pointer addresses, but pass remaining scalar fields explicitly,
Prompted by Yuichiro NAITO, feedback Thorsten Glaser; ok dtucker@
show more ...
|
#
48e6b99d |
| 18-Oct-2020 |
djm <djm@openbsd.org> |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
#
3b0e42c5 |
| 18-Oct-2020 |
djm <djm@openbsd.org> |
variants of the log methods that append a ssherr.h string from a supplied error code; ok markus@
|
#
321d5b75 |
| 16-Oct-2020 |
djm <djm@openbsd.org> |
revised log infrastructure for OpenSSH
log functions receive function, filename and line number of caller. We can use this to selectively enable logging via pattern-lists.
ok markus@
|
#
869858c2 |
| 27-Aug-2020 |
djm <djm@openbsd.org> |
support for requiring user verified FIDO keys in sshd
This adds a "verify-required" authorized_keys flag and a corresponding sshd_config option that tells sshd to require that FIDO keys verify the u
support for requiring user verified FIDO keys in sshd
This adds a "verify-required" authorized_keys flag and a corresponding sshd_config option that tells sshd to require that FIDO keys verify the user identity before completing the signing/authentication attempt. Whether or not user verification was performed is already baked into the signature made on the FIDO token, so this is just plumbing that flag through and adding ways to require it.
feedback and ok markus@
show more ...
|
#
1f63d3c4 |
| 27-Aug-2020 |
djm <djm@openbsd.org> |
support for user-verified FIDO keys
FIDO2 supports a notion of "user verification" where the user is required to demonstrate their identity to the token before particular operations (e.g. signing).
support for user-verified FIDO keys
FIDO2 supports a notion of "user verification" where the user is required to demonstrate their identity to the token before particular operations (e.g. signing). Typically this is done by authenticating themselves using a PIN that has been set on the token.
This adds support for generating and using user verified keys where the verification happens via PIN (other options might be added in the future, but none are in common use now). Practically, this adds another key generation option "verify-required" that yields a key that requires a PIN before each authentication.
feedback markus@ and Pedro Martelletto; ok markus@
show more ...
|