improve the error message for u2f enrollment errors by making
ssh-keygen be solely responsible for printing the error message and
convertint some more common error responses from the middleware to
a

improve the error message for u2f enrollment errors by making
ssh-keygen be solely responsible for printing the error message and
convertint some more common error responses from the middleware to
a useful ssherr.h status code. more detail remains visible via -v
of course.

also remove indepedent copy of sk-api.h declarations in sk-usbhid.c
and just include it.

feedback & ok markus@

show more ...

translate and return error codes; retry on bad PIN

Define some well-known error codes in the SK API and pass
them back via ssh-sk-helper.

Use the new "wrong PIN" error code to retry PIN prompting d

translate and return error codes; retry on bad PIN

Define some well-known error codes in the SK API and pass
them back via ssh-sk-helper.

Use the new "wrong PIN" error code to retry PIN prompting during
ssh-keygen of resident keys.

feedback and ok markus@

show more ...

Improve strictness and control over RSA-SHA2 signature types:

In ssh, when an agent fails to return a RSA-SHA2 signature when
requested and falls back to RSA-SHA1 instead, retry the signature to
ens

Improve strictness and control over RSA-SHA2 signature types:

In ssh, when an agent fails to return a RSA-SHA2 signature when
requested and falls back to RSA-SHA1 instead, retry the signature to
ensure that the public key algorithm sent in the SSH_MSG_USERAUTH
matches the one in the signature itself.

In sshd, strictly enforce that the public key algorithm sent in the
SSH_MSG_USERAUTH message matches what appears in the signature.

Make the sshd_config PubkeyAcceptedKeyTypes and
HostbasedAcceptedKeyTypes options control accepted signature algorithms
(previously they selected supported key types). This allows these
options to ban RSA-SHA1 in favour of RSA-SHA2.

Add new signature algorithms "rsa-sha2-256-cert-v01@openssh.com" and
"rsa-sha2-512-cert-v01@openssh.com" to force use of RSA-SHA2 signatures
with certificate keys.

feedback and ok markus@

show more ...

refactor channels.c

Move static state to a "struct ssh_channels" that is allocated at
runtime and tracked as a member of struct ssh.

Explicitly pass "struct ssh" to all channels functions.

Replace

refactor channels.c

Move static state to a "struct ssh_channels" that is allocated at
runtime and tracked as a member of struct ssh.

Explicitly pass "struct ssh" to all channels functions.

Replace use of the legacy packet APIs in channels.c.

Rework sshd_config PermitOpen handling: previously the configuration
parser would call directly into the channels layer. After the refactor
this is not possible, as the channels structures are allocated at
connection time and aren't available when the configuration is parsed.
The server config parser now tracks PermitOpen itself and explicitly
configures the channels code later.

ok markus@

show more ...

Refuse RSA keys <1024 bits in length. Improve reporting for keys that
do not meet this requirement. ok markus@

avoid more fatal/exit in the packet.c paths that ssh-keyscan
uses; feedback and "looks good" markus@

avoid fatal() calls in packet code
makes ssh-keyscan more reliable against server failures
ok dtucker@ markus@

New buffer API; the first installment of the conversion/replacement
of OpenSSH's internals to make them usable as a standalone library.

This includes a set of wrappers to make it compatible with the

New buffer API; the first installment of the conversion/replacement
of OpenSSH's internals to make them usable as a standalone library.

This includes a set of wrappers to make it compatible with the
existing buffer API so replacement can occur incrementally.

With and ok markus@

Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew
Dempsky and Ron Bowes for a detailed review.

show more ...