1. 20 May, 2017 1 commit
    • djm@openbsd.org's avatar
      upstream commit · 77322480
      djm@openbsd.org authored
      Now that we no longer support SSHv1, replace the contents
      of this file with a pointer to
      https://tools.ietf.org/html/draft-miller-ssh-agent-00 It's better edited,
      doesn't need to document stuff we no longer implement and does document stuff
      that we do implement (RSA SHA256/512 signature flags)
      
      Upstream-ID: da8cdc46bbcc266efabd565ddddd0d8e556f846e
      77322480
  2. 17 May, 2017 3 commits
    • djm@openbsd.org's avatar
      upstream commit · 54cd41a4
      djm@openbsd.org authored
      allow LogLevel in sshd_config Match blocks; ok dtucker
      bz#2717
      
      Upstream-ID: 662e303be63148f47db1aa78ab81c5c2e732baa8
      54cd41a4
    • djm@openbsd.org's avatar
      upstream commit · 277abcda
      djm@openbsd.org authored
      remove duplicate check; spotted by Jakub Jelen
      
      Upstream-ID: 30c2996c1767616a8fdc49d4cee088efac69c3b0
      277abcda
    • djm@openbsd.org's avatar
      upstream commit · adb47ce8
      djm@openbsd.org authored
      mention that Ed25519 keys are valid as CA keys; spotted
      by Jakub Jelen
      
      Upstream-ID: d3f6db58b30418cb1c3058211b893a1ffed3dfd4
      adb47ce8
  3. 10 May, 2017 3 commits
  4. 08 May, 2017 4 commits
    • djm@openbsd.org's avatar
      upstream commit · d757a4b6
      djm@openbsd.org authored
      fix for new SSH_ERR_KEY_LENGTH error value
      
      Upstream-Regress-ID: c38a6e6174d4c3feca3518df150d4fbae0dca8dc
      d757a4b6
    • djm@openbsd.org's avatar
      upstream commit · 2e58a695
      djm@openbsd.org authored
      helps if I commit the correct version of the file. fix
      missing return statement.
      
      Upstream-ID: c86394a3beeb1ec6611e659bfa830254f325546c
      2e58a695
    • djm@openbsd.org's avatar
      upstream commit · effaf526
      djm@openbsd.org authored
      remove arcfour, blowfish and CAST here too
      
      Upstream-Regress-ID: c613b3bcbef75df1fe84ca4dc2d3ef253dc5e920
      effaf526
    • djm@openbsd.org's avatar
      upstream commit · 7461a5bc
      djm@openbsd.org authored
      I was too aggressive with the scalpel in the last commit;
      unbreak sshd, spotted quickly by naddy@
      
      Upstream-ID: fb7e75d2b2c7e6ca57dee00ca645e322dd49adbf
      7461a5bc
  5. 07 May, 2017 18 commits
    • djm@openbsd.org's avatar
      upstream commit · bd636f40
      djm@openbsd.org authored
      Refuse RSA keys <1024 bits in length. Improve reporting
      for keys that do not meet this requirement. ok markus@
      
      Upstream-ID: b385e2a7b13b1484792ee681daaf79e1e203df6c
      bd636f40
    • djm@openbsd.org's avatar
      upstream commit · 70c1218f
      djm@openbsd.org authored
      Don't offer CBC ciphers by default in the client. ok
      markus@
      
      Upstream-ID: 94c9ce8d0d1a085052e11c7f3307950fdc0901ef
      70c1218f
    • djm@openbsd.org's avatar
      upstream commit · acaf34fd
      djm@openbsd.org authored
      As promised in last release announcement: remove
      support for Blowfish, RC4 and CAST ciphers. ok markus@ deraadt@
      
      Upstream-ID: 21f8facdba3fd8da248df6417000867cec6ba222
      acaf34fd
    • naddy@openbsd.org's avatar
      upstream commit · 3e371bd2
      naddy@openbsd.org authored
      more simplification and removal of SSHv1-related code;
      ok djm@
      
      Upstream-ID: d2f041aa0b79c0ebd98c68a01e5a0bfab2cf3b55
      3e371bd2
    • naddy@openbsd.org's avatar
      upstream commit · 2e9c324b
      naddy@openbsd.org authored
      remove superfluous protocol 2 mentions; ok jmc@
      
      Upstream-ID: 0aaf7567c9f2e50fac5906b6a500a39c33c4664d
      2e9c324b
    • djm@openbsd.org's avatar
      upstream commit · 744bde79
      djm@openbsd.org authored
      since a couple of people have asked, leave a comment
      explaining why we retain SSH v.1 support in the "delete all keys from agent"
      path.
      
      Upstream-ID: 4b42dcfa339813c15fe9248a2c1b7ed41c21bbb4
      744bde79
    • djm@openbsd.org's avatar
      upstream commit · 0c378ff6
      djm@openbsd.org authored
      another tentacle: cipher_set_key_string() was only ever
      used for SSHv1
      
      Upstream-ID: 7fd31eb6c48946f7e7cc12af0699fe8eb637e94a
      0c378ff6
    • naddy@openbsd.org's avatar
      upstream commit · 9a82e24b
      naddy@openbsd.org authored
      restore mistakenly deleted description of the
      ConnectionAttempts option ok markus@
      
      Upstream-ID: 943002b1b7c470caea3253ba7b7348c359de0348
      9a82e24b
    • naddy@openbsd.org's avatar
      upstream commit · 768405fd
      naddy@openbsd.org authored
      remove miscellaneous SSH1 leftovers; ok markus@
      
      Upstream-ID: af23696022ae4d45a1abc2fb8b490d8d9dd63b7c
      768405fd
    • jmc@openbsd.org's avatar
      upstream commit · 1a1b24f8
      jmc@openbsd.org authored
      more protocol 1 bits removed; ok djm
      
      Upstream-ID: b5b977eaf756915acb56aef3604a650e27f7c2b9
      1a1b24f8
    • jmc@openbsd.org's avatar
      upstream commit · 2b6f799e
      jmc@openbsd.org authored
      more protocol 1 stuff to go; ok djm
      
      Upstream-ID: 307a30441d2edda480fd1661d998d36665671e47
      2b6f799e
    • jmc@openbsd.org's avatar
      upstream commit · f10c0d32
      jmc@openbsd.org authored
      rsa1 is no longer valid;
      
      Upstream-ID: 9953d09ed9841c44b7dcf7019fa874783a709d89
      f10c0d32
    • jmc@openbsd.org's avatar
      upstream commit · 42b690b4
      jmc@openbsd.org authored
      add PubKeyAcceptedKeyTypes to the -o list: scp(1) has
      it, so i guess this should too;
      
      Upstream-ID: 7fab32e869ca5831d09ab0c40d210b461d527a2c
      42b690b4
    • jmc@openbsd.org's avatar
      upstream commit · d8526032
      jmc@openbsd.org authored
      remove now obsolete protocol1 options from the -o
      lists;
      
      Upstream-ID: 828e478a440bc5f9947672c392420510a362b3dd
      d8526032
    • jmc@openbsd.org's avatar
      upstream commit · 8b60ce8d
      jmc@openbsd.org authored
      more -O shuffle; ok djm
      
      Upstream-ID: c239991a3a025cdbb030b73e990188dd9bfbeceb
      8b60ce8d
    • djm@openbsd.org's avatar
      upstream commit · 3575f0b1
      djm@openbsd.org authored
      remove -1 / -2 options; pointed out by jmc@
      
      Upstream-ID: 65d2a816000741a95df1c7cfdb5fa8469fcc7daa
      3575f0b1
    • jmc@openbsd.org's avatar
      upstream commit · 4f1ca823
      jmc@openbsd.org authored
      remove options -12 from usage();
      
      Upstream-ID: db7ceef25132e63b50ed05289bf447fece1d1270
      4f1ca823
    • jmc@openbsd.org's avatar
      upstream commit · 6b84897f
      jmc@openbsd.org authored
      tidy up -O somewhat; ok djm
      
      Upstream-ID: 804405f716bf7ef15c1f36ab48581ca16aeb4d52
      6b84897f
  6. 02 May, 2017 3 commits
    • djm@openbsd.org's avatar
      upstream commit · d1c6b7fd
      djm@openbsd.org authored
      when freeing a bitmap, zero all it bytes; spotted by Ilya
      Kaliman
      
      Upstream-ID: 834ac024f2c82389d6ea6b1c7d6701b3836e28e4
      d1c6b7fd
    • djm@openbsd.org's avatar
      upstream commit · 0f163983
      djm@openbsd.org authored
      this one I did forget to "cvs rm"
      
      Upstream-ID: 5781670c0578fe89663c9085ed3ba477cf7e7913
      0f163983
    • djm@openbsd.org's avatar
      upstream commit · 21ed00a8
      djm@openbsd.org authored
      don't know why cvs didn't exterminate these the first
      time around, I use rm -f and everuthing...
      
      pointed out by sobrado@
      
      Upstream-ID: a6c44a0c2885330d322ee01fcfd7f6f209b1e15d
      21ed00a8
  7. 01 May, 2017 8 commits