1. 24 Nov, 2015 2 commits
  2. 22 May, 2015 1 commit
    • djm@openbsd.org's avatar
      upstream commit · f9487374
      djm@openbsd.org authored
      mention ssh-keygen -E for comparing legacy MD5
       fingerprints; bz#2332
      
      Upstream-ID: 079a3669549041dbf10dbc072d9563f0dc3b2859
      f9487374
  3. 08 May, 2015 1 commit
    • dtucker@openbsd.org's avatar
      upstream commit · f8484dac
      dtucker@openbsd.org authored
      Clarify pseudo-terminal request behaviour and use
       "pseudo-terminal" consistently.  bz#1716, ok jmc@ "I like it" deraadt@.
      f8484dac
  4. 03 Mar, 2015 1 commit
    • djm@openbsd.org's avatar
      upstream commit · 68d2dfc4
      djm@openbsd.org authored
      Allow "ssh -Q protocol-version" to list supported SSH
       protocol versions. Useful for detecting builds without SSH v.1 support; idea
       and ok markus@
      68d2dfc4
  5. 30 Jan, 2015 1 commit
    • djm@openbsd.org's avatar
      upstream commit · 46347ed5
      djm@openbsd.org authored
      Add a ssh_config HostbasedKeyType option to control which
       host public key types are tried during hostbased authentication.
      
      This may be used to prevent too many keys being sent to the server,
      and blowing past its MaxAuthTries limit.
      
      bz#2211 based on patch by Iain Morgan; ok markus@
      46347ed5
  6. 26 Jan, 2015 1 commit
    • djm@openbsd.org's avatar
      upstream commit · 1d1092bf
      djm@openbsd.org authored
      correct description of UpdateHostKeys in ssh_config.5 and
       add it to -o lists for ssh, scp and sftp; pointed out by jmc@
      1d1092bf
  7. 08 Jan, 2015 1 commit
  8. 21 Dec, 2014 1 commit
    • djm@openbsd.org's avatar
      upstream commit · 56d1c83c
      djm@openbsd.org authored
      Add FingerprintHash option to control algorithm used for
       key fingerprints. Default changes from MD5 to SHA256 and format from hex to
       base64.
      
      Feedback and ok naddy@ markus@
      56d1c83c
  9. 20 Oct, 2014 1 commit
  10. 13 Oct, 2014 2 commits
    • djm@openbsd.org's avatar
      upstream commit · 957fbceb
      djm@openbsd.org authored
      Tweak config reparsing with host canonicalisation
      
      Make the second pass through the config files always run when
      hostname canonicalisation is enabled.
      
      Add a "Match canonical" criteria that allows ssh_config Match
      blocks to trigger only in the second config pass.
      
      Add a -G option to ssh that causes it to parse its configuration
      and dump the result to stdout, similar to "sshd -T"
      
      Allow ssh_config Port options set in the second config parse
      phase to be applied (they were being ignored).
      
      bz#2267 bz#2286; ok markus
      957fbceb
    • sobrado@openbsd.org's avatar
      upstream commit · f70b22bc
      sobrado@openbsd.org authored
      improve capitalization for the Ed25519 public-key
       signature system.
      
      ok djm@
      f70b22bc
  11. 30 Jul, 2014 1 commit
    • Damien Miller's avatar
      - OpenBSD CVS Sync · a8a0f65c
      Damien Miller authored
         - millert@cvs.openbsd.org 2014/07/24 22:57:10
           [ssh.1]
           Mention UNIX-domain socket forwarding too.  OK jmc@ deraadt@
      a8a0f65c
  12. 18 Jul, 2014 1 commit
  13. 03 Jul, 2014 1 commit
  14. 20 Apr, 2014 2 commits
  15. 18 Dec, 2013 1 commit
  16. 04 Dec, 2013 2 commits
    • Damien Miller's avatar
      - jmc@cvs.openbsd.org 2013/11/26 12:14:54 · bdb352a5
      Damien Miller authored
           [ssh.1 ssh.c]
           - put -Q in the right place
           - Ar was a poor choice for the arguments to -Q. i've chosen an
             admittedly equally poor Cm, at least consistent with the rest
             of the docs. also no need for multiple instances
           - zap a now redundant Nm
           - usage() sync
      bdb352a5
    • Damien Miller's avatar
      - deraadt@cvs.openbsd.org 2013/11/25 18:04:21 · d937dc08
      Damien Miller authored
           [ssh.1 ssh.c]
           improve -Q usage and such.  One usage change is that the option is now
           case-sensitive
           ok dtucker markus djm
      d937dc08
  17. 21 Nov, 2013 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2013/11/21 00:45:44 · 0fde8acd
      Damien Miller authored
           [Makefile.in PROTOCOL PROTOCOL.chacha20poly1305 authfile.c chacha.c]
           [chacha.h cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h]
           [dh.c myproposal.h packet.c poly1305.c poly1305.h servconf.c ssh.1]
           [ssh.c ssh_config.5 sshd_config.5] Add a new protocol 2 transport
           cipher "chacha20-poly1305@openssh.com" that combines Daniel
           Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an
           authenticated encryption mode.
      
           Inspired by and similar to Adam Langley's proposal for TLS:
           http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03
           but differs in layout used for the MAC calculation and the use of a
           second ChaCha20 instance to separately encrypt packet lengths.
           Details are in the PROTOCOL.chacha20poly1305 file.
      
           Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC
           ok markus@ naddy@
      0fde8acd
  18. 17 Oct, 2013 3 commits
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2013/10/16 22:49:39 · 3850559b
      Damien Miller authored
           [readconf.c readconf.h ssh.1 ssh.c ssh_config.5]
           s/canonicalise/canonicalize/ for consistency with existing spelling,
           e.g. authorized_keys; pointed out by naddy@
      3850559b
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2013/10/16 02:31:47 · 0faf747e
      Damien Miller authored
           [readconf.c readconf.h roaming_client.c ssh.1 ssh.c ssh_config.5]
           [sshconnect.c sshconnect.h]
           Implement client-side hostname canonicalisation to allow an explicit
           search path of domain suffixes to use to convert unqualified host names
           to fully-qualified ones for host key matching.
           This is particularly useful for host certificates, which would otherwise
           need to list unqualified names alongside fully-qualified ones (and this
           causes a number of problems).
           "looks fine" markus@
      0faf747e
    • Damien Miller's avatar
      - jmc@cvs.openbsd.org 2013/10/15 14:10:25 · d77b81f8
      Damien Miller authored
           [ssh.1 ssh_config.5]
           tweak previous;
      d77b81f8
  19. 20 Aug, 2013 2 commits
  20. 18 Jul, 2013 2 commits
  21. 23 Apr, 2013 2 commits
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2013/04/19 01:06:50 · ea11119e
      Damien Miller authored
           [authfile.c cipher.c cipher.h kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c]
           [key.c key.h mac.c mac.h packet.c ssh.1 ssh.c]
           add the ability to query supported ciphers, MACs, key type and KEX
           algorithms to ssh. Includes some refactoring of KEX and key type handling
           to be table-driven; ok markus@
      ea11119e
    • Damien Miller's avatar
      - dtucker@cvs.openbsd.org 2013/04/07 02:10:33 · 03d4d7e6
      Damien Miller authored
           [log.c log.h ssh.1 ssh.c sshd.8 sshd.c]
           Add -E option to ssh and sshd to append debugging logs to a specified file
           instead of stderr or syslog.  ok markus@, man page help jmc@
      03d4d7e6
  22. 05 Oct, 2012 2 commits
  23. 07 Sep, 2012 1 commit
  24. 06 Sep, 2012 1 commit
  25. 20 Jun, 2012 2 commits
  26. 22 Apr, 2012 1 commit
  27. 22 Sep, 2011 3 commits