1. 09 Feb, 2014 2 commits
  2. 18 Jul, 2013 1 commit
    • Damien Miller's avatar
      - jmc@cvs.openbsd.org 2013/06/27 14:05:37 · fecfd118
      Damien Miller authored
           [ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5]
           do not use Sx for sections outwith the man page - ingo informs me that
           stuff like html will render with broken links;
      
           issue reported by Eric S. Raymond, via djm
      fecfd118
  3. 23 Apr, 2013 2 commits
  4. 05 Oct, 2012 1 commit
  5. 20 Jun, 2012 1 commit
  6. 19 May, 2012 1 commit
    • Darren Tucker's avatar
      - (dtucker) OpenBSD CVS Sync · fbcf8275
      Darren Tucker authored
         - dtucker@cvs.openbsd.org 2012/05/13 01:42:32
           [servconf.h servconf.c sshd.8 sshd.c auth.c sshd_config.5]
           Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests
           to match.  Feedback and ok djm@ markus@.
      fbcf8275
  7. 02 Oct, 2011 1 commit
  8. 05 Aug, 2011 1 commit
  9. 29 May, 2011 2 commits
    • Damien Miller's avatar
      - jmc@cvs.openbsd.org 2011/05/23 07:10:21 · b9132fc4
      Damien Miller authored
           [sshd.8 sshd_config.5]
           tweak previous; ok djm
      b9132fc4
    • Damien Miller's avatar
      OpenBSD CVS Sync · d8478b6a
      Damien Miller authored
         - djm@cvs.openbsd.org 2011/05/23 03:30:07
           [auth-rsa.c auth.c auth.h auth2-pubkey.c monitor.c monitor_wrap.c pathnames.h servconf.c servconf.h sshd.8 sshd_config sshd_config.5]
           allow AuthorizedKeysFile to specify multiple files, separated by spaces.
           Bring back authorized_keys2 as a default search path (to avoid breaking
           existing users of this file), but override this in sshd_config so it will
           be no longer used on fresh installs. Maybe in 2015 we can remove it
           entierly :)
      
           feedback and ok markus@ dtucker@
      d8478b6a
  10. 04 Nov, 2010 1 commit
  11. 31 Aug, 2010 2 commits
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2010/08/31 11:54:45 · eb8b60e3
      Damien Miller authored
           [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c]
           [authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c]
           [monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c]
           [ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c]
           [ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h]
           [ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5]
           [uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c]
           Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and
           host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer
           better performance than plain DH and DSA at the same equivalent symmetric
           key length, as well as much shorter keys.
      
           Only the mandatory sections of RFC5656 are implemented, specifically the
           three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and
           ECDSA. Point compression (optional in RFC5656 is NOT implemented).
      
           Certificate host and user keys using the new ECDSA key types are supported.
      
           Note that this code has not been tested for interoperability and may be
           subject to change.
      
           feedback and ok markus@
      eb8b60e3
    • Damien Miller's avatar
      - jmc@cvs.openbsd.org 2010/08/08 19:36:30 · afdae616
      Damien Miller authored
           [ssh-keysign.8 ssh.1 sshd.8]
           use the same template for all FILES sections; i.e. -compact/.Pp where we
           have multiple items, and .Pa for path names;
      afdae616
  12. 05 Aug, 2010 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2010/08/04 05:37:01 · 7fa96602
      Damien Miller authored
           [ssh.1 ssh_config.5 sshd.8]
           Remove mentions of weird "addr/port" alternate address format for IPv6
           addresses combinations. It hasn't worked for ages and we have supported
           the more commen "[addr]:port" format for a long time. ok jmc@ markus@
      7fa96602
  13. 10 May, 2010 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2010/05/07 11:30:30 · 30da3447
      Damien Miller authored
           [auth-options.c auth-options.h auth.c auth.h auth2-pubkey.c]
           [key.c servconf.c servconf.h sshd.8 sshd_config.5]
           add some optional indirection to matching of principal names listed
           in certificates. Currently, a certificate must include the a user's name
           to be accepted for authentication. This change adds the ability to
           specify a list of certificate principal names that are acceptable.
      
           When authenticating using a CA trusted through ~/.ssh/authorized_keys,
           this adds a new principals="name1[,name2,...]" key option.
      
           For CAs listed through sshd_config's TrustedCAKeys option, a new config
           option "AuthorizedPrincipalsFile" specifies a per-user file containing
           the list of acceptable names.
      
           If either option is absent, the current behaviour of requiring the
           username to appear in principals continues to apply.
      
           These options are useful for role accounts, disjoint account namespaces
           and "user@realm"-style naming policies in certificates.
      
           feedback and ok markus@
      30da3447
  14. 05 Mar, 2010 1 commit
  15. 04 Mar, 2010 2 commits
  16. 02 Mar, 2010 1 commit
  17. 26 Feb, 2010 1 commit
    • Damien Miller's avatar
      - OpenBSD CVS Sync · 0a80ca19
      Damien Miller authored
         - djm@cvs.openbsd.org 2010/02/26 20:29:54
           [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys addrmatch.c auth-options.c]
           [auth-options.h auth.h auth2-pubkey.c authfd.c dns.c dns.h hostfile.c]
           [hostfile.h kex.h kexdhs.c kexgexs.c key.c key.h match.h monitor.c]
           [myproposal.h servconf.c servconf.h ssh-add.c ssh-agent.c ssh-dss.c]
           [ssh-keygen.1 ssh-keygen.c ssh-rsa.c ssh.1 ssh.c ssh2.h sshconnect.c]
           [sshconnect2.c sshd.8 sshd.c sshd_config.5]
           Add support for certificate key types for users and hosts.
      
           OpenSSH certificate key types are not X.509 certificates, but a much
           simpler format that encodes a public key, identity information and
           some validity constraints and signs it with a CA key. CA keys are
           regular SSH keys. This certificate style avoids the attack surface
           of X.509 certificates and is very easy to deploy.
      
           Certified host keys allow automatic acceptance of new host keys
           when a CA certificate is marked as sh/known_hosts.
           see VERIFYING HOST KEYS in ssh(1) for details.
      
           Certified user keys allow authentication of users when the signing
           CA key is marked as trusted in authorized_keys. See "AUTHORIZED_KEYS
           FILE FORMAT" in sshd(8) for details.
      
           Certificates are minted using ssh-keygen(1), documentation is in
           the "CERTIFICATES" section of that manpage.
      
           Documentation on the format of certificates is in the file
           PROTOCOL.certkeys
      
           feedback and ok markus@
      0a80ca19
  18. 02 Feb, 2010 1 commit
  19. 11 Oct, 2009 1 commit
  20. 21 Jun, 2009 1 commit
  21. 03 Nov, 2008 1 commit
  22. 02 Jul, 2008 1 commit
  23. 12 Jun, 2008 1 commit
  24. 10 Jun, 2008 3 commits
    • Darren Tucker's avatar
      - djm@cvs.openbsd.org 2008/06/10 23:06:19 · 896ad5a4
      Darren Tucker authored
           [auth-options.c match.c servconf.c addrmatch.c sshd.8]
           support CIDR address matching in .ssh/authorized_keys from="..." stanzas
           ok and extensive testing dtucker@
      896ad5a4
    • Darren Tucker's avatar
      - jmc@cvs.openbsd.org 2008/06/10 08:17:40 · e7f3f756
      Darren Tucker authored
           [sshd.8 sshd.c]
           - update usage()
           - fix SYNOPSIS, and sort options
           - some minor additional fixes
      e7f3f756
    • Darren Tucker's avatar
      - dtucker@cvs.openbsd.org 2008/06/10 04:50:25 · e7140f20
      Darren Tucker authored
           [sshd.c channels.h channels.c log.c servconf.c log.h servconf.h sshd.8]
           Add extended test mode (-T) and connection parameters for test mode (-C).
           -T causes sshd to write its effective configuration to stdout and exit.
           -C causes any relevant Match rules to be applied before output.  The
           combination allows tesing of the parser and config files.  ok deraadt djm
      e7140f20
  25. 03 Apr, 2008 1 commit
  26. 27 Mar, 2008 1 commit
  27. 26 Mar, 2008 1 commit
  28. 10 Feb, 2008 1 commit
  29. 16 Aug, 2007 1 commit
  30. 11 Jun, 2007 1 commit
    • Damien Miller's avatar
      - pvalchev@cvs.openbsd.org 2007/06/07 19:37:34 · e45796f7
      Damien Miller authored
           [kex.h mac.c mac.h monitor_wrap.c myproposal.h packet.c ssh.1]
           [ssh_config.5 sshd.8 sshd_config.5]
           Add a new MAC algorithm for data integrity, UMAC-64 (not default yet,
           must specify umac-64@openssh.com). Provides about 20% end-to-end speedup
           compared to hmac-md5. Represents a different approach to message
           authentication to that of HMAC that may be beneficial if HMAC based on
           one of its underlying hash algorithms is found to be vulnerable to a
           new attack.  http://www.ietf.org/rfc/rfc4418.txt
           in conjunction with and OK djm@
      e45796f7
  31. 05 Jun, 2007 1 commit
    • Darren Tucker's avatar
      - jmc@cvs.openbsd.org 2007/05/31 19:20:16 · aa4d5eda
      Darren Tucker authored
           [scp.1 ssh_config.5 sftp-server.8 ssh-agent.1 sshd_config.5 sftp.1
           ssh-keygen.1 ssh-keyscan.1 ssh-add.1 sshd.8 ssh.1 ssh-keysign.8]
           convert to new .Dd format;
           (We will need to teach mdoc2man.awk to understand this too.)
      aa4d5eda
  32. 21 Mar, 2007 1 commit
  33. 30 Aug, 2006 1 commit