History log of /openssh-portable/ (Results 251 - 275 of 10959)
Revision (<<< Hide revision tags) (Show revision tags >>>)Date Author Comments
(<<< Hide modified files)
(Show modified files >>>)
108676c303-Oct-2020 Philip Hands

tidy up test of $SCRATCH_DIR creation

SSH-Copy-ID-Upstream: 2d8b22d96c105d87743ffe8874887b06f8989b93

Revision tags: V_8_4_P1
a9c9e91a16-Sep-2020 Philip Hands

add -s flag: to install keys via SFTP

This is prompted by:

https://bugzilla.mindrot.org/show_bug.cgi?id=3201

Thanks go to Matthias Blümel for the idea, and the helpful pat

add -s flag: to install keys via SFTP

This is prompted by:

https://bugzilla.mindrot.org/show_bug.cgi?id=3201

Thanks go to Matthias Blümel for the idea, and the helpful patch, from
which this patch grew.

SSH-Copy-ID-Upstream: f7c76dc64427cd20287a6868f672423b62057614

show more ...

f924249711-Oct-2020 djm@openbsd.org

upstream: UpdateHostkeys: check for keys under other names

Stop UpdateHostkeys from automatically removing deprecated keys from
known_hosts files if the same keys exist under a different

upstream: UpdateHostkeys: check for keys under other names

Stop UpdateHostkeys from automatically removing deprecated keys from
known_hosts files if the same keys exist under a different name or
address to the host that is being connected to.

This avoids UpdateHostkeys from making known_hosts inconsistent in
some cases. For example, multiple host aliases sharing address-based
known_hosts on different lines, or hosts that resolves to multiple
addresses.

ok markus@

OpenBSD-Commit-ID: 6444a705ba504c3c8ccddccd8d1b94aa33bd11c1

show more ...

d98f14b511-Oct-2020 djm@openbsd.org

upstream: UpdateHostkeys: better CheckHostIP handling

When preparing to update the known_hosts file, fully check both
entries for both the host and the address (if CheckHostIP enabled)

upstream: UpdateHostkeys: better CheckHostIP handling

When preparing to update the known_hosts file, fully check both
entries for both the host and the address (if CheckHostIP enabled)
and ensure that, at the end of the operation, entries for both are
recorded.

Make sure this works with HashKnownHosts too, which requires maintaining
a list of entry-types seen across the whole file for each key.

ok markus@

OpenBSD-Commit-ID: 374dc263103f6b343d9671f87dbf81ffd0d6abdd

show more ...

af5941ae11-Oct-2020 djm@openbsd.org

upstream: UpdateHostkeys: better detect manual host entries

Disable UpdateHostkeys if the known_hosts line has more than two
entries in the pattern-list. ssh(1) only writes "host" or "ho

upstream: UpdateHostkeys: better detect manual host entries

Disable UpdateHostkeys if the known_hosts line has more than two
entries in the pattern-list. ssh(1) only writes "host" or "host,ip"
lines so anything else was added by a different tool or by a human.

ok markus@

OpenBSD-Commit-ID: e434828191fb5f3877d4887c218682825aa59820

show more ...

6247812c07-Oct-2020 djm@openbsd.org

upstream: don't misdetect comma-separated hostkey names as wildcards;

spotted by naddy@

OpenBSD-Commit-ID: 4b874edfec7fc324a21b130bdb42f912177739ce

67146c7d08-Oct-2020 wangxp006

fix TEST_MALLOC_OPTIONS var

3205eaa307-Oct-2020 djm@openbsd.org

upstream: clarify conditions for UpdateHostkeys

OpenBSD-Commit-ID: 9cba714cf6aeed769f998ccbe8c483077a618e27

e8dfca9b07-Oct-2020 djm@openbsd.org

upstream: remove GlobalKnownHostsFile for this test after

UpdateHostkeys change

OpenBSD-Regress-ID: a940ad79d59343319613ba8fc46b6ef24aa3f8e1

4aa2717d06-Oct-2020 djm@openbsd.org

upstream: Disable UpdateHostkeys when hostkey checking fails

If host key checking fails (i.e. a wrong host key is recorded for the
server) and the user elects to continue (via StrictHost

upstream: Disable UpdateHostkeys when hostkey checking fails

If host key checking fails (i.e. a wrong host key is recorded for the
server) and the user elects to continue (via StrictHostKeyChecking=no),
then disable UpdateHostkeys for the session.

reminded by Mark D. Baushke; ok markus@

OpenBSD-Commit-ID: 98b524f121f4252309dd21becd8c4cacb0c6042a

show more ...

04c06d0406-Oct-2020 djm@openbsd.org

upstream: Fix UpdateHostkeys/HashKnownHosts/CheckHostIP bug

When all of UpdateHostkeys, HashKnownHosts and ChechHostIP
were enabled and new host keys were learned, known_hosts IP
ent

upstream: Fix UpdateHostkeys/HashKnownHosts/CheckHostIP bug

When all of UpdateHostkeys, HashKnownHosts and ChechHostIP
were enabled and new host keys were learned, known_hosts IP
entries were not being recorded for new host keys.

reported by matthieu@ ok markus@

OpenBSD-Commit-ID: a654a8290bd1c930aac509e8158cf85e42e49cb7

show more ...

b70e337106-Oct-2020 djm@openbsd.org

upstream: don't UpdateHostkeys when the hostkey is verified by the

GlobalKnownHostsFile file, support only UserKnownHostsFile matches

suggested by Mark D. Baushke; feedback and ok m

upstream: don't UpdateHostkeys when the hostkey is verified by the

GlobalKnownHostsFile file, support only UserKnownHostsFile matches

suggested by Mark D. Baushke; feedback and ok markus@

OpenBSD-Commit-ID: eabb771a6add676c398d38a143a1aff5f04abbb9

show more ...

aa62314206-Oct-2020 djm@openbsd.org

upstream: revert kex->flags cert hostkey downgrade back to a plain

key (commitid VtF8vozGOF8DMKVg). We now do this a simpler way that needs less
plumbing.

ok markus@

Op

upstream: revert kex->flags cert hostkey downgrade back to a plain

key (commitid VtF8vozGOF8DMKVg). We now do this a simpler way that needs less
plumbing.

ok markus@

OpenBSD-Commit-ID: fb92d25b216bff8c136da818ac2221efaadf18ed

show more ...

f4f14e0206-Oct-2020 djm@openbsd.org

upstream: simply disable UpdateHostkeys when a certificate

successfully authenticated the host; simpler than the complicated plumbing
via kex->flags we have now.

ok markus@

upstream: simply disable UpdateHostkeys when a certificate

successfully authenticated the host; simpler than the complicated plumbing
via kex->flags we have now.

ok markus@

OpenBSD-Commit-ID: 80e39644eed75717d563a7f177e8117a0e14f42c

show more ...

e79957e806-Oct-2020 djm@openbsd.org

upstream: disable UpdateHostkeys by default if VerifyHostKeyDNS is

enabled; suggested by Mark D. Baushke

OpenBSD-Commit-ID: 85a1b88592c81bc85df7ee7787dbbe721a0542bf

3d4c201606-Oct-2020 dtucker@openbsd.org

upstream: Agent protocol draft is now at rev 4. ok djm@

OpenBSD-Commit-ID: 8c01ea3aae48aab45e01b7421b0fca2dad5e7837

af889a4004-Oct-2020 djm@openbsd.org

upstream: when ordering host key algorithms in the client, consider

the ECDSA key subtype; ok markus@

OpenBSD-Commit-ID: 3097686f853c61ff61772ea35f8b699931392ece

2d39fc9f03-Oct-2020 dtucker@openbsd.org

upstream: Allow full range of UIDs and GIDs for sftp chown and

chgrp on 32bit platforms instead of being limited by LONG_MAX. bz#3206,
found by booking00 at sina.cn, ok markus@

upstream: Allow full range of UIDs and GIDs for sftp chown and

chgrp on 32bit platforms instead of being limited by LONG_MAX. bz#3206,
found by booking00 at sina.cn, ok markus@

OpenBSD-Commit-ID: 373b7bbf1f15ae482d39567ce30d18b51c9229b5

show more ...

396d32f303-Oct-2020 djm@openbsd.org

upstream: There are lots of place where we want to redirect stdin,

stdout and/or stderr to /dev/null. Factor all these out to a single
stdfd_devnull() function that allows selection of w

upstream: There are lots of place where we want to redirect stdin,

stdout and/or stderr to /dev/null. Factor all these out to a single
stdfd_devnull() function that allows selection of which of these to redirect.
ok markus@

OpenBSD-Commit-ID: 3033ba5a4c47cacfd5def020d42cabc52fad3099

show more ...

1286981d03-Oct-2020 djm@openbsd.org

upstream: enable UpdateHostkeys by default when the configuration

has not overridden UserKnownHostsFile; ok markus@ "The timing is perfect"
deraadt@

OpenBSD-Commit-ID: 62df71c9c

upstream: enable UpdateHostkeys by default when the configuration

has not overridden UserKnownHostsFile; ok markus@ "The timing is perfect"
deraadt@

OpenBSD-Commit-ID: 62df71c9c5242da5763cb473c2a2deefbd0cef60

show more ...

332f215303-Oct-2020 djm@openbsd.org

upstream: disable UpdateHostkeys when a wildcard hostname pattern

is encountered or when a certificate host key is in use. feedback/ok markus@

OpenBSD-Commit-ID: b6e5575af7e6732322b

upstream: disable UpdateHostkeys when a wildcard hostname pattern

is encountered or when a certificate host key is in use. feedback/ok markus@

OpenBSD-Commit-ID: b6e5575af7e6732322be82ec299e09051a5413bd

show more ...

13cee44e03-Oct-2020 djm@openbsd.org

upstream: record when the host key checking code downgrades a

certificate host key to a plain key. This occurs when the user connects to a
host with a certificate host key but no corresp

upstream: record when the host key checking code downgrades a

certificate host key to a plain key. This occurs when the user connects to a
host with a certificate host key but no corresponding CA key configured in
known_hosts; feedback and ok markus@

OpenBSD-Commit-ID: 2ada81853ff9ee7824c62f440bcf4ad62030c901

show more ...

12ae8f9503-Oct-2020 djm@openbsd.org

upstream: prefer ed25519 signature algorithm variants to ECDSA; ok

markus@

OpenBSD-Commit-ID: 82187926fca96d35a5b5afbc091afa84e0966e5b

e5ed753a02-Oct-2020 djm@openbsd.org

upstream: want time.h here too

OpenBSD-Commit-ID: fafee8f1108c64ad8b282f9a1ed5ea830d8c58a7

66bd9fdf02-Oct-2020 deraadt@openbsd.org

upstream: split introductory paragraph, and insert ominous words about

the glob issue, which cannot be fully fixed and really requires completely
replacing scp with a completely differen

upstream: split introductory paragraph, and insert ominous words about

the glob issue, which cannot be fully fixed and really requires completely
replacing scp with a completely different subsystem. team effort to find the
right words..

OpenBSD-Commit-ID: 58e1f72d292687f63eb357183036ee242513691c

show more ...

1...<<11121314151617181920>>...439