108676c3 | 03-Oct-2020 |
Philip Hands |
tidy up test of $SCRATCH_DIR creation SSH-Copy-ID-Upstream: 2d8b22d96c105d87743ffe8874887b06f8989b93 |
Revision tags: V_8_4_P1 |
|
a9c9e91a | 16-Sep-2020 |
Philip Hands |
add -s flag: to install keys via SFTP This is prompted by: https://bugzilla.mindrot.org/show_bug.cgi?id=3201 Thanks go to Matthias Blümel for the idea, and the helpful pat
add -s flag: to install keys via SFTP This is prompted by: https://bugzilla.mindrot.org/show_bug.cgi?id=3201 Thanks go to Matthias Blümel for the idea, and the helpful patch, from which this patch grew. SSH-Copy-ID-Upstream: f7c76dc64427cd20287a6868f672423b62057614
show more ...
|
f9242497 | 11-Oct-2020 |
djm@openbsd.org |
upstream: UpdateHostkeys: check for keys under other names Stop UpdateHostkeys from automatically removing deprecated keys from known_hosts files if the same keys exist under a different
upstream: UpdateHostkeys: check for keys under other names Stop UpdateHostkeys from automatically removing deprecated keys from known_hosts files if the same keys exist under a different name or address to the host that is being connected to. This avoids UpdateHostkeys from making known_hosts inconsistent in some cases. For example, multiple host aliases sharing address-based known_hosts on different lines, or hosts that resolves to multiple addresses. ok markus@ OpenBSD-Commit-ID: 6444a705ba504c3c8ccddccd8d1b94aa33bd11c1
show more ...
|
d98f14b5 | 11-Oct-2020 |
djm@openbsd.org |
upstream: UpdateHostkeys: better CheckHostIP handling When preparing to update the known_hosts file, fully check both entries for both the host and the address (if CheckHostIP enabled)
upstream: UpdateHostkeys: better CheckHostIP handling When preparing to update the known_hosts file, fully check both entries for both the host and the address (if CheckHostIP enabled) and ensure that, at the end of the operation, entries for both are recorded. Make sure this works with HashKnownHosts too, which requires maintaining a list of entry-types seen across the whole file for each key. ok markus@ OpenBSD-Commit-ID: 374dc263103f6b343d9671f87dbf81ffd0d6abdd
show more ...
|
af5941ae | 11-Oct-2020 |
djm@openbsd.org |
upstream: UpdateHostkeys: better detect manual host entries Disable UpdateHostkeys if the known_hosts line has more than two entries in the pattern-list. ssh(1) only writes "host" or "ho
upstream: UpdateHostkeys: better detect manual host entries Disable UpdateHostkeys if the known_hosts line has more than two entries in the pattern-list. ssh(1) only writes "host" or "host,ip" lines so anything else was added by a different tool or by a human. ok markus@ OpenBSD-Commit-ID: e434828191fb5f3877d4887c218682825aa59820
show more ...
|
6247812c | 07-Oct-2020 |
djm@openbsd.org |
upstream: don't misdetect comma-separated hostkey names as wildcards; spotted by naddy@ OpenBSD-Commit-ID: 4b874edfec7fc324a21b130bdb42f912177739ce |
67146c7d | 08-Oct-2020 |
wangxp006 |
fix TEST_MALLOC_OPTIONS var |
3205eaa3 | 07-Oct-2020 |
djm@openbsd.org |
upstream: clarify conditions for UpdateHostkeys OpenBSD-Commit-ID: 9cba714cf6aeed769f998ccbe8c483077a618e27 |
e8dfca9b | 07-Oct-2020 |
djm@openbsd.org |
upstream: remove GlobalKnownHostsFile for this test after UpdateHostkeys change OpenBSD-Regress-ID: a940ad79d59343319613ba8fc46b6ef24aa3f8e1 |
4aa2717d | 06-Oct-2020 |
djm@openbsd.org |
upstream: Disable UpdateHostkeys when hostkey checking fails If host key checking fails (i.e. a wrong host key is recorded for the server) and the user elects to continue (via StrictHost
upstream: Disable UpdateHostkeys when hostkey checking fails If host key checking fails (i.e. a wrong host key is recorded for the server) and the user elects to continue (via StrictHostKeyChecking=no), then disable UpdateHostkeys for the session. reminded by Mark D. Baushke; ok markus@ OpenBSD-Commit-ID: 98b524f121f4252309dd21becd8c4cacb0c6042a
show more ...
|
04c06d04 | 06-Oct-2020 |
djm@openbsd.org |
upstream: Fix UpdateHostkeys/HashKnownHosts/CheckHostIP bug When all of UpdateHostkeys, HashKnownHosts and ChechHostIP were enabled and new host keys were learned, known_hosts IP ent
upstream: Fix UpdateHostkeys/HashKnownHosts/CheckHostIP bug When all of UpdateHostkeys, HashKnownHosts and ChechHostIP were enabled and new host keys were learned, known_hosts IP entries were not being recorded for new host keys. reported by matthieu@ ok markus@ OpenBSD-Commit-ID: a654a8290bd1c930aac509e8158cf85e42e49cb7
show more ...
|
b70e3371 | 06-Oct-2020 |
djm@openbsd.org |
upstream: don't UpdateHostkeys when the hostkey is verified by the GlobalKnownHostsFile file, support only UserKnownHostsFile matches suggested by Mark D. Baushke; feedback and ok m
upstream: don't UpdateHostkeys when the hostkey is verified by the GlobalKnownHostsFile file, support only UserKnownHostsFile matches suggested by Mark D. Baushke; feedback and ok markus@ OpenBSD-Commit-ID: eabb771a6add676c398d38a143a1aff5f04abbb9
show more ...
|
aa623142 | 06-Oct-2020 |
djm@openbsd.org |
upstream: revert kex->flags cert hostkey downgrade back to a plain key (commitid VtF8vozGOF8DMKVg). We now do this a simpler way that needs less plumbing. ok markus@ Op
upstream: revert kex->flags cert hostkey downgrade back to a plain key (commitid VtF8vozGOF8DMKVg). We now do this a simpler way that needs less plumbing. ok markus@ OpenBSD-Commit-ID: fb92d25b216bff8c136da818ac2221efaadf18ed
show more ...
|
f4f14e02 | 06-Oct-2020 |
djm@openbsd.org |
upstream: simply disable UpdateHostkeys when a certificate successfully authenticated the host; simpler than the complicated plumbing via kex->flags we have now. ok markus@
upstream: simply disable UpdateHostkeys when a certificate successfully authenticated the host; simpler than the complicated plumbing via kex->flags we have now. ok markus@ OpenBSD-Commit-ID: 80e39644eed75717d563a7f177e8117a0e14f42c
show more ...
|
e79957e8 | 06-Oct-2020 |
djm@openbsd.org |
upstream: disable UpdateHostkeys by default if VerifyHostKeyDNS is enabled; suggested by Mark D. Baushke OpenBSD-Commit-ID: 85a1b88592c81bc85df7ee7787dbbe721a0542bf |
3d4c2016 | 06-Oct-2020 |
dtucker@openbsd.org |
upstream: Agent protocol draft is now at rev 4. ok djm@ OpenBSD-Commit-ID: 8c01ea3aae48aab45e01b7421b0fca2dad5e7837 |
af889a40 | 04-Oct-2020 |
djm@openbsd.org |
upstream: when ordering host key algorithms in the client, consider the ECDSA key subtype; ok markus@ OpenBSD-Commit-ID: 3097686f853c61ff61772ea35f8b699931392ece |
2d39fc9f | 03-Oct-2020 |
dtucker@openbsd.org |
upstream: Allow full range of UIDs and GIDs for sftp chown and chgrp on 32bit platforms instead of being limited by LONG_MAX. bz#3206, found by booking00 at sina.cn, ok markus@
upstream: Allow full range of UIDs and GIDs for sftp chown and chgrp on 32bit platforms instead of being limited by LONG_MAX. bz#3206, found by booking00 at sina.cn, ok markus@ OpenBSD-Commit-ID: 373b7bbf1f15ae482d39567ce30d18b51c9229b5
show more ...
|
396d32f3 | 03-Oct-2020 |
djm@openbsd.org |
upstream: There are lots of place where we want to redirect stdin, stdout and/or stderr to /dev/null. Factor all these out to a single stdfd_devnull() function that allows selection of w
upstream: There are lots of place where we want to redirect stdin, stdout and/or stderr to /dev/null. Factor all these out to a single stdfd_devnull() function that allows selection of which of these to redirect. ok markus@ OpenBSD-Commit-ID: 3033ba5a4c47cacfd5def020d42cabc52fad3099
show more ...
|
1286981d | 03-Oct-2020 |
djm@openbsd.org |
upstream: enable UpdateHostkeys by default when the configuration has not overridden UserKnownHostsFile; ok markus@ "The timing is perfect" deraadt@ OpenBSD-Commit-ID: 62df71c9c
upstream: enable UpdateHostkeys by default when the configuration has not overridden UserKnownHostsFile; ok markus@ "The timing is perfect" deraadt@ OpenBSD-Commit-ID: 62df71c9c5242da5763cb473c2a2deefbd0cef60
show more ...
|
332f2153 | 03-Oct-2020 |
djm@openbsd.org |
upstream: disable UpdateHostkeys when a wildcard hostname pattern is encountered or when a certificate host key is in use. feedback/ok markus@ OpenBSD-Commit-ID: b6e5575af7e6732322b
upstream: disable UpdateHostkeys when a wildcard hostname pattern is encountered or when a certificate host key is in use. feedback/ok markus@ OpenBSD-Commit-ID: b6e5575af7e6732322be82ec299e09051a5413bd
show more ...
|
13cee44e | 03-Oct-2020 |
djm@openbsd.org |
upstream: record when the host key checking code downgrades a certificate host key to a plain key. This occurs when the user connects to a host with a certificate host key but no corresp
upstream: record when the host key checking code downgrades a certificate host key to a plain key. This occurs when the user connects to a host with a certificate host key but no corresponding CA key configured in known_hosts; feedback and ok markus@ OpenBSD-Commit-ID: 2ada81853ff9ee7824c62f440bcf4ad62030c901
show more ...
|
12ae8f95 | 03-Oct-2020 |
djm@openbsd.org |
upstream: prefer ed25519 signature algorithm variants to ECDSA; ok markus@ OpenBSD-Commit-ID: 82187926fca96d35a5b5afbc091afa84e0966e5b |
e5ed753a | 02-Oct-2020 |
djm@openbsd.org |
upstream: want time.h here too OpenBSD-Commit-ID: fafee8f1108c64ad8b282f9a1ed5ea830d8c58a7 |
66bd9fdf | 02-Oct-2020 |
deraadt@openbsd.org |
upstream: split introductory paragraph, and insert ominous words about the glob issue, which cannot be fully fixed and really requires completely replacing scp with a completely differen
upstream: split introductory paragraph, and insert ominous words about the glob issue, which cannot be fully fixed and really requires completely replacing scp with a completely different subsystem. team effort to find the right words.. OpenBSD-Commit-ID: 58e1f72d292687f63eb357183036ee242513691c
show more ...
|