History log of /openssh-portable/readconf.h (Results 1 - 25 of 244)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
# 793b583d 16-Oct-2020 djm@openbsd.org

upstream: LogVerbose keyword for ssh and sshd

Allows forcing maximum debug logging by file/function/line pattern-
lists.

ok markus@

OpenBSD-Commit-ID: c294c25732d1b4fe7

upstream: LogVerbose keyword for ssh and sshd

Allows forcing maximum debug logging by file/function/line pattern-
lists.

ok markus@

OpenBSD-Commit-ID: c294c25732d1b4fe7e345cb3e044df00531a6356

show more ...


Revision tags: V_8_4_P1
# d0a195c8 11-Aug-2020 djm@openbsd.org

upstream: let ssh_config(5)'s AddKeysToAgent keyword accept a time

limit for keys in addition to its current flag options. Time-limited keys
will automatically be removed from ssh-agent

upstream: let ssh_config(5)'s AddKeysToAgent keyword accept a time

limit for keys in addition to its current flag options. Time-limited keys
will automatically be removed from ssh-agent after their expiry time has
passed; ok markus@

OpenBSD-Commit-ID: 792e71cacbbc25faab5424cf80bee4a006119f94

show more ...


Revision tags: V_8_3_P1
# ed833da1 02-Apr-2020 dtucker@openbsd.org

upstream: Make with config keywords support which

percent_expansions more consistent. - %C is moved into its own function and
added to Match Exec. - move the common (global) options in

upstream: Make with config keywords support which

percent_expansions more consistent. - %C is moved into its own function and
added to Match Exec. - move the common (global) options into a macro. This
is ugly but it's the least-ugly way I could come up with. - move
IdentityAgent and ForwardAgent percent expansion to before the config dump
to make it regression-testable. - document all of the above

ok jmc@ for man page bits, "makes things less terrible" djm@ for the rest.

OpenBSD-Commit-ID: 4b65664bd6d8ae2a9afaf1a2438ddd1b614b1d75

show more ...


Revision tags: V_8_2_P1
# c4b3a128 22-Jan-2020 dtucker@openbsd.org

upstream: Remove unsupported algorithms from list of defaults at run

time and remove ifdef and distinct settings for OPENSSL=no case.

This will make things much simpler for -portabl

upstream: Remove unsupported algorithms from list of defaults at run

time and remove ifdef and distinct settings for OPENSSL=no case.

This will make things much simpler for -portable where the exact set
of algos depends on the configuration of both OpenSSH and the libcrypto
it's linked against (if any). ok djm@

OpenBSD-Commit-ID: e0116d0183dcafc7a9c40ba5fe9127805c5dfdd2

show more ...


# 40be78f5 20-Dec-2019 djm@openbsd.org

upstream: Allow forwarding a different agent socket to the path

specified by $SSH_AUTH_SOCK, by extending the existing ForwardAgent option to
accepting an explicit path or the name of an

upstream: Allow forwarding a different agent socket to the path

specified by $SSH_AUTH_SOCK, by extending the existing ForwardAgent option to
accepting an explicit path or the name of an environment variable in addition
to yes/no.

Patch by Eric Chiang, manpage by me; ok markus@

OpenBSD-Commit-ID: 98f2ed80bf34ea54d8b2ddd19ac14ebbf40e9265

show more ...


# 884416bd 31-Oct-2019 djm@openbsd.org

upstream: ssh client support for U2F/FIDO keys

OpenBSD-Commit-ID: eb2cfa6cf7419a1895e06e398ea6d41516c5b0bc


Revision tags: V_8_1_P1, V_8_0_P1
# 9e34e0c5 23-Nov-2018 djm@openbsd.org

upstream: add a ssh_config "Match final" predicate

Matches in same pass as "Match canonical" but doesn't require
hostname canonicalisation be enabled. bz#2906 ok markus

OpenBSD-

upstream: add a ssh_config "Match final" predicate

Matches in same pass as "Match canonical" but doesn't require
hostname canonicalisation be enabled. bz#2906 ok markus

OpenBSD-Commit-ID: fba1dfe9f6e0cabcd0e2b3be13f7a434199beffa

show more ...


Revision tags: V_7_9_P1
# ecac7e1f 19-Sep-2018 djm@openbsd.org

upstream: add CASignatureAlgorithms option for the client, allowing

it to specify which signature algorithms may be used by CAs when signing
certificates. Useful if you want to ban RSA/S

upstream: add CASignatureAlgorithms option for the client, allowing

it to specify which signature algorithms may be used by CAs when signing
certificates. Useful if you want to ban RSA/SHA1; ok markus@

OpenBSD-Commit-ID: 9159e5e9f67504829bf53ff222057307a6e3230f

show more ...


Revision tags: V_7_8_P1
# 95d41e90 19-Jul-2018 dtucker@openbsd.org

upstream: Deprecate UsePrivilegedPort now that support for running

ssh(1) setuid has been removed, remove supporting code and clean up
references to it in the man pages

We have

upstream: Deprecate UsePrivilegedPort now that support for running

ssh(1) setuid has been removed, remove supporting code and clean up
references to it in the man pages

We have not shipped ssh(1) the setuid bit since 2002. If ayone
really needs to make connections from a low port number this can
be implemented via a small setuid ProxyCommand.

ok markus@ jmc@ djm@

OpenBSD-Commit-ID: d03364610b7123ae4c6792f5274bd147b6de717e

show more ...


# 7082bb58 08-Jun-2018 djm@openbsd.org

upstream: add a SetEnv directive to ssh_config that allows setting

environment variables for the remote session (subject to the server accepting
them)

refactor SendEnv to remove

upstream: add a SetEnv directive to ssh_config that allows setting

environment variables for the remote session (subject to the server accepting
them)

refactor SendEnv to remove the arbitrary limit of variable names.

ok markus@

OpenBSD-Commit-ID: cfbb00d9b0e10c1ffff1d83424351fd961d1f2be

show more ...


Revision tags: V_7_7_P1
# ac2e3026 22-Feb-2018 djm@openbsd.org

upstream: Add BindInterface ssh_config directive and -B

command-line argument to ssh(1) that directs it to bind its outgoing
connection to the address of the specified network interface.

upstream: Add BindInterface ssh_config directive and -B

command-line argument to ssh(1) that directs it to bind its outgoing
connection to the address of the specified network interface.

BindInterface prefers to use addresses that aren't loopback or link-
local, but will fall back to those if no other addresses of the
required family are available on that interface.

Based on patch by Mike Manning in bz#2820, ok dtucker@

OpenBSD-Commit-ID: c5064d285c2851f773dd736a2c342aa384fbf713

show more ...


# 887669ef 21-Oct-2017 millert@openbsd.org

upstream commit

Add URI support to ssh, sftp and scp. For example
ssh://user@host or sftp://user@host/path. The connection parameters
described in draft-ietf-secsh-scp-sftp-ssh-uri

upstream commit

Add URI support to ssh, sftp and scp. For example
ssh://user@host or sftp://user@host/path. The connection parameters
described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since
the ssh fingerprint format in the draft uses md5 with no way to specify the
hash function type. OK djm@

Upstream-ID: 4ba3768b662d6722de59e6ecb00abf2d4bf9cacc

show more ...


Revision tags: V_7_6_P1
# 22376d27 03-Sep-2017 djm@openbsd.org

upstream commit

Expand ssh_config's StrictModes option with two new
settings:

StrictModes=accept-new will automatically accept hitherto-unseen keys
but will refuse connectio

upstream commit

Expand ssh_config's StrictModes option with two new
settings:

StrictModes=accept-new will automatically accept hitherto-unseen keys
but will refuse connections for changed or invalid hostkeys.

StrictModes=off is the same as StrictModes=no

Motivation:

StrictModes=no combines two behaviours for host key processing:
automatically learning new hostkeys and continuing to connect to hosts
with invalid/changed hostkeys. The latter behaviour is quite dangerous
since it removes most of the protections the SSH protocol is supposed to
provide.

Quite a few users want to automatically learn hostkeys however, so
this makes that feature available with less danger.

At some point in the future, StrictModes=no will change to be a synonym
for accept-new, with its current behaviour remaining available via
StrictModes=off.

bz#2400, suggested by Michael Samuel; ok markus

Upstream-ID: 0f55502bf75fc93a74fb9853264a8276b9680b64

show more ...


# 1112b534 30-May-2017 bluhm@openbsd.org

upstream commit

Add RemoteCommand option to specify a command in the
ssh config file instead of giving it on the client's command line. This
command will be executed on the remote h

upstream commit

Add RemoteCommand option to specify a command in the
ssh config file instead of giving it on the client's command line. This
command will be executed on the remote host. The feature allows to automate
tasks using ssh config. OK markus@

Upstream-ID: 5d982fc17adea373a9c68cae1021ce0a0904a5ee

show more ...


# 788ac799 30-Apr-2017 djm@openbsd.org

upstream commit

remove SSHv1 configuration options and man pages bits

ok markus@

Upstream-ID: 84638c23546c056727b7a7d653c72574e0f19424


# cdccebdf 30-Apr-2017 djm@openbsd.org

upstream commit

remove SSHv1 ciphers; ok markus@

Upstream-ID: e5ebc5e540d7f23a8c1266db1839794d4d177890


# 99f95ba8 30-Apr-2017 djm@openbsd.org

upstream commit

remove options.protocol and client Protocol
configuration knob

ok markus@

Upstream-ID: 5a967f5d06e2d004b0235457b6de3a9a314e9366


# 68d3a2a0 27-Apr-2017 dtucker@openbsd.org

upstream commit

Add SyslogFacility option to ssh(1) matching the
equivalent option in sshd(8). bz#2705, patch from erahn at arista.com, ok
djm@

Upstream-ID: d5115c2c0193ceb

upstream commit

Add SyslogFacility option to ssh(1) matching the
equivalent option in sshd(8). bz#2705, patch from erahn at arista.com, ok
djm@

Upstream-ID: d5115c2c0193ceb056ed857813b2a7222abda9ed

show more ...


Revision tags: V_7_5_P1, V_7_4_P1, V_7_3_P1
# ed877ef6 14-Jul-2016 djm@openbsd.org

upstream commit

Add a ProxyJump ssh_config(5) option and corresponding -J
ssh(1) command-line flag to allow simplified indirection through a SSH
bastion or "jump host".

Thes

upstream commit

Add a ProxyJump ssh_config(5) option and corresponding -J
ssh(1) command-line flag to allow simplified indirection through a SSH
bastion or "jump host".

These options construct a proxy command that connects to the
specified jump host(s) (more than one may be specified) and uses
port-forwarding to establish a connection to the next destination.

This codifies the safest way of indirecting connections through SSH
servers and makes it easy to use.

ok markus@

Upstream-ID: fa899cb8b26d889da8f142eb9774c1ea36b04397

show more ...


# 8543ff3f 02-Jun-2016 dtucker@openbsd.org

upstream commit

Move the host and port used by ssh -W into the Options
struct. This will make future changes a bit easier. ok djm@

Upstream-ID: 151bce5ecab2fbedf0d836250a27968

upstream commit

Move the host and port used by ssh -W into the Options
struct. This will make future changes a bit easier. ok djm@

Upstream-ID: 151bce5ecab2fbedf0d836250a27968d30389382

show more ...


# b02ad1ce 04-May-2016 markus@openbsd.org

upstream commit

IdentityAgent for specifying specific agent sockets; ok
djm@

Upstream-ID: 3e6a15eb89ea0fd406f108826b7dc7dec4fbfac1


# dc7990be 14-Apr-2016 djm@openbsd.org

upstream commit

Include directive for ssh_config(5); feedback & ok markus@

Upstream-ID: ae3b76e2e343322b9f74acde6f1e1c5f027d5fff


Revision tags: V_7_2_P2, V_7_2_P1
# a3068638 14-Jan-2016 markus@openbsd.org

upstream commit

remove roaming support; ok djm@

Upstream-ID: 2cab8f4b197bc95776fb1c8dc2859dad0c64dc56


Revision tags: V_7_1_P2
# f361df47 15-Nov-2015 jcs@openbsd.org

upstream commit

Add an AddKeysToAgent client option which can be set to
'yes', 'no', 'ask', or 'confirm', and defaults to 'no'. When enabled, a
private key that is used during aut

upstream commit

Add an AddKeysToAgent client option which can be set to
'yes', 'no', 'ask', or 'confirm', and defaults to 'no'. When enabled, a
private key that is used during authentication will be added to ssh-agent if
it is running (with confirmation enabled if set to 'confirm').

Initial version from Joachim Schipper many years ago.

ok markus@

Upstream-ID: a680db2248e8064ec55f8be72d539458c987d5f4

show more ...


# 4e44a79a 24-Sep-2015 djm@openbsd.org

upstream commit

add ssh_config CertificateFile option to explicitly list
a certificate; patch from Meghana Bhat on bz#2436; ok markus@

Upstream-ID: 58648ec53c510b41c1f46d8fe293

upstream commit

add ssh_config CertificateFile option to explicitly list
a certificate; patch from Meghana Bhat on bz#2436; ok markus@

Upstream-ID: 58648ec53c510b41c1f46d8fe293aadc87229ab8

show more ...


12345678910