History log of /openssh-portable/readconf.h (Results 1 - 25 of 238)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
# 9e34e0c5 23-Nov-2018 djm@openbsd.org

upstream: add a ssh_config "Match final" predicate

Matches in same pass as "Match canonical" but doesn't require
hostname canonicalisation be enabled. bz#2906 ok markus

OpenBSD-

upstream: add a ssh_config "Match final" predicate

Matches in same pass as "Match canonical" but doesn't require
hostname canonicalisation be enabled. bz#2906 ok markus

OpenBSD-Commit-ID: fba1dfe9f6e0cabcd0e2b3be13f7a434199beffa

show more ...


Revision tags: V_7_9_P1
# ecac7e1f 19-Sep-2018 djm@openbsd.org

upstream: add CASignatureAlgorithms option for the client, allowing

it to specify which signature algorithms may be used by CAs when signing
certificates. Useful if you want to ban RSA/S

upstream: add CASignatureAlgorithms option for the client, allowing

it to specify which signature algorithms may be used by CAs when signing
certificates. Useful if you want to ban RSA/SHA1; ok markus@

OpenBSD-Commit-ID: 9159e5e9f67504829bf53ff222057307a6e3230f

show more ...


Revision tags: V_7_8_P1
# 95d41e90 19-Jul-2018 dtucker@openbsd.org

upstream: Deprecate UsePrivilegedPort now that support for running

ssh(1) setuid has been removed, remove supporting code and clean up
references to it in the man pages

We have

upstream: Deprecate UsePrivilegedPort now that support for running

ssh(1) setuid has been removed, remove supporting code and clean up
references to it in the man pages

We have not shipped ssh(1) the setuid bit since 2002. If ayone
really needs to make connections from a low port number this can
be implemented via a small setuid ProxyCommand.

ok markus@ jmc@ djm@

OpenBSD-Commit-ID: d03364610b7123ae4c6792f5274bd147b6de717e

show more ...


# 7082bb58 08-Jun-2018 djm@openbsd.org

upstream: add a SetEnv directive to ssh_config that allows setting

environment variables for the remote session (subject to the server accepting
them)

refactor SendEnv to remove

upstream: add a SetEnv directive to ssh_config that allows setting

environment variables for the remote session (subject to the server accepting
them)

refactor SendEnv to remove the arbitrary limit of variable names.

ok markus@

OpenBSD-Commit-ID: cfbb00d9b0e10c1ffff1d83424351fd961d1f2be

show more ...


Revision tags: V_7_7_P1
# ac2e3026 22-Feb-2018 djm@openbsd.org

upstream: Add BindInterface ssh_config directive and -B

command-line argument to ssh(1) that directs it to bind its outgoing
connection to the address of the specified network interface.

upstream: Add BindInterface ssh_config directive and -B

command-line argument to ssh(1) that directs it to bind its outgoing
connection to the address of the specified network interface.

BindInterface prefers to use addresses that aren't loopback or link-
local, but will fall back to those if no other addresses of the
required family are available on that interface.

Based on patch by Mike Manning in bz#2820, ok dtucker@

OpenBSD-Commit-ID: c5064d285c2851f773dd736a2c342aa384fbf713

show more ...


# 887669ef 21-Oct-2017 millert@openbsd.org

upstream commit

Add URI support to ssh, sftp and scp. For example
ssh://user@host or sftp://user@host/path. The connection parameters
described in draft-ietf-secsh-scp-sftp-ssh-uri

upstream commit

Add URI support to ssh, sftp and scp. For example
ssh://user@host or sftp://user@host/path. The connection parameters
described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since
the ssh fingerprint format in the draft uses md5 with no way to specify the
hash function type. OK djm@

Upstream-ID: 4ba3768b662d6722de59e6ecb00abf2d4bf9cacc

show more ...


Revision tags: V_7_6_P1
# 22376d27 03-Sep-2017 djm@openbsd.org

upstream commit

Expand ssh_config's StrictModes option with two new
settings:

StrictModes=accept-new will automatically accept hitherto-unseen keys
but will refuse connectio

upstream commit

Expand ssh_config's StrictModes option with two new
settings:

StrictModes=accept-new will automatically accept hitherto-unseen keys
but will refuse connections for changed or invalid hostkeys.

StrictModes=off is the same as StrictModes=no

Motivation:

StrictModes=no combines two behaviours for host key processing:
automatically learning new hostkeys and continuing to connect to hosts
with invalid/changed hostkeys. The latter behaviour is quite dangerous
since it removes most of the protections the SSH protocol is supposed to
provide.

Quite a few users want to automatically learn hostkeys however, so
this makes that feature available with less danger.

At some point in the future, StrictModes=no will change to be a synonym
for accept-new, with its current behaviour remaining available via
StrictModes=off.

bz#2400, suggested by Michael Samuel; ok markus

Upstream-ID: 0f55502bf75fc93a74fb9853264a8276b9680b64

show more ...


# 1112b534 30-May-2017 bluhm@openbsd.org

upstream commit

Add RemoteCommand option to specify a command in the
ssh config file instead of giving it on the client's command line. This
command will be executed on the remote h

upstream commit

Add RemoteCommand option to specify a command in the
ssh config file instead of giving it on the client's command line. This
command will be executed on the remote host. The feature allows to automate
tasks using ssh config. OK markus@

Upstream-ID: 5d982fc17adea373a9c68cae1021ce0a0904a5ee

show more ...


# 788ac799 30-Apr-2017 djm@openbsd.org

upstream commit

remove SSHv1 configuration options and man pages bits

ok markus@

Upstream-ID: 84638c23546c056727b7a7d653c72574e0f19424


# cdccebdf 30-Apr-2017 djm@openbsd.org

upstream commit

remove SSHv1 ciphers; ok markus@

Upstream-ID: e5ebc5e540d7f23a8c1266db1839794d4d177890


# 99f95ba8 30-Apr-2017 djm@openbsd.org

upstream commit

remove options.protocol and client Protocol
configuration knob

ok markus@

Upstream-ID: 5a967f5d06e2d004b0235457b6de3a9a314e9366


# 68d3a2a0 27-Apr-2017 dtucker@openbsd.org

upstream commit

Add SyslogFacility option to ssh(1) matching the
equivalent option in sshd(8). bz#2705, patch from erahn at arista.com, ok
djm@

Upstream-ID: d5115c2c0193ceb

upstream commit

Add SyslogFacility option to ssh(1) matching the
equivalent option in sshd(8). bz#2705, patch from erahn at arista.com, ok
djm@

Upstream-ID: d5115c2c0193ceb056ed857813b2a7222abda9ed

show more ...


Revision tags: V_7_5_P1, V_7_4_P1, V_7_3_P1
# ed877ef6 14-Jul-2016 djm@openbsd.org

upstream commit

Add a ProxyJump ssh_config(5) option and corresponding -J
ssh(1) command-line flag to allow simplified indirection through a SSH
bastion or "jump host".

Thes

upstream commit

Add a ProxyJump ssh_config(5) option and corresponding -J
ssh(1) command-line flag to allow simplified indirection through a SSH
bastion or "jump host".

These options construct a proxy command that connects to the
specified jump host(s) (more than one may be specified) and uses
port-forwarding to establish a connection to the next destination.

This codifies the safest way of indirecting connections through SSH
servers and makes it easy to use.

ok markus@

Upstream-ID: fa899cb8b26d889da8f142eb9774c1ea36b04397

show more ...


# 8543ff3f 02-Jun-2016 dtucker@openbsd.org

upstream commit

Move the host and port used by ssh -W into the Options
struct. This will make future changes a bit easier. ok djm@

Upstream-ID: 151bce5ecab2fbedf0d836250a27968

upstream commit

Move the host and port used by ssh -W into the Options
struct. This will make future changes a bit easier. ok djm@

Upstream-ID: 151bce5ecab2fbedf0d836250a27968d30389382

show more ...


# b02ad1ce 04-May-2016 markus@openbsd.org

upstream commit

IdentityAgent for specifying specific agent sockets; ok
djm@

Upstream-ID: 3e6a15eb89ea0fd406f108826b7dc7dec4fbfac1


# dc7990be 14-Apr-2016 djm@openbsd.org

upstream commit

Include directive for ssh_config(5); feedback & ok markus@

Upstream-ID: ae3b76e2e343322b9f74acde6f1e1c5f027d5fff


Revision tags: V_7_2_P2, V_7_2_P1
# a3068638 14-Jan-2016 markus@openbsd.org

upstream commit

remove roaming support; ok djm@

Upstream-ID: 2cab8f4b197bc95776fb1c8dc2859dad0c64dc56


Revision tags: V_7_1_P2
# f361df47 15-Nov-2015 jcs@openbsd.org

upstream commit

Add an AddKeysToAgent client option which can be set to
'yes', 'no', 'ask', or 'confirm', and defaults to 'no'. When enabled, a
private key that is used during aut

upstream commit

Add an AddKeysToAgent client option which can be set to
'yes', 'no', 'ask', or 'confirm', and defaults to 'no'. When enabled, a
private key that is used during authentication will be added to ssh-agent if
it is running (with confirmation enabled if set to 'confirm').

Initial version from Joachim Schipper many years ago.

ok markus@

Upstream-ID: a680db2248e8064ec55f8be72d539458c987d5f4

show more ...


# 4e44a79a 24-Sep-2015 djm@openbsd.org

upstream commit

add ssh_config CertificateFile option to explicitly list
a certificate; patch from Meghana Bhat on bz#2436; ok markus@

Upstream-ID: 58648ec53c510b41c1f46d8fe293

upstream commit

add ssh_config CertificateFile option to explicitly list
a certificate; patch from Meghana Bhat on bz#2436; ok markus@

Upstream-ID: 58648ec53c510b41c1f46d8fe293aadc87229ab8

show more ...


Revision tags: V_7_1_P1, V_7_0_P1
# 3a1638dd 10-Jul-2015 markus@openbsd.org

upstream commit

Turn off DSA by default; add HostKeyAlgorithms to the
server and PubkeyAcceptedKeyTypes to the client side, so it still can be
tested or turned back on; feedback an

upstream commit

Turn off DSA by default; add HostKeyAlgorithms to the
server and PubkeyAcceptedKeyTypes to the client side, so it still can be
tested or turned back on; feedback and ok djm@

Upstream-ID: 8450a9e6d83f80c9bfed864ff061dfc9323cec21

show more ...


Revision tags: V_6_9_P1, V_6_8_P1
# 523463a3 16-Feb-2015 djm@openbsd.org

upstream commit

Revise hostkeys@openssh.com hostkey learning extension.

The client will not ask the server to prove ownership of the private
halves of any hitherto-unseen hostke

upstream commit

Revise hostkeys@openssh.com hostkey learning extension.

The client will not ask the server to prove ownership of the private
halves of any hitherto-unseen hostkeys it offers to the client.

Allow UpdateHostKeys option to take an 'ask' argument to let the
user manually review keys offered.

ok markus@

show more ...


# 46347ed5 30-Jan-2015 djm@openbsd.org

upstream commit

Add a ssh_config HostbasedKeyType option to control which
host public key types are tried during hostbased authentication.

This may be used to prevent too many

upstream commit

Add a ssh_config HostbasedKeyType option to control which
host public key types are tried during hostbased authentication.

This may be used to prevent too many keys being sent to the server,
and blowing past its MaxAuthTries limit.

bz#2211 based on patch by Iain Morgan; ok markus@

show more ...


# 8d4f8725 25-Jan-2015 djm@openbsd.org

upstream commit

Host key rotation support.

Add a hostkeys@openssh.com protocol extension (global request) for
a server to inform a client of all its available host key after

upstream commit

Host key rotation support.

Add a hostkeys@openssh.com protocol extension (global request) for
a server to inform a client of all its available host key after
authentication has completed. The client may record the keys in
known_hosts, allowing it to upgrade to better host key algorithms
and a server to gracefully rotate its keys.

The client side of this is controlled by a UpdateHostkeys config
option (default on).

ok markus@

show more ...


# 1129dcfc 15-Jan-2015 djm@openbsd.org

upstream commit

sync ssh-keysign, ssh-keygen and some dependencies to the
new buffer/key API; mostly mechanical, ok markus@


# 56d1c83c 21-Dec-2014 djm@openbsd.org

upstream commit

Add FingerprintHash option to control algorithm used for
key fingerprints. Default changes from MD5 to SHA256 and format from hex to
base64.

Feedback and o

upstream commit

Add FingerprintHash option to control algorithm used for
key fingerprints. Default changes from MD5 to SHA256 and format from hex to
base64.

Feedback and ok naddy@ markus@

show more ...


12345678910