History log of /openssh-portable/sshconnect.c (Results 1 - 25 of 587)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
# 816036f1 18-Oct-2020 djm@openbsd.org

upstream: use the new variant log macros instead of prepending

__func__ and appending ssh_err(r) manually; ok markus@

OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8


# a336ce8c 12-Oct-2020 kn@openbsd.org

upstream: Zap unused family parameter from ssh_connect_direct()

sshconnect.c r1.241 from 2013 made it unused; found while reading code.

OK djm

OpenBSD-Commit-ID: 219ba6d7f

upstream: Zap unused family parameter from ssh_connect_direct()

sshconnect.c r1.241 from 2013 made it unused; found while reading code.

OK djm

OpenBSD-Commit-ID: 219ba6d7f9925d0b7992918612680399d86712b5

show more ...


# 4aa2717d 06-Oct-2020 djm@openbsd.org

upstream: Disable UpdateHostkeys when hostkey checking fails

If host key checking fails (i.e. a wrong host key is recorded for the
server) and the user elects to continue (via StrictHost

upstream: Disable UpdateHostkeys when hostkey checking fails

If host key checking fails (i.e. a wrong host key is recorded for the
server) and the user elects to continue (via StrictHostKeyChecking=no),
then disable UpdateHostkeys for the session.

reminded by Mark D. Baushke; ok markus@

OpenBSD-Commit-ID: 98b524f121f4252309dd21becd8c4cacb0c6042a

show more ...


# b70e3371 06-Oct-2020 djm@openbsd.org

upstream: don't UpdateHostkeys when the hostkey is verified by the

GlobalKnownHostsFile file, support only UserKnownHostsFile matches

suggested by Mark D. Baushke; feedback and ok m

upstream: don't UpdateHostkeys when the hostkey is verified by the

GlobalKnownHostsFile file, support only UserKnownHostsFile matches

suggested by Mark D. Baushke; feedback and ok markus@

OpenBSD-Commit-ID: eabb771a6add676c398d38a143a1aff5f04abbb9

show more ...


# aa623142 06-Oct-2020 djm@openbsd.org

upstream: revert kex->flags cert hostkey downgrade back to a plain

key (commitid VtF8vozGOF8DMKVg). We now do this a simpler way that needs less
plumbing.

ok markus@

Op

upstream: revert kex->flags cert hostkey downgrade back to a plain

key (commitid VtF8vozGOF8DMKVg). We now do this a simpler way that needs less
plumbing.

ok markus@

OpenBSD-Commit-ID: fb92d25b216bff8c136da818ac2221efaadf18ed

show more ...


# f4f14e02 06-Oct-2020 djm@openbsd.org

upstream: simply disable UpdateHostkeys when a certificate

successfully authenticated the host; simpler than the complicated plumbing
via kex->flags we have now.

ok markus@

upstream: simply disable UpdateHostkeys when a certificate

successfully authenticated the host; simpler than the complicated plumbing
via kex->flags we have now.

ok markus@

OpenBSD-Commit-ID: 80e39644eed75717d563a7f177e8117a0e14f42c

show more ...


# af889a40 04-Oct-2020 djm@openbsd.org

upstream: when ordering host key algorithms in the client, consider

the ECDSA key subtype; ok markus@

OpenBSD-Commit-ID: 3097686f853c61ff61772ea35f8b699931392ece


# 396d32f3 03-Oct-2020 djm@openbsd.org

upstream: There are lots of place where we want to redirect stdin,

stdout and/or stderr to /dev/null. Factor all these out to a single
stdfd_devnull() function that allows selection of w

upstream: There are lots of place where we want to redirect stdin,

stdout and/or stderr to /dev/null. Factor all these out to a single
stdfd_devnull() function that allows selection of which of these to redirect.
ok markus@

OpenBSD-Commit-ID: 3033ba5a4c47cacfd5def020d42cabc52fad3099

show more ...


# 13cee44e 03-Oct-2020 djm@openbsd.org

upstream: record when the host key checking code downgrades a

certificate host key to a plain key. This occurs when the user connects to a
host with a certificate host key but no corresp

upstream: record when the host key checking code downgrades a

certificate host key to a plain key. This occurs when the user connects to a
host with a certificate host key but no corresponding CA key configured in
known_hosts; feedback and ok markus@

OpenBSD-Commit-ID: 2ada81853ff9ee7824c62f440bcf4ad62030c901

show more ...


Revision tags: V_8_4_P1
# c3c786c3 09-Sep-2020 djm@openbsd.org

upstream: For the hostkey confirmation message:

> Are you sure you want to continue connecting (yes/no/[fingerprint])?

compare the fingerprint case sensitively; spotted Patrik Lundi

upstream: For the hostkey confirmation message:

> Are you sure you want to continue connecting (yes/no/[fingerprint])?

compare the fingerprint case sensitively; spotted Patrik Lundin
ok dtucker

OpenBSD-Commit-ID: 73097afee1b3a5929324e345ba4a4a42347409f2

show more ...


# d0a195c8 11-Aug-2020 djm@openbsd.org

upstream: let ssh_config(5)'s AddKeysToAgent keyword accept a time

limit for keys in addition to its current flag options. Time-limited keys
will automatically be removed from ssh-agent

upstream: let ssh_config(5)'s AddKeysToAgent keyword accept a time

limit for keys in addition to its current flag options. Time-limited keys
will automatically be removed from ssh-agent after their expiry time has
passed; ok markus@

OpenBSD-Commit-ID: 792e71cacbbc25faab5424cf80bee4a006119f94

show more ...


# 8df5774a 16-Jul-2020 dtucker@openbsd.org

upstream: Add a '%k' TOKEN that expands to the effective HostKey of

the destination. This allows, eg, keeping host keys in individual files
using "UserKnownHostsFile ~/.ssh/known_hosts.

upstream: Add a '%k' TOKEN that expands to the effective HostKey of

the destination. This allows, eg, keeping host keys in individual files
using "UserKnownHostsFile ~/.ssh/known_hosts.d/%k". bz#1654, ok djm@, jmc@
(man page bits)

OpenBSD-Commit-ID: 7084d723c9cc987a5c47194219efd099af5beadc

show more ...


Revision tags: V_8_3_P1
# 5becbec0 13-Mar-2020 djm@openbsd.org

upstream: use sshpkt_fatal() for kex_exchange_identification()

errors. This ensures that the logged errors are consistent with other
transport- layer errors and that the relevant IP addr

upstream: use sshpkt_fatal() for kex_exchange_identification()

errors. This ensures that the logged errors are consistent with other
transport- layer errors and that the relevant IP addresses are logged. bz3129
ok dtucker@

OpenBSD-Commit-ID: 2c22891f0b9e1a6cd46771cedbb26ac96ec2e6ab

show more ...


Revision tags: V_8_2_P1
# 022ce92f 25-Jan-2020 djm@openbsd.org

upstream: when AddKeysToAgent=yes is set and the key contains no

comment, add the key to the agent with the key's path as the comment. bz2564

OpenBSD-Commit-ID: 8dd8ca9340d7017631a2

upstream: when AddKeysToAgent=yes is set and the key contains no

comment, add the key to the agent with the key's path as the comment. bz2564

OpenBSD-Commit-ID: 8dd8ca9340d7017631a27f4ed5358a4cfddec16f

show more ...


# 3bf2a6ac 23-Jan-2020 dtucker@openbsd.org

upstream: Replace all calls to signal(2) with a wrapper around

sigaction(2). This wrapper blocks all other signals during the handler
preventing races between handlers, and sets SA_RESTA

upstream: Replace all calls to signal(2) with a wrapper around

sigaction(2). This wrapper blocks all other signals during the handler
preventing races between handlers, and sets SA_RESTART which should reduce
the potential for short read/write operations.

OpenBSD-Commit-ID: 5e047663fd77a40d7b07bdabe68529df51fd2519

show more ...


# 65cf8730 22-Jan-2020 dtucker@openbsd.org

upstream: Ignore whitespace when checking explict fingerprint.

When confirming a host key using the fingerprint itself, ignore leading and
trailing whitespace. ok deraadt@ djm@

upstream: Ignore whitespace when checking explict fingerprint.

When confirming a host key using the fingerprint itself, ignore leading and
trailing whitespace. ok deraadt@ djm@

OpenBSD-Commit-ID: cafd7f803bbdcd40c3a8f8f1a77747e6b6d8c011

show more ...


# b8a4ca2e 11-Jan-2020 naddy@openbsd.org

upstream: revise the fix for reversed arguments on

expand_proxy_command()

Always put 'host' before 'host_arg' for consistency. ok markus@ djm@

OpenBSD-Commit-ID: 1ba5b2547

upstream: revise the fix for reversed arguments on

expand_proxy_command()

Always put 'host' before 'host_arg' for consistency. ok markus@ djm@

OpenBSD-Commit-ID: 1ba5b25472779f1b1957295fcc6907bb961472a3

show more ...


# ed3ad71b 08-Jan-2020 djm@openbsd.org

upstream: fix reversed arguments on expand_proxy_command(); spotted

by anton@

OpenBSD-Commit-ID: db1c32478a01dfbc9c4db171de0f25907bea5775


# 72687c8e 12-Nov-2019 deraadt@openbsd.org

upstream: stdarg.h required more broadly; ok djm

OpenBSD-Commit-ID: b5b15674cde1b54d6dbbae8faf30d47e6e5d6513


# 2c55744a 12-Nov-2019 markus@openbsd.org

upstream: enable ed25519 support; ok djm

OpenBSD-Commit-ID: 1a399c5b3ef15bd8efb916110cf5a9e0b554ab7e


# eebec620 31-Oct-2019 djm@openbsd.org

upstream: ssh AddKeysToAgent support for U2F/FIDO keys

feedback & ok markus@

OpenBSD-Commit-ID: ac08e45c7f995fa71f8d661b3f582e38cc0a2f91


# b9dd14d3 31-Oct-2019 djm@openbsd.org

upstream: add new agent key constraint for U2F/FIDO provider

feedback & ok markus@

OpenBSD-Commit-ID: d880c380170704280b4003860a1744d286c7a172


Revision tags: V_8_1_P1
# edd1d3a6 01-Oct-2019 Damien Miller

remove duplicate #includes

Prompted by Jakub Jelen


# 2aefdf1a 13-Sep-2019 djm@openbsd.org

upstream: whitespace

OpenBSD-Commit-ID: 57a71dd5f4cae8d61e0ac631a862589fb2bfd700


# fbe24b14 13-Sep-2019 djm@openbsd.org

upstream: allow %n to be expanded in ProxyCommand strings

From Zachary Harmany via github.com/openssh/openssh-portable/pull/118
ok dtucker@

OpenBSD-Commit-ID: 7eebf1b7695f50c66d

upstream: allow %n to be expanded in ProxyCommand strings

From Zachary Harmany via github.com/openssh/openssh-portable/pull/118
ok dtucker@

OpenBSD-Commit-ID: 7eebf1b7695f50c66d42053d352a4db9e8fb84b6

show more ...


12345678910>>...24