partial backout of:
revision 1.441
date: 2015/01/31 20:30:05; author: djm; state: Exp; lines: +17 -10; commitid
: x8klYPZMJSrVlt3O;
Let sshd load public host keys even when private keys are missing.
Allows sshd to advertise additional keys for future key rotation.
Also log fingerprint of hostkeys loaded; ok markus@
hostkey updates now require access to the private key, so we can't
load public keys only. The improved log messages (fingerprints of keys
loaded) are kept.
Revise hostkeys@openssh.com hostkey learning extension.
The client will not ask the server to prove ownership of the private
halves of any hitherto-unseen hostkeys it offers to the client.
Allow UpdateHostKeys option to take an 'ask' argument to let the
user manually review keys offered.
ok markus@
Refactor hostkeys_foreach() and dependent code Deal with
IP addresses (i.e. CheckHostIP) Don't clobber known_hosts when nothing
changed ok markus@ as part of larger commit
Declare ge25519_base as extern, to prevent it from
becoming a common. Gets us rid of ``lignment 4 of symbol
`crypto_sign_ed25519_ref_ge25519_base' in mod_ge25519.o is smaller than 16 in
mod_ed25519.o'' warnings at link time.
Some packet error messages show the address of the peer,
but might be generated after the socket to the peer has suffered a TCP reset.
In these cases, getpeername() won't work so cache the address earlier.
spotted in the wild via deraadt@ and tedu@
slightly extend the passphrase prompt if running with -c
in order to give the user a chance to notice if unintentionally running
without it
wording tweak and ok djm@
Let sshd load public host keys even when private keys are
missing. Allows sshd to advertise additional keys for future key rotation.
Also log fingerprint of hostkeys loaded; ok markus@
Add a ssh_config HostbasedKeyType option to control which
host public key types are tried during hostbased authentication.
This may be used to prevent too many keys being sent to the server,
and blowing past its MaxAuthTries limit.
bz#2211 based on patch by Iain Morgan; ok markus@
missing parentheses after if in do_convert_from() broke
private key conversion from other formats some time in 2010; bz#2345 reported
by jjelen AT redhat.com
correctly match ECDSA subtype (== curve) for
offered/recevied host keys. Fixes connection-killing host key mismatches when
a server offers multiple ECDSA keys with different curve type (an extremely
unlikely configuration).
ok markus, "looks mechanical" deraadt@
Host key rotation support.
Add a hostkeys@openssh.com protocol extension (global request) for
a server to inform a client of all its available host key after
authentication has completed. The client may record the keys in
known_hosts, allowing it to upgrade to better host key algorithms
and a server to gracefully rotate its keys.
The client side of this is controlled by a UpdateHostkeys config
option (default on).
ok markus@
Provide a warning about chroot misuses (which sadly, seem
to have become quite popular because shiny). sshd cannot detect/manage/do
anything about these cases, best we can do is warn in the right spot in the
man page. ok markus
djm@openbsd.org
markus@openbsd.org
miod@openbsd.org
dtucker@openbsd.org
jsg@openbsd.org
millert@openbsd.org
deraadt@openbsd.org
halex@openbsd.org
okan@openbsd.org
Damien Miller
jmc@openbsd.org