This option (default "no") controls whether the ~C escape is available.
Turning it off by default means we will soon be able to use a stricter
default pledge(2) in the client.
feedback deraadt@ dtucker@; tested in snaps for a while
OpenBSD-Commit-ID: 7e277595d60acb8263118dcb66554472257b387a
specify a public key file, as documented in ssh.1 for the -i option. Document
this also for IdentityFile in ssh_config.5, for documentation completeness.
From laalsaas at systemli.org via portable github PR#352, ok jmc@ djm@
OpenBSD-Commit-ID: 2f943be9f96e60ef81a9a4faa25b009999f9883b
ssh(1). User authentication keys that fall beneath this limit will be
ignored. If a host presents a host key beneath this limit then the connection
will be terminated (unfortunately there are no fallbacks in the protocol for
host authentication).
feedback deraadt, Dmitry Belyavskiy; ok markus@
OpenBSD-Commit-ID: 430e339b2a79fa9ecc63f2837b06fdd88a7da13a
main clauses
jmc@ dislikes a comma before "then" in a conditional, so leave those
untouched.
ok jmc@
OpenBSD-Commit-ID: 9520801729bebcb3c9fe43ad7f9776ab4dd05ea3
default list of public keys so that they will be tried last. From github
PR#295 from "ProBackup-nl", ok djm@
OpenBSD-Commit-ID: 7e5d575cf4971d4e2de92e0b6d6efaba53598bf0
ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the default
KEXAlgorithms list (after the ECDH methods but before the prime-group DH
ones).
ok markus@
OpenBSD-Commit-ID: 22b77e27a04e497a10e22f138107579652854210
the config file to do the same thing as -n does on the ssh(1) commandline.
Patch from Volker Diels-Grabsch via GHPR231; ok dtucker
OpenBSD-Commit-ID: 66ddf3f15c76796d4dcd22ff464aed1edd62468e
configuration file to offer equivalent control to the -N (no session) and -s
(subsystem) command-line flags.
Part of GHPR#231 by Volker Diels-Grabsch with some minor tweaks;
feedback and ok dtucker@
OpenBSD-Commit-ID: 726ee931dd4c5cc7f1d7a187b26f41257f9a2d12
HostbasedAcceptedKeyTypes (sshd) to HostbasedAcceptedAlgorithms, which more
accurately reflects its effect. This matches a previous change to
PubkeyAcceptedAlgorithms. The previous names are retained as aliases. ok
djm@
OpenBSD-Commit-ID: 49451c382adc6e69d3fa0e0663eeef2daa4b199e
PubkeyAcceptedAlgorithms. While the two were originally equivalent, this
actually specifies the signature algorithms that are accepted. Some key
types (eg RSA) can be used by multiple algorithms (eg ssh-rsa, rsa-sha2-512)
so the old name is becoming increasingly misleading. The old name is
retained as an alias. Prompted by bz#3253, help & ok djm@, man page help jmc@
OpenBSD-Commit-ID: 0346b2f73f54c43d4e001089759d149bfe402ca5
perceptible value and makes it much harder for hosts to change host keys,
particularly ones that use IP-based load-balancing.
ok dtucker@
OpenBSD-Commit-ID: 0db98413e82074f78c7d46784b1286d08aee78f0
to obtain known_hosts data from a command in addition to the usual files.
The command accepts bunch of %-expansions, including details of the
connection and the offered server host key. Note that the command may
be invoked up to three times per connection (see the manpage for
details).
ok markus@
OpenBSD-Commit-ID: 2433cff4fb323918ae968da6ff38feb99b4d33d0
limit for keys in addition to its current flag options. Time-limited keys
will automatically be removed from ssh-agent after their expiry time has
passed; ok markus@
OpenBSD-Commit-ID: 792e71cacbbc25faab5424cf80bee4a006119f94
the destination. This allows, eg, keeping host keys in individual files
using "UserKnownHostsFile ~/.ssh/known_hosts.d/%k". bz#1654, ok djm@, jmc@
(man page bits)
OpenBSD-Commit-ID: 7084d723c9cc987a5c47194219efd099af5beadc
djm@openbsd.org
jmc@openbsd.org
dtucker@openbsd.org
naddy@openbsd.org
kn@openbsd.org
Darren Tucker
jsg@openbsd.org
markus@openbsd.org
dlg@openbsd.org
rob@openbsd.org