sshd_config.
Previously this directive would accept certificate algorithm names, but
these were unusable in practice as OpenSSH does not support CA chains.
part of bz3577; ok dtucker@
OpenBSD-Commit-ID: a992d410c8a78ec982701bc3f91043dbdb359912
algorithms that are valid for CA signing. Previous behaviour was to list all
signing algorithms, including certificate algorithms (OpenSSH certificates do
not support CA chains). part of bz3577; ok dtucker@
OpenBSD-Commit-ID: 99c2b072dbac0f44fd1f2269e3ff6c1b5d7d3e59
using ssh -W by explicitly decoding PORT_STREAMLOCAL (a negative number) from
the u32 that's passed over the multiplexing socket; previously code would
just cast, which is UB.
OpenBSD-Commit-ID: e5ac5f40d354096c51e8c118a5c1b2d2b7a31384
fixes "no comment" not showing on when running `ssh-keygen -l` on multiple
keys where one has a comment and other following keys do not. Patch from
Markus Kuhn via GHPR407, bz3580
OpenBSD-Commit-ID: 3cce84456fdcd67dc6b84e369f92c6686d111d9b
INT_MAX. Fixes sign compare warnings systems with 32-bit time_t due to type
promotion. OK djm@
OpenBSD-Commit-ID: 48081e9ad35705c5f1705711704a4c2ff94e87b7
This makes the ssh-copy-id man page more consistent with the rest of the
OpenSSH man pages:
- new sentence, new line
- no sentences >80
- N.B. -> NB
- zap unused .Pp
- zap trailing whitespace
Report from Debian via mindrot bz#3331, diff from jmc at openbsd.org.
SSH-Copy-ID-Upstream: d8974cfb6242316460ed22a1ccc662800a50c5d3
This was inspired by this:
https://github.com/openssh/openssh-portable/pull/321
but I thought that it was better to not do the sed patching.
BTW the reason one can get away with using $SSH_OPTS throughout, despite
the lowercase -p in there, even if sftp is in use, is that the sftp call
is using the already-established ssh master connection, so the port was
passed to the earlier ssh.
SSH-Copy-ID-Upstream: 1c124d9bfafdbe28a00b683367ebf5750ce12eb2
Allow the default target path (.ssh/authorized_files) to be over-riden
This was inspired by this MR from Panagiotis Cheilaris <philaris@cs.ntua.gr>
https://gitlab.com/phil_hands/ssh-copy-id/-/merge_requests/8
SSH-Copy-ID-Upstream: a942a0e076874adb6d8b2f0fb76d6c7918190fcd
On Solaris 10 and older targets /bin/sh is not POSIX-compliant.
Test -z `...` fails with error 'sh: test: argument expected'.
Using quotes around backticks fixes this and doesn't break
POSIX compatibility.
SSH-Copy-ID-Upstream: 98394072a3f985b2650c1e8eab2fef84e38cc065
The commit b068122 removed the code dropping the trailing colon, but the comment stayed leaving the code confusing for future readers
SSH-Copy-ID-Upstream: 930d39f238117cd53810240ec989d0356aa1c1f6
OpenWrt overrides the location of authorized_keys for root. Currently we
assume that all Dropbear installations behave this way, which is not the
case. Check for OpenWrt and root user before using that location instead
of assuming that for all Dropbear servers. Prompted by Github PR#250.
SSH-Copy-ID-Upstream: 0e1f5d443a9967483c33945793107ae3f3e4af2d
Beyond OpenSSL 3.0, the ABI compatibility guarantees are wider (only
major must match instead of major and minor in earlier versions).
bz#3548, ok djm@
requests.
sftp/scp will ftruncate the destination file after a transfer completes,
to deal with the case where a longer destination file already existed.
We tracked the highest contiguous block transferred to deal with this
case, but our naive tracking doesn't deal with servers that reorder
requests - a misfeature strictly permitted by the protocol but seldom
implemented.
Adjust the logic to ftruncate() at the highest absolute block received
when the transfer is successful. feedback deraadt@ ok markus@
prompted by https://github.com/openssh/openssh-portable/commit/9b733#commitcomment-110679778
OpenBSD-Commit-ID: 4af7fac75958ad8507b4fea58706f3ff0cfddb1b
Previously ssh would incorrectly refuse to canonicalise the hostname
if ProxyJump was explicitly set to "none" when CanonicalizeHostname=yes
bz3567; ok dtucker
OpenBSD-Commit-ID: 80a58e43c3a32f97361282f756ec8d3f37989efd
Based on Coverity CID 291863 which points out we check the channel
pointer for NULLness after dereferencing it. Move this to the start
of the function, and while there simplify initialization of efc a bit.
ok djm@
OpenBSD-Commit-ID: de36e5ad6fde0fe263ca134e986b9095dc59380a
djm@openbsd.org
Damien Miller
dtucker@openbsd.org
dlg@openbsd.org
David Seifert
Darren Tucker
millert@openbsd.org
Philip Hands
Carlos Rodríguez Gili
Jakub Jelen
jsg@openbsd.org