when asking passphrases, only when confirming the use of a key (i.e. for
ssh-agent keys added with "ssh-add -c keyfile")
OpenBSD-Commit-ID: 6643c82960d9427d5972eb702c917b3b838ecf89
If the system (or one of the dependencies) implements memmem but does
not define the header, we would not declare it either resulting in
compiler warnings. Check for declaration explicitly. bz#3102.
libcrypto or libc SHA512 functions rather than calling ssh_digest_memory();
avoids many dependencies on ssh code that complicate standalone use of
ed25519, as we want to do in sk-dummy.so
OpenBSD-Commit-ID: 5a3c37593d3ba7add037b587cec44aaea088496d
and cast that were left over from the type conversion. Noted by
t-hashida@amiya.co.jp in bz#3098, ok markus@ djm@
OpenBSD-Commit-ID: 3ad105b6a905284e780b1fd7ff118e1c346e90b5
markus@
This will allow us to test U2F/FIDO2 support in OpenSSH without
requiring real hardware.
ok markus@
OpenBSD-Regress-ID: 88b309464b8850c320cf7513f26d97ee1fdf9aae
security key keypair to request one that does not require a touch for each
authentication attempt. The default remains to require touch.
feedback deraadt; ok markus@
OpenBSD-Commit-ID: 887e7084b2e89c0c62d1598ac378aad8e434bcbd
a similar extension for certificates. This option disables the default
requirement that security key signatures attest that the user touched their
key to authorize them.
feedback deraadt, ok markus
OpenBSD-Commit-ID: f1fb56151ba68d55d554d0f6d3d4dba0cf1a452e
This directive has a single valid option "no-touch-required" that
causes sshd to skip checking whether user presence was tested before
a security key signature was made (usually by the user touching the
key).
ok markus@
OpenBSD-Commit-ID: 46e434a49802d4ed82bc0aa38cb985c198c407de
This is populated during signature verification with additional fields
that are present in and covered by the signature. At the moment, it is
only used to record security key-specific options, especially the flags
field.
with and ok markus@
OpenBSD-Commit-ID: 338a1f0e04904008836130bedb9ece4faafd4e49
connect, not just readable. Prevents a timeout when the server doesn't
immediately send a banner (eg multiplexers like sslh) but is also slightly
quicker for other connections since, unlike ssh1, ssh2 doesn't specify
that the client should parse the server banner before sending its own.
Patch from mnissler@chromium.org, ok djm@
OpenBSD-Commit-ID: aba9cd8480d1d9dd31d0ca0422ea155c26c5df1d
better match ec25519-sk keys. Discussed with markus@ and Sebastian Kinne
NB. if you are depending on security keys (already?) then make sure you
update both your clients and servers.
OpenBSD-Commit-ID: 53d88d8211f0dd02a7954d3af72017b1a79c0679
djm@openbsd.org
jmc@openbsd.org
Darren Tucker
Damien Miller
dtucker@openbsd.org
tb@openbsd.org