add ssh_config CertificateFile option to explicitly list
a certificate; patch from Meghana Bhat on bz#2436; ok markus@
Upstream-ID: 58648ec53c510b41c1f46d8fe293aadc87229ab8
skip if running as root; many systems (inc OpenBSD) allow
root to ptrace arbitrary processes
Upstream-Regress-ID: be2b925df89360dff36f972951fa0fa793769038
- Fix error message: passphrase needs to be at least 5
characters, not 4. - Remove unused function argument. - Remove two
unnecessary variables.
OK djm@
Upstream-ID: 13010c05bfa8b523da1c0dc19e81dd180662bc30
When adding keys to the agent, don't ignore the comment
of keys for which the user is prompted for a passphrase.
Tweak and OK djm@
Upstream-ID: dc737c620a5a8d282cc4f66e3b9b624e9abefbec
Use explicit_bzero() when zeroing before free()
from Michael McConville (mmcconv1 (at) sccs.swarthmore.edu)
ok millert@ djm@
Upstream-ID: 2e3337db046c3fe70c7369ee31515ac73ec00f50
sync -Q in usage() to SYNOPSIS; since it's drastically
shorter, i've reformatted the block to sync with the man (80 cols) and saved
a line;
Upstream-ID: 86e2c65c3989a0777a6258a77e589b9f6f354abd
Use ssh-keygen -A instead of per-keytype invocations when generating host
keys. Add tests when doing host-key-force since we can't use ssh-keygen -A
since it can't specify alternate locations. bz#2459, ok djm@
openssh_RSA_verify return type is int, so don't make it
size_t within the function itself with only negative numbers or zero assigned
to it. bz#2460
Upstream-ID: b6e794b0c7fc4f9f329509263c8668d35f83ea55
Plug minor memory leaks when options are used more than
once. bz#2182, patch from Tiago Cunha, ok deraadt djm
Upstream-ID: 5b84d0401e27fe1614c10997010cc55933adb48e
add a debug2() right before DNS resolution; it's a place
where ssh could previously silently hang for a while. bz#2433
Upstream-ID: 52a1a3e0748db66518e7598352c427145692a6a0
don't record hostbased authentication hostkeys as user
keys in test for multiple authentication with the same key
Upstream-ID: 26b368fa2cff481f47f37e01b8da1ae5b57b1adc
Fix occurrences of "r = func() != 0" which result in the
wrong error codes being returned due to != having higher precedence than =.
ok deraadt@ markus@
Upstream-ID: 5fc35c9fc0319cc6fca243632662d2f06b5fd840
Improve printing of KEX offers and decisions
The debug output now labels the client and server offers and the
negotiated options. ok markus@
Upstream-ID: 8db921b3f92a4565271b1c1fbce6e7f508e1a2cb
Improve size == 0, count == 0 checking in mm_zalloc,
which is "array" like. Discussed with tedu, millert, otto.... and ok djm
Upstream-ID: 899b021be43b913fad3eca1aef44efe710c53e29
In the certificates section, be consistent about using
"host_key" and "user_key" for the respective key types. ok sthen@ deraadt@
Upstream-ID: 9e037ea3b15577b238604c5533e082a3947f13cb
Better compat matching for WinSCP, add compat matching
for FuTTY (fork of PuTTY); ok markus@ deraadt@
Upstream-ID: 24001d1ac115fa3260fbdc329a4b9aeb283c5389
add prohibit-password as a synonymn for without-password,
since the without-password is causing too many questions. Harden it to ban
all but pubkey, hostbased, and GSSAPI auth (when the latter is enabled) from
djm, ok markus
Upstream-ID: d53317d7b28942153e6236d3fd6e12ceb482db7a
jmc@openbsd.org
djm@openbsd.org
sobrado@openbsd.org
tim@openbsd.org
guenther@openbsd.org
dtucker@openbsd.org
Darren Tucker
Damien Miller
jsg@openbsd.org
deraadt@openbsd.org
naddy@openbsd.org