and PIN prompting in the dummy middleware that we use for the tests. Should
fix breakage spotted by dtucker@
OpenBSD-Regress-ID: 379cf9eabfea57aaf7f3f59dafde59889566c484
"ssh-keygen -K". This will save public/private keys into the current
directory.
This is handy if you move a token between hosts.
feedback & ok markus@
OpenBSD-Commit-ID: d57c1f9802f7850f00a117a1d36682a6c6d10da6
Define some well-known error codes in the SK API and pass
them back via ssh-sk-helper.
Use the new "wrong PIN" error code to retry PIN prompting during
ssh-keygen of resident keys.
feedback and ok markus@
OpenBSD-Commit-ID: 9663c6a2bb7a0bc8deaccc6c30d9a2983b481620
Allow passing a PIN via the SK API (API major crank) and let the
ssh-sk-helper API follow.
Also enhance the ssh-sk-helper API to support passing back an error
code instead of a complete reply. Will be used to signal "wrong PIN",
etc.
feedback and ok markus@
OpenBSD-Commit-ID: a1bd6b0a2421646919a0c139b8183ad76d28fb71
"ssh-add -O" will load resident keys from a FIDO2 token and add them
to a ssh-agent.
feedback and ok markus@
OpenBSD-Commit-ID: 608104ae957a7d65cb84e0a3a26c8f60e0df3290
Adds a sk_load_resident_keys() function to the security key
API that accepts a security key provider and a PIN and returns
a list of keys.
Implement support for this in the usbhid middleware.
feedback and ok markus@
OpenBSD-Commit-ID: 67e984e4e87f4999ce447a6178c4249a9174eff0
"ssh-keygen -t ecdsa-sk|ed25519-sk -x resident" will generate a
device-resident key.
feedback and ok markus@
OpenBSD-Commit-ID: 8e1b3c56a4b11d85047bd6c6c705b7eef4d58431
Move all moduli generation options to live under the -O flag.
Frees up seven single-letter flags.
NB. this change break existing ssh-keygen commandline syntax for moduli-
related operations. Very few people use these fortunately.
feedback and ok markus@
OpenBSD-Commit-ID: d498f3eaf28128484826a4fcb343612764927935
Move list of available certificate options in ssh-keygen.1 to the
CERTIFICATES section.
Collect options specified by -O but delay parsing/validation of
certificate options until we're sure that we're acting as a CA.
ok markus@
OpenBSD-Commit-ID: 33e6bcc29cfca43606f6fa09bd84b955ee3a4106
specified by $SSH_AUTH_SOCK, by extending the existing ForwardAgent option to
accepting an explicit path or the name of an environment variable in addition
to yes/no.
Patch by Eric Chiang, manpage by me; ok markus@
OpenBSD-Commit-ID: 98f2ed80bf34ea54d8b2ddd19ac14ebbf40e9265
ones. Move oSecurityProvider to match the order in the OpCodes enum. Patch
from openbsd@academicsolutions.ch, ok djm@
OpenBSD-Commit-ID: 061e4505861ec1e02ba3a63e3d1b3be3cad458ec
keys.
Update the list of default host key algorithms in ssh_config.5 and
sshd_config.5. Copy the description of the SecurityKeyProvider
option to sshd_config.5.
ok jmc@
OpenBSD-Commit-ID: edadf3566ab5e94582df4377fee3b8b702c7eca0
