1
0
mirror of git://anongit.mindrot.org/openssh.git synced 2024-12-29 13:42:07 +00:00
Commit Graph

64 Commits

Author SHA1 Message Date
jmc@openbsd.org
5d333131cd upstream commit
tweak previous; while here fix up FILES and AUTHORS;

Upstream-ID: 93f6e54086145a75df8d8ec7d8689bdadbbac8fa
2016-11-30 19:44:25 +11:00
djm@openbsd.org
786d5994da upstream commit
add a whitelist of paths from which ssh-agent will load
(via ssh-pkcs11-helper) a PKCS#11 module; ok markus@

Upstream-ID: fe79769469d9cd6d26fe0dc15751b83ef2a06e8f
2016-11-30 19:44:24 +11:00
jmc@openbsd.org
1a11670286 upstream commit
do not confuse mandoc by presenting "Dd";

Upstream-ID: 1470fce171c47b60bbc7ecd0fc717a442c2cfe65
2015-11-16 11:31:40 +11:00
jcs@openbsd.org
f361df474c upstream commit
Add an AddKeysToAgent client option which can be set to
 'yes', 'no', 'ask', or 'confirm', and defaults to 'no'.  When enabled, a
 private key that is used during authentication will be added to ssh-agent if
 it is running (with confirmation enabled if set to 'confirm').

Initial version from Joachim Schipper many years ago.

ok markus@

Upstream-ID: a680db2248e8064ec55f8be72d539458c987d5f4
2015-11-16 11:31:39 +11:00
jmc@openbsd.org
8b29008bbe upstream commit
"commandline" -> "command line", since there are so few
 examples of the former in the pages, so many of the latter, and in some of
 these pages we had multiple spellings;

prompted by tj

Upstream-ID: 78459d59bff74223f8139d9001ccd56fc4310659
2015-11-09 14:25:35 +11:00
jmc@openbsd.org
b7ca276fca upstream commit
combine -Dd onto one line and update usage();
2015-04-29 18:15:38 +10:00
djm@openbsd.org
2ea974630d upstream commit
add ssh-agent -D to leave ssh-agent in foreground
 without enabling debug mode; bz#2381 ok dtucker@
2015-04-29 18:15:38 +10:00
djm@openbsd.org
56d1c83cdd upstream commit
Add FingerprintHash option to control algorithm used for
 key fingerprints. Default changes from MD5 to SHA256 and format from hex to
 base64.

Feedback and ok naddy@ markus@
2014-12-22 09:32:29 +11:00
sobrado@openbsd.org
f70b22bcdd upstream commit
improve capitalization for the Ed25519 public-key
 signature system.

ok djm@
2014-10-13 11:37:32 +11:00
Damien Miller
8c492da58f - djm@cvs.openbsd.org 2014/04/16 23:28:12
[ssh-agent.1]
     remove the identity files from this manpage - ssh-agent doesn't deal
     with them at all and the same information is duplicated in ssh-add.1
     (which does deal with them); prodded by deraadt@
2014-04-20 13:25:09 +10:00
Damien Miller
8ba0ead698 - naddy@cvs.openbsd.org 2013/12/07 11:58:46
[ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8 ssh.1]
     [ssh_config.5 sshd.8 sshd_config.5]
     add missing mentions of ed25519; ok djm@
2013-12-18 17:46:27 +11:00
Damien Miller
2cd629349d - djm@cvs.openbsd.org 2010/11/21 01:01:13
[clientloop.c misc.c misc.h ssh-agent.1 ssh-agent.c]
     honour $TMPDIR for client xauth and ssh-agent temporary directories;
     feedback and ok markus@
2010-12-01 11:50:35 +11:00
Damien Miller
de735ea3bd - jmc@cvs.openbsd.org 2010/08/31 17:40:54
[ssh-agent.1]
     fix some macro abuse;
2010-09-10 11:12:38 +10:00
Damien Miller
eb8b60e320 - djm@cvs.openbsd.org 2010/08/31 11:54:45
[PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c]
     [authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c]
     [monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c]
     [ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c]
     [ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h]
     [ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5]
     [uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c]
     Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and
     host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer
     better performance than plain DH and DSA at the same equivalent symmetric
     key length, as well as much shorter keys.

     Only the mandatory sections of RFC5656 are implemented, specifically the
     three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and
     ECDSA. Point compression (optional in RFC5656 is NOT implemented).

     Certificate host and user keys using the new ECDSA key types are supported.

     Note that this code has not been tested for interoperability and may be
     subject to change.

     feedback and ok markus@
2010-08-31 22:41:14 +10:00
Damien Miller
2e68d793d6 - tedu@cvs.openbsd.org 2010/01/17 21:49:09
[ssh-agent.1]
     Correct and clarify ssh-add's password asking behavior.
     Improved text dtucker and ok jmc
2010-01-26 12:51:13 +11:00
Darren Tucker
98c9aec30e - sobrado@cvs.openbsd.org 2009/10/22 15:02:12
[ssh-agent.1 ssh-add.1 ssh.1]
     write UNIX-domain in a more consistent way; while here, replace a
     few remaining ".Tn UNIX" macros with ".Ux" ones.
     pointed out by ratchov@, thanks!
     ok jmc@
2009-10-24 11:42:44 +11:00
Darren Tucker
ae69e1d010 - sobrado@cvs.openbsd.org 2009/10/22 12:35:53
[ssh.1 ssh-agent.1 ssh-add.1]
     use the UNIX-related macros (.At and .Ux) where appropriate.
     ok jmc@
2009-10-24 11:41:34 +11:00
Darren Tucker
5837b51aec - sobrado@cvs.openbsd.org 2009/03/26 08:38:39
[sftp-server.8 sshd.8 ssh-agent.1]
     fix a few typographical errors found by spell(1).
     ok dtucker@, jmc@
2009-06-21 17:52:27 +10:00
Damien Miller
5cbe7ca18d - sobrado@cvs.openbsd.org 2007/09/09 11:38:01
[ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.c]
     sort synopsis and options in ssh-agent(1); usage is lowercase
     ok jmc@
2007-09-17 16:05:50 +10:00
Darren Tucker
aa4d5eda10 - jmc@cvs.openbsd.org 2007/05/31 19:20:16
[scp.1 ssh_config.5 sftp-server.8 ssh-agent.1 sshd_config.5 sftp.1
     ssh-keygen.1 ssh-keyscan.1 ssh-add.1 sshd.8 ssh.1 ssh-keysign.8]
     convert to new .Dd format;
     (We will need to teach mdoc2man.awk to understand this too.)
2007-06-05 18:27:13 +10:00
Damien Miller
393821ad72 - jmc@cvs.openbsd.org 2006/07/18 08:03:09
[ssh-agent.1 sshd_config.5]
     mark up angle brackets;
2006-07-24 14:04:53 +10:00
Darren Tucker
3a4634f674 - dtucker@cvs.openbsd.org 2005/11/28 06:02:56
[ssh-agent.1]
     Update agent socket path templates to reflect reality, correct xref for
     time formats.  bz#1121, patch from openssh at roumenpetrov.info, ok djm@
2005-11-28 17:05:40 +11:00
Damien Miller
167ea5d026 - djm@cvs.openbsd.org 2005/04/21 06:17:50
[ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8]
     [sshd_config.5] OpenSSH doesn't ever look at the $HOME environment
     variable, so don't say that we do (bz ); ok deraadt@
2005-05-26 12:04:02 +10:00
Darren Tucker
fc9597034b - deraadt@cvs.openbsd.org 2004/07/11 17:48:47
[channels.c cipher.c clientloop.c clientloop.h compat.h moduli.c
     readconf.c nchan.c pathnames.h progressmeter.c readconf.h servconf.c
     session.c sftp-client.c sftp.c ssh-agent.1 ssh-keygen.c ssh.c ssh1.h
     sshd.c ttymodes.h]
     spaces
2004-07-17 16:12:08 +10:00
Darren Tucker
a86b453bb3 - dtucker@cvs.openbsd.org 2004/05/13 02:47:50
[ssh-agent.1]
     Add examples to ssh-agent.1, bz#481 from Ralf Hauser; ok deraadt@
2004-05-13 16:45:46 +10:00
Damien Miller
f1ce505daf - jmc@cvs.openbsd.org 2003/06/10 09:12:11
[scp.1 sftp-server.8 ssh.1 ssh-add.1 ssh-agent.1 ssh_config.5]
     [sshd.8 sshd_config.5 ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8]
     - section reorder
     - COMPATIBILITY merge
     - macro cleanup
     - kill whitespace at EOL
     - new sentence, new line
     ssh pages ok markus@
2003-06-11 22:04:39 +10:00
Damien Miller
abbae980e7 - (djm) OpenBSD CVS Sync
- jmc@cvs.openbsd.org 2003/05/14 13:11:56
     [ssh-agent.1]
     setup -> set up;
     from wiz@netbsd
2003-05-15 10:16:21 +10:00
Damien Miller
495dca3518 - (djm) OpenBSD CVS Sync
- jmc@cvs.openbsd.org 2003/03/28 10:11:43
     [scp.1 sftp.1 ssh.1 ssh-add.1 ssh-agent.1 ssh_config.5 sshd_config.5]
     [ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8]
     - killed whitespace
     - new sentence new line
     - .Bk for arguments
     ok markus@
2003-04-01 21:42:14 +10:00
Damien Miller
53d81483f0 - (djm) OpenBSD CVS Sync
- marc@cvs.openbsd.org 2003/01/21 18:14:36
     [ssh-agent.1 ssh-agent.c]
     Add a -t life option to ssh-agent that set the default lifetime.
     The default can still be overriden by using -t in ssh-add.
     OK markus@
2003-01-22 11:47:19 +11:00
Ben Lindstrom
b48057b7dc - markus@cvs.openbsd.org 2002/06/24 13:12:23
[ssh-agent.1]
     the socket name contains ssh-agent's ppid; via mpech@ from form@
2002-06-25 23:16:31 +00:00
Ben Lindstrom
959de99aa0 - stevesk@cvs.openbsd.org 2002/06/22 16:45:29
[ssh-agent.1 sshd.8 sshd_config.5]
     use process ID vs. pid/PID/process identifier
2002-06-23 00:35:25 +00:00
Ben Lindstrom
cb72e4f6d2 - deraadt@cvs.openbsd.org 2002/06/19 00:27:55
[auth-bsdauth.c auth-skey.c auth1.c auth2-chall.c auth2-none.c authfd.c
      authfd.h monitor_wrap.c msg.c nchan.c radix.c readconf.c scp.c sftp.1
      ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c
      ssh-keysign.c ssh.1 sshconnect.c sshconnect.h sshconnect2.c ttymodes.c
      xmalloc.h]
     KNF done automatically while reading....
2002-06-21 00:41:51 +00:00
Ben Lindstrom
b7788f3ebe - markus@cvs.openbsd.org 2002/06/05 16:08:07
[ssh-agent.1 ssh-agent.c]
     '-a bind_address' binds the agent to user-specified unix-domain
     socket instead of /tmp/ssh-XXXXXXXX/agent.<pid>; ok djm@ (some time ago).
2002-06-06 21:46:08 +00:00
Damien Miller
e8c9ed436a - stevesk@cvs.openbsd.org 2002/02/04 20:41:16
[ssh-agent.1]
     more sync for default ssh-add identities; ok markus@
2002-02-08 22:02:16 +11:00
Damien Miller
d2b8f1657e - stevesk@cvs.openbsd.org 2002/02/03 23:22:59
[ssh-agent.1]
     ssh-add also adds $HOME/.ssh/id_rsa and $HOME/.ssh/id_dsa now.
2002-02-05 12:24:19 +11:00
Ben Lindstrom
11f790bbb1 - stevesk@cvs.openbsd.org 2001/11/19 18:40:46
[ssh-agent.1]
     clarify/state that private keys are not exposed to clients using the
     agent; ok markus@
2001-12-06 16:37:51 +00:00
Ben Lindstrom
594e203894 - deraadt@cvs.openbsd.org 2001/09/05 06:23:07
[scp.1 sftp.1 ssh.1 ssh-agent.1 sshd.8 ssh-keygen.1 ssh-keyscan.1]
     avoid first person in manual pages
2001-09-12 18:35:30 +00:00
Ben Lindstrom
ba1fa1d67b - stevesk@cvs.openbsd.org 2001/08/23 18:02:48
[ssh-agent.1]
     fix usage; ok markus@
2001-09-12 17:02:49 +00:00
Ben Lindstrom
a4a5323b2a - stevesk@cvs.openbsd.org 2001/07/15 16:57:21
[ssh-agent.1]
     -d will not fork; ok markus@
2001-07-18 15:51:00 +00:00
Ben Lindstrom
d94580c708 - markus@cvs.openbsd.org 2001/06/26 04:07:06
[ssh-agent.1 ssh-agent.c]
     add debug flag
2001-07-04 03:48:02 +00:00
Ben Lindstrom
18a82ac029 - itojun@cvs.openbsd.org 2001/04/10 09:13:22
[ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
     document id_rsa{.pub,}.  markus ok
2001-04-11 15:59:35 +00:00
Ben Lindstrom
0d3e8fafa4 - deraadt@cvs.openbsd.org 2001/04/02 17:32:23
[ssh-agent.1]
     grammar; slade@shore.net
2001-04-04 01:51:25 +00:00
Ben Lindstrom
92a2e38f8e - deraadt@cvs.openbsd.org 2001/03/02 18:54:31
[atomicio.c atomicio.h auth-chall.c auth.c auth2-chall.c crc32.h
      scp.c serverloop.c session.c sftp-server.8 sftp.1 ssh-add.1 ssh-add.c
      ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh.1 sshd.8]
     make copyright lines the same format
2001-03-05 06:59:27 +00:00
Ben Lindstrom
e5b3fb351e - (bal) A bit more whitespace cleanup 2001-02-10 23:56:35 +00:00
Ben Lindstrom
77788dc824 Sync CVS ID w/ OpenBSD 2001-02-10 23:10:33 +00:00
Ben Lindstrom
035782e712 - markus@cvs.openbsd.org 2001/01/28 10:24:04
[ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1]
     cleanup AUTHORS sections
2001-01-29 08:34:16 +00:00
Ben Lindstrom
1492029371 20001123
- (bal) Merge OpenBSD changes:
   - markus@cvs.openbsd.org  2000/11/15 22:31:36
     [auth-options.c]
     case insensitive key options; from stevesk@sweeden.hp.com
   - markus@cvs.openbsd.org  2000/11/16 17:55:43
     [dh.c]
     do not use perror() in sshd, after child is forked()
   - markus@cvs.openbsd.org  2000/11/14 23:42:40
     [auth-rsa.c]
     parse option only if key matches; fix some confusing seen by the client
   - markus@cvs.openbsd.org  2000/11/14 23:44:19
     [session.c]
     check no_agent_forward_flag for ssh-2, too
   - markus@cvs.openbsd.org  2000/11/15
     [ssh-agent.1]
     reorder SYNOPSIS; typo, use .It
   - markus@cvs.openbsd.org  2000/11/14 23:48:55
     [ssh-agent.c]
     do not reorder keys if a key is removed
   - markus@cvs.openbsd.org  2000/11/15 19:58:08
     [ssh.c]
     just ignore non existing user keys
   - millert@cvs.openbsd.org  200/11/15 20:24:43
     [ssh-keygen.c]
     Add missing \n at end of error message.
2000-11-21 21:24:55 +00:00
Damien Miller
0bc1bd814e - (djm) Merge OpenBSD changes:
- markus@cvs.openbsd.org  2000/11/06 16:04:56
     [channels.c channels.h clientloop.c nchan.c serverloop.c]
     [session.c ssh.c]
     agent forwarding and -R for ssh2, based on work from
     jhuuskon@messi.uku.fi
   - markus@cvs.openbsd.org  2000/11/06 16:13:27
     [ssh.c sshconnect.c sshd.c]
     do not disabled rhosts(rsa) if server port > 1024; from
     pekkas@netcore.fi
   - markus@cvs.openbsd.org  2000/11/06 16:16:35
     [sshconnect.c]
     downgrade client to 1.3 if server is 1.4; help from mdb@juniper.net
   - markus@cvs.openbsd.org  2000/11/09 18:04:40
     [auth1.c]
     typo; from mouring@pconline.com
   - markus@cvs.openbsd.org  2000/11/12 12:03:28
     [ssh-agent.c]
     off-by-one when removing a key from the agent
   - markus@cvs.openbsd.org  2000/11/12 12:50:39
     [auth-rh-rsa.c auth2.c authfd.c authfd.h]
     [authfile.c hostfile.c kex.c kex.h key.c key.h myproposal.h]
     [readconf.c readconf.h rsa.c rsa.h servconf.c servconf.h ssh-add.c]
     [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config]
     [sshconnect1.c sshconnect2.c sshd.8 sshd.c sshd_config ssh-dss.c]
     [ssh-dss.h ssh-rsa.c ssh-rsa.h dsa.c dsa.h]
     add support for RSA to SSH2.  please test.
     there are now 3 types of keys: RSA1 is used by ssh-1 only,
     RSA and DSA are used by SSH2.
     you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA
     keys for SSH2 and use the RSA keys for hostkeys or for user keys.
     SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before.
 - (djm) Fix up Makefile and Redhat init script to create RSA host keys
 - (djm) Change to interim version
2000-11-13 22:57:25 +11:00
Damien Miller
e4340be5b3 - (djm) Merge OpenBSD changes:
- markus@cvs.openbsd.org  2000/09/05 02:59:57
     [session.c]
     print hostname (not hushlogin)
   - markus@cvs.openbsd.org  2000/09/05 13:18:48
     [authfile.c ssh-add.c]
     enable ssh-add -d for DSA keys
   - markus@cvs.openbsd.org  2000/09/05 13:20:49
     [sftp-server.c]
     cleanup
   - markus@cvs.openbsd.org  2000/09/06 03:46:41
     [authfile.h]
     prototype
   - deraadt@cvs.openbsd.org 2000/09/07 14:27:56
     [ALL]
     cleanup copyright notices on all files.  I have attempted to be
     accurate with the details.  everything is now under Tatu's licence
     (which I copied from his readme), and/or the core-sdi bsd-ish thing
     for deattack, or various openbsd developers under a 2-term bsd
     licence.  We're not changing any rules, just being accurate.
   - markus@cvs.openbsd.org  2000/09/07 14:40:30
     [channels.c channels.h clientloop.c serverloop.c ssh.c]
     cleanup window and packet sizes for ssh2 flow control; ok niels
   - markus@cvs.openbsd.org  2000/09/07 14:53:00
     [scp.c]
     typo
   - markus@cvs.openbsd.org  2000/09/07 15:13:37
     [auth-options.c auth-options.h auth-rh-rsa.c auth-rsa.c auth.c]
     [authfile.h canohost.c channels.h compat.c hostfile.h log.c match.h]
     [pty.c readconf.c]
     some more Copyright fixes
   - markus@cvs.openbsd.org  2000/09/08 03:02:51
     [README.openssh2]
     bye bye
   - deraadt@cvs.openbsd.org 2000/09/11 18:38:33
     [LICENCE cipher.c]
     a few more comments about it being ARC4 not RC4
   - markus@cvs.openbsd.org  2000/09/12 14:53:11
     [log-client.c log-server.c log.c ssh.1 ssh.c ssh.h sshd.8 sshd.c]
     multiple debug levels
   - markus@cvs.openbsd.org  2000/09/14 14:25:15
     [clientloop.c]
     typo
   - deraadt@cvs.openbsd.org 2000/09/15 01:13:51
     [ssh-agent.c]
     check return value for setenv(3) for failure, and deal appropriately
2000-09-16 13:29:08 +11:00
Damien Miller
caf6dd6d21 - More OpenBSD updates:
- deraadt@cvs.openbsd.org 2000/08/24 15:46:59
     [scp.c]
     off_t in sink, to fix files > 2GB, i think, test is still running ;-)
   - deraadt@cvs.openbsd.org 2000/08/25 10:10:06
     [session.c]
     Wall
   - markus@cvs.openbsd.org  2000/08/26 04:33:43
     [compat.c]
     ssh.com-2.3.0
   - markus@cvs.openbsd.org  2000/08/27 12:18:05
     [compat.c]
     compatibility with future ssh.com versions
   - deraadt@cvs.openbsd.org 2000/08/27 21:50:55
     [auth-krb4.c session.c ssh-add.c sshconnect.c uidswap.c]
     print uid/gid as unsigned
   - markus@cvs.openbsd.org  2000/08/28 13:51:00
     [ssh.c]
     enable -n and -f for ssh2
   - markus@cvs.openbsd.org  2000/08/28 14:19:53
     [ssh.c]
     allow combination of -N and -f
   - markus@cvs.openbsd.org  2000/08/28 14:20:56
     [util.c]
     util.c
   - markus@cvs.openbsd.org  2000/08/28 14:22:02
     [util.c]
     undo
   - markus@cvs.openbsd.org  2000/08/28 14:23:38
     [util.c]
     don't complain if setting NONBLOCK fails with ENODEV
2000-08-29 11:33:50 +11:00