mirror of
git://anongit.mindrot.org/openssh.git
synced 2024-12-30 14:12:06 +00:00
ce943912df
Have ssh-add accept a list of "destination constraints" that allow restricting where keys may be used in conjunction with a ssh-agent/ssh that supports session ID/hostkey binding. Constraints are specified as either "[user@]host-pattern" or "host-pattern>[user@]host-pattern". The first form permits a key to be used to authenticate as the specified user to the specified host. The second form permits a key that has previously been permitted for use at a host to be available via a forwarded agent to an additional host. For example, constraining a key with "user1@host_a" and "host_a>host_b". Would permit authentication as "user1" at "host_a", and allow the key to be available on an agent forwarded to "host_a" only for authentication to "host_b". The key would not be visible on agent forwarded to other hosts or usable for authentication there. Internally, destination constraints use host keys to identify hosts. The host patterns are used to obtain lists of host keys for that destination that are communicated to the agent. The user/hostkeys are encoded using a new restrict-destination-v00@openssh.com key constraint. host keys are looked up in the default client user/system known_hosts files. It is possible to override this set on the command-line. feedback Jann Horn & markus@ ok markus@ OpenBSD-Commit-ID: 6b52cd2b637f3d29ef543f0ce532a2bce6d86af5
53 lines
2.9 KiB
Plaintext
53 lines
2.9 KiB
Plaintext
5317f294d63a876bfc861e19773b1575f96f027d remove libssh from makefiles
|
|
a337e886a49f96701ccbc4832bed086a68abfa85 Makefile changes
|
|
f2c9feb26963615c4fece921906cf72e248b61ee more Makefile
|
|
fa728823ba21c4b45212750e1d3a4b2086fd1a62 more Makefile refactoring
|
|
1de0e85522051eb2ffa00437e1885e9d7b3e0c2e moduli update
|
|
814b2f670df75759e1581ecef530980b2b3d7e0f remove redundant make defs
|
|
04431e8e7872f49a2129bf080a6b73c19d576d40 moduli update
|
|
c07772f58028fda683ee6abd41c73da3ff70d403 moduli update
|
|
db6375fc302e3bdf07d96430c63c991b2c2bd3ff moduli update
|
|
5ea3d63ab972691f43e9087ab5fd8376d48e898f uuencode.c Makefile accident
|
|
99dd10e72c04e93849981d43d64c946619efa474 include sshbuf-misc.c
|
|
9e1c23476bb845f3cf3d15d9032da3ed0cb2fcf5 sshbuf-misc.c in regress
|
|
569f08445c27124ec7c7f6c0268d844ec56ac061 Makefile tweaks for !openssl
|
|
58ec755be4e51978ecfee73539090eb68652a987 moduli update
|
|
4bd5551b306df55379afe17d841207990eb773bf Makefile.inc
|
|
14806a59353152f843eb349e618abbf6f4dd3ada Makefile.inc
|
|
8ea4455a2d9364a0a04f9e4a2cbfa4c9fcefe77e Makefile.inc
|
|
d9b910e412d139141b072a905e66714870c38ac0 Makefile.inc
|
|
7b7b619c1452a459310b0cf4391c5757c6bdbc0f moduli update
|
|
5010ff08f7ad92082e87dde098b20f5c24921a8f moduli regen script update
|
|
3bcae7a754db3fc5ad3cab63dd46774edb35b8ae moduli regen script update
|
|
52ff0e3205036147b2499889353ac082e505ea54 moduli update
|
|
07b5031e9f49f2b69ac5e85b8da4fc9e393992a0 Makefile.inc
|
|
cc12a9029833d222043aecd252d654965c351a69 moduli-gen Makefile
|
|
7ac6c252d2a5be8fbad4c66d9d35db507c9dac5b moduli update
|
|
6b52cd2b637f3d29ef543f0ce532a2bce6d86af5 makefile change
|
|
|
|
Old upstream tree:
|
|
|
|
321065a95a7ccebdd5fd08482a1e19afbf524e35 Update DH groups
|
|
d4f699a421504df35254cf1c6f1a7c304fb907ca Remove 1k bit groups
|
|
aafe246655b53b52bc32c8a24002bc262f4230f7 Remove intermediate moduli
|
|
8fa9cd1dee3c3339ae329cf20fb591db6d605120 put back SSH1 for 6.9
|
|
f31327a48dd4103333cc53315ec53fe65ed8a17a Generate new moduli
|
|
edbfde98c40007b7752a4ac106095e060c25c1ef Regen moduli
|
|
052fd565e3ff2d8cec3bc957d1788f50c827f8e2 Switch to tame-based sandbox
|
|
7cf73737f357492776223da1c09179fa6ba74660 Remove moduli <2k
|
|
180d84674be1344e45a63990d60349988187c1ae Update moduli
|
|
f6ae971186ba68d066cd102e57d5b0b2c211a5ee systrace is dead.
|
|
96c5054e3e1f170c6276902d5bc65bb3b87a2603 remove DEBUGLIBS from Makefile
|
|
6da9a37f74aef9f9cc639004345ad893cad582d8 Update moduli file
|
|
77bcb50e47b68c7209c7f0a5a020d73761e5143b unset REGRESS_FAIL_EARLY
|
|
38c2133817cbcae75c88c63599ac54228f0fa384 Change COMPILER_VERSION tests
|
|
30c20180c87cbc99fa1020489fe7fd8245b6420c resync integrity.sh shell
|
|
1e6b51ddf767cbad0a4e63eb08026c127e654308 integrity.sh reliability
|
|
fe5b31f69a60d47171836911f144acff77810217 Makefile.inc bits
|
|
5781670c0578fe89663c9085ed3ba477cf7e7913 Delete sshconnect1.c
|
|
ea80f445e819719ccdcb237022cacfac990fdc5c Makefile.inc warning flags
|
|
b92c93266d8234d493857bb822260dacf4366157 moduli-gen.sh tweak
|
|
b25bf747544265b39af74fe0716dc8d9f5b63b95 Updated moduli
|
|
1bd41cba06a7752de4df304305a8153ebfb6b0ac rsa.[ch] already removed
|
|
e39b3902fe1d6c4a7ba6a3c58e072219f3c1e604 Makefile changes
|