Lines Matching +full:reset +full:- +full:pin +full:- +full:assert +full:- +full:time +full:- +full:ms
11 upstream: openssh-10.0
13 OpenBSD-Commit-ID: db5b4a1f1c9e988f8f166b56dc5643606294b403
24 OpenBSD-Commit-ID: fffc89195968f7eedd2fc57f0b1f1ef3193f5ed1
32 OpenBSD-Commit-ID: f485f79bf3e9ebbe1de13ac96150cf458956cfd8
40 OpenBSD-Commit-ID: f912725c7d303720706b3ccfb2cb846d46296d13
54 OpenBSD-Regress-ID: 08477b936d1d0c1e8a98aa1c0e1bdde8871894c9
62 OpenBSD-Commit-ID: 6e683e13e72bf1e43bbd3bbc6a8332d5a98bdc99
68 upstream: Include time.h for time().
72 OpenBSD-Commit-ID: 04ca29b8eaae1860c7adde3e770baa1866e30a54
82 OpenBSD-Commit-ID: ed01a7c102243f84e4a317aefb431916d98aab15
88 remove all instances of -pie from LDFLAGS
101 OpenBSD-Commit-ID: 2a032b75156c4d922e8343fa97ff6bc227f09819
109 OpenBSD-Regress-ID: 045f2c88b42d694b404db51c5de5eca20d748ff1
129 OpenBSD-Commit-ID: 9dad7c737466837e0150c4318920f46d844770c4
137 OpenBSD-Regress-ID: 50cb325d92c390a2909662c901f6ac5d80b6f74d
148 OpenBSD-Regress-ID: 67e38c3c4517ddb72c8a3549a3325a166d7bb6d6
156 OpenBSD-Regress-ID: b520d54a0bbf2c6554413c798218bda26b385ad9
164 This will make it easier to reproduce a test failure by cut-and-paste of
173 This will get passed to sshd via test-exec.sh.
194 Test with-linux-memlock-onfault in kitchensink.
198 Date: Wed Mar 26 18:24:59 2025 -0700
203 Author: Daniil Tatianin <d-tatianin@yandex-team.ru>
223 process is instantly write-faulted).
226 Author: Daniil Tatianin <d-tatianin@yandex-team.ru>
243 OpenBSD-Commit-ID: 630d46c1021b69fbb470e349976c70e9a48b7644
283 OpenBSD-Commit-ID: 13584281cfa23b8ebc41f9d128a6b9464ae960d4
291 While this API tries to translate negative return values (i.e. -1) to 0
293 values in prinicple. We even incorrectly document that -1 can be returned
296 In OpenSSL 3 there are now code paths that explicitly return -1 and they
297 started shifting their return checks to <= 0 - of course they do this in
307 OpenBSD-Commit-ID: a855c833cf4ecfce43bedc761f26ad924f70483c
331 Add OpenBSD upstream test on obsdsnap-arm64.
347 sshd-session subprocess.
352 OpenBSD-Commit-ID: 8f54451483f64951853074adb76bc4f838eaf3ae
365 OpenBSD-Regress-ID: 900841133540e7dead253407db5a874a6ed09eca
373 OpenBSD-Regress-ID: 1d983b27c96f28f69d3a288c19e8d8c58e1b2ee3
394 OpenBSD-Regress-ID: 37f629b3014338fa23a85df1e1bb320ea12282e1
404 OpenBSD-Regress-ID: 4215e42682fdb73e131e10645d4a1a23a91d64f5
412 OpenBSD-Regress-ID: 9e0898e8423237ce5023be53787bb4062e0d0418
420 OpenBSD-Regress-ID: 81e1b41e1ffc49aba1e6fcaeb6242f3b7875ea3c
426 upstream: Check if dbclient supports SHA1 before trying SHA1-based
431 diffie-hellman-group14-sha1 is not available. Unfortunately there isn't a
436 OpenBSD-Regress-ID: acfa8e26c001cb18b9fb81a27271c3b51288d304
446 OpenBSD-Commit-ID: aa7f6d0fc2e893c8c278ea3e6e0974c2eca83f5d
452 upstream: Test for %-token and env var expansion in SetEnv.
454 OpenBSD-Regress-ID: bd6139a6177ac4afb29a0ce4afc23567b22ef9f9
460 upstream: Also test User expansions when supplied via -l option and
464 OpenBSD-Regress-ID: 56415859260b53ef0dd20f71225ba5fdf6320f50
470 upstream: Tests for User expansion of %-tokens and environment
474 OpenBSD-Regress-ID: 7ed21dd0e09fb1f3537b8b177f171018aa501628
484 OpenBSD-Regress-ID: 7f7b19c0b05b1862cc6521ce61b2b301a3f9cc3b
492 OpenBSD-Regress-ID: c44fa5cdb434375a8b5545fdb4fc651061afca1f
498 upstream: Add %-token and environment variable expansion to SetEnv.
502 OpenBSD-Commit-ID: 2f6e5070481cb73e6f35fd1c6608c1eeff88a5c1
512 OpenBSD-Commit-ID: 1ba3e490a5a9451359618c550d995380af454d25
529 OpenBSD-Commit-ID: 1bd8953a37451ef7e0991f9fceec5e8005fe986a
535 upstream: Make a copy of the user when handling ssh -l, so that
540 OpenBSD-Commit-ID: 2f671a4f5726b66d123b88b1fdd1a90581339955
546 upstream: Allow %-token and environment variable expansion in User,
548 with the exception of %r and %C which are self-referential. Requested in
551 OpenBSD-Commit-ID: caeb46251ee073662f6f5864c6f7b92d8ac80fa8
559 This ensures paths are updated if they are changed by re-running configure.
576 upstream: ressurect fix for "match invalid-user" that got clobbered
580 OpenBSD-Commit-ID: d18bf0945976e0f3467d710d4bc8bdbe181c0567
590 OpenBSD-Commit-ID: 2837fa31dc6e81976f510f0a259edaa559b20b07
607 cleanup last mention of ubuntu-20.04
621 Update AWS-LC version number
632 supported compilers, move some workflows to run on ubuntu-latest
638 Add ubuntu-*-arm test runners
644 remove ubuntu-20.04 Github action runners
646 ubuntu-20.04 is deprecated now, so migrate all its unique runners
647 to ubuntu-22.04.
655 openssh-9.9p2
665 OpenBSD-Commit-ID: 7bcd4ffe0fa1e27ff98d451fb9c22f5fae6e610d
675 OpenBSD-Commit-ID: c656ac4abd1504389d1733d85152044b15830217
681 upstream: - use \& when contructs like "e.g." end a line, to avoid
683 double spacing - macro is Qq not Oq
685 OpenBSD-Commit-ID: 17e5d2d7f288cc7fc536e3af252224525f9fb43a
703 OpenBSD-Commit-ID: c0cb504d0b9e43ccf12e68a544a7cd625e89758d
713 requests, such as sftp, or "none" for transport/forwarding-only sessions.
717 OpenBSD-Commit-ID: eff5c001aecb2283d36639cfb28c0935a8bfd468
733 OpenBSD-Commit-ID: 00dcfea425bf58d824bf5e3464cfc2409121b60d
750 OpenBSD-Commit-ID: 2a509d319aaf31a6bf9998e1842832883fbc3edd
760 OpenBSD-Commit-ID: 1fcf4aa2ee667711b9497ded0fa52d757c69b1df
766 upstream: fix "Match invalid-user" from incorrectly being activated
771 OpenBSD-Commit-ID: 02703b4bd207fafd03788bc4e7774bf80be6c9a8
779 "standard output" rather than the overly technical abbreviation "stdout" - we
783 OpenBSD-Commit-ID: a0816999f970e6159523bed8484f62c42ec93109
793 OpenBSD-Commit-ID: 834a869ed9b15058d3c1ef0cd75402ef989255d8
799 upstream: Call log_init in sshd-auth and sshd-session immediately
805 OpenBSD-Commit-ID: acf3d090638edf9b6e6f78eed96b537fe671f0f5
811 upstream: Use strprefix helper when processing sshd -C test args
815 OpenBSD-Commit-ID: 2866d369d96fe04bf76112260ac37e489f98a9a9
821 add support for AWS-LC (AWS libcrypto)
827 Date: Mon Dec 16 15:36:54 2024 -0800
837 OpenBSD-Commit-ID: b1859959374b4709569760cae0866d22a16606d3
843 Add $(srcdir) for standalone sk-libfido2 make target.
845 Fix out-of-tree build failure due to incorrect path for `sk-usbhid.c`.
859 OpenBSD-Commit-ID: f22fe7c39607e4361aadf95e33773ffd68c59489
869 OpenBSD-Commit-ID: 18a83e5ac09d59aaf1e834fd6b796db89dd842e7
879 OpenBSD-Commit-ID: 3e3e05a17fca39bba78b993a07b44664519adf7f
889 OpenBSD-Commit-ID: 6ff7905b3f9806649bde750515786553fb89cdf4
897 OpenBSD-Commit-ID: c4e92356d44dfe6d0a4416deecb33d1d1eba016c
907 OpenBSD-Commit-ID: 73674ee4f8ceb8fc9cb8de71d8ddea0c721eb035
913 upstream: sync -o option lists with ssh.1; requested jmc@
915 OpenBSD-Commit-ID: a7ac295b444da7b2ca7a33a52370594f6897f6bb
936 Add new hardware-backed signing key for myself.
938 Retire old non-hardware based signing key.
955 OpenBSD-Regress-ID: 2670a66af8b827410ca7139f0a89f4501cece77b
963 in password change message. From ThinLinc-Zeijlon via github PR#532.
965 OpenBSD-Commit-ID: fea5e9bc04caf613a118c419f16863733b340cf1
971 upstream: catch up documentation: AES-GCM is preferred to AES-CTR
973 OpenBSD-Commit-ID: 63360924b6834507fe70020edb936f5075043a9e
981 From ThinLinc-Zeijlon via GHPR#532.
987 Fix configure message typo in sk-libfido2 standalone.
995 This allows testing Y2038 with system time set to after that (i.e. 2040),
999 Signed-off-by: Alexander Kanavin <alex@linutronix.de>
1005 Skip 64bit expiry time test on 32bit time_t.
1015 OpenBSD-Regress-ID: bdf6eb3c2421f2e1e11483d03b34c7931d1bccf7
1027 add a Makefile target for ssh-verify-attestation
1035 upstream: De-magic the x11 base port number into a define. ok djm@
1037 OpenBSD-Commit-ID: 23b85ca9d222cb739b9c33ee5e4d6ac9fdeecbfa
1049 OpenBSD-Commit-ID: e9e3860f1a19b862ccf07dc8ecbe8f1e1034f4ed
1055 upstream: add a work-in-progress tool to verify FIDO attestation
1057 blobs that ssh-keygen can write when enrolling FIDO keys.
1059 OpenBSD-Regress-ID: 6c97bf3f46e48866677ad69f54b77683eb92437f
1069 OpenBSD-Regress-ID: d571932016d07d135b54433d07520b9e1901db43
1075 upstream: sync the list of options accepted by -o with ssh_config.5
1079 OpenBSD-Commit-ID: 0ecbfa70aea6c769bcc259defe07182edf461f57
1085 upstream: don't screw up ssh-keygen -l output when the file
1089 OpenBSD-Commit-ID: e458cf6b0adcea5b69ef4c7ba38e590841d02ef4
1097 OpenBSD-Commit-ID: c8ff3f70020451eef214e598117b7ce1a29853ef
1103 upstream: Remove fallback to compiled-in gropup for dhgex when the
1105 moduli file exists, but does not contain moduli within the client-requested
1110 OpenBSD-Commit-ID: b1a8c5dbbedf249b42474679ebaf14db7332b1ab
1122 OpenBSD-Commit-ID: b4a3d2e00990cf5c2ec6881c21ddca67327c2df8
1136 Support systemd-style socket activation in agent
1139 ssh-agent. Activated when these environment variables are set and
1140 the agent is started with the -d or -D option and no socket path
1161 OpenBSD-Commit-ID: 9fadb56b9afed554d501acbba911c685acd6ffc2
1186 OpenBSD-Commit-ID: a71b0542f2f7819ba0e33a88908e01b6fc49e4ce
1200 OpenBSD-Commit-ID: 05b6c31f4a6e385338f43cc0e08776cea75802a1
1206 upstream: prefer AES-GCM to AES-CTR; ok deraadt markus
1208 OpenBSD-Commit-ID: 8366a72e0f300ee31c5dab2c95025387ec15bbc9
1212 Date: Mon Dec 2 02:04:20 2024 -0500
1216 …In `ssh_ecdsa_sk_verify`, the `datalen` variable was renamed to `dlen` -- but not in this debuggin…
1224 OpenBSD-Commit-ID: 311d271bf0fab8a119e84f4f696d8cd40731692f
1230 Add make target for standalone sk-libfido2
1232 Add a Makefile target for sk-libfido2, the standalone fido2 security
1236 Add a new configure option `--with-security-key-standalone` that
1237 optionally sets the shared library target sk-libfido2$(SHLIBEXT), and
1243 Sets the shared library extension for sk-libfido2 is by setting
1248 `--with-security-key-builtin`.
1250 Add a libssh-pic.a static library that compiles with `-fPIC` reusing
1251 .c.lo method in sk-dummy.so for use in the shared library sk-libfido2.
1253 Note, a separate static library libssh-pic.a is needed, since defining
1254 -DSK_STANDALONE excludes some symbols needed in sshkey.lo.
1266 Signed-off-by: Arnout Engelen <arnout@bzzt.net>
1272 upstream: fix argument of "Compression" directive in ssh -G config
1276 OpenBSD-Commit-ID: c79936242d29c70d01941b28d2d07fd0b85fe46f
1282 upstream: new name/link for agent I-D
1284 OpenBSD-Commit-ID: e3420f3925a297a1b2ab7dfe7c7d274cfc8e1193
1292 verification as well as PIN. Prompted by Zack Newman, ok jmc@
1294 OpenBSD-Commit-ID: b774a4438c9be70012661ee278450790d21277b8
1302 OpenBSD-Commit-ID: 74d0c0b74994d9a4343c4d7ea4948cb34f609a6c
1310 by ssh-agent. Patch from Maxime Rey.
1312 OpenBSD-Regress-ID: 1777ab6e639e57c0e20cbcb6df60455b49fd8bb3
1320 hostkeys-prove requests.
1322 Fixes a corner-case triggered by UpdateHostKeys with one or more unknown
1323 host keys stored in ssh-agent where sshd refuses to accept the signature
1328 OpenBSD-Commit-ID: 460c7d527a24f92b7e5f68ca1a2fa242ebf0d086
1336 signature algorithm based on the requested hash algorithm ("-Ohashalg=xxx").
1338 This allows using something other than rsa-sha2-512, which may not
1344 OpenBSD-Commit-ID: 246353fac24e92629263996558c6788348363ad7
1354 OpenBSD-Commit-ID: 6d07e4606997e36b860621a14dd41975f2902f8f
1363 sk-dummy.so ends up being built for the wrong architecture.
1413 upstream: ssh-agent implemented an all-or-nothing allow-list of
1415 FIDO application IDs for security key-backed keys, to prevent web key handles
1419 This adds a -Owebsafe-allow=... argument that can override the default
1424 OpenBSD-Commit-ID: 957c1ed92a8d7c87453b9341f70cb3f4e6b23e8d
1441 OpenBSD-Commit-ID: a959fc45ea3431b36f52eda04faefc58bcde00db
1453 Correct path to c-cpp.yml file in workflow config.
1485 OpenBSD-Commit-ID: 13511fdef7535bdbc35b644c90090013da43a318
1491 upstream: fix ML-KEM768x25519 KEX on big-endian systems; spotted by
1495 OpenBSD-Commit-ID: 26d81a430811672bc762687166986cad40d28cc0
1501 upstream: mlkem768x25519-sha256 has been promoted to default key
1505 OpenBSD-Commit-ID: 5a3259a193fd42108a869ebf650b95b5f2d08dcf
1513 It got broken by the sshd-auth change, it's not obvious why, and the
1517 (we found a real bug because of it) but its time seems to have passed.
1523 Updated gitignore to ignore sshd-session and sshd-auth targets
1532 pselect-on-select invocations, set up and restore them each call.
1542 upstream: promote mlkem768x25519-sha256 to be the default key exchange;
1546 OpenBSD-Commit-ID: fc673065e6505bb06b2e2b9362f78ccb4200a828
1552 upstream: test SIGUSR1 dropping all keys from ssh-agent
1554 OpenBSD-Regress-ID: 8654b9aa8eb695b1499fffc408c25319592bf0e0
1560 upstream: amake ssh-agent drop all keys when it receives SIGUSR1;
1566 OpenBSD-Commit-ID: dae9db0516b1011e5ba8c655ac702fce42e6c023
1576 OpenBSD-Commit-ID: 3f8be6d32496e5596dd8b14e19cb067ddd7969ef
1588 OpenBSD-Regress-ID: 2f0a83532e3dccd673a9bf0291090277268c69a6
1598 against unchanged installed sshd-auth and sshd-session binaries. ok djm@
1600 OpenBSD-Commit-ID: 61760cdc98c2bc8f1e9f83a6f97cca0f66b52e69
1611 OpenBSD-Commit-ID: 8fa4ce3ad90915c925b81b99a79ab920b0523387
1627 OpenBSD-Commit-ID: a8a34d0a0c51a9ddab3dfce615f9878fa76ef842
1635 OpenBSD-Commit-ID: 597ab7dd3f0e78939d2659fc1904d0f39ee95487
1641 upstream: allow "-" as output file for moduli screening
1645 OpenBSD-Commit-ID: 1517763764eb55d03a6092dd120d2909c6fef0e1
1651 upstream: ssh-keyscan doesn't need it's own sshfatal() definition, it
1657 OpenBSD-Commit-ID: 8ea75ea99f27f464c9223cbc89cb046ccf9cd5c4
1670 OpenBSD-Commit-ID: 4d462495ac0c40f7b7dd66178e0005b9b2128225
1676 upstream: require control-escape character sequences passed via the '-e
1679 ssh is invoked as "ssh -e^ ..."
1683 OpenBSD-Commit-ID: baa72bc60898fc5639e6c62de7493a202c95823d
1691 visbility-restrict ones that are unused outside the implementation itself;
1694 OpenBSD-Commit-ID: a0140f2418b4d46cfaa7b33febc0a0931f9b2744
1702 OpenBSD-Commit-ID: b3c82655190532b01eb817e532742cfaa4687eff
1712 OpenBSD-Commit-ID: f864a34feb5d5ff17160cf7c42ad0f7744fe8a3f
1720 OpenBSD-Commit-ID: 9a5d3add25e4e77bd3805bc5583a842ecf34d85c
1740 Seed RNG when starting up sshd-auth.
1742 Makes builds configured --without-openssl work again since otherwise
1756 Fix lookup path for sshd-auth; bz3745
1774 put back some portable bits for sshd-auth.c
1792 upstream: regress support for split sshd-auth binary
1794 OpenBSD-Regress-ID: df7d18a87b475f70004770f0f4e404adba5f6ab7
1804 OpenBSD-Regress-ID: 67476baccc60bf1a255fd4e329ada950047b8b8d
1810 upstream: Split per-connection sshd-session binary
1812 This splits the user authentication code from the sshd-session
1813 binary into a separate sshd-auth binary. This will be executed by
1814 sshd-session to complete the user authentication phase of the
1818 pre-authentication attack surface has an entirely disjoint address
1827 OpenBSD-Commit-ID: 9c3b2087ae08626ec31b4177b023db600e986d9c
1840 OpenBSD-Commit-ID: 820284a92eb4592fcd3d181a62c1b86b08a4a7ab
1848 OpenBSD-Commit-ID: fdd056e7854294834d54632b4282b877cfe4c12e
1854 upstream: Turn off finite field (a.k.a modp) Diffie-Hellman key
1857 diffie-hellman-group* and diffie-hellman-group-exchange-* methods. The client
1870 OpenBSD-Commit-ID: 4e238ad480a33312667cc10ae0eb6393abaec8da
1880 OpenBSD-Commit-ID: b1c6acec66cd5bd1252feff1d02ad7129ced37c7
1888 OpenBSD-Commit-ID: 3a63e4e11d455704f684c28715d61b17f91e0996
1898 OpenBSD-Commit-ID: f37ad5888adbc0d4e1cd6b6de237841f4b1e650d
1906 criteria tokeniser to a more shell-like one. Apparently the old tokeniser
1915 OpenBSD-Commit-ID: d1eebedb8c902002b75b75debfe1eeea1801f58a
1923 OpenBSD-Commit-ID: 22072bfa1df1391858ae7768a6c627e08593a91e
1929 gss-serv.c needs sys/param.h
1953 02e16ad95fb1f56ab004b01a10aab89f7103c55d did a copy-paste for
1962 OpenBSD-Commit-ID: 81869ee6356fdbff19dae6ff757095e6b24de712
1970 OpenBSD-Commit-ID: 3fb621a58e04b759a875ad6a33f35bb57ca80231
1988 upstream: openssh-9.9
1990 OpenBSD-Commit-ID: 303417285f1a73b9cb7a2ae78d3f493bbbe31f98
1996 include openbsd-compat/base64.c license in LICENSE
2008 fix bug in recently-added sntrup761 fuzzer
2019 relies on using -fwrapv to provide defined over/underflow behaviour, but we
2020 use -ftrapv to catch integer errors and abort the program. ok dtucker@
2022 OpenBSD-Commit-ID: 8933369b33c17b5f02479503d0a92d87bc3a574b
2030 OpenBSD-Commit-ID: 1c81f37b138b8b66abba811fec836388a0f3e6da
2044 OpenBSD-Commit-ID: d899c13b0e8061d209298eaf58fe53e3643e967c
2052 Simpler and removes some code with the old-style BSD license.
2067 OpenBSD-Commit-ID: bf1a77924c125ecdbf03e2f3df8ad13bd3dafdcb
2073 upstream: document Match invalid-user
2075 OpenBSD-Commit-ID: 2c84a9b517283e9711e2812c1f268081dcb02081
2081 upstream: add a "Match invalid-user" predicate to sshd_config Match
2089 Match invalid-user
2097 OpenBSD-Commit-ID: 93d3a46ca04bbd9d84a94d1e1d9d3a21073fbb07
2110 OpenBSD-Commit-ID: 3c8443c427470bb3eac1880aa075cb4864463cb6
2123 OpenBSD-Commit-ID: 43cc2533984074c44d0d2f92eb93f661e7a0b09c
2133 OpenBSD-Commit-ID: b74b5b0385f2e0379670e2b869318a65b0bc3923
2141 string tokeniser, making it possible to use shell-like quoting in Match
2144 OpenBSD-Commit-ID: 0877309650b76f624b2194c35dbacaf065e769a5
2150 upstream: include pathname in some of the ssh-keygen passphrase
2152 prompts. Helps the user know what's going on when ssh-keygen is invoked via
2155 OpenBSD-Commit-ID: 613b0bb6cf845b7e787d69a5b314057ceda6a8b6
2166 OpenBSD-Commit-ID: ba3776d9da4642443c19dbc015a1333622eb5a4e
2186 OpenBSD-Commit-ID: 25c57f22764897242d942853f8cccc5e991ea058
2192 upstream: document the mlkem768x25519-sha256 key exchange algorithm
2194 OpenBSD-Commit-ID: fa18dccdd9753dd287e62ecab189b3de45672521
2224 stubs for ML-KEM KEX functions
2234 I can't find a reliable way to detect the features the ML-KEM code
2236 can detect) as a proxy for "old compiler" and turn off ML-KEM if
2246 ML-KEM code is actually using compound literals, so test for them.
2252 test for compiler feature needed for ML-KEM
2254 The ML-KEM implementation we uses need the compiler to support
2255 C99-style named struct initialisers (e.g foo = {.bar = 1}). We
2263 upstream: test mlkem768x25519-sha256
2265 OpenBSD-Regress-ID: 7baf6bc39ae55648db1a2bfdc55a624954847611
2271 upstream: pull post-quantum ML-KEM/x25519 key exchange out from
2273 compile-time flag now than an IANA codepoint has been assigned for the
2276 Add mlkem768x25519-sha256 in 2nd KexAlgorithms preference slot.
2280 OpenBSD-Commit-ID: 9f50a0fae7d7ae8b27fcca11f8dc6f979207451a
2290 MIME-Version: 1.0
2291 Content-Type: text/plain; charset=UTF-8
2292 Content-Transfer-Encoding: 8bit
2296 OpenBSD-Commit-ID: 0b16eec246cda15469ebdcf3b1e2479810e394c5
2304 shortnames (e.g "rsa") in user-interface code and require full SSH protocol
2305 names (e.g. "ssh-rsa") everywhere else.
2309 OpenBSD-Commit-ID: b3d8de9dac37992eab78adbf84fab2fe0d84b187
2317 OpenBSD-Commit-ID: 889ae07f2d2193ddc4351711919134664951dd76
2323 upstream: envrionment -> environment;
2325 OpenBSD-Commit-ID: b719f39c20e8c671ec6135c832d6cc67a595af9c
2339 OpenBSD-Regress-ID: 35477da3ba1abd9ca64bc49080c50a9c1350c6ca
2347 %-tokens that "Match Exec" and environment variables.
2351 OpenBSD-Commit-ID: 12ef521eaa966a9241e684258564f52f1f3c5d37
2359 OpenBSD-Commit-ID: 85f09da957dd39fd0abe08fe5ee19393f25c2021
2365 upstream: Add experimental support for hybrid post-quantum key exchange
2367 ML-KEM768 with ECDH/X25519 from the Internet-draft:
2368 https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03
2371 final FIPS203 standard ML-KEM using a formally-verified implementation
2381 OpenBSD-Commit-ID: 02a8730a570b63fa8acd9913ec66353735dea42c
2402 upstream: fix test: -F is the argument to specify a non-default
2404 ssh_config, not -f (this is sadly not a new bug)
2406 OpenBSD-Regress-ID: 45a7bda4cf33f2cea218507d8b6a55cddbcfb322
2416 was added to sshd, and this required a shared-memory hack so the two
2417 processes could see what was going on in the dataflow. This shared-memory
2421 delayed-compression). That change also permitted removal of the
2422 shared-memory hack. Despite removal from the server, the old "zlib" support
2423 remained in the client, to allow negotiation with non-OpenSSH daemons which
2424 lack the delayed-compression option. This commit deletes support for the
2427 different enough that compressed-key-material attacks like BEAST are
2429 who care about optional compression support to add delayed-zlib support.
2432 OpenBSD-Commit-ID: 6df986f38e4ab389f795a6e39e7c6857a763ba72
2438 upstream: sntrup761x25519-sha512 now has an IANA codepoint assigned, so
2443 OpenBSD-Commit-ID: eeed8fcde688143a737729d3d56d20ab4353770f
2449 Move rekey test into valgrind-2.
2452 its own valgrind test, so move it into valgrind-2, which is currently
2460 upstream: Use aes128-ctr for MAC tests since default has implicit MAC.
2465 OpenBSD-Regress-ID: ff43fed30552afe23d1364526fe8cf88cbfafe1d
2483 OpenBSD-Regress-ID: 44a96d6d2f8341d89b7d5fff777502b92ac9e9ba
2491 OpenBSD-Commit-ID: 5db7049ad5558dee5b2079d3422e8ddab187c1cc
2497 upstream: Use curve25519-sha256 kex where possible.
2500 curve25519-sha256 since it's faster than the default and supported even
2504 OpenBSD-Regress-ID: 3b27fcc2ae953cb08fd82a0d3155c498b226d6e0
2515 OpenBSD-Regress-ID: 7bf9292b4803357efcf0baf7cfbdc8521f212da1
2531 OpenBSD-Regress-ID: 5e5c9ff3f7588091ed369e34ac28520490ad2619
2539 Used unless overridden by a command-line flag, which simplifies some of
2542 OpenBSD-Regress-ID: e7cffa57027088e10336e412b34113969f88cb87
2553 OpenBSD-Regress-ID: dab7ce10f4cf6c68827eb8658141272aab3ea262
2559 upstream: Remove duplicate curve25519-sha256 kex.
2561 curve25519-sha256@libssh.org is the pre-standardization name for the same
2564 OpenBSD-Regress-ID: 5a5ee5fa1595a6e140b1cc16040bedf5996a5715
2572 ssh uses the same parsing code, now has "-G" to dump its config and is
2577 OpenBSD-Regress-ID: 07c3acaf4c728e641033071f4441afc88141b0d0
2588 OpenBSD-Commit-ID: 4aecce232c2fe9b16e9217ff6bcb3c848d853e7e
2611 OpenBSD-Commit-ID: cbbae59f337a00c9858d6358bc65f74e62261369
2619 clarify that rsa-sha2-512 is the default signature scheme when RSA is in use.
2622 OpenBSD-Commit-ID: 1d90df71636a04601685d2a10a8233bcc8d4f4c5
2632 OpenBSD-Commit-ID: fff3bbefd1b2c45c98cbe45c6b857b15d8a2d364
2642 OpenBSD-Commit-ID: 24d4cbb86325275df1f037545aa3b91456e52d25
2659 SSH-Copy-ID-Upstream: da5b1abe55b72a16e0430e7598e1573da01779c0
2671 SSH-Copy-ID-Upstream: 0e4c4d072747a6568b11a790c29dd1b4ce663d7f
2677 restore optionality of -i's argument
2679 SSH-Copy-ID-Upstream: f70e3abb510e4eeb040b47894e41828246c1b720
2687 SSH-Copy-ID-Upstream: 0b9e08b7707ad16de3c8e6a0410d9f42fbd56997
2695 SSH-Copy-ID-Upstream: 1bee96f4793e8ec3fab9f9361204ae58f5cc7cae
2703 SSH-Copy-ID-Upstream: ebef3e9c06e0447bff06e9d84b33023cf592e0ba
2709 assert that SCRATCH_DIR is a writable directory
2711 SSH-Copy-ID-Upstream: ecb2b9d10883b9a16df56c83896c9bb47a80cde2
2719 SSH-Copy-ID-Upstream: f379adbe06ac2ef1daf0f130752234c7f8b97e3c
2727 SSH-Copy-ID-Upstream: ac394b05eead3b91feb7c2ae4129a3e9b892f1e2
2733 avoid extra space when no arg given to -i option
2735 SSH-Copy-ID-Upstream: feca9e67e6e37c5653445d1c733569d7abb1770e
2741 put the -i before -[pP] (matching man pages)
2743 The man pages (ssh, sftp & ssh-copy-id) all list -i before the port
2747 SSH-Copy-ID-Upstream: 34d5d614172c78f9a42249466c4b81975b8883a1
2755 SSH-Copy-ID-Upstream: 335e44d7be78b03962a54c3a5c99a2ff45294a54
2763 …- Previously no identity file is shown in "ssh" command output on the line "Now try logging into t…
2764 …- This commit makes sure whenever "ssh-copy-id" with "-i" is invoked, it also reflects in "ssh" co…
2766 SSH-Copy-ID-Upstream: 58e022ec26cb2315eb3be581d01e0ba787082428
2817 OpenBSD-Regress-ID: 0e2d4efb0ed0e392e23cd8fda183fe56531ac446
2825 OpenBSD-Regress-ID: 2edfc980628cfef3550649cab8d69fa23b5cd6c4
2841 OpenBSD-Commit-ID: d098744e89f1dc7e5952a6817bef234eced648b5
2857 OpenBSD-Commit-ID: 711ad6f7bd7fb48bf52208f2cf9f108cddb6d41a
2870 detect A->B->A linkages though for performance reason and the fact that it
2877 OpenBSD-Commit-ID: fb3fa9ee2cad3c7e842ebadfd7f5db220c4aaf16
2890 OpenBSD-Commit-ID: 939fbe9ccf52d0d48c5fa53694d6f3bb9927970c
2902 OpenBSD-Commit-ID: 829160ac8ef3ad3409695ce3a3ade835061cae57
2908 upstream: add a random amount of time (up to 4 seconds) to the
2910 grace login time.
2914 OpenBSD-Commit-ID: abd3c57aaa5861517529b322df79b6be35ee67f4
2922 OpenBSD-Commit-ID: 9b63e0e3599d524ddc10edc4f978081382c3548b
2928 Explicitly install libssl-devel cygwin.
2943 OpenBSD-Commit-ID: cee1f7d17597c97bff8e5092af5d136fdb08f81d
2949 upstream: Fix proxy multiplexing (-O proxy) bug
2956 This was caused by my stupidly reusing c->remote_id for mux channel
2961 OpenBSD-Commit-ID: c9f474e0124e3fe456c5e43749b97d75e65b82b2
2969 OpenBSD-Commit-ID: fd77a77779f06d316a314e4540dc57c93fc3369a
2977 OpenBSD-Commit-ID: e6aff005914fa350b896d2be030be3d3b56ec0e8
2991 Class-imposed login restrictions
3007 OpenBSD-Commit-ID: 81c778c76dea7ef407603caa157eb0c381c52ad2
3015 OpenBSD-Commit-ID: 42d322d37f13aa075ae7b1ad9eef591e20b89717
3021 upstream: fix grammar: "a pattern lists" -> "one or more pattern
3025 OpenBSD-Commit-ID: f3c844763398faa9800687e8ff6621225498202a
3039 Add 9.8 branch to ci-status page.
3042 Author: Samuel Thibault <samuel.thibault@ens-lyon.org>
3049 -Werror=implicit-function-declaration this is really required. While at
3063 upstream: openssh-9.8
3065 OpenBSD-Commit-ID: 5f8b89e38a4c5f7c6d52ffa19f796d49f36fab19
3078 OpenBSD-Commit-ID: 009b74fd2769b36b5284a0188ade182f00564136
3089 OpenBSD-Regress-ID: 821feca4a4bebe491944e624c8f7f2990b891415
3097 OpenBSD-Commit-ID: 5fb04f298ed155053f3fbfdf0c6fe7cdf84bbfa2
3105 OpenBSD-Commit-ID: 3e30d7b0615e2707f6bbe70f61b1c2f72f78161b
3113 OpenBSD-Commit-ID: 83b7ff34433d79595e9c2a5d2a561a6660251245
3123 OpenBSD-Commit-ID: 65815a39564e431414aed7c5ace8076f4e9ca741
3132 signal-safe rules. This is a good rule of thumb: Handlers should be written
3137 OpenBSD-Commit-ID: 14168ae8368aab76e4ed79e17a667cb46f404ecd
3148 OpenBSD-Commit-ID: 7749b56419a7c9dcfe4c6c04811e429813346c62
3154 upstream: - uppercase start of sentence - correct sentence grammar
3158 OpenBSD-Commit-ID: 1ec4b0fdb633a43667f2c8fff1d600bd647dde25
3166 OpenBSD-Commit-ID: c29734d36c21003973b15c1c9965c35f36cef30c
3181 a host arg when querying supported ciphers and macs via "-c/-m
3185 OpenBSD-Regress-ID: 98eb863a3f0363416922efb273885e6b3c7f68d4
3196 OpenBSD-Regress-ID: e0129eb2b1d31771105903a8055216fbba20a770
3204 OpenBSD-Commit-ID: 7df01e648a0723418c554e64a9f2b6d38db060a6
3215 OpenBSD-Commit-ID: eb7eb36371e1ac01050b32b70fb2b3e5d98e72f5
3223 OpenBSD-Commit-ID: 8515f55a15f02836ba657df341415f63c60526ca
3229 Move -f to the place needed to restart sshd.
3235 Need to supply "-f" to restart sshd.
3244 v2024.85) "-m help" doesn't seem to work. Enable all supported pubkey
3247 OpenBSD-Regress-ID: 4f95556a49ee9f621789f25217c367a33d2745ca
3256 Only test diffie-hellman kex if OpenSSH is compiled with support for it.
3258 OpenBSD-Regress-ID: a5d09ef9bbd171f9e4ec73ed0d9eeb49a8878e97
3269 OpenBSD-Regress-ID: 8f91f12604cddb9f8d93aa34f3f93a3f6074395d
3278 the running sshd and newly installed sshd-session will cause the
3285 Remove macos-11 runner.
3299 upstream: Re-enable ssh-dss tests
3303 OpenBSD-Regress-ID: bbfaf8c17f2b50a2d46ac35cb97af99b990c990d
3311 OpenBSD-Regress-ID: abfd4457d99d8cc1417fd22ca2c570270f74c1cf
3336 OpenBSD-Commit-ID: 961ef594e46dd2dcade8dd5721fa565cee79ffed
3342 upstream: promote connection-closed messages from verbose to info
3347 OpenBSD-Commit-ID: 0c8bfaf5e9fdff945cee09ac21e641f6c5d65d3c
3374 OpenBSD-Regress-ID: d0cc9efca7833e673ea7b0cb3a679a3acee8d4c7
3382 OpenBSD-Regress-ID: 90c9ac224db454637baf1ebee5857e007321e824
3392 OpenBSD-Regress-ID: 70bda39c83e3fc9d0f3c1fad4542ed33e173d468
3398 upstream: sort -q in the options list;
3400 OpenBSD-Commit-ID: 6839b38378f38f754de638a5e988c13b4164cc7c
3410 OpenBSD-Commit-ID: e698e69bea19bd52971d253f2b1094490c4701f7
3416 upstream: ssh-keyscan -q man bits
3418 OpenBSD-Commit-ID: ba28d0e1ac609a4c99c453e57e86560c79079db1
3424 skip penalty-expire test in valgrind test env
3436 OpenBSD-Regress-ID: f56811064f3e3cb52ee73a206b8c2a06af1c8791
3445 enabled. Defaults to "sshd" unless overridden at compile time
3454 upstream: don't redirect stderr for ssh-keyscan we expect to succeed
3456 OpenBSD-Regress-ID: 8878b8eb4e070ed2e343166d3eb86db4a08a216c
3467 Add a -q flag to shut them up.
3471 OpenBSD-Commit-ID: bec813de56a71adb5c1a76adcf49621130d24264
3479 OpenBSD-Commit-ID: d65a99666202a8188c4991c18d14374a229f7be5
3485 upstream: specify an algorithm for ssh-keyscan, otherwise it will make
3489 OpenBSD-Regress-ID: 6e910f3315c4345053db1bf5cbf61826b194d0b9
3499 differently-named copies/links to the sshd binary.
3501 Splitting sshd into sshd/sshd-session broke this, as the process
3502 that starts PAM is always sshd-session and the user has no control
3516 this shuffles the contents of this file to make it easy to un-ignore
3531 Cygwin doesn't support FD passing and so used to disable post-auth
3539 the post-auth user process rather than the monitor.
3542 with (this appears to be the case on Cygwin), or the post-auth
3546 Keeping privileges here is bad, but the non-Cygwin systems that set
3556 sshd-session attempting to use options.kerberos_authentication to
3583 OpenBSD-Commit-ID: 12637ed0aa4d5f1f3e702da42ea967cbd8bfdfd9
3589 upstream: do not mark up "(default: 20ms)";
3591 OpenBSD-Commit-ID: 54151ecdecfa1b67dcdda4fd24826ef6e2148ad4
3601 OpenBSD-Commit-ID: 02a093f4ab4f8f83f0cd1ea2bb35b9ca420448f0
3611 OpenBSD-Regress-ID: 96fec579af228f87a036e94801eb294af9074625
3617 upstream: reap the pre-auth [net] child if it hangs up during privsep
3621 OpenBSD-Commit-ID: f7341605bf08c4c15830910446e6775323f2f8cb
3629 OpenBSD-Commit-ID: 8dc2fd21eebd8830c4a4d25461ac4fe228e11156
3635 upstream: fix off-by-one comparison for PerSourcePenalty
3637 OpenBSD-Commit-ID: af4f5d01c41ef870b23e55655bfbf73474a6c02b
3645 OpenBSD-Commit-ID: 72e2c5b69f151c08a7c5bf5ad929b97a92c273df
3655 OpenBSD-Commit-ID: b981288bddfb097aad269f62df4081c688ce0034
3665 OpenBSD-Commit-ID: 24dbd400aa381ac96be7ed2dd49018487dfef6ce
3673 OpenBSD-Commit-ID: b317930e06b51819c1a2bc6a4359764fecfb1c2d
3681 OpenBSD-Commit-ID: 581f60f73099083392887206860229ab104620ed
3691 OpenBSD-Commit-ID: 1e89572397dda83433d58c4fa6333a08f51170d4
3701 OpenBSD-Commit-ID: 0a9fb10bc9f7d577afe2da3f498a08bc431115b9
3720 OpenBSD-Commit-ID: 24a0e5c23d37e5a63e16d2c6da3920a51078f6ce
3728 in-progress connections.
3730 OpenBSD-Commit-ID: 20389da6264f2c97ac3463edfaa1182c212d420c
3738 OpenBSD-Regress-ID: a1af13d411b25a727742644459d26480b9a1b0f1
3746 OpenBSD-Regress-ID: de4ef0e32e3ab85ff3a6c36eb08d1909c0dd1b4a
3754 OpenBSD-Regress-ID: 50316e0d1ae0c0a057a45af042253e54ce23d11c
3764 OpenBSD-Regress-ID: 5236c6d1c823997aac5a35e2915da30f1903bec7
3772 OpenBSD-Commit-ID: d42cb895ee4542098050367fc35321c9303f003a
3784 status of its child pre-auth session processes. Through the exit
3793 duration (e.g. 30 seconds) against the client's address. If this time
3811 OpenBSD-Commit-ID: 89ded70eccb2b4926ef0366a4d58a693de366cca
3823 upstream: enable -fret-clean on amd64, for libc libcrypto ld.so
3825 kernel, and all the ssh tools. The dynamic objects are entirely ret-clean,
3826 static binaries will contain a blend of cleaning and non-cleaning callers.
3828 OpenBSD-Commit-ID: 112aacedd3b61cc5c34b1fa6d9fb759214179172
3842 separate sshd-session process - reserve them early and fatal if we can't
3843 dup2(2) them later. The pre-split fallback to re-reading the configuration
3844 files is not possible, so sshd-session absolutely requires the fd the
3849 OpenBSD-Commit-ID: 308a98ef3c8a6665ebf92c7c9a0fc9600ccd7065
3864 sshd as non-root)
3876 upstream: warn when -r (deprecated option to disable re-exec) is
3880 OpenBSD-Commit-ID: 73145ef5150edbe3ce7889f0844ed8fa6155f551
3888 OpenBSD-Commit-ID: edfa72eb06bfa65da30fabf7d2fe76d2d33f77bf
3896 OpenBSD-Commit-ID: dd137396828171eb19e4911581812ca58de6c578
3904 OpenBSD-Commit-ID: 57cc1c98d4f998981473734f144b904af7d178a2
3914 OpenBSD-Commit-ID: 416fb3970b7e73c76d2963c4f00cf96f2b2ee2fb
3920 upstream: Do not pass -Werror twice when building with clang.
3922 OpenBSD-Commit-ID: 5f378c38ad8976d507786dc4db9283a879ec8cd0
3928 upstream: Do not pass -Werror if building with gcc 3, for asn1.h
3932 OpenBSD-Commit-ID: fb39324748824cb0387e9d67c41d1bef945c54ea
3945 OpenBSD-Regress-ID: 48f4f5946276f975667141957d25441b3c9a50e2
3951 upstream: Add missing kex-names.c source file required since the
3955 OpenBSD-Regress-ID: ca666223f828fc4b069cb9016bff1eb50faf9fbb
3961 upstream: remove duplicate copy of relink kit for sshd-session
3963 OpenBSD-Commit-ID: 6d2ded4cd91d4d727c2b26e099b91ea935bed504
3971 OpenBSD-Commit-ID: 6d9065dadea5f14a01bece0dbfe2fba1be31c693
3979 OpenBSD-Commit-ID: f51ea791d45c15d4927eb4ae7d877ccc1e5a2aab
3985 upstream: -Werror was turned on (probably just for development),
3989 OpenBSD-Commit-ID: 7f698df54384b437ce33ab7405f0b86c87019e86
3995 attempt at updating RPM specs for sshd-session
4003 OpenBSD-Commit-ID: aa6ef0778a1f1bde0d73efba72a777c48d2bd010
4011 OpenBSD-Commit-ID: bdea29bb3ed2a5a7782999c4c663b219d2270483
4017 upstream: allow overriding the sshd-session binary path
4019 OpenBSD-Regress-ID: 5058cd1c4b6ca1a15474e33546142931d9f964da
4025 upstream: Since ssh-agent(1) is only readable by root by now, use
4029 OpenBSD-Regress-ID: 24eb40de2e6b0ace185caaba35e2d470331ffe68
4039 OpenBSD-Commit-ID: 66d69e22b1c072c694a7267c847f212284614ed3
4045 upstream: construct and install a relink-kit for sshd-session ok
4049 OpenBSD-Commit-ID: 8b3820adb4da4e139c4b3cffbcc0bde9f08bf0c6
4055 Makefile support for sshd-session
4063 OpenBSD-Commit-ID: 4b7be4434d8799f02365552b641a7a70a7ebeb2f
4076 session handling will be performed by a new sshd-session binary that the
4080 up for future work on the sshd-session binary.
4087 OpenBSD-Commit-ID: 43c04a1ab96cdbdeb53d2df0125a6d42c5f19934
4097 OpenBSD-Commit-ID: 8b0cd2c0dee75fb053718f442aa89510b684610b
4105 Authored with Space Meyer <git at the-space dot agency>
4109 OpenBSD-Commit-ID: 81db602e4cb407baae472689db1c222ed7b2afa3
4124 echo localhost | ssh-keyscan -f - -f -
4126 While at it, make stdin-related error messages nicer.
4132 OpenBSD-Commit-ID: 48e9b7938e2fa2f9bd47e6de6df66a31e0b375d3
4144 upstream: fix home-directory extension implementation, it always
4150 OpenBSD-Commit-ID: 5afd775eab7f9cbe222d7fbae4c793de6c3b3d28
4162 OpenBSD-Commit-ID: 80bdc7ffe0358dc090eb9b93e6dedb2b087b24cd
4172 OpenBSD-Commit-ID: 73dbbe82ea16f73ce1d044d3232bc869ae2f2ce8
4184 OpenBSD-Commit-ID: 0dfb69998cfdb3fa00cbb0e7809e7d2f6126e3df
4200 OpenBSD-Commit-ID: c0c0f89de5294a166578f071eade2501929c4686
4211 OpenBSD-Commit-ID: 364087e4a395ff9b2f42bf3aefdb2090bb23643a
4219 OpenBSD-Commit-ID: dd9702fd43de546bc6a3f4f025c74d6f3692a0d4
4225 upstream: set right mode on ssh-agent at boot-time
4230 OpenBSD-Commit-ID: 662b5056a2c6171563e1626f9c69f27862b5e7af
4242 OpenBSD-Commit-ID: 866cfcc1955aef8f3fc32da0b70c353a1b859f2e
4252 OpenBSD-Commit-ID: cec14a76af2eb7b225300c80fc0e21052be67b05
4262 OpenBSD-Commit-ID: 7bb2dd3d6d1f288dac14247d1de446e3d7ba8b8e
4268 upstream: rewrite convtime() to use a isdigit-scanner and
4273 OpenBSD-Commit-ID: 4b1ef826bb16047aea3f3bdcb385b72ffd450abc
4283 OpenBSD-Commit-ID: 3d14433e39fd558f662d3b0431c4c555ef920481
4289 upstream: Replace non-idiomatic strtoul(, 16) to parse a region
4291 of 2-character hex sequences with a low-level replacement designed just for
4294 OpenBSD-Commit-ID: 67bab8b8a4329a19a0add5085eacd6f4cc215e85
4300 upstream: Use strtonum() instead of severely non-idomatic
4305 OpenBSD-Commit-ID: c82d95e3ccbfedfc91a8041c2f8bf0cf987d1501
4311 upstream: also create a relink kit for ssh-agent, since it is a
4313 long-running setgid program carrying keys with some (not very powerful)
4317 OpenBSD-Commit-ID: 2fe8d707ae35ba23c7916adcb818bb5b66837ba0
4323 upstream: new-style relink kit for sshd. The old scheme created
4326 new way a narrow-purposed install.sh script is created and shipped with the
4329 OpenBSD-Commit-ID: ef9341d5a50f0d33e3a6fbe995e92964bc7ef2d3
4337 Signed-off-by: renmingshuai <renmingshuai@huawei.com>
4350 [0] https://openssl.org/policies/general/versioning-policy.html
4365 Add newly-released OpenSSL 3.3.0, and add tests against the 3.1 and
4398 If --enable/disable-dsa-keys is not specified, set based on what OpenSSL
4410 OpenBSD-Commit-ID: d17dbf47554de2d752061592f95b5d772baab50b
4413 Author: Eero Häkkinen <Eero+git@xn--Hkkinen-5wa.fi>
4420 when a keyboard-interactive authentication method is in use.
4439 dedicated runner instance and can only run a single test at a time.
4444 DEBUG_ACTIONS: enable "set -x" in scripts for debugging.
4450 add new token-based signing key for dtucker@
4457 Date: Tue Mar 12 03:59:12 2024 -0700
4472 OpenBSD-Commit-ID: 1ac1f9c45da44eabbae89375393c662349239257
4478 upstream: Use egrep instead of grep -E.
4481 in -portable.
4483 OpenBSD-Regress-ID: ff82260eb0db1f11130200b25d820cf73753bbe3
4489 upstream: test -h is the POSIXly way of testing for a symlink. Reduces
4493 OpenBSD-Regress-ID: 6f31cd6e231e3b8c5c2ca0307573ccb7484bff7d
4513 OpenBSD-Regress-ID: b4852bf97ac8fb2e3530f2d5f999edd66058d7bc
4521 OpenBSD-Regress-ID: 5039bde24d33d809aebfa8d3ad7fe9053224e6f8
4527 upstream: Improve shell portability: grep -q is not portable so
4534 OpenBSD-Regress-ID: 9ae876a8ec4c4725f1e9820a0667360ee2398337
4542 from portable. In some shells, "case" will reset the value of $?, so save it
4545 OpenBSD-Regress-ID: da32e5be19299cb4f0f7de7f29c11257a62d6949
4555 OpenBSD-Regress-ID: 6a83a693602eb0312f06a4ad2cd6f40d99d24b26
4565 OpenBSD-Regress-ID: 835ed03c1b04ad46be82e674495521f11b840191
4609 OpenBSD-Commit-ID: ad3d1486d105b008c93e952d158e5af4d9d4c531
4615 upstream: Clarify how literal IPv6 addresses can be used in -J mode
4619 OpenBSD-Commit-ID: 524ddae97746b3563ad4a887dfd0a6e6ba114c50
4631 Move xpg4 'id' handling into test-exec.sh.
4634 replacements in test-exec.sh. This brings percent.sh back into sync
4641 Update branches shown on ci-status to 9.7 and 9.6.
4647 Improve detection of -fzero-call-used-regs=used.
4652 Signed-off-by: Darren Tucker <dtucker@dtucker.net>
4670 upstream: openssh-9.7
4672 OpenBSD-Commit-ID: 618ececf58b8cdae016b149787af06240f7b0cbc
4699 OpenBSD-Commit-ID: e58f18042b86425405ca09e6e9d7dfa1df9f5f7f
4705 upstream: skip more whitespace, fixes find-principals on
4709 OpenBSD-Commit-ID: b3a22a2afd753d70766f34bc7f309c03706b5298
4720 OpenBSD-Regress-ID: f68d79e7f00caa8d216ebe00ee5f0adbb944062a
4726 Prefer openssl binary from --with-ssl-dir directory.
4728 Use openssl in the directory specified by --with-ssl-dir as long
4739 OpenBSD-Commit-ID: 97d96a166b1ad4b8d229864a553e3e56d3116860
4745 upstream: wrap a few PKCS#11-specific bits in ENABLE_PKCS11
4747 OpenBSD-Commit-ID: 463e4a69eef3426a43a2b922c4e7b2011885d923
4755 Unbreaks "make test" when compiled --without-openssl.
4763 add a --without-retpoline configure option
4775 OpenBSD-Commit-ID: 208839699939721f452a4418afc028a9f9d3d8af
4792 OpenBSD-Commit-ID: 7f196cba634c2a3dba115f3fac3c4635a2199491
4810 upstream: explain arguments of internal-sftp GHPR#454 from Niklas
4813 MIME-Version: 1.0
4814 Content-Type: text/plain; charset=UTF-8
4815 Content-Transfer-Encoding: 8bit
4817 OpenBSD-Commit-ID: 0335d641ae6b5b6201b9ffd5dd06345ebbd0a3f3
4826 MIME-Version: 1.0
4827 Content-Type: text/plain; charset=UTF-8
4828 Content-Transfer-Encoding: 8bit
4830 OpenBSD-Commit-ID: d37bc8786317a11649c62ff5e2936441186ef7a0
4838 OpenBSD-Commit-ID: d59c52559f926fa82859035d79749fbb4a3ce18a
4848 OpenBSD-Commit-ID: 05b23b772677d48aa82eefd7ebebd369ae758908
4858 OpenBSD-Commit-ID: 4e412d59b3f557d431f1d81c715a3bc0491cc677
4868 OpenBSD-Commit-ID: e11023aeb3f30b77a674e37b8292c862926d5dc6
4876 OpenBSD-Regress-ID: b4c0ccfa4006a1bc5dfd99ccf21c854d3ce2aee0
4887 OpenBSD-Regress-ID: dd28d97d48efe7329a396d0d505ee2907bf7fc57
4900 OpenBSD-Regress-ID: c25eaccc3c91bc874400f7c85ce40e9032358c1c
4908 OpenBSD-Commit-ID: 509bb19bb9762a4b3b589af98bac2e730541b6d4
4916 OpenBSD-Commit-ID: b24680bc755b621ea801ff8edf6f0f02b68edae1
4945 Add --disable-fd-passing option.
4968 OpenBSD-Commit-ID: bf9e4a1049562ee4322684fbdce07142f04fdbb7
4987 OpenBSD-Regress-ID: 8780a7250bf742b33010e9336359a1c516f2d7b5
4997 OpenBSD-Regress-ID: dfc27b5574e3f19dc4043395594cea5f90b8572a
5007 OpenBSD-Commit-ID: 9dd417b6eec3cf67e870f147464a8d93f076dce7
5013 upstream: make DSA key support compile-time optional, defaulting to
5019 OpenBSD-Commit-ID: 4f8e98fc1fd6de399d0921d5b31b3127a03f581d
5027 OpenBSD-Commit-ID: cb07eb06e15fa2334660ac73e98f29b6a1931984
5037 OpenBSD-Regress-ID: f10d19f697024e9941acad7c2057f73d6eacb8a2
5047 the existing per-channel timeouts added a few releases ago.
5049 This supports use-cases like having a session + x11 forwarding channel
5056 OpenBSD-Commit-ID: 0054157d24d2eaa5dc1a9a9859afefc13d1d7eb3
5062 upstream: adapt ssh_api.c code for kex-strict
5066 OpenBSD-Commit-ID: 4d9f256852af2a5b882b12cae9447f8f00f933ac
5082 Date: Tue Dec 19 11:48:20 2023 -0500
5084 Fix compilation error in ssh-pcks11-client.c
5101 OpenBSD-Commit-ID: ad0734fe5916d2dc7dd02b588906cea4df0482fb
5107 upstream: fix missing field in users-groups-by-id@openssh.com reply
5113 OpenBSD-Commit-ID: ff5733ff6ef4cd24e0758ebeed557aa91184c674
5119 upstream: make kex-strict section more explicit about its intent:
5123 OpenBSD-Commit-ID: fc33a2d7f3b7013a7fb7500bdbaa8254ebc88116
5135 unbreak fuzzers - missing pkcs11_make_cert()
5152 upstream: remove ext-info-* in the kex.c code, not in callers;
5156 OpenBSD-Commit-ID: c06fe2d3a0605c517ff7d65e38ec7b2d1b0b2799
5164 OpenBSD-Commit-ID: 77140b520a43375b886e535eb8bd842a268f9368
5172 OpenBSD-Commit-ID: 5a636f6ca7f25bfe775df4952f7aac90a7fcbbee
5180 OpenBSD-Commit-ID: 9d01f2e9d59a999d5d42fc3b3efcf8dfb892e31b
5186 upstream: sort -C, and add to usage(); ok djm
5188 OpenBSD-Commit-ID: 80141b2a5d60c8593e3c65ca3c53c431262c812f
5196 OpenBSD-Commit-ID: e289576ee5651528404cb2fb68945556052cf83f
5204 OpenBSD-Commit-ID: 9422289747c35ccb7b31d0e1888ccd5e74ad566a
5210 better detection of broken -fzero-call-used-regs
5216 > for ‘-fzero-call-used-regs’ on this target
5218 This extends the autoconf will-it-work test with a similarly-
5239 upstream: regress test for agent PKCS#11-backed certificates
5241 OpenBSD-Regress-ID: 38f681777cb944a8cc3bf9d0ad62959a16764df9
5249 OpenBSD-Regress-ID: b2f26ae95d609d12257b43aef7cd7714c82618ff
5255 upstream: openssh-9.6
5257 OpenBSD-Commit-ID: 21759837cf0e0092d9a2079f8fb562071c11016b
5263 upstream: ssh-agent: record failed session-bind attempts
5265 Record failed attempts to session-bind a connection and refuse signing
5269 recognised by an older ssh-agent, that consequently causes session-bind
5271 and ssh-agent(1) of different versions on the same host). Previously,
5277 OpenBSD-Commit-ID: b0fdd023e920aa4831413f640de4c5307b53552e
5290 interactions with user-specified ProxyCommand and other directives
5307 OpenBSD-Commit-ID: 3b487348b5964f3e77b6b4d3da4c3b439e94b2d9
5315 This makes ssh/sshd more strict in handling non-compliant peers that
5323 OpenBSD-Commit-ID: 811e21b41831eba3dd7f67b3d409a438f20d3037
5332 ssh-add to keys loaded from PKCS#11 tokens in the agent.
5336 OpenBSD-Commit-ID: bb5433cd28ede2bc910996eb3c0b53e20f86037f
5348 OpenBSD-Commit-ID: 36df3afb8eb94eec6b2541f063d0d164ef8b488d
5354 upstream: add "ext-info-in-auth@openssh.com" extension
5367 OpenBSD-Commit-ID: 1de7da7f2b6c32a46043d75fcd49b0cbb7db7779
5383 OpenBSD-Commit-ID: 2a66ac962f0a630d7945fee54004ed9e9c439f14
5389 better detection of broken -fzero-call-used-regs
5410 OpenBSD-Commit-ID: 5cfabc0b7c6c7ab473666df314f377b1f15420b1
5418 OpenBSD-Commit-ID: 594f61ad4819ff5c72dfe99ba666a17f0e1030ae
5428 OpenBSD-Commit-ID: 2bcddd695872a1bef137cfff7823044dcded90ea
5440 Use non-zero arg in compiler test program.
5443 can cause divide-by-zero exceptions which might show up in logs.
5453 OpenBSD-Commit-ID: bf85362addbe2134c3d8c4b80f16601fbff823b7
5461 OpenBSD-Commit-ID: 1c3641be10c2f4fbad2a1b088a441d072e18bf16
5476 Add gcc-12 -Werror test on Ubuntu 22.04.
5478 Explictly specify gcc-11 on Ubuntu 22.04 (it's the system compiler).
5486 ... and since we're testing for flags with -Werror, this caused
5487 configure to mis-detect compiler flags.
5515 Expand -fzero-call-used-regs test to cover gcc 11.
5517 It turns out that gcc also has some problems with -fzero-call-used-regs,
5527 Stop using -fzero-call-used-regs=all
5530 clang. Only use -fzero-call-used-regs=used which is less
5552 OpenBSD-Commit-ID: 29cea900ddd8b04a4d1968da5c4a893be2ebd9e6
5564 OpenBSD-Commit-ID: 6c7d7751f6cd055126b2b268a7b64dcafa447439
5577 OpenBSD-Commit-ID: c292f738db410f729190f92de100c39ec931a4f1
5591 OpenBSD-Commit-ID: 1c177d7c3becc1d71bc8763eecf61873a1d3884c
5607 ... instead of relying on installed one. Fixes test failures in -portable
5610 OpenBSD-Regress-ID: b6d6ba71c23209c616efc805a60d9a445d53a685
5616 Put long-running test targets on hipri runners.
5618 Some of the selfhosted test targets take a long time to run for various
5619 reasons, so label them for "libvirt-hipri" runners so that they can
5620 start immediately. This should reduce the time to complete all tests.
5630 OpenBSD-Regress-ID: eb48610282f6371672bdf2a8b5d2aa33cfbd322b
5645 OpenBSD-Regress-ID: 70d58df7503db699de579a9479300e5f3735f4ee
5655 OpenBSD-Regress-ID: dbad2f5ece839658ef8af3376cb1fb1cabe2e324
5661 upstream: move PKCS#11 setup code to test-exec.sh so it can be reused
5665 OpenBSD-Regress-ID: 1d29e6be40f994419795d9e660a8d07f538f0acb
5674 SSH_ASKPASS script to directly load the PIN.
5681 OpenBSD-Regress-ID: 07705c31de30bab9601a95daf1ee6bef821dd262
5721 OpenBSD-Regress-ID: f1b20a476734e885078c481f1324c9ea03af991e
5731 OpenBSD-Regress-ID: 7ea21b5f6fc4506165093b2123d88d20ff13a4f0
5739 OpenBSD-Regress-ID: b0abf81c24ac6c21f367233663228ba16fa96a46
5747 OpenBSD-Commit-ID: 95f5dd6107e8902b87dc5b005ef2b53f1ff378b8
5757 OpenBSD-Regress-ID: cbf2701bc347c2f19d907f113779c666f1ecae4a
5769 OpenBSD-Regress-ID: 3b7f65c8f409c328bcd4b704f60cb3d31746f045
5783 Now that configure finds these for us we can remove these -portable
5792 This will let us remove some -portable specific changes from
5793 test-exec.sh.
5803 OpenBSD-Regress-ID: 7de0e00518fb0c8fdc5f243b7f82f523c936049c
5814 OpenBSD-Regress-ID: 8cb898c414fcdb252ca6328896b0687acdaee496
5820 Update openssl-devel dependency in RPM spec.
5823 build with --without-openssl elsewhere.
5842 This lets us compile Portable with -Werror with when OpenSSL doesn't have
5845 OpenBSD-Commit-ID: e02e4b4af351946562a7caee905da60eff16ba29
5851 run t-extra regress tests
5853 This exposes the t-extra regress tests (including agent-pkcs11.sh) as
5854 a new extra-tests target in the top level Makefile and runs them by
5861 Don't use make -j2.
5879 OpenBSD-Regress-ID: 98a2a6b9333743274359e3c0f0e65cf919a591d1
5889 OpenBSD-Regress-ID: c3297af8f07717f1d400a5d34529962f1a76b5a3
5895 upstream: 64 %-expansion keys ought to be enough for anybody; ok
5899 OpenBSD-Commit-ID: 84070f8001ec22ff5d669f836b62f206e08c5787
5907 OpenBSD-Commit-ID: 251c0263e1759a921341c7efe7f1d4c73e1c70f4
5927 OpenBSD-Commit-ID: ce9983f7efe6a178db90dc5c1698df025df5e339
5937 OpenBSD-Commit-ID: 0daa41e0525ae63cae4483519ecaa37ac485d94c
5948 OpenBSD-Commit-ID: 5c14e1aabcddedb95cdf972283d9c0d5083229e7
5956 OpenBSD-Commit-ID: 191a85639477dcb5fa1616d270d93b7c8d5c1dfd
5962 upstream: ssh -Q does not make sense with other command-line options,
5966 OpenBSD-Commit-ID: 00a747f0655c12122bbb77c2796be0013c105361
5976 OpenBSD-Commit-ID: 55630b26f390ac063980cfe7ad8c54b03284ef02
5986 OpenBSD-Commit-ID: 01b85c91757e6b057e9b23b8a23f96415c3c7174
5994 OpenBSD-Commit-ID: 1b4fb590ef731099349a7d468b77f02b240ac926
6006 OpenBSD-Commit-ID: 0bd8db8a595334ca86bca8f36e23fc0395315765
6012 upstream: s/%.100s/%s/ in SSH- banner construction as there's no
6014 reason to limit its size: the version string bring included is a compile time
6017 OpenBSD-Commit-ID: 0ef73304b9bf3e534c60900cd84ab699f859ebcd
6029 OpenBSD-Commit-ID: 91fa5497c9dc6883064624ac27813a567883fdce
6039 OpenBSD-Commit-ID: e61795b453d4892d2c99ce1039112c4a00250e03
6047 OpenBSD-Regress-ID: 6a8edf0dc39941298e3780b147b10c0a600b4fee
6058 OpenBSD-Regress-ID: b3f1292115fed65765d0a95414df16e27772d81c
6068 OpenBSD-Regress-ID: f063330f1bebbcd373100afccebc91a965b14496
6076 OpenBSD-Commit-ID: 493f95121567e5ab0d9dd1150f873b5535ca0195
6088 upstream: openssh-9.5
6090 OpenBSD-Commit-ID: 5e0af680480bd3b6f5560cf840ad032d48fd6b16
6100 OpenBSD-Commit-ID: aa1450a54fcee2f153ef70368d90edb1e7019113
6108 OpenBSD-Commit-ID: ff5bda21a83ec013db683e282256a85201d2dc4b
6124 OpenBSD-Commit-ID: 2f5fba917b5d4fcf93d9e0b0756c7f63189e228e
6130 upstream: rename remote_glob() -> sftp_glob() to match other API
6132 OpenBSD-Commit-ID: d9dfb3708d824ec02970a84d96cf5937e0887229
6140 OpenBSD-Commit-ID: 69285e0ce962a7c6b0ab5f17a293c60a0a360a18
6146 Use zero-call-used-regs=used with Apple compilers.
6150 have the clang-15 zero-call-used-regs=all bug, so for now use the value
6163 OpenBSD-Commit-ID: 05f61d051ab418fcfc4857ff306e420037502382
6173 OpenBSD-Commit-ID: c61caa4a5a667ee20bb1042098861e6c72c69002
6179 upstream: regress test recursive remote-remote directories copies where
6183 also remove errant `set -x` that snuck in at some point
6185 OpenBSD-Regress-ID: 1c94a48bdbd633ef2285954ee257725cd7bc456f
6191 upstream: fix recursive remote-remote copies of directories that
6195 OpenBSD-Commit-ID: 7e19d2ae09b4f941bf8eecc3955c9120171da37f
6205 OpenBSD-Regress-ID: eaa4c29cc5cddff4e72a16bcce14aeb1ecfc94b9
6213 OpenSSH and it shows - the function names are terrible.
6218 change from returning a pointer to a static variable (error-prone) to
6219 taking a pointer to a caller-provided receiver.
6221 OpenBSD-Commit-ID: eb54d6a72d0bbba4d623e2175cf5cc4c75dc2ba4
6232 OpenBSD-Commit-ID: 9760fda668eaa94a992250d7670dfbc62a45197c
6240 OpenBSD-Regress-ID: 5f8135da3bfda71067084c048d717b0e8793e87c
6250 OpenBSD-Commit-ID: 3911d18a826a2d2fe7e4519075cf3e57af439722
6261 OpenBSD-Commit-ID: e683dfca6bdcbc3cc339bb6c6517c0c4736a547f
6270 subsystem configuration (sftp-server) is unlikely to be affected.
6272 OpenBSD-Commit-ID: 8ffa296aeca981de5b0945242ce75aa6dee479bf
6283 OpenBSD-Commit-ID: fc90ed2cc0c18d4eb8e33d2c5e98d25f282588ce
6293 OpenBSD-Commit-ID: 647460a212b916540016d066568816507375fd7f
6306 OpenBSD-Commit-ID: f498beaad19c8cdcc357381a60df4a9c69858b3f
6315 obfuscatior for non-channels data like ClientAlive probes and also fixes a
6321 OpenBSD-Commit-ID: d98f32dc62d7663ff4660e4556e184032a0db123
6332 OpenBSD-Commit-ID: 5c270d35f7d2974db5c1646e9c64188f9393be31
6343 OpenBSD-Commit-ID: f9776c7b0065ba7c3bbe50431fd3b629f44314d0
6354 OpenBSD-Commit-ID: 72783a26254202e2f3f41a2818a19956fe49a772
6363 by setting -std=gnu99, at which point we won't be testing C89 any more.
6370 upstream: make PerSourceMaxStartups first-match-wins; ok dtucker@
6372 OpenBSD-Commit-ID: dac0c24cb709e3c595b8b4f422a0355dc5a3b4e7
6380 OpenBSD-Commit-ID: b1afaeb456a52bc8a58f4f9f8b2f9fa8f6bf651b
6391 OpenBSD-Commit-ID: 85b364676dd84cf1de0e98fc2fbdcb1a844ce515
6399 OpenBSD-Commit-ID: e80343c16ce0420b2aec98701527cf90371bd0db
6407 matter, since the range is pre-clamped)
6409 OpenBSD-Commit-ID: f786ed902d04a5b8ecc581d068fea1a79aa772de
6417 This attempts to hide inter-keystroke timings by sending interactive
6418 traffic at fixed intervals (default: every 20ms) when there is only a
6425 OpenBSD-Commit-ID: 02231ddd4f442212820976068c34a36e3c1b15be
6431 upstream: Introduce a transport-level ping facility
6436 ext-info message with a string version number of "0".
6440 OpenBSD-Commit-ID: b6b3c4cb2084c62f85a8dc67cf74954015eb547f
6454 OpenBSD-Commit-ID: bd47dab4695b134a44c379f0e9a39eed33047809
6464 OpenBSD-Commit-ID: 641153e7c05117436ddfc58267aa267ca8b80038
6478 obsd-arm64 host is real hardware...
6500 OpenBSD-Commit-ID: 743af3c6e3ce5e6cecd051668f0327a01f44af29
6525 OpenBSD-Commit-ID: 4d5c6c894664f50149153fd4764f21f43e7d7e5a
6531 upstream: defence-in-depth MaxAuthTries check in monitor; ok markus
6533 OpenBSD-Commit-ID: 65a4225dc708e2dae71315adf93677edace46c21
6541 OpenBSD-Commit-ID: 6c984171c96ed67effd7b5092f3d3975d55d6028
6555 OpenBSD-Commit-ID: 82237567fcd4098797cbdd17efa6ade08e1a36b0
6563 OpenBSD-Commit-ID: 5c11fbb9592a29b37bbf36f66df50db9d38182c6
6587 upstream: openssh-9.4
6589 OpenBSD-Commit-ID: 71fc1e01a4c4ea061b252bd399cda7be757e6e35
6613 OpenBSD-Commit-ID: 2fbe1a36d4a24b98531b2d298a6557c8285dc1b4
6621 When sshd is built with an OpenSSL that does not self-seed, it would
6631 commented- out config option match. From Ed Maste
6633 OpenBSD-Commit-ID: e66e934c45a9077cb1d51fc4f8d3df4505db58d9
6643 OpenBSD-Commit-ID: 2b6b0dde4407e039f58f86c8d2ff584a8205ea55
6653 OpenBSD-Commit-ID: 538cfcddbbb59dc3a8739604319491dcb8e0c0c9
6659 upstream: don't need to start a command here; use ssh -N instead.
6663 OpenBSD-Regress-ID: ff678a8cc69160a3b862733d935ec4a383f93cfb
6671 a specific point. e.g. "make LTESTS_FROM=t-sftp" will only run the sftp.sh
6674 OpenBSD-Regress-ID: 07f653de731def074b29293db946042706fcead3
6682 OpenBSD-Regress-ID: a6150262f39065939f025e546af2a346ffe674c1
6690 OpenBSD-Regress-ID: 55e4186604e80259496d841e690ea2090981bc7a
6700 OpenBSD-Commit-ID: 7ed1082f23a13b38c373008f856fd301d50012f9
6709 address/port 4-tuple) as expansion sequences; ok markus
6711 OpenBSD-Commit-ID: ee9a48bf1a74c4ace71b69de69cfdaa2a7388565
6717 upstream: increase default KDF work-factor for OpenSSH format
6721 OpenBSD-Commit-ID: a3afb1383f8ff0a49613d449f02395d9e8d4a9ec
6727 Prefer OpenSSL's SHA256 in sk-dummy.so
6729 Previously sk-dummy.so used libc's (or compat's) SHA256 since it may be
6752 upstream: make ssh -f (fork after authentication) work properly in
6757 OpenBSD-Commit-ID: a7a2976a54b93e6767dc846b85647e6ec26969ac
6765 OpenBSD-Commit-ID: e6ddfef94b0eb867ad88abe07cedc8ed581c07f0
6771 upstream: tweak the allow-remote-pkcs11 text;
6773 OpenBSD-Commit-ID: bc965460a89edf76865b7279b45cf9cbdebd558a
6779 Handle a couple more OpenSSL no-ecc cases.
6793 Bring back OPENSSL_HAS_ECC to ssh-pkcs11-client
6799 upstream: Separate ssh-pkcs11-helpers for each p11 module
6801 Make ssh-pkcs11-client start an independent helper for each provider,
6805 This also implements reference counting of PKCS#11-hosted keys,
6806 allowing ssh-pkcs11-helper subprocesses to be automatically reaped
6813 OpenBSD-Commit-ID: 0ce188b14fe271ab0568f4500070d96c5657244e
6827 OpenBSD-Commit-ID: 1508a5fbd74e329e69a55b56c453c292029aefbe
6835 libraries to ssh-agent by default.
6838 can be restored using `ssh-agent -O allow-remote-pkcs11`.
6841 the `session-bind@openssh.com` extension. Forwarding access to a
6842 ssh-agent socket using non-OpenSSH tools may circumvent this control.
6846 OpenBSD-Commit-ID: 4c2bdf79b214ae7e60cc8c39a45501344fa7bd7c
6856 OpenBSD-Commit-ID: 39532cf18b115881bb4cfaee32084497aadfa05c
6886 OpenBSD-Commit-ID: 9a08ed8dae27d3f38cf280f1b28d4e0ff41a737a
6892 upstream: - add -P to usage() - sync the arg name to -J in usage()
6894 with that in ssh.1 - reformat usage() to match what "man ssh" does on 80width
6896 OpenBSD-Commit-ID: 5235dd7aa42e5bf90ae54579d519f92fc107036e
6902 upstream: -P before -p in SYNOPSIS;
6904 OpenBSD-Commit-ID: 535f5257c779e26c6a662a038d241b017f8cab7c
6910 upstream: configuation -> configuration
6912 OpenBSD-Commit-ID: 4776ced33b780f1db0b2902faec99312f26a726b
6922 OpenBSD-Commit-ID: ef5bf46b57726e4260a63b032b0b5ac3b4fe9cd4
6930 where it caused merge conflict in -portable for each commit :(
6932 OpenBSD-Commit-ID: 756ebac963df3245258b962e88150ebab9d5fc20
6941 to fall back to text revocation lists in some cases; fixes t-cert-hostkey.
6943 OpenBSD-Commit-ID: 5c670a6c0f027e99b7774ef29f18ba088549c7e1
6964 OpenBSD-Commit-ID: dc08358e70e702b59ac3e591827e5a96141b06a3
6979 OpenBSD-Commit-ID: cffb6ff9a3803abfc52b5cad0aa190c5e424c139
6991 Now, some years later, we have SSHSIG support in ssh-keygen that is
6993 semi-finished KRL signing/verification support from OpenSSH and
6994 refactors the remaining code to realise the benefit - primarily, we
6999 OpenBSD-Commit-ID: 517437bab3d8180f695c775410c052340e038804
7013 OpenBSD-Commit-ID: ae2fcde9a22a9ba7f765bd4f36b3f5901d8c3fa7
7021 OpenBSD-Commit-ID: e7c31034a5434f2ead3579b13a7892960651e6b0
7033 portable-specific int overflow defence-in-depth
7042 upstream: add defence-in-depth checks for some unreachable integer
7046 OpenBSD-Commit-ID: 52af085f4e7ef9f9d8423d8c1840a6a88bda90bd
7054 OpenBSD-Commit-ID: d0f12af0a5067a756aa707bc39a83fa6f58bf7e5
7063 supposed replacement is is non-existent, so this follows the approach
7076 OpenBSD-Commit-ID: 0514cd51db3ec60239966622a0d3495b15406ddd
7082 upstream: add support for unix domain sockets to ssh -W
7086 OpenBSD-Commit-ID: 3e6d47567b895c7c28855c7bd614e106c987a6d8
7092 gss-serv.c: `MAXHOSTNAMELEN` -> `HOST_NAME_MAX`
7129 OpenBSD-Commit-ID: a992d410c8a78ec982701bc3f91043dbdb359912
7135 upstream: make `ssh -Q CASignatureAlgorithms` only list signature
7141 OpenBSD-Commit-ID: 99c2b072dbac0f44fd1f2269e3ff6c1b5d7d3e59
7151 OpenBSD-Commit-ID: 31cf59c041becc0e5ccb0a77106f812c4cd1cd74
7159 using ssh -W by explicitly decoding PORT_STREAMLOCAL (a negative number) from
7163 OpenBSD-Commit-ID: e5ac5f40d354096c51e8c118a5c1b2d2b7a31384
7169 upstream: reset comment=NULL for each key in do_fingerprint();
7171 fixes "no comment" not showing on when running `ssh-keygen -l` on multiple
7175 OpenBSD-Commit-ID: 3cce84456fdcd67dc6b84e369f92c6686d111d9b
7183 INT_MAX. Fixes sign compare warnings systems with 32-bit time_t due to type
7186 OpenBSD-Commit-ID: 48081e9ad35705c5f1705711704a4c2ff94e87b7
7192 fixup! if -s & -p specified, mention 'sftp -P' on
7196 SSH-Copy-ID-Upstream: 32686e7c65b4fa2846e474d3315102dfa0f043b0
7202 Make ssh-copy-id(1) consistent with OpenSSH.
7204 This makes the ssh-copy-id man page more consistent with the rest of the
7206 - new sentence, new line
7207 - no sentences >80
7208 - N.B. -> NB
7209 - zap unused .Pp
7210 - zap trailing whitespace
7214 SSH-Copy-ID-Upstream: d8974cfb6242316460ed22a1ccc662800a50c5d3
7220 if -s & -p specified, mention 'sftp -P' on success
7223 https://github.com/openssh/openssh-portable/pull/321
7227 the lowercase -p in there, even if sftp is in use, is that the sftp call
7228 is using the already-established ssh master connection, so the port was
7231 SSH-Copy-ID-Upstream: 1c124d9bfafdbe28a00b683367ebf5750ce12eb2
7239 SSH-Copy-ID-Upstream: e604fae1cdee35c18055d35dcec530cf12ef00ad
7245 make -x also apply to the target script
7247 SSH-Copy-ID-Upstream: 3c4214704f427bd0654adf9b0fc079253db21cf4
7253 add -t option to specify the target path
7255 Allow the default target path (.ssh/authorized_files) to be over-riden
7259 https://gitlab.com/phil_hands/ssh-copy-id/-/merge_requests/8
7261 SSH-Copy-ID-Upstream: a942a0e076874adb6d8b2f0fb76d6c7918190fcd
7264 Author: Carlos Rodríguez Gili <carlos.rodriguez-gili@upc.edu>
7269 On Solaris 10 and older targets /bin/sh is not POSIX-compliant.
7270 Test -z `...` fails with error 'sh: test: argument expected'.
7274 SSH-Copy-ID-Upstream: 98394072a3f985b2650c1e8eab2fef84e38cc065
7284 SSH-Copy-ID-Upstream: 930d39f238117cd53810240ec989d0356aa1c1f6
7297 SSH-Copy-ID-Upstream: 0e1f5d443a9967483c33945793107ae3f3e4af2d
7303 ssh-copy-id: add -x option (for debugging)
7305 This option causes the ssh-copy-id to run with set -x
7307 SSH-Copy-ID-Upstream: a0ee367ea8c0a29c8b4515245e408d2d349e7844
7315 SSH-Copy-ID-Upstream: c284ed33b361814ea48ff68cbd01ca525b2bf117
7326 OpenBSD-Commit-ID: 1c92e4517284386703936e1d3abaa36cfacf1951
7336 OpenBSD-Commit-ID: 379a5afa8b7a0f3cba0c8a9bcceb4e5e33a5c1ef
7372 Skip agent-peereid test on macos13.
7374 sudo -S nobody doesn't work on the github runners (probably a
7399 OpenBSD-Commit-ID: 3d5f811cfcaed8cc4a97e1db49ac61bdf118113c
7405 Add macos-13 test target.
7421 requests - a misfeature strictly permitted by the protocol but seldom
7427 prompted by https://github.com/openssh/openssh-portable/commit/9b733#commitcomment-110679778
7429 OpenBSD-Commit-ID: 4af7fac75958ad8507b4fea58706f3ff0cfddb1b
7442 OpenBSD-Commit-ID: 80a58e43c3a32f97361282f756ec8d3f37989efd
7450 OpenBSD-Commit-ID: 30c0a34d74d91ddd0e6992525da70d3293392f70
7458 OpenBSD-Commit-ID: 44d3223902fbce5276422bdc8063ab72a4078489