summaryrefslogtreecommitdiff
path: root/ssh-keyscan.c
Commit message (Collapse)AuthorAgeFilesLines
* upstream: don't print key if printing hostname failed; with/okdjm@openbsd.org2023-03-311-4/+5
| | | | | | dtucker@ OpenBSD-Commit-ID: ad42971a6ee5a46feab2d79f7f656f8cf4b119f3
* upstream: space between macro and punctuation; sort usage();jmc@openbsd.org2023-02-161-3/+3
| | | | OpenBSD-Commit-ID: 6141610cfca037700730e41f868d1d9124958f8c
* upstream: let ssh-keygen and ssh-keyscan acceptdjm@openbsd.org2023-02-101-6/+16
| | | | | | | -Ohashalg=sha1|sha256 when outputting SSHFP fingerprints to allow algorithm selection. bz3493 ok dtucker@ OpenBSD-Commit-ID: e6e07fe21318a873bd877f333e189eb963a11b3d
* upstream: spelling fixes; from paul tagliamonte amendments to hisjmc@openbsd.org2023-01-031-2/+2
| | | | | | diff are noted on tech OpenBSD-Commit-ID: d776dd03d0b882ca9c83b84f6b384f6f9bd7de4a
* upstream: remove '?' from getopt(3) loopscheloha@openbsd.org2022-12-091-2/+1
| | | | | | | | | | | | | | | | | userspace: remove vestigial '?' cases from top-level getopt(3) loops getopt(3) returns '?' when it encounters a flag not present in the in the optstring or if a flag is missing its option argument. We can handle this case with the "default" failure case with no loss of legibility. Hence, remove all the redundant "case '?':" lines. Prompted by dlg@. With help from dlg@ and millert@. Link: https://marc.info/?l=openbsd-tech&m=167011979726449&w=2 ok naddy@ millert@ dlg@ OpenBSD-Commit-ID: b2f89346538ce4f5b33ab8011a23e0626a67e66e
* upstream: allow ssh-keyscan(1) to accept CIDR address ranges, e.g.djm@openbsd.org2022-10-281-3/+40
| | | | | | | | | | | ssh-keyscan 192.168.0.0/24 If a CIDR range is passed, then it will be expanded to all possible addresses in the range including the all-0s and all-1s addresses. bz#976 feedback/ok markus@ OpenBSD-Commit-ID: ce6c5211f936ac0053fd4a2ddb415277931e6c4b
* upstream: Strictly enforce the maximum allowed SSH2 banner size indtucker@openbsd.org2022-08-191-1/+15
| | | | | | | ssh-keyscan and prevent a one-byte buffer overflow. Patch from Qualys, ok djm@ OpenBSD-Commit-ID: 6ae664f9f4db6e8a0589425f74cd0bbf3aeef4e4
* upstream: When poll(2) returns -1, for some error conditionsderaadt@openbsd.org2022-01-251-4/+6
| | | | | | | pfd[].revents is not cleared. There are subtle errors in various programs. In this particular case, the program should error out. ok djm millert OpenBSD-Commit-ID: 00f839b16861f7fb2adcf122e95e8a82fa6a375c
* upstream: hash full host:port when asked to hash output, fixes hashesdjm@openbsd.org2021-12-031-2/+2
| | | | | | for non- default ports. bz3367 ok dtucker@ OpenBSD-Commit-ID: 096021cc847da7318ac408742f2d0813ebe9aa73
* Put poll.h inside ifdef HAVE_POLL_H.Darren Tucker2021-11-181-0/+2
|
* upstream: check for POLLHUP wherever we check for POLLINdjm@openbsd.org2021-11-181-2/+2
| | | | OpenBSD-Commit-ID: 6aa6f3ec6b17c3bd9bfec672a917f003a76d93e5
* upstream: aggressively pre-fill the pollfd array with fd=-1deraadt@openbsd.org2021-11-181-1/+3
| | | | OpenBSD-Commit-ID: c2a525de8f83c1a04405bd79122c424140552a5b
* upstream: Convert from select() to ppoll(). Along the way, Ideraadt@openbsd.org2021-11-181-31/+22
| | | | | | observed that the select() code was using exceptfds incorrectly.. ok millert OpenBSD-Commit-ID: 548e05bfc31b2af02319eb3d051286d4128dec96
* upstream: Dynamically allocate encoded HashKnownHosts and free asdtucker@openbsd.org2021-10-061-3/+4
| | | | | | | | | appropriate. Saves 1k of static storage and prevents snprintf "possible truncation" warnings from newer compilers (although in this case it's false positive since the actual sizes are limited by the output size of the SHA1). ok djm@ OpenBSD-Commit-ID: e254ae723f7e3dce352c7d5abc4b6d87faf61bf4
* upstream: remove global variable used to stash compat flags and use thedjm@openbsd.org2021-01-271-4/+3
| | | | | | purpose-built ssh->compat variable instead; feedback/ok markus@ OpenBSD-Commit-ID: 7c4f200e112dae6bcf99f5bae1a5629288378a06
* upstream: Update/replace the experimental post-quantim hybrid keydjm@openbsd.org2020-12-291-2/+2
| | | | | | | | | | | | | | | | | | | | exchange method based on Streamlined NTRU Prime (coupled with X25519). The previous sntrup4591761x25519-sha512@tinyssh.org method is replaced with sntrup761x25519-sha512@openssh.com. Per the authors, sntrup4591761 was replaced almost two years ago by sntrup761. The sntrup761 implementaion, like sntrup4591761 before it, is public domain code extracted from the SUPERCOP cryptography benchmark suite (https://bench.cr.yp.to/supercop.html). Thanks for Daniel J Bernstein for guidance on algorithm selection. Patch from Tobias Heider; feedback & ok markus@ and myself (note this both the updated method and the one that it replaced are disabled by default) OpenBSD-Commit-ID: 2bf582b772d81ee24e911bb6f4b2aecfd39338ae
* upstream: fix SEGV on fatal() errors spotted by dtucker@djm@openbsd.org2020-10-191-2/+2
| | | | OpenBSD-Commit-ID: 75f155a1ac61e364ed00dc379e2c42df81067ce2
* upstream: use the new variant log macros instead of prependingdjm@openbsd.org2020-10-181-7/+5
| | | | | | __func__ and appending ssh_err(r) manually; ok markus@ OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8
* upstream: variants of the log methods that append a ssherr.h stringdjm@openbsd.org2020-10-181-3/+3
| | | | | | from a supplied error code; ok markus@ OpenBSD-Commit-ID: aed98c4435d48d036ae6740300f6a8357b7cc0bf
* upstream: make the log functions that exit (sshlogdie(),djm@openbsd.org2020-10-171-4/+4
| | | | | | | sshfatal(), etc) have identical signatures. Makes things a bit more consistent... OpenBSD-Commit-ID: bd0ae124733389d7c0042e135c71ee9091362eb9
* upstream: revised log infrastructure for OpenSSHdjm@openbsd.org2020-10-171-4/+5
| | | | | | | | | log functions receive function, filename and line number of caller. We can use this to selectively enable logging via pattern-lists. ok markus@ OpenBSD-Commit-ID: 51a472610cbe37834ce6ce4a3f0e0b1ccc95a349
* upstream: ssh-keyscan(1): simplify conloop() with timercmp(3),cheloha@openbsd.org2020-08-271-13/+5
| | | | | | timersub(3); ok djm@ OpenBSD-Commit-ID: a102acb544f840d33ad73d40088adab4a687fa27
* upstream: allow ssh-keyscan to find security key hostkeysdjm@openbsd.org2019-12-161-3/+21
| | | | OpenBSD-Commit-ID: 1fe822a7f714df19a7e7184e3a3bbfbf546811d3
* upstream: fixes for !WITH_OPENSSL compilation; ok dtucker@djm@openbsd.org2019-09-061-1/+3
| | | | OpenBSD-Commit-ID: 7fd68eaa9e0f7482b5d4c7e8d740aed4770a839f
* upstream: include SHA2-variant RSA key algorithms in KEX proposal;djm@openbsd.org2019-07-121-2/+7
| | | | | | | allows ssh-keyscan to harvest keys from servers that disable olde SHA1 ssh-rsa. bz#3029 from Jakub Jelen OpenBSD-Commit-ID: 9f95ebf76a150c2f727ca4780fb2599d50bbab7a
* upstream: When system calls indicate an error they return -1, notderaadt@openbsd.org2019-07-051-6/+6
| | | | | | | | some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future. OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075
* upstream: Replace calls to ssh_malloc_init() by a static init ofotto@openbsd.org2019-06-081-2/+1
| | | | | | | malloc_options. Prepares for changes in the way malloc is initialized. ok guenther@ dtucker@ OpenBSD-Commit-ID: 154f4e3e174f614b09f792d4d06575e08de58a6b
* upstream: make ssh-keyscan return a non-zero exit status if itdjm@openbsd.org2019-01-271-2/+6
| | | | | | finds no keys. bz#2903 OpenBSD-Commit-ID: 89f1081fb81d950ebb48e6e73d21807b2723d488
* upstream: rename kex->kem_client_pub -> kex->client_pub now thatdjm@openbsd.org2019-01-211-9/+9
| | | | | | | | KEM has been renamed to kexgen from markus@ ok djm@ OpenBSD-Commit-ID: fac6da5dc63530ad0da537db022a9a4cfbe8bed8
* upstream: use KEM API for vanilla ECDHdjm@openbsd.org2019-01-211-2/+2
| | | | | | from markus@ ok djm@ OpenBSD-Commit-ID: 6fbff96339a929835536b5730585d1d6057a352c
* upstream: use KEM API for vanilla DH KEXdjm@openbsd.org2019-01-211-6/+6
| | | | | | from markus@ ok djm@ OpenBSD-Commit-ID: af56466426b08a8be275412ae2743319e3d277c9
* upstream: use KEM API for vanilla c25519 KEXdjm@openbsd.org2019-01-211-2/+2
| | | | OpenBSD-Commit-ID: 38d937b85ff770886379dd66a8f32ab0c1c35c1f
* upstream: Add support for a PQC KEX/KEM:djm@openbsd.org2019-01-211-1/+2
| | | | | | | | | | | | sntrup4591761x25519-sha512@tinyssh.org using the Streamlined NTRU Prime 4591^761 implementation from SUPERCOP coupled with X25519 as a stop-loss. Not enabled by default. introduce KEM API; a simplified framework for DH-ish KEX methods. from markus@ feedback & ok djm@ OpenBSD-Commit-ID: d687f76cffd3561dd73eb302d17a1c3bf321d1a7
* last bits of old packet API / active_state globalDamien Miller2019-01-201-2/+0
|
* upstream: switch config file parsing to getline(3) as this avoidsmarkus@openbsd.org2018-06-071-7/+5
| | | | | | static limits noted by gerhard@; ok dtucker@, djm@ OpenBSD-Commit-ID: 6d702eabef0fa12e5a1d75c334a8c8b325298b5c
* upstream: apply a lick of paint; tweaks/ok dtuckerjmc@openbsd.org2018-03-031-2/+2
| | | | OpenBSD-Commit-ID: 518a6736338045e0037f503c21027d958d05e703
* upstream: Add experimental support for PQC XMSS keys (Extendedmarkus@openbsd.org2018-02-261-2/+10
| | | | | | | | | Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@ OpenBSD-Commit-ID: ef3eccb96762a5d6f135d7daeef608df7776a7ac
* upstream: Add ssh-keyscan -D option to make it print its results indjm@openbsd.org2018-02-231-4/+16
| | | | | | SSHFP format bz#2821, ok dtucker@ OpenBSD-Commit-ID: 831446b582e0f298ca15c9d99c415c899e392221
* upstream commitdtucker@openbsd.org@openbsd.org2017-11-281-4/+4
| | | | | | | | | | Add monotime_ts and monotime_tv that return monotonic timespec and timeval respectively. Replace calls to gettimeofday() in packet timing with monotime_tv so that the callers will work over a clock step. Should prevent integer overflow during clock steps reported by wangle6 at huawei.com. "I like" markus@ OpenBSD-Commit-ID: 74d684264814ff806f197948b87aa732cb1b0b8a
* upstream commitdtucker@openbsd.org2017-06-301-3/+3
| | | | | | | | Only call close once in confree(). ssh_packet_close will close the FD so only explicitly close non-SSH channels. bz#2734, from bagajjal at microsoft.com, ok djm@ Upstream-ID: a81ce0c8b023527167739fccf1732b154718ab02
* upstream commitmarkus@openbsd.org2017-06-011-2/+2
| | | | | | remove now obsolete ctx from ssh_dispatch_run; ok djm@ Upstream-ID: 9870aabf7f4d71660c31fda91b942b19a8e68d29
* upstream commitdjm@openbsd.org2017-05-011-2/+1
| | | | | | | | obliterate ssh1.h and some dead code that used it ok markus@ Upstream-ID: 1ca9159a9fb95618f9d51e069ac8e1131a087343
* upstream commitdjm@openbsd.org2017-05-011-36/+28
| | | | | | | | remove KEY_RSA1 ok markus@ Upstream-ID: 7408517b077c892a86b581e19f82a163069bf133
* upstream commitdjm@openbsd.org2017-05-011-2/+1
| | | | | | | | remove compat20/compat13/compat15 variables ok markus@ Upstream-ID: 43802c035ceb3fef6c50c400e4ecabf12354691c
* upstream commitdjm@openbsd.org2017-05-011-58/+1
| | | | | | unifdef WITH_SSH1 ok markus@ Upstream-ID: 9716e62a883ef8826c57f4d33b4a81a9cc7755c7
* upstream commitdjm@openbsd.org2017-03-101-1/+2
| | | | | | | ensure hostname is lower-case before hashing it; bz#2591 reported by Griff Miller II; ok dtucker@ Upstream-ID: c3b8b93804f376bd00d859b8bcd9fc0d86b4db17
* upstream commitdjm@openbsd.org2017-03-101-6/+7
| | | | | | | correctly hash hosts with a port number. Reported by Josh Powers in bz#2692; ok dtucker@ Upstream-ID: 468e357ff143e00acc05bdd2803a696b3d4b6442
* upstream commitdjm@openbsd.org2017-01-301-2/+6
| | | | | | | Avoid confusing error message when attempting to use ssh-keyscan built without SSH protocol v.1 to scan for v.1 keys; bz#2583 Upstream-ID: 5d214abd3a21337d67c6dcc5aa6f313298d0d165
* upstream commitdjm@openbsd.org2016-05-021-1/+4
| | | | | | | | | | | | | | add support for additional fixed DH groups from draft-ietf-curdle-ssh-kex-sha2-03 diffie-hellman-group14-sha256 (2K group) diffie-hellman-group16-sha512 (4K group) diffie-hellman-group18-sha512 (8K group) based on patch from Mark D. Baushke and Darren Tucker ok markus@ Upstream-ID: ac00406ada4f0dfec41585ca0839f039545bc46f
* upstream commitdtucker@openbsd.org2016-02-161-1/+2
| | | | | | | Add a function to enable security-related malloc_options. With and ok deraadt@, something similar has been in the snaps for a while. Upstream-ID: 43a95523b832b7f3b943d2908662191110c380ed
View Lorry Controller Status