Add "ssl" command
Factor out cli_get_port function
Redirect standard input in safe_backtick_stderr
Add sanity check for wrong uses of check_hash
This catches bugs in the script which might lead to false positives.
It's a purely defensive change, no such bugs are currently known.
This catches bugs in the script which might lead to false positives.
It's a purely defensive change, no such bugs are currently known.
Add OpenSSL-RSA-4096-32-LE and OpenSSL-RSA-4096-64-LE blacklists
Warn about OpenSSL exponents which are not 65537
Change check_hash to return a result indicator
Remove dead variable declaration
Move changelog near the end of the file
This means that the line numbers of the compiled Perl script do not
change.
This means that the line numbers of the compiled Perl script do not
change.
Redirect stderr when calling ssh-keyscan
This suppresses a few annoying error messages.
This suppresses a few annoying error messages.
Add safe_backtick_stderr sub
Embed commit hash in the compiled Perl script
Fix names of system-wide known hosts files
Add OpenSSH-RSA1-2048-*-LE blacklists
Use one ssh-keyscan invocation to gather host keys
Add "quick" host check command
Report consecutive unparsable lines only once
Update help message; mention OpenSSH rsa1 2048 bit support
Allow setting the destination port in "dowkd host"
Display error if the script does not contain any blacklist
Regenerate database upon crash (by setting the DB version last)
Create a rsync-optimized compressed Perl script
Add a ChangeLog to the compiled Perl script
Add data/OpenSSH-RSA-4096-*-LE blacklist
Fix missing OpenSSH-RSA1-1024-64-LE blacklist
Add the scripts that generate the blacklist data
Embed program version and database version in the generated script
Update comment reflecting new blacklists
Add OpenSSH RSA1 1024 bit blacklist files
Remove from_ssh_auth_fd and fold it into from_ssh_auth_file
Compile OpenSSL blacklists into the Perl script
Add support for OpenSSL RSA private key files
Add support for handling OpenSSL PEM certificates
Bump database version
And add a notice that creating the database takes a while.
And add a notice that creating the database takes a while.
Keep track of the SSH key type and report it
Introduce from_ssh_auth_line and use it in the host scanning code
Check syntax when building the Perl script
Add key information to the weak key message
Filter out non-existing host names
Otherwise ssh-keyscan will fail completely if there is one
non-existing host on the command line.
Otherwise ssh-keyscan will fail completely if there is one
non-existing host on the command line.
Detect failed disk flush
Split from_ssh_auth_fd into two subprograms
Remove from_ssh_key_file, scan identity.pub as well
Add a parser for authorized_keys lines
This permits more exact error messages, and we can extract the
key type later.
This permits more exact error messages, and we can extract the
key type later.
Display warning if user does not exist
Add ISC license
Improve patch submission instructions
Add OpenSSL blacklists
These are larger than the others because the key depends on the
existence of ~/.rnd.
These are larger than the others because the key depends on the
existence of ~/.rnd.
Update description of contained key material
Add OpenSSH 1024 bit RSA keys
Check known_hosts files as well
Suggested by Arthur de Jong.
Suggested by Arthur de Jong.
Update .gitignore file
Add SSH key generation script
Add PID-setting preloadable DSO
Ignore commented-out lines in authorized keys files
Based on a patch from Rainer Nagel.
Based on a patch from Rainer Nagel.
Fix an endless loop in user enumeration on some systems
Initially reported by Niall O. Broin.
Initially reported by Niall O. Broin.
Add .gitignore file
Print summary statistics at the end
This way it's easier to spot if something went wrong.
This way it's easier to spot if something went wrong.
Remove unnecessary ->close call
Print "weak key" message
Initial version