Florian Weimer [Sun, 25 May 2008 11:01:38 +0000 (25 13:01 +0200)]
Add "ssl" command
Florian Weimer [Sun, 25 May 2008 10:53:48 +0000 (25 12:53 +0200)]
Factor out cli_get_port function
Florian Weimer [Sun, 25 May 2008 10:33:07 +0000 (25 12:33 +0200)]
Redirect standard input in safe_backtick_stderr
Florian Weimer [Sun, 25 May 2008 10:32:14 +0000 (25 12:32 +0200)]
Add sanity check for wrong uses of check_hash
This catches bugs in the script which might lead to false positives.
It's a purely defensive change, no such bugs are currently known.
Florian Weimer [Thu, 22 May 2008 20:31:33 +0000 (22 22:31 +0200)]
Add OpenSSL-RSA-4096-32-LE and OpenSSL-RSA-4096-64-LE blacklists
Florian Weimer [Thu, 22 May 2008 14:46:11 +0000 (22 16:46 +0200)]
Warn about OpenSSL exponents which are not 65537
Florian Weimer [Thu, 22 May 2008 14:05:27 +0000 (22 16:05 +0200)]
Change check_hash to return a result indicator
Florian Weimer [Thu, 22 May 2008 14:05:12 +0000 (22 16:05 +0200)]
Remove dead variable declaration
Florian Weimer [Thu, 22 May 2008 14:04:54 +0000 (22 16:04 +0200)]
Move changelog near the end of the file
This means that the line numbers of the compiled Perl script do not
change.
Florian Weimer [Thu, 22 May 2008 13:38:31 +0000 (22 15:38 +0200)]
Redirect stderr when calling ssh-keyscan
This suppresses a few annoying error messages.
Florian Weimer [Thu, 22 May 2008 13:38:05 +0000 (22 15:38 +0200)]
Add safe_backtick_stderr sub
Florian Weimer [Thu, 22 May 2008 13:27:52 +0000 (22 15:27 +0200)]
Embed commit hash in the compiled Perl script
Florian Weimer [Thu, 22 May 2008 12:12:20 +0000 (22 14:12 +0200)]
Fix names of system-wide known hosts files
Florian Weimer [Wed, 21 May 2008 06:29:12 +0000 (21 08:29 +0200)]
Add OpenSSH-RSA1-2048-*-LE blacklists
Florian Weimer [Tue, 20 May 2008 19:42:50 +0000 (20 21:42 +0200)]
Use one ssh-keyscan invocation to gather host keys
Florian Weimer [Tue, 20 May 2008 19:39:25 +0000 (20 21:39 +0200)]
Add "quick" host check command
Florian Weimer [Tue, 20 May 2008 19:38:58 +0000 (20 21:38 +0200)]
Report consecutive unparsable lines only once
Florian Weimer [Tue, 20 May 2008 19:04:27 +0000 (20 21:04 +0200)]
Update help message; mention OpenSSH rsa1 2048 bit support
Florian Weimer [Tue, 20 May 2008 19:03:48 +0000 (20 21:03 +0200)]
Allow setting the destination port in "dowkd host"
Florian Weimer [Tue, 20 May 2008 18:45:15 +0000 (20 20:45 +0200)]
Display error if the script does not contain any blacklist
Florian Weimer [Tue, 20 May 2008 18:42:14 +0000 (20 20:42 +0200)]
Regenerate database upon crash (by setting the DB version last)
Florian Weimer [Tue, 20 May 2008 18:39:37 +0000 (20 20:39 +0200)]
Create a rsync-optimized compressed Perl script
Florian Weimer [Tue, 20 May 2008 18:26:24 +0000 (20 20:26 +0200)]
Add a ChangeLog to the compiled Perl script
Florian Weimer [Tue, 20 May 2008 17:27:20 +0000 (20 19:27 +0200)]
Add data/OpenSSH-RSA-4096-*-LE blacklist
Florian Weimer [Tue, 20 May 2008 17:26:41 +0000 (20 19:26 +0200)]
Fix missing OpenSSH-RSA1-1024-64-LE blacklist
Florian Weimer [Sun, 18 May 2008 17:49:41 +0000 (18 19:49 +0200)]
Add the scripts that generate the blacklist data
Florian Weimer [Sun, 18 May 2008 17:48:58 +0000 (18 19:48 +0200)]
Embed program version and database version in the generated script
Florian Weimer [Sun, 18 May 2008 15:59:03 +0000 (18 17:59 +0200)]
Update comment reflecting new blacklists
Florian Weimer [Sun, 18 May 2008 15:56:42 +0000 (18 17:56 +0200)]
Add OpenSSH RSA1 1024 bit blacklist files
Florian Weimer [Sun, 18 May 2008 14:28:43 +0000 (18 16:28 +0200)]
Remove from_ssh_auth_fd and fold it into from_ssh_auth_file
Florian Weimer [Sun, 18 May 2008 14:04:44 +0000 (18 16:04 +0200)]
Compile OpenSSL blacklists into the Perl script
Florian Weimer [Sun, 18 May 2008 14:04:19 +0000 (18 16:04 +0200)]
Add support for OpenSSL RSA private key files
Florian Weimer [Sun, 18 May 2008 14:04:05 +0000 (18 16:04 +0200)]
Add support for handling OpenSSL PEM certificates
Florian Weimer [Sun, 18 May 2008 13:46:59 +0000 (18 15:46 +0200)]
Bump database version
And add a notice that creating the database takes a while.
Florian Weimer [Sun, 18 May 2008 13:13:11 +0000 (18 15:13 +0200)]
Keep track of the SSH key type and report it
Florian Weimer [Sun, 18 May 2008 13:05:48 +0000 (18 15:05 +0200)]
Introduce from_ssh_auth_line and use it in the host scanning code
Florian Weimer [Sun, 18 May 2008 13:05:26 +0000 (18 15:05 +0200)]
Check syntax when building the Perl script
Florian Weimer [Sun, 18 May 2008 12:59:28 +0000 (18 14:59 +0200)]
Add key information to the weak key message
Florian Weimer [Sun, 18 May 2008 12:47:25 +0000 (18 14:47 +0200)]
Filter out non-existing host names
Otherwise ssh-keyscan will fail completely if there is one
non-existing host on the command line.
Florian Weimer [Sun, 18 May 2008 12:46:51 +0000 (18 14:46 +0200)]
Detect failed disk flush
Florian Weimer [Sun, 18 May 2008 12:31:57 +0000 (18 14:31 +0200)]
Split from_ssh_auth_fd into two subprograms
Florian Weimer [Sun, 18 May 2008 12:29:23 +0000 (18 14:29 +0200)]
Remove from_ssh_key_file, scan identity.pub as well
Florian Weimer [Sun, 18 May 2008 12:23:30 +0000 (18 14:23 +0200)]
Add a parser for authorized_keys lines
This permits more exact error messages, and we can extract the
key type later.
Florian Weimer [Sun, 18 May 2008 11:58:30 +0000 (18 13:58 +0200)]
Display warning if user does not exist
Florian Weimer [Sun, 18 May 2008 11:22:44 +0000 (18 13:22 +0200)]
Add ISC license
Florian Weimer [Sun, 18 May 2008 11:19:58 +0000 (18 13:19 +0200)]
Improve patch submission instructions
Florian Weimer [Sun, 18 May 2008 10:54:02 +0000 (18 12:54 +0200)]
Add OpenSSL blacklists
These are larger than the others because the key depends on the
existence of ~/.rnd.
Florian Weimer [Sat, 17 May 2008 15:39:57 +0000 (17 17:39 +0200)]
Update description of contained key material
Florian Weimer [Sat, 17 May 2008 15:39:22 +0000 (17 17:39 +0200)]
Add OpenSSH 1024 bit RSA keys
Florian Weimer [Sat, 17 May 2008 14:17:52 +0000 (17 16:17 +0200)]
Check known_hosts files as well
Suggested by Arthur de Jong.
Florian Weimer [Sat, 17 May 2008 11:41:39 +0000 (17 13:41 +0200)]
Update .gitignore file
Florian Weimer [Sat, 17 May 2008 11:41:31 +0000 (17 13:41 +0200)]
Add SSH key generation script
Florian Weimer [Sat, 17 May 2008 10:39:28 +0000 (17 12:39 +0200)]
Add PID-setting preloadable DSO
Florian Weimer [Thu, 15 May 2008 18:54:59 +0000 (15 20:54 +0200)]
Ignore commented-out lines in authorized keys files
Based on a patch from Rainer Nagel.
Florian Weimer [Thu, 15 May 2008 07:39:53 +0000 (15 09:39 +0200)]
Fix an endless loop in user enumeration on some systems
Initially reported by Niall O. Broin.
Florian Weimer [Thu, 15 May 2008 06:05:19 +0000 (15 08:05 +0200)]
Add .gitignore file
Florian Weimer [Wed, 14 May 2008 08:09:17 +0000 (14 10:09 +0200)]
Print summary statistics at the end
This way it's easier to spot if something went wrong.
Florian Weimer [Tue, 13 May 2008 13:58:56 +0000 (13 15:58 +0200)]
Remove unnecessary ->close call
Florian Weimer [Tue, 13 May 2008 13:39:34 +0000 (13 15:39 +0200)]
Print "weak key" message
Florian Weimer [Tue, 13 May 2008 13:38:49 +0000 (13 15:38 +0200)]
Initial version