external/openssh: update to 6.8p1.
In preparation for some updates to external/openssh to make it work with
BoringSSL, this change updates the code to a recent version. The current
version (5.9p1) is coming up on four years old now.
* Confirmed that f5c67b478bef9992de9e9ec91ce10af4f6205e0d matches
OpenSSH 5.9p1 exactly (save for the removal of the scard
subdirectory).
* Downloaded openssh-6.8p1.tar.gz (SHA256:
3ff64ce73ee124480b5bf767b9830d7d3c03bbcb6abe716b78f0192c37ce160e)
and verified with PGP signature. (I've verified Damien's key in
person previously.)
* Applied changes between f5c67b478bef9992de9e9ec91ce10af4f6205e0d and
OpenSSH 5.9p1 to 6.8p1 and updated the build as best I can. The
ugliest change is probably the duplication of umac.c to umac128.c
because Android conditionally compiles that file twice. See the
comment in those files.
Change-Id: I63cb07a8118afb5a377f116087a0882914cea486
diff --git a/ssh-add.0 b/ssh-add.0
index e1e2a64..8ee3947 100644
--- a/ssh-add.0
+++ b/ssh-add.0
@@ -1,21 +1,21 @@
-SSH-ADD(1) OpenBSD Reference Manual SSH-ADD(1)
+SSH-ADD(1) General Commands Manual SSH-ADD(1)
NAME
- ssh-add - adds private key identities to the authentication agent
+ ssh-add M-bM-^@M-^S adds private key identities to the authentication agent
SYNOPSIS
- ssh-add [-cDdLlXx] [-t life] [file ...]
+ ssh-add [-cDdkLlXx] [-E fingerprint_hash] [-t life] [file ...]
ssh-add -s pkcs11
ssh-add -e pkcs11
DESCRIPTION
ssh-add adds private key identities to the authentication agent,
ssh-agent(1). When run without arguments, it adds the files
- ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa and ~/.ssh/identity. After
- loading a private key, ssh-add will try to load corresponding certificate
- information from the filename obtained by appending -cert.pub to the name
- of the private key file. Alternative file names can be given on the
- command line.
+ ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 and
+ ~/.ssh/identity. After loading a private key, ssh-add will try to load
+ corresponding certificate information from the filename obtained by
+ appending -cert.pub to the name of the private key file. Alternative
+ file names can be given on the command line.
If any file requires a passphrase, ssh-add asks for the passphrase from
the user. The passphrase is read from the user's tty. ssh-add retries
@@ -37,14 +37,23 @@
-d Instead of adding identities, removes identities from the agent.
If ssh-add has been run without arguments, the keys for the
- default identities will be removed. Otherwise, the argument list
- will be interpreted as a list of paths to public key files and
- matching keys will be removed from the agent. If no public key
- is found at a given path, ssh-add will append .pub and retry.
+ default identities and their corresponding certificates will be
+ removed. Otherwise, the argument list will be interpreted as a
+ list of paths to public key files to specify keys and
+ certificates to be removed from the agent. If no public key is
+ found at a given path, ssh-add will append .pub and retry.
+
+ -E fingerprint_hash
+ Specifies the hash algorithm used when displaying key
+ fingerprints. Valid options are: M-bM-^@M-^\md5M-bM-^@M-^] and M-bM-^@M-^\sha256M-bM-^@M-^]. The
+ default is M-bM-^@M-^\sha256M-bM-^@M-^].
-e pkcs11
Remove keys provided by the PKCS#11 shared library pkcs11.
+ -k When loading keys into or deleting keys from the agent, process
+ plain private keys only and skip certificates.
+
-L Lists public key parameters of all identities currently
represented by the agent.
@@ -91,6 +100,10 @@
Contains the protocol version 2 ECDSA authentication identity of
the user.
+ ~/.ssh/id_ed25519
+ Contains the protocol version 2 Ed25519 authentication identity
+ of the user.
+
~/.ssh/id_rsa
Contains the protocol version 2 RSA authentication identity of
the user.
@@ -112,4 +125,4 @@
created OpenSSH. Markus Friedl contributed the support for SSH protocol
versions 1.5 and 2.0.
-OpenBSD 5.0 October 28, 2010 OpenBSD 5.0
+OpenBSD 5.7 December 21, 2014 OpenBSD 5.7