external/openssh: update to 6.8p1.
In preparation for some updates to external/openssh to make it work with
BoringSSL, this change updates the code to a recent version. The current
version (5.9p1) is coming up on four years old now.
* Confirmed that f5c67b478bef9992de9e9ec91ce10af4f6205e0d matches
OpenSSH 5.9p1 exactly (save for the removal of the scard
subdirectory).
* Downloaded openssh-6.8p1.tar.gz (SHA256:
3ff64ce73ee124480b5bf767b9830d7d3c03bbcb6abe716b78f0192c37ce160e)
and verified with PGP signature. (I've verified Damien's key in
person previously.)
* Applied changes between f5c67b478bef9992de9e9ec91ce10af4f6205e0d and
OpenSSH 5.9p1 to 6.8p1 and updated the build as best I can. The
ugliest change is probably the duplication of umac.c to umac128.c
because Android conditionally compiles that file twice. See the
comment in those files.
Change-Id: I63cb07a8118afb5a377f116087a0882914cea486
diff --git a/ssh-agent.0 b/ssh-agent.0
index 751f490..30f4eb3 100644
--- a/ssh-agent.0
+++ b/ssh-agent.0
@@ -1,21 +1,28 @@
-SSH-AGENT(1) OpenBSD Reference Manual SSH-AGENT(1)
+SSH-AGENT(1) General Commands Manual SSH-AGENT(1)
NAME
- ssh-agent - authentication agent
+ ssh-agent M-bM-^@M-^S authentication agent
SYNOPSIS
- ssh-agent [-c | -s] [-d] [-a bind_address] [-t life] [command [arg ...]]
+ ssh-agent [-c | -s] [-d] [-a bind_address] [-E fingerprint_hash]
+ [-t life] [command [arg ...]]
ssh-agent [-c | -s] -k
DESCRIPTION
ssh-agent is a program to hold private keys used for public key
- authentication (RSA, DSA, ECDSA). The idea is that ssh-agent is started
+ authentication (RSA, DSA, ECDSA, Ed25519). ssh-agent is usually started
in the beginning of an X-session or a login session, and all other
windows or programs are started as clients to the ssh-agent program.
Through use of environment variables the agent can be located and
automatically used for authentication when logging in to other machines
using ssh(1).
+ The agent initially does not have any private keys. Keys are added using
+ ssh-add(1). Multiple identities may be stored in ssh-agent concurrently
+ and ssh(1) will automatically use them if present. ssh-add(1) is also
+ used to remove keys from ssh-agent and to query the keys that are held in
+ one.
+
The options are as follows:
-a bind_address
@@ -28,6 +35,11 @@
-d Debug mode. When this option is specified ssh-agent will not
fork.
+ -E fingerprint_hash
+ Specifies the hash algorithm used when displaying key
+ fingerprints. Valid options are: M-bM-^@M-^\md5M-bM-^@M-^] and M-bM-^@M-^\sha256M-bM-^@M-^]. The
+ default is M-bM-^@M-^\sha256M-bM-^@M-^].
+
-k Kill the current agent (given by the SSH_AGENT_PID environment
variable).
@@ -44,16 +56,6 @@
If a commandline is given, this is executed as a subprocess of the agent.
When the command dies, so does the agent.
- The agent initially does not have any private keys. Keys are added using
- ssh-add(1). When executed without arguments, ssh-add(1) adds the files
- ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa and ~/.ssh/identity. If
- the identity has a passphrase, ssh-add(1) asks for the passphrase on the
- terminal if it has one or from a small X11 program if running under X11.
- If neither of these is the case then the authentication will fail. It
- then sends the identity to the agent. Several identities can be stored
- in the agent; the agent can automatically use any of these identities.
- ssh-add -l displays the identities currently held by the agent.
-
The idea is that the agent is run in the user's local PC, laptop, or
terminal. Authentication data need not be stored on any other machine,
and authentication passphrases never go over the network. However, the
@@ -88,22 +90,6 @@
terminates.
FILES
- ~/.ssh/identity
- Contains the protocol version 1 RSA authentication identity of
- the user.
-
- ~/.ssh/id_dsa
- Contains the protocol version 2 DSA authentication identity of
- the user.
-
- ~/.ssh/id_ecdsa
- Contains the protocol version 2 ECDSA authentication identity of
- the user.
-
- ~/.ssh/id_rsa
- Contains the protocol version 2 RSA authentication identity of
- the user.
-
$TMPDIR/ssh-XXXXXXXXXX/agent.<ppid>
UNIX-domain sockets used to contain the connection to the
authentication agent. These sockets should only be readable by
@@ -120,4 +106,4 @@
created OpenSSH. Markus Friedl contributed the support for SSH protocol
versions 1.5 and 2.0.
-OpenBSD 5.0 November 21, 2010 OpenBSD 5.0
+OpenBSD 5.7 December 21, 2014 OpenBSD 5.7