codeberg.org / wiktor/ssh-openpgp-auth / commits
This project aims to improve the security of SSH connections by providing a way to verify host keys using OpenPGP certificates.
| SHA | Message | Author | Date | Stats |
|---|---|---|---|---|
| 10fdc6b1 |
chore(ssh-openpgp-auth): Update project version to 0.2.3
Signed-off-by: Wiktor Kwapisiewicz <w****r@m****z> |
Wiktor Kwapisiewicz <w****r@m****z> | over 1 year ago | |
| c68e06f4 |
chore(sshd-openpgp-auth): Update project version to 0.3.1
Signed-off-by: Wiktor Kwapisiewicz <w****r@m****z> |
Wiktor Kwapisiewicz <w****r@m****z> | over 1 year ago | |
| 8c7c6d80 |
chore: Move reuse annotations from changelogs to REUSE.toml
Signed-off-by: Wiktor Kwapisiewicz <w****r@m****z> |
Wiktor Kwapisiewicz <w****r@m****z> | over 1 year ago | |
| bd9b7928 |
chore(sshd-openpgp-auth): Change sysuser to fully locked system account
Signed-off-by: Robin Candau <r****u@p****m> |
Robin Candau <r****u@p****m> | over 1 year ago | |
| 4101a7b0 |
ci: Remove tests that rely on unstable sq command lines
Signed-off-by: Wiktor Kwapisiewicz <w****r@m****z> |
Wiktor Kwapisiewicz <w****r@m****z> | over 1 year ago | |
| 44aa1293 |
chore: Use `rsop` for generating keys
Signed-off-by: Wiktor Kwapisiewicz <w****r@m****z> |
Wiktor Kwapisiewicz <w****r@m****z> | over 1 year ago | |
| 8a3f80b0 |
chore: flake.lock: Update
Signed-off-by: Wiktor Kwapisiewicz <w****r@m****z> |
Doron Behar <d****r@g****m>
Committed by: Wiktor Kwapisiewicz <w****r@m****z> |
over 1 year ago | |
| b44deb14 |
chore: Fix local trust anchor tests
Signed-off-by: Wiktor Kwapisiewicz <w****r@m****z> |
Wiktor Kwapisiewicz <w****r@m****z> | over 1 year ago | |
| 303c78a3 |
chore: Fix README for sshd-openpgp-auth
Signed-off-by: Wiktor Kwapisiewicz <w****r@m****z> |
Wiktor Kwapisiewicz <w****r@m****z> | over 1 year ago | |
| 093ea20d |
chore: Fix README for ssh-openpgp-auth
Signed-off-by: Wiktor Kwapisiewicz <w****r@m****z> |
Wiktor Kwapisiewicz <w****r@m****z> | over 1 year ago | |
| c8b7b587 |
chore: Update dependencies
Signed-off-by: Wiktor Kwapisiewicz <w****r@m****z> |
Wiktor Kwapisiewicz <w****r@m****z> | over 1 year ago | |
| fbe33312 |
chore: Fix `third-party` typo detected by codespell
Signed-off-by: Wiktor Kwapisiewicz <w****r@m****z> |
Wiktor Kwapisiewicz <w****r@m****z> | over 1 year ago | |
| f5c42ce3 |
chore: Apply automatic clippy fix
Signed-off-by: Wiktor Kwapisiewicz <w****r@m****z> |
Wiktor Kwapisiewicz <w****r@m****z> | over 1 year ago | |
| 0c9a399d |
chore: Migrate reuse files
Signed-off-by: Wiktor Kwapisiewicz <w****r@m****z> |
Wiktor Kwapisiewicz <w****r@m****z> | over 1 year ago | |
| 93ec9cce |
docs: Add info about problems with `SSHFP` records
Signed-off-by: Wiktor Kwapisiewicz <w****r@m****z> |
Wiktor Kwapisiewicz <w****r@m****z> | about 2 years ago | |
| efb2111b |
docs: Add vale checking and fix minor wording issues
Signed-off-by: Wiktor Kwapisiewicz <w****r@m****z> |
Wiktor Kwapisiewicz <w****r@m****z> | about 2 years ago | |
| e21dc963 |
fix: Remove redundant import
Signed-off-by: Wiktor Kwapisiewicz <w****r@m****z> |
Wiktor Kwapisiewicz <w****r@m****z> | about 2 years ago | |
| 12fd6508 |
fix: Update link to project page on nlnet.nl
Signed-off-by: George Hopkins <g****s@n****t> |
George Hopkins <g****s@n****t> | over 2 years ago | |
| 91f6d142 |
fix(nix): Fix x86_64-darwin build by using a newer sdk
Signed-off-by: Doron Behar <d****r@g****m> |
Doron Behar <d****r@g****m> | over 2 years ago | |
| 89271a41 |
docs: Improve docs
Signed-off-by: Wiktor Kwapisiewicz <w****r@m****z> |
Wiktor Kwapisiewicz <w****r@m****z> | over 2 years ago | |
| 1d2132fe |
chore(ssh-openpgp-auth): Update project version to 0.2.2
Signed-off-by: David Runge <d****e@s****e> |
David Runge <d****e@s****e> | over 2 years ago | |
| 408842e9 |
chore(sshd-openpgp-auth): Update project version to 0.3.0
Signed-off-by: David Runge <d****e@s****e> |
David Runge <d****e@s****e> | over 2 years ago | |
| 0e715337 |
fix(ssh-openpgp-auth): Disregard expired and revoked host certificates
Signed-off-by: David Runge <d****e@s****e> |
David Runge <d****e@s****e> | over 2 years ago | |
| 07797d12 |
ci(justfile): Add integration tests for trust and expiry
Signed-off-by: David Runge <d****e@s****e> |
David Runge <d****e@s****e> | over 2 years ago | |
| ea0c81bb |
fix(sshd-openpgp-auth): Also extend expiry of already expired TSKs
Signed-off-by: David Runge <d****e@s****e> |
David Runge <d****e@s****e> | over 2 years ago | |
| 78e3e4ac |
ci(justfile): Run all bash scripts more verbose
Signed-off-by: David Runge <d****e@s****e> |
David Runge <d****e@s****e> | over 2 years ago | |
| a8fe210f |
ci(justfile): Extract task of exporting to WKD to separate recipe
Signed-off-by: David Runge <d****e@s****e> |
David Runge <d****e@s****e> | over 2 years ago | |
| c10e1d4c |
fix(ssh-openpgp-auth): Simplify logic for getting certs from cert store
Signed-off-by: David Runge <d****e@s****e> |
David Runge <d****e@s****e> | over 2 years ago | |
| fd73dd9f |
revert: "feat: Use mold as linker to speed up linking stage"
Signed-off-by: David Runge <d****e@s****e> |
David Runge <d****e@s****e> | over 2 years ago | |
| bf2e883b |
fix(ssh-openpgp-auth): Do not consider revoked authentication subkeys
Signed-off-by: David Runge <d****e@s****e> |
David Runge <d****e@s****e> | over 2 years ago | |
| 19136745 |
ci(justfile): Implement integration test for revoked host keys
Signed-off-by: David Runge <d****e@s****e> |
David Runge <d****e@s****e> | over 2 years ago | |
| 12aeb879 |
ci(justfile): Setup SSH client config only right before connecting
Signed-off-by: David Runge <d****e@s****e> |
David Runge <d****e@s****e> | over 2 years ago | |
| 783db987 |
ci(justfile): Extend connect-ci-ssh recipe to allow for failure
Signed-off-by: David Runge <d****e@s****e> |
David Runge <d****e@s****e> | over 2 years ago | |
| 604f661c |
ci(justfile): Simplify setup-ci-local-trust-anchor recipe
Signed-off-by: David Runge <d****e@s****e> |
David Runge <d****e@s****e> | over 2 years ago | |
| d049f24a |
ci: Use dedicated directory for TLS certificates
Signed-off-by: David Runge <d****e@s****e> |
David Runge <d****e@s****e> | over 2 years ago | |
| 9308d6fd | merge Merge pull request 'Add a flake.nix and package.nix files' (#74) from doronbe... | doronbehar <d****r@n****g> | over 2 years ago | |
| 881ed441 | merge Merge pull request 'Add OpenPGP CA documentation' (#77) from wiktor/add-oca-d... | Wiktor Kwapisiewicz <w****r@m****z> | over 2 years ago | |
| fe447833 | merge Merge pull request 'Add end-user documentation' (#76) from wiktor/add-end-use... | Wiktor Kwapisiewicz <w****r@m****z> | over 2 years ago | |
| d9167109 | merge Merge pull request 'Add documentation for system administrators' (#75) from w... | Wiktor Kwapisiewicz <w****r@m****z> | over 2 years ago | |
| 47abc8c1 | merge Merge pull request 'Add high-level documentation' (#73) from wiktor/hl-docs i... | Wiktor Kwapisiewicz <w****r@m****z> | over 2 years ago | |
| c7f0d385 |
docs: Add mention of `sshd-openpgp-auth merge` subcommand
Signed-off-by: Wiktor Kwapisiewicz <w****r@m****z> |
Wiktor Kwapisiewicz <w****r@m****z> | over 2 years ago | |
| 235716f6 |
docs(README.md): Add section on adding thirdparty certifications to TSK
Signed-off-by: David Runge <d****e@s****e> |
David Runge <d****e@s****e> | over 2 years ago | |
| 15dd38a9 |
docs: Apply suggested edits for clarity
Signed-off-by: Wiktor Kwapisiewicz <w****r@m****z> |
Heiko Schaefer <h****o@s****e>
Committed by: Wiktor Kwapisiewicz <w****r@m****z> |
over 2 years ago | |
| fdcea94c |
ci(justfile): Adapt local trust anchor integration test to new file ending
Signed-off-by: David Runge <d****e@s****e> |
David Runge <d****e@s****e> | over 2 years ago | |
| e1bf6edd |
docs(README.md): Use correct file ending in examples
Signed-off-by: David Runge <d****e@s****e> |
David Runge <d****e@s****e> | over 2 years ago | |
| 767e8771 |
ci(deny.toml): Opt in to new cargo-deny features
Signed-off-by: David Runge <d****e@s****e> |
David Runge <d****e@s****e> | over 2 years ago | |
| cdf69d25 |
fix(justfile): Run cargo-deny without options
Signed-off-by: David Runge <d****e@s****e> |
David Runge <d****e@s****e> | over 2 years ago | |
| 01a604dc |
feat(sshd-openpgp-auth)!: Use .tsk as file ending for trust anchors
Signed-off-by: David Runge <d****e@s****e> |
David Runge <d****e@s****e> | over 2 years ago | |
| 422ef696 |
feat(sshd-openpgp-auth): Add command for merging certificates
Signed-off-by: David Runge <d****e@s****e> |
David Runge <d****e@s****e> | over 2 years ago | |
| efa623dd |
test: Rename fixture to clarify that it contains a trust anchor
Signed-off-by: David Runge <d****e@s****e> |
David Runge <d****e@s****e> | over 2 years ago | |
| d3349e64 |
ci(woodpecker): Also run ignored tests after running all tests
Signed-off-by: David Runge <d****e@s****e> |
David Runge <d****e@s****e> | over 2 years ago | |
| 04f0aa1b |
feat(justfile): Also allow running ignored tests
Signed-off-by: David Runge <d****e@s****e> |
David Runge <d****e@s****e> | over 2 years ago | |
| 863b2892 |
test(sshd-openpgp-auth): Use ignore instead of feature for online test
Signed-off-by: David Runge <d****e@s****e> |
David Runge <d****e@s****e> | over 2 years ago | |
| de0a3f7c |
ci(woodpecker): Install mold in CI environment
Signed-off-by: David Runge <d****e@s****e> |
David Runge <d****e@s****e> | over 2 years ago | |
| cf1433d7 |
feat: Use mold as linker to speed up linking stage
Signed-off-by: David Runge <d****e@s****e> |
David Runge <d****e@s****e> | over 2 years ago | |
| 7c1072e4 |
feat: Decrease binary size in release build
Signed-off-by: David Runge <d****e@s****e> |
David Runge <d****e@s****e> | over 2 years ago | |
| 8a6ddf97 |
docs: Add OpenPGP CA documentation
Signed-off-by: Wiktor Kwapisiewicz <w****r@m****z> |
Wiktor Kwapisiewicz <w****r@m****z> | over 2 years ago | |
| 6e432bb1 |
docs: Add end-user documentation
Signed-off-by: Wiktor Kwapisiewicz <w****r@m****z> |
Wiktor Kwapisiewicz <w****r@m****z> | over 2 years ago | |
| 9dfb8db9 |
docs: Add documentation for system administrators
Signed-off-by: Wiktor Kwapisiewicz <w****r@m****z> |
Wiktor Kwapisiewicz <w****r@m****z> | over 2 years ago | |
| 3bb56ad7 |
chore(nix): Enable and fix shell completions
Signed-off-by: Wiktor Kwapisiewicz <w****r@m****z> |
Wiktor Kwapisiewicz <w****r@m****z>
Committed by: Doron Behar <d****r@g****m> |
over 2 years ago | |
| 75897af9 |
ci(woodpecker): Add Nix
Signed-off-by: Doron Behar <d****r@g****m> |
Doron Behar <d****r@g****m> | over 2 years ago | |
| 8f20bec4 |
ci(nix): Add a flake.nix and package.nix
Signed-off-by: Doron Behar <d****r@g****m> |
Doron Behar <d****r@g****m> | over 2 years ago | |
| ca8584c6 |
docs: Add high-level documentation
Signed-off-by: Wiktor Kwapisiewicz <w****r@m****z> |
Wiktor Kwapisiewicz <w****r@m****z> | over 2 years ago | |
| 10a989a2 |
fix(sshd-openpgp-auth): Remove unneeded stdout prints on export to WKD
Signed-off-by: David Runge <d****e@s****e> |
David Runge <d****e@s****e> | over 2 years ago | |
| 14d11c4a |
ci(woodpecker): Split into further steps for parallelization
Signed-off-by: David Runge <d****e@s****e> |
David Runge <d****e@s****e> | over 2 years ago | |
| 178f520e |
ci(justfile): Add a full integration test target for local trust anchor
Signed-off-by: David Runge <d****e@s****e> |
David Runge <d****e@s****e> | over 2 years ago | |
| 1afa23f7 |
ci(justfile): Setup WKD and OpenPGP certs for SSH host key validation
Signed-off-by: David Runge <d****e@s****e> |
David Runge <d****e@s****e> | over 2 years ago | |
| 014355cc |
ci(justfile): Add target to connect to a host using SSH
Signed-off-by: David Runge <d****e@s****e> |
David Runge <d****e@s****e> | over 2 years ago | |
| ae087993 |
ci(justfile): Add target to host a WKD dir locally
Signed-off-by: David Runge <d****e@s****e> |
David Runge <d****e@s****e> | over 2 years ago | |
| 6cdb88fa |
ci(justfile): Create target to prepare a test host in CI
Signed-off-by: David Runge <d****e@s****e> |
David Runge <d****e@s****e> | over 2 years ago | |
| 03dc39ee |
ci(justfile): Add targets to create and trust TLS certificate authority
Signed-off-by: David Runge <d****e@s****e> |
David Runge <d****e@s****e> | over 2 years ago | |
| 0deef4eb |
ci(justfile): Allow README test target to reuse existing executables
Signed-off-by: David Runge <d****e@s****e> |
David Runge <d****e@s****e> | over 2 years ago | |
| 96e88595 |
ci(woodpecker): Add build target to provide shared artifacts
Signed-off-by: David Runge <d****e@s****e> |
David Runge <d****e@s****e> | over 2 years ago | |
| b89978dd |
fix: Replace use of sequoia-net with local implementation
Signed-off-by: David Runge <d****e@s****e> |
David Runge <d****e@s****e> | over 2 years ago | |
| a232e166 | merge Merge pull request 'chore: Use NLNet's template in the "Funding/Sponsors" sec... | Wiktor Kwapisiewicz <w****r@m****z> | over 2 years ago | |
| ef9a0d27 |
chore: Use NLNet's template in the "Funding/Sponsors" section
Signed-off-by: Wiktor Kwapisiewicz <w****r@m****z> |
Wiktor Kwapisiewicz <w****r@m****z> | over 2 years ago | |
| 568da586 |
ci(woodpecker): Add integration test for successful SSH connection
Signed-off-by: David Runge <d****e@s****e> |
David Runge <d****e@s****e> | over 2 years ago | |
| 18ca38a0 |
ci: Use cocogitto to verify conventional commit messages
Signed-off-by: David Runge <d****e@s****e> |
David Runge <d****e@s****e> | over 2 years ago | |
| 8a642b91 |
docs(CONTRIBUTING.md): Add initial contributing guidelines for project
Signed-off-by: David Runge <d****e@s****e> |
David Runge <d****e@s****e> | over 2 years ago | |
| 902068d4 |
chore: Update ssh-openpgp-auth to 0.2.1
Signed-off-by: David Runge <d****e@s****e> |
David Runge <d****e@s****e> | over 2 years ago | |
| 26459a5e |
chore: Update sshd-openpgp-auth to 0.2.1
Signed-off-by: David Runge <d****e@s****e> |
David Runge <d****e@s****e> | over 2 years ago | |
| 7295fd47 |
fix(Cargo.lock): Add updated lock file for 0.2.0 release
Signed-off-by: David Runge <d****e@s****e> |
David Runge <d****e@s****e> | over 2 years ago | |
| d2b0128f |
chore(Cargo.toml): Set crate version to 0.2.0
Signed-off-by: David Runge <d****e@s****e> |
David Runge <d****e@s****e> | over 2 years ago | |
| 23a2452b |
chore(Cargo.toml): Set crate version to 0.2.0
Signed-off-by: David Runge <d****e@s****e> |
David Runge <d****e@s****e> | over 2 years ago | |
| fada00b2 | merge Merge pull request 'Add support for adding Keyoxide proofs to existing certif... | Wiktor Kwapisiewicz <w****r@m****z> | over 2 years ago | |
| b3938444 | merge Merge pull request 'Capture local verification in OpenPGP data' (#60) from wi... | Wiktor Kwapisiewicz <w****r@m****z> | over 2 years ago | |
| a3c87384 |
Refactor and document the behavior of `create_new_certifying_key`
Signed-off-by: Wiktor Kwapisiewicz <w****r@m****z> |
Wiktor Kwapisiewicz <w****r@m****z> | over 2 years ago | |
| e51211b2 |
Adjust examples to use new `sq` CLI interface
Signed-off-by: Wiktor Kwapisiewicz <w****r@m****z> |
Wiktor Kwapisiewicz <w****r@m****z> | over 2 years ago | |
| ec53857d | merge Merge pull request 'Add printing details on the verification process' (#58) f... | Wiktor Kwapisiewicz <w****r@m****z> | over 2 years ago | |
| 31cd2e23 | merge Merge pull request 'Add codespell check for the commit message' (#59) from wi... | Wiktor Kwapisiewicz <w****r@m****z> | over 2 years ago | |
| c48b23eb |
Update iana-time-zone to avoid using yanked version
Signed-off-by: Wiktor Kwapisiewicz <w****r@m****z> |
Wiktor Kwapisiewicz <w****r@m****z> | over 2 years ago | |
| 9c6165f9 |
Upgrade dependencies
Signed-off-by: Wiktor Kwapisiewicz <w****r@m****z> |
Wiktor Kwapisiewicz <w****r@m****z> | over 2 years ago | |
| 6ee4ed93 |
Add command to append DNS proof in the host certificate
Signed-off-by: Wiktor Kwapisiewicz <w****r@m****z> |
Wiktor Kwapisiewicz <w****r@m****z> | over 2 years ago | |
| 5e18ce4b |
Make just fail when e2e error is encountered
Signed-off-by: Wiktor Kwapisiewicz <w****r@m****z> |
Wiktor Kwapisiewicz <w****r@m****z> | over 2 years ago | |
| c78bf65c |
Add user-level documentation
Signed-off-by: Wiktor Kwapisiewicz <w****r@m****z> |
Wiktor Kwapisiewicz <w****r@m****z> | over 2 years ago | |
| ce88ece4 |
Capture local verification in OpenPGP data
Signed-off-by: Wiktor Kwapisiewicz <w****r@m****z> |
Wiktor Kwapisiewicz <w****r@m****z> | over 2 years ago | |
| 76370d81 |
Use recipe parameter for refs to check
Signed-off-by: Wiktor Kwapisiewicz <w****r@m****z> |
Wiktor Kwapisiewicz <w****r@m****z> | over 2 years ago | |
| 0275086f |
Add codespell check for the commit message
Signed-off-by: Wiktor Kwapisiewicz <w****r@m****z> |
Wiktor Kwapisiewicz <w****r@m****z> | over 2 years ago | |
| 9c49761f |
Print even more details on subkey export
Signed-off-by: Wiktor Kwapisiewicz <w****r@m****z> |
Wiktor Kwapisiewicz <w****r@m****z> | over 2 years ago | |
| 175ff4af |
Print Web of Trust verification status when using `verbose`
Signed-off-by: Wiktor Kwapisiewicz <w****r@m****z> |
Wiktor Kwapisiewicz <w****r@m****z> | over 2 years ago |