| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
add sshd_config RDomain keyword to place sshd and the
subsequent user session (including the shell and any TCP/IP forwardings) into
the specified rdomain(4)
ok markus@
Upstream-ID: be2358e86346b5cacf20d90f59f980b87d1af0f5
|
| |
|
|
|
|
|
|
|
| |
Add optional rdomain qualifier to sshd_config's
ListenAddress option to allow listening on a different rdomain(4), e.g.
ListenAddress 0.0.0.0 rdomain 4
Upstream-ID: 24b6622c376feeed9e9be8b9605e593695ac9091
|
| |
|
|
|
|
|
| |
Kill dead store and some spaces vs. tabs indent in
parse_user_host_path(). Noticed by markus@
Upstream-ID: 114fec91dadf9af46c7c94fd40fc630ea2de8200
|
| |
|
|
|
|
| |
tweak previous; ok djm
Upstream-ID: 7d913981ab315296be1f759c67b6e17aea38fca9
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Expose devices allocated for tun/tap forwarding.
At the client, the device may be obtained from a new %T expansion
for LocalCommand.
At the server, the allocated devices will be listed in a
SSH_TUNNEL variable exposed to the environment of any user sessions
started after the tunnel forwarding was established.
ok markus
Upstream-ID: e61e53f8ae80566e9ddc0d67a5df5bdf2f3c9f9e
|
| |
|
|
|
|
|
|
|
|
| |
Add URI support to ssh, sftp and scp. For example
ssh://user@host or sftp://user@host/path. The connection parameters
described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since
the ssh fingerprint format in the draft uses md5 with no way to specify the
hash function type. OK djm@
Upstream-ID: 4ba3768b662d6722de59e6ecb00abf2d4bf9cacc
|
| | |
|
| |
|
|
|
|
| |
more RCSIDs
Upstream-Regress-ID: 1aecbe3f8224793f0ec56741a86d619830eb33be
|
| |
|
|
|
|
|
| |
add RCSIDs to these; they make syncing portable a bit
easier
Upstream-ID: 56cb7021faea599736dd7e7f09c2e714425b1e68
|
| |
|
|
|
|
| |
Apply missing commit 1.11 to kexc25519s.c
Upstream-ID: 5f020e23a1ee6c3597af1f91511e68552cdf15e8
|
| |
|
|
|
|
| |
Apply missing commit 1.127 to servconf.h
Upstream-ID: f14c4bac74a2b7cf1e3cff6bea5c447f192a7d15
|
| |
|
|
|
|
| |
remove unused Pp;
Upstream-ID: 8ad26467f1f6a40be887234085a8e01a61a00550
|
| |
|
|
|
|
|
|
|
| |
In the description of pattern-lists, clarify negated
matches by explicitly stating that a negated match will never yield a
positive result, and that at least one positive term in the pattern-list must
match. bz#1918
Upstream-ID: 652d2f9d993f158fc5f83cef4a95cd9d95ae6a14
|
| |
|
|
|
|
| |
log debug messages sent to peer; ok deraadt markus
Upstream-ID: 3b4fdc0a06ea5083f61d96e20043000f477103d9
|
| |
|
|
|
|
|
|
|
|
| |
trim permitrootlogin description somewhat, to avoid
ambiguity; original diff from walter alejandro iglesias, tweaked by sthen and
myself
ok sthen schwarze deraadt
Upstream-ID: 1749418b2bc073f3fdd25fe21f8263c3637fe5d2
|
| |
|
|
|
|
|
| |
mention SSH_USER_AUTH in the list of environment
variables
Upstream-ID: 1083397c3ee54b4933121ab058c70a0fc6383691
|
| |
|
|
|
|
|
| |
BIO_get_mem_data() is supposed to take a char* as pointer
argument, so don't pass it a const char*
Upstream-ID: 1ccd91eb7f4dd4f0fa812d4f956987cd00b5f6ec
|
| |
|
|
|
|
|
| |
clarify the order in which config statements are used. ok
jmc@ djm@
Upstream-ID: e37e27bb6bbac71315e22cb9690fd8a556a501ed
|
| |
|
|
|
|
|
|
| |
replace statically-sized arrays in ServerOptions with
dynamic ones managed by xrecallocarray, removing some arbitrary (though
large) limits and saving a bit of memory; "much nicer" markus@
Upstream-ID: 1732720b2f478fe929d6687ac7b0a97ff2efe9d2
|
| |
|
|
|
|
| |
%C is hashed; from klemens nanni ok markus
Upstream-ID: 6ebed7b2e1b6ee5402a67875d74f5e2859d8f998
|
| |
|
|
|
|
| |
exercise PermitOpen a little more thoroughly
Upstream-Regress-ID: f41592334e227a4c1f9a983044522de4502d5eac
|
| |
|
|
|
|
| |
UsePrivilegeSeparation is gone, stop trying to test it.
Upstream-Regress-ID: 796a5057cfd79456a20ea935cc53f6eb80ace191
|
| |
|
|
|
|
|
|
| |
fix (another) problem in PermitOpen introduced during the
channels.c refactor: the third and subsequent arguments to PermitOpen were
being silently ignored; ok markus@
Upstream-ID: 067c89f1f53cbc381628012ba776d6861e6782fd
|
| |
|
|
|
|
| |
Fix PermitOpen crash; spotted by benno@, ok dtucker@ deraadt@
Upstream-ID: c2cc84ffac070d2e1ff76182c70ca230a387983c
|
| |
|
|
| |
I spotted a typo in the draft so uploaded a new version...
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
openssh-7.6; ok deraadt@
Upstream-ID: a39c3a5b63a1baae109ae1ae4c7c34c2a59acde0
|
| |
|
|
|
|
|
|
| |
tweak EposeAuthinfo; diff from lars nooden
tweaked by sthen; ok djm dtucker
Upstream-ID: 8f2ea5d2065184363e8be7a0ba24d98a3b259748
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
We don't support openssl-1.1.x yet (see multiple threads on the
openssh-unix-dev@ mailing list for the reason), but previously
./configure would accept it and the compilation would subsequently
fail. This makes ./configure display an explicit error message and
abort.
ok dtucker@
|
| |
|
|
|
|
|
|
| |
On some platforms (AIX, maybe others) allocating zero bytes of memory
via the various *alloc functions returns NULL, which is permitted
by the standards. Autoconf has some macros for detecting this (with
the exception of calloc for some reason) so use these and if necessary
activate shims for them. ok djm@
|
| |
|
|
|
|
| |
test reverse dynamic forwarding with SOCKS
Upstream-Regress-ID: 95cf290470f7e5e2f691e4bc6ba19b91eced2f79
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
fix inverted test on channel open failure path that
"upgraded" a transient failure into a fatal error; reported by sthen and also
seen by benno@; ok sthen@
Upstream-ID: b58b3fbb79ba224599c6cd6b60c934fc46c68472
|
| |
|
|
|
|
|
|
| |
write the correct buffer when tunnel forwarding; doesn't
matter on OpenBSD (they are the same) but does matter on portable where we
use an output filter to translate os-specific tun/tap headers
Upstream-ID: f1ca94eff48404827b12e1d12f6139ee99a72284
|
| |
|
|
|
|
|
| |
fix tunnel forwarding problem introduced in refactor;
reported by stsp@ ok markus@
Upstream-ID: 81a731cdae1122c8522134095d1a8b60fa9dcd04
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add 'reverse' dynamic forwarding which combines dynamic
forwarding (-D) with remote forwarding (-R) where the remote-forwarded port
expects SOCKS-requests.
The SSH server code is unchanged and the parsing happens at the SSH
clients side. Thus the full SOCKS-request is sent over the forwarded
channel and the client parses c->output. Parsing happens in
channel_before_prepare_select(), _before_ the select bitmask is
computed in the pre[] handlers, but after network input processing
in the post[] handlers.
help and ok djm@
Upstream-ID: aa25a6a3851064f34fe719e0bf15656ad5a64b89
|
| |
|
|
|
|
|
|
| |
Use strsignal in debug message instead of casting for the
benefit of portable where sig_atomic_t might not be int. "much nicer"
deraadt@
Upstream-ID: 2dac6c1e40511c700bd90664cd263ed2299dcf79
|
| |
|
|
|
|
|
| |
Use explicit_bzero() instead of bzero() before free() to
prevent the compiler from optimizing away the bzero() call. OK djm@
Upstream-ID: cdc6197e64c9684c7250e23d60863ee1b53cef1d
|
| |
|
|
|
|
|
| |
fix use-after-free in ~^Z escape handler path, introduced
in channels.c refactor; spotted by millert@ "makes sense" deraadt@
Upstream-ID: 8fa2cdc65c23ad6420c1e59444b0c955b0589b22
|
| |
|
|
|
|
|
| |
Prevent type mismatch warning in debug on platforms where
sig_atomic_t != int. ok djm@
Upstream-ID: 306e2375eb0364a4c68e48f091739bea4f4892ed
|
| |
|
|
|
|
| |
Add braces missing after channels refactor. ok markus@
Upstream-ID: 72ab325c84e010680dbc88f226e2aa96b11a3980
|
| |
|
|
| |
ok dtucker@
|
| |
|
|
|
|
| |
It's still on by default, but now it's possible to turn it off using
--without-hardening. This is useful since it's known to cause problems
with some -fsanitize options. ok dtucker@
|
| |
|
|
|
|
|
|
|
| |
Print SKIPPED if sudo and doas configuration is missing.
Prevents that running the regression test with wrong environment is reported
as failure. Keep the fatal there to avoid interfering with other setups for
portable ssh. OK dtucker@
Upstream-Regress-ID: f0dc60023caef496ded341ac5aade2a606fa234e
|
