summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* upstream: use do_log2 instead of function pointers to different logdjm@openbsd.org2020-10-171-3/+4
| | | | | | functions OpenBSD-Commit-ID: 88077b826d348c58352a6b394755520f4e484480
* upstream: make UpdateHostkeys still more conservative: refuse todjm@openbsd.org2020-10-141-38/+76
| | | | | | | | | | | proceed if one of the keys offered by the server is already in known_hosts under another name. This avoid collisions between address entries for different host aliases when CheckHostIP=yes Also, do not attempt to fix known_hosts with incomplete host/ip matches when there are no new or deprecated hostkeys. OpenBSD-Commit-ID: 95c19842f7c41f9bd9c92aa6441a278c0fd0c4a3
* upstream: Zap unused family parameter from ssh_connect_direct()kn@openbsd.org2020-10-143-9/+9
| | | | | | | | sshconnect.c r1.241 from 2013 made it unused; found while reading code. OK djm OpenBSD-Commit-ID: 219ba6d7f9925d0b7992918612680399d86712b5
* shift contents of long $() into filter_ids()Philip Hands2020-10-131-38/+40
| | | | | | | | | | | | This was prompted by the fact that posh does not deal with $() that contains comments where the comment includes an odd number of single-quotes. It seems to get befuddled into trying to find the matching quote. Regardless, making a function for filtering the unneeded ids seems much neater than avoiding apostrophes, so that's what I've done. SSH-Copy-ID-Upstream: 3dab3366a584427045c8a690a93282f02c09cf24
* combine if/elif to avoid duplication of the actionPhilip Hands2020-10-131-4/+5
| | | | SSH-Copy-ID-Upstream: 42aeb1cc53d3f7f6e78edc210fb121fda0834914
* shellcheck tidyagePhilip Hands2020-10-131-3/+7
| | | | SSH-Copy-ID-Upstream: 5b08f840e78ac544288b3983010a1b0585e966fd
* tidy up test of $SCRATCH_DIR creationPhilip Hands2020-10-131-8/+6
| | | | SSH-Copy-ID-Upstream: 2d8b22d96c105d87743ffe8874887b06f8989b93
* add -s flag: to install keys via SFTPPhilip Hands2020-10-132-28/+80
| | | | | | | | | | | This is prompted by: https://bugzilla.mindrot.org/show_bug.cgi?id=3201 Thanks go to Matthias Blümel for the idea, and the helpful patch, from which this patch grew. SSH-Copy-ID-Upstream: f7c76dc64427cd20287a6868f672423b62057614
* upstream: UpdateHostkeys: check for keys under other namesdjm@openbsd.org2020-10-121-7/+82
| | | | | | | | | | | | | | | Stop UpdateHostkeys from automatically removing deprecated keys from known_hosts files if the same keys exist under a different name or address to the host that is being connected to. This avoids UpdateHostkeys from making known_hosts inconsistent in some cases. For example, multiple host aliases sharing address-based known_hosts on different lines, or hosts that resolves to multiple addresses. ok markus@ OpenBSD-Commit-ID: 6444a705ba504c3c8ccddccd8d1b94aa33bd11c1
* upstream: UpdateHostkeys: better CheckHostIP handlingdjm@openbsd.org2020-10-122-53/+95
| | | | | | | | | | | | | | When preparing to update the known_hosts file, fully check both entries for both the host and the address (if CheckHostIP enabled) and ensure that, at the end of the operation, entries for both are recorded. Make sure this works with HashKnownHosts too, which requires maintaining a list of entry-types seen across the whole file for each key. ok markus@ OpenBSD-Commit-ID: 374dc263103f6b343d9671f87dbf81ffd0d6abdd
* upstream: UpdateHostkeys: better detect manual host entriesdjm@openbsd.org2020-10-121-17/+37
| | | | | | | | | | Disable UpdateHostkeys if the known_hosts line has more than two entries in the pattern-list. ssh(1) only writes "host" or "host,ip" lines so anything else was added by a different tool or by a human. ok markus@ OpenBSD-Commit-ID: e434828191fb5f3877d4887c218682825aa59820
* upstream: don't misdetect comma-separated hostkey names as wildcards;djm@openbsd.org2020-10-091-4/+4
| | | | | | spotted by naddy@ OpenBSD-Commit-ID: 4b874edfec7fc324a21b130bdb42f912177739ce
* fix TEST_MALLOC_OPTIONS varwangxp0062020-10-081-1/+1
|
* upstream: clarify conditions for UpdateHostkeysdjm@openbsd.org2020-10-081-3/+9
| | | | OpenBSD-Commit-ID: 9cba714cf6aeed769f998ccbe8c483077a618e27
* upstream: remove GlobalKnownHostsFile for this test afterdjm@openbsd.org2020-10-071-2/+5
| | | | | | UpdateHostkeys change OpenBSD-Regress-ID: a940ad79d59343319613ba8fc46b6ef24aa3f8e1
* upstream: Disable UpdateHostkeys when hostkey checking failsdjm@openbsd.org2020-10-071-1/+6
| | | | | | | | | | If host key checking fails (i.e. a wrong host key is recorded for the server) and the user elects to continue (via StrictHostKeyChecking=no), then disable UpdateHostkeys for the session. reminded by Mark D. Baushke; ok markus@ OpenBSD-Commit-ID: 98b524f121f4252309dd21becd8c4cacb0c6042a
* upstream: Fix UpdateHostkeys/HashKnownHosts/CheckHostIP bugdjm@openbsd.org2020-10-071-1/+4
| | | | | | | | | | When all of UpdateHostkeys, HashKnownHosts and ChechHostIP were enabled and new host keys were learned, known_hosts IP entries were not being recorded for new host keys. reported by matthieu@ ok markus@ OpenBSD-Commit-ID: a654a8290bd1c930aac509e8158cf85e42e49cb7
* upstream: don't UpdateHostkeys when the hostkey is verified by thedjm@openbsd.org2020-10-071-4/+28
| | | | | | | | GlobalKnownHostsFile file, support only UserKnownHostsFile matches suggested by Mark D. Baushke; feedback and ok markus@ OpenBSD-Commit-ID: eabb771a6add676c398d38a143a1aff5f04abbb9
* upstream: revert kex->flags cert hostkey downgrade back to a plaindjm@openbsd.org2020-10-075-64/+20
| | | | | | | | | key (commitid VtF8vozGOF8DMKVg). We now do this a simpler way that needs less plumbing. ok markus@ OpenBSD-Commit-ID: fb92d25b216bff8c136da818ac2221efaadf18ed
* upstream: simply disable UpdateHostkeys when a certificatedjm@openbsd.org2020-10-071-2/+7
| | | | | | | | | successfully authenticated the host; simpler than the complicated plumbing via kex->flags we have now. ok markus@ OpenBSD-Commit-ID: 80e39644eed75717d563a7f177e8117a0e14f42c
* upstream: disable UpdateHostkeys by default if VerifyHostKeyDNS isdjm@openbsd.org2020-10-072-6/+9
| | | | | | enabled; suggested by Mark D. Baushke OpenBSD-Commit-ID: 85a1b88592c81bc85df7ee7787dbbe721a0542bf
* upstream: Agent protocol draft is now at rev 4. ok djm@dtucker@openbsd.org2020-10-071-5/+3
| | | | OpenBSD-Commit-ID: 8c01ea3aae48aab45e01b7421b0fca2dad5e7837
* upstream: when ordering host key algorithms in the client, considerdjm@openbsd.org2020-10-074-12/+19
| | | | | | the ECDSA key subtype; ok markus@ OpenBSD-Commit-ID: 3097686f853c61ff61772ea35f8b699931392ece
* upstream: Allow full range of UIDs and GIDs for sftp chown anddtucker@openbsd.org2020-10-071-6/+6
| | | | | | | chgrp on 32bit platforms instead of being limited by LONG_MAX. bz#3206, found by booking00 at sina.cn, ok markus@ OpenBSD-Commit-ID: 373b7bbf1f15ae482d39567ce30d18b51c9229b5
* upstream: There are lots of place where we want to redirect stdin,djm@openbsd.org2020-10-039-135/+60
| | | | | | | | stdout and/or stderr to /dev/null. Factor all these out to a single stdfd_devnull() function that allows selection of which of these to redirect. ok markus@ OpenBSD-Commit-ID: 3033ba5a4c47cacfd5def020d42cabc52fad3099
* upstream: enable UpdateHostkeys by default when the configurationdjm@openbsd.org2020-10-032-4/+10
| | | | | | | has not overridden UserKnownHostsFile; ok markus@ "The timing is perfect" deraadt@ OpenBSD-Commit-ID: 62df71c9c5242da5763cb473c2a2deefbd0cef60
* upstream: disable UpdateHostkeys when a wildcard hostname patterndjm@openbsd.org2020-10-031-2/+31
| | | | | | is encountered or when a certificate host key is in use. feedback/ok markus@ OpenBSD-Commit-ID: b6e5575af7e6732322be82ec299e09051a5413bd
* upstream: record when the host key checking code downgrades adjm@openbsd.org2020-10-034-19/+57
| | | | | | | | certificate host key to a plain key. This occurs when the user connects to a host with a certificate host key but no corresponding CA key configured in known_hosts; feedback and ok markus@ OpenBSD-Commit-ID: 2ada81853ff9ee7824c62f440bcf4ad62030c901
* upstream: prefer ed25519 signature algorithm variants to ECDSA; okdjm@openbsd.org2020-10-033-33/+39
| | | | | | markus@ OpenBSD-Commit-ID: 82187926fca96d35a5b5afbc091afa84e0966e5b
* upstream: want time.h here toodjm@openbsd.org2020-10-031-1/+2
| | | | OpenBSD-Commit-ID: fafee8f1108c64ad8b282f9a1ed5ea830d8c58a7
* upstream: split introductory paragraph, and insert ominous words aboutderaadt@openbsd.org2020-10-031-4/+8
| | | | | | | | the glob issue, which cannot be fully fixed and really requires completely replacing scp with a completely different subsystem. team effort to find the right words.. OpenBSD-Commit-ID: 58e1f72d292687f63eb357183036ee242513691c
* use relative rather than system include hereDamien Miller2020-10-031-1/+1
|
* add some openbsd-compat licenses we missedDamien Miller2020-10-031-0/+62
|
* un-nest $() to make ksh cheerfulPhilip Hands2020-10-031-1/+2
|
* ksh doesn't grok 'local'Philip Hands2020-10-031-6/+5
| | | | | and AFAICT it's not actually doing anything useful in the code, so let's see how things go without it.
* Fix `EOF: command not found` error in ssh-copy-idOleg2020-10-031-1/+2
|
* upstream: Regen moduli.dtucker@openbsd.org2020-09-301-453/+406
| | | | OpenBSD-Commit-ID: 04967f8c43e9854ac34b917bcd6f5ac96c53a693
* Restore first section title of INSTALLHARUYAMA Seigo2020-09-271-0/+1
|
* update version numbersV_8_4_P1V_8_4Damien Miller2020-09-273-3/+3
|
* upstream: openssh 8.4djm@openbsd.org2020-09-271-2/+2
| | | | OpenBSD-Commit-ID: a29e5b372d2c00e297da8a35a3b87c9beb3b4a58
* sync with upstream ssh-copy-id rev f0da1a1b7Damien Miller2020-09-222-79/+81
|
* upstream: close stdin when forking after authentication too; ok markusdjm@openbsd.org2020-09-211-2/+3
| | | | OpenBSD-Commit-ID: 43db17e4abc3e6b4a7b033aa8cdab326a7cb6c24
* upstream: close stdout/stderr after "ssh -f ..." forkingdjm@openbsd.org2020-09-211-6/+21
| | | | | | bz#3137, ok markus OpenBSD-Commit-ID: e2d83cc4dea1665651a7aa924ad1ed6bcaaab3e2
* .dependDamien Miller2020-09-201-2/+2
|
* upstream: cap channel input buffer size at 16MB; avoids high memory usedjm@openbsd.org2020-09-202-2/+8
| | | | | | | | | | | when peer advertises a large window but is slow to consume the data we send (e.g. because of a slow network) reported by Pierre-Yves David fix with & ok markus@ OpenBSD-Commit-ID: 1452771f5e5e768876d3bfe2544e3866d6ade216
* libfido2 1.5.0 is recommendedDamien Miller2020-09-181-1/+2
|
* upstream: handle multiple messages in a single read()djm@openbsd.org2020-09-181-6/+13
| | | | | | PR#183 by Dennis Kaarsemaker; feedback and ok markus@ OpenBSD-Commit-ID: 8570bb4d02d00cf70b98590716ea6a7d1cce68d1
* configure.ac: add missing includespedro martelletto2020-09-181-10/+51
| | | | | | | | | | when testing, make sure to include the relevant header files that declare the types of the functions used by the test: - stdio.h for printf(); - stdlib.h for exit(); - string.h for strcmp(); - unistd.h for unlink(), _exit(), fork(), getppid(), sleep().
* upstream: tweak the client hostkey preference ordering algorithm todjm@openbsd.org2020-09-181-3/+38
| | | | | | | | | prefer the default ordering if the user has a key that matches the best-preference default algorithm. feedback and ok markus@ OpenBSD-Commit-ID: a92dd7d7520ddd95c0a16786a7519e6d0167d35f
* control over the colours in gnome-ssh-askpass[23]Damien Miller2020-09-181-0/+57
| | | | | | Optionally set the textarea colours via $GNOME_SSH_ASKPASS_FG_COLOR and $GNOME_SSH_ASKPASS_BG_COLOR. These accept the usual three or six digit hex colours.
View Lorry Controller Status