| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
dtucker@
OpenBSD-Commit-ID: 7d0270ad3dd102412ca76add2b3760518abdef75
|
|
|
|
|
|
| |
since they can never be true. From Coverity CID 405031, ok djm@
OpenBSD-Commit-ID: 9df3783b181e056595e2bb9edf7ed41d61cf8e84
|
|
|
|
|
|
|
|
| |
being assigned and what is being checked
ok djm dtucker
OpenBSD-Commit-ID: 19c10baa46ae559474409f75a5cb3d0eade7a9b8
|
|
|
|
|
|
|
|
| |
We've previously removed a lot of the really old compatibility code,
and with it went the need to include compat.h in most of the files that
have it.
OpenBSD-Commit-ID: 5af8baa194be00a3092d17598e88a5b29f7ea2b4
|
|
|
|
|
|
|
| |
original host arg. Inspired by patch from vincent at bernat.ch via bz#3343,
ok djm@
OpenBSD-Commit-ID: 59c0f60a222113a44d0650cd394376e3beecc883
|
|
|
|
|
|
|
|
| |
first argument unless it was one of the special keywords "any" or "none".
Reported by Georges Chaudy in bz3515; ok dtucker@
OpenBSD-Commit-ID: c5678a39f1ff79993d5ae3cfac5746a4ae148ea5
|
|
|
|
|
|
|
|
|
|
| |
This option (default "no") controls whether the ~C escape is available.
Turning it off by default means we will soon be able to use a stricter
default pledge(2) in the client.
feedback deraadt@ dtucker@; tested in snaps for a while
OpenBSD-Commit-ID: 7e277595d60acb8263118dcb66554472257b387a
|
|
|
|
|
|
|
|
|
|
|
| |
ssh(1). User authentication keys that fall beneath this limit will be
ignored. If a host presents a host key beneath this limit then the connection
will be terminated (unfortunately there are no fallbacks in the protocol for
host authentication).
feedback deraadt, Dmitry Belyavskiy; ok markus@
OpenBSD-Commit-ID: 430e339b2a79fa9ecc63f2837b06fdd88a7da13a
|
|
|
|
|
|
|
|
|
|
|
| |
sshd_config and sshd_config; previously if the same name was reused then the
last would win (which is the opposite to how the config is supposed to work).
While there, make the ssh_config parsing more like sshd_config.
bz3438, ok dtucker
OpenBSD-Commit-ID: 797909c1e0262c0d00e09280459d7ab00f18273b
|
|
|
|
|
|
|
|
| |
patterns. Since match_pattern() doesn't modify its arguments (they are
const), there is no need to make an extra copy of the strings in
options->send_env. From Martin Vahlensieck
OpenBSD-Commit-ID: 2c9db31e3f4d3403b49642c64ee048b2a0a39351
|
|
|
|
|
| |
In commit ad16a84e syncing from OpenBSD, RSA was accidentally moved to
the end of the list instead of DSA. Spotted by andrew at fyfe.gb.net.
|
|
|
|
|
|
|
|
|
|
| |
Historicallly, hpdelim accepted ":" or "/" as a port delimiter between
hosts (or addresses) and ports. These days most of the uses for "/"
are no longer accepted, so there are several places where it checks the
delimiter to disallow it. Make hpdelim accept only ":" and use hpdelim2
in the other cases. ok djm@
OpenBSD-Commit-ID: 7e6420bd1be87590b6840973f5ad5305804e3102
|
|
|
|
|
|
|
| |
default list of public keys so that they will be tried last. From github
PR#295 from "ProBackup-nl", ok djm@
OpenBSD-Commit-ID: 7e5d575cf4971d4e2de92e0b6d6efaba53598bf0
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow control over which pubkey methods are used. Added out of
concern that some hardware devices may have difficulty signing
the longer pubkey authentication challenges. This provides a
way for them to disable the extension. It's also handy for
testing.
feedback / ok markus@
OpenBSD-Commit-ID: ee52580db95c355cf6d563ba89974c210e603b1a
|
|
|
|
|
|
| |
t-sshcfgparse regression test; spotted by anton@
OpenBSD-Commit-ID: bcc36fae2f233caac4baa8e58482da4aa350eed0
|
|
|
|
|
|
| |
markus@
OpenBSD-Commit-ID: 668a82ba8e56d731b26ffc5703213bfe071df623
|
|
|
|
|
|
|
| |
to the ssh(1) -f flag. Last part of GHPR231 from Volker Diels-Grabsch. ok
dtucker
OpenBSD-Commit-ID: b18aeda12efdebe2093d55263c90fe4ea0bce0d3
|
|
|
|
|
|
|
| |
the config file to do the same thing as -n does on the ssh(1) commandline.
Patch from Volker Diels-Grabsch via GHPR231; ok dtucker
OpenBSD-Commit-ID: 66ddf3f15c76796d4dcd22ff464aed1edd62468e
|
|
|
|
|
|
|
|
|
|
| |
configuration file to offer equivalent control to the -N (no session) and -s
(subsystem) command-line flags.
Part of GHPR#231 by Volker Diels-Grabsch with some minor tweaks;
feedback and ok dtucker@
OpenBSD-Commit-ID: 726ee931dd4c5cc7f1d7a187b26f41257f9a2d12
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
favour of KbdInteractiveAuthentication. The former is what was in SSHv1, the
latter is what is in SSHv2 (RFC4256) and they were treated as somewhat but
not entirely equivalent. We retain the old name as deprecated alias so
config files continue to work and a reference in the man page for people
looking for it.
Prompted by bz#3303 which pointed out the discrepancy between the two
when used with Match. Man page help & ok jmc@, with & ok djm@
OpenBSD-Commit-ID: 2c1bff8e5c9852cfcdab1f3ea94dfef5a22f3b7e
|
|
|
|
|
|
|
| |
accepted multiple string arguments, ssh was only recording the first.
Reported by Lucas via bugs@
OpenBSD-Commit-ID: 7cbf182f7449bf1cb7c5b4452667dc2b41170d6d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes a couple of problems with the previous tokeniser,
strdelim()
1. strdelim() is permissive wrt accepting '=' characters. This is
intended to allow it to tokenise "Option=value" but because it
cannot keep state, it will incorrectly split "Opt=val=val2".
2. strdelim() has rudimentry handling of quoted strings, but it
is incomplete and inconsistent. E.g. it doesn't handle escaped
quotes inside a quoted string.
3. It has no support for stopping on a (unquoted) comment. Because
of this readconf.c r1.343 added chopping of lines at '#', but
this caused a regression because these characters may legitimately
appear inside quoted strings.
The new tokeniser is stricter is a number of cases, including #1 above
but previously it was also possible for some directives to appear
without arguments. AFAIK these were nonsensical in all cases, and the
new tokeniser refuses to accept them.
The new code handles quotes much better, permitting quoted space as
well as escaped closing quotes. Finally, comment handling should be
fixed - the tokeniser will terminate only on unquoted # characters.
feedback & ok markus@
tested in snaps for the last five or so days - thanks Theo and those who
caught bugs
OpenBSD-Commit-ID: dc72fd12af9d5398f4d9e159d671f9269c5b14d5
|
|
|
|
|
|
|
| |
overriding. Prevents values in config files from overriding values supplied
on the command line. bz#3319, ok markus.
OpenBSD-Commit-ID: f3b08b898c324debb9195e6865d8999406938f74
|
|
|
|
|
|
|
|
|
|
|
| |
"hostbasedacceptedalgorithms"
This fixes a mistake that slipped in when "HostbasedKeyTypes" was
renamed to "HostbasedAcceptedAlgorithms".
Bug report by zack@philomathiclife.com
OpenBSD-Commit-ID: d745a7e8e50b2589fc56877f322ea204bc784f38
|
|
|
|
|
|
| |
and bad indentation on continuation lines. Prompted by GHPR#185
OpenBSD-Commit-ID: e5c81f0cbdcc6144df1ce468ec1bac366d8ad6e9
|
|
|
|
|
|
|
| |
pubkeyacceptedalgorithms after their current names so that the config-dump
mode finds and uses the current names. Spotted by Phil Pennock.
OpenBSD-Commit-ID: 5dd10e93cccfaff3aaaa09060c917adff04a9b15
|
|
|
|
|
|
| |
with SOCKS ok djm@, dtucker@
OpenBSD-Commit-ID: 64fe7b6360acc4ea56aa61b66498b5ecc0a96a7c
|
|
|
|
|
|
|
|
|
| |
HostbasedAcceptedKeyTypes (sshd) to HostbasedAcceptedAlgorithms, which more
accurately reflects its effect. This matches a previous change to
PubkeyAcceptedAlgorithms. The previous names are retained as aliases. ok
djm@
OpenBSD-Commit-ID: 49451c382adc6e69d3fa0e0663eeef2daa4b199e
|
|
|
|
|
|
|
|
|
|
| |
PubkeyAcceptedAlgorithms. While the two were originally equivalent, this
actually specifies the signature algorithms that are accepted. Some key
types (eg RSA) can be used by multiple algorithms (eg ssh-rsa, rsa-sha2-512)
so the old name is becoming increasingly misleading. The old name is
retained as an alias. Prompted by bz#3253, help & ok djm@, man page help jmc@
OpenBSD-Commit-ID: 0346b2f73f54c43d4e001089759d149bfe402ca5
|
|
|
|
|
|
|
|
|
| |
perceptible value and makes it much harder for hosts to change host keys,
particularly ones that use IP-based load-balancing.
ok dtucker@
OpenBSD-Commit-ID: 0db98413e82074f78c7d46784b1286d08aee78f0
|
|
|
|
|
|
|
|
| |
parsing fix r1.345.
ok djm
OpenBSD-Commit-ID: fe767c108c8117bea33767b080ff62eef2c55f5c
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
to obtain known_hosts data from a command in addition to the usual files.
The command accepts bunch of %-expansions, including details of the
connection and the offered server host key. Note that the command may
be invoked up to three times per connection (see the manpage for
details).
ok markus@
OpenBSD-Commit-ID: 2433cff4fb323918ae968da6ff38feb99b4d33d0
|
|
|
|
|
|
|
|
|
| |
pointing out my error (parse_ssh_uri() can return -1/0/1, that I missed).
Reported by Raf Czlonka via bugs@
ok tb@
OpenBSD-Commit-ID: a2991a3794bcaf1ca2b025212cce11cdb5f6b7d6
|
|
|
|
|
|
| |
fix some (one-off) memory leaks; ok markus@
OpenBSD-Commit-ID: 91c6aec57b0e7aae9190de188e9fe8933aad5ec5
|
|
|
|
|
|
| |
similar to what we already do for sshd_config. bz#2320, with & ok djm@
OpenBSD-Commit-ID: bdbf9fc5bc72b1a14266f5f61723ed57307a6db4
|
|
|
|
| |
OpenBSD-Commit-ID: 6ac2f945b26cb86d936eed338f77861d6da8356a
|
|
|
|
|
|
| |
directives; ok dtucker@
OpenBSD-Commit-ID: 96d48839b1704882a0e9a77898f5e14b2d222705
|
|
|
|
|
|
| |
__func__ and appending ssh_err(r) manually; ok markus@
OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8
|
|
|
|
|
|
|
|
|
| |
Allows forcing maximum debug logging by file/function/line pattern-
lists.
ok markus@
OpenBSD-Commit-ID: c294c25732d1b4fe7e345cb3e044df00531a6356
|
|
|
|
|
|
| |
enabled; suggested by Mark D. Baushke
OpenBSD-Commit-ID: 85a1b88592c81bc85df7ee7787dbbe721a0542bf
|
|
|
|
|
|
|
|
| |
stdout and/or stderr to /dev/null. Factor all these out to a single
stdfd_devnull() function that allows selection of which of these to redirect.
ok markus@
OpenBSD-Commit-ID: 3033ba5a4c47cacfd5def020d42cabc52fad3099
|
|
|
|
|
|
|
| |
has not overridden UserKnownHostsFile; ok markus@ "The timing is perfect"
deraadt@
OpenBSD-Commit-ID: 62df71c9c5242da5763cb473c2a2deefbd0cef60
|
|
|
|
| |
OpenBSD-Commit-ID: 9ed6078251a0959ee8deda443b9ae42484fd8b18
|
|
|
|
|
|
|
|
| |
limit for keys in addition to its current flag options. Time-limited keys
will automatically be removed from ssh-agent after their expiry time has
passed; ok markus@
OpenBSD-Commit-ID: 792e71cacbbc25faab5424cf80bee4a006119f94
|
|
|
|
|
|
| |
the other keywords that recently got %k.
OpenBSD-Commit-ID: 1857d1c40f270cbc254fca91e66110641dddcfdb
|
|
|
|
| |
OpenBSD-Commit-ID: 939d787d571b4d5da50b3b721fd0b2ac236acaa8
|
|
|
|
|
|
|
|
|
|
| |
environment variables on the client side. The supported keywords are
CertificateFile, ControlPath, IdentityAgent and IdentityFile, plus
LocalForward and RemoteForward when used for Unix domain socket paths. This
would for example allow forwarding of Unix domain socket paths that change at
runtime. bz#3140, ok djm@
OpenBSD-Commit-ID: a4a2e801fc2d4df2fe0e58f50d9c81b03822dffa
|
|
|
|
|
|
| |
variables; spotted by & ok sthen@
OpenBSD-Commit-ID: b881e8e849edeec5082b5c0a87d8d7cff091a8fd
|
|
|
|
|
|
| |
bz#3149, patch from jjelen at redhat.com.
OpenBSD-Commit-ID: e0fcb07ed5cf7fd54ce340471a747c24454235e5
|
|
|
|
|
|
| |
remote user not local user.
OpenBSD-Commit-ID: 80f1d976938f2a55ee350c11d8b796836c8397e2
|