summaryrefslogtreecommitdiff
path: root/ssh.c
Commit message (Collapse)AuthorAgeFilesLines
* upstream: log some details on hostkeys that ssh loads fordjm@openbsd.org2022-01-071-1/+7
| | | | | | hostbased authn ok markus@ OpenBSD-Commit-ID: da17061fa1f0e58cb31b88478a40643e18233e38
* upstream: spellingjsg@openbsd.org2022-01-041-2/+2
| | | | OpenBSD-Commit-ID: c63e43087a64d0727af13409c708938e05147b62
* upstream: don't put the tty into raw mode when SessionType=none, avoidsdjm@openbsd.org2021-12-021-2/+3
| | | | | | ^c being unable to kill such a session. bz3360; ok dtucker@ OpenBSD-Commit-ID: 83960c433052303b643b4c380ae2f799ac896f65
* upstream: Fix "Allocated port" debug messagedtucker@openbsd.org2021-09-201-2/+3
| | | | | | | for unix domain sockets. From peder.stray at gmail.com via github PR#272, ok deraadt@ OpenBSD-Commit-ID: 8d5ef3fbdcdd29ebb0792b5022a4942db03f017e
* upstream: allow CanonicalizePermittedCNAMEs=none in ssh_config; okdjm@openbsd.org2021-09-161-3/+4
| | | | | | markus@ OpenBSD-Commit-ID: 668a82ba8e56d731b26ffc5703213bfe071df623
* upstream: Document behaviour of arguments following non-interactivedtucker@openbsd.org2021-09-101-2/+2
| | | | | | commands. Prompted by github PR#139 from EvanTheB, feedback & ok djm@ jmc@ OpenBSD-Commit-ID: fc758d1fe0471dfab4304fcad6cd4ecc3d79162a
* upstream: xstrdup environment variable used by ForwardAgent. bz#3328dtucker@openbsd.org2021-08-081-2/+2
| | | | | | from goetze at dovetail.com, ok djm@ deraadt@ OpenBSD-Commit-ID: 760320dac1c3b26904284ba417a7d63fccc5e742
* upstream: note successful authentication method in final "Authenticateddjm@openbsd.org2021-07-231-8/+1
| | | | | | | to ..." message and partial auth success messages (all at LogLevel=verbose) ok dtucker@ OpenBSD-Commit-ID: 06834b89ceb89f8f16c5321d368a66c08f441984
* upstream: Add a ForkAfterAuthentication ssh_config(5) counterpartdjm@openbsd.org2021-07-231-15/+8
| | | | | | | to the ssh(1) -f flag. Last part of GHPR231 from Volker Diels-Grabsch. ok dtucker OpenBSD-Commit-ID: b18aeda12efdebe2093d55263c90fe4ea0bce0d3
* upstream: Add a StdinNull directive to ssh_config(5) that allowsdjm@openbsd.org2021-07-231-14/+8
| | | | | | | the config file to do the same thing as -n does on the ssh(1) commandline. Patch from Volker Diels-Grabsch via GHPR231; ok dtucker OpenBSD-Commit-ID: 66ddf3f15c76796d4dcd22ff464aed1edd62468e
* upstream: wrap some long linesdjm@openbsd.org2021-07-171-4/+7
| | | | OpenBSD-Commit-ID: 4f5186b1466656762dae37d3e569438d900c350d
* upstream: fix sftp on ControlPersist connections, broken by recentdjm@openbsd.org2021-07-171-1/+2
| | | | | | SessionType change; spotted by sthen@ OpenBSD-Commit-ID: 4c5ddc5698790ae6ff50d2a4f8f832f0eeeaa234
* upstream: add a SessionType directive to ssh_config, allowing thedjm@openbsd.org2021-07-141-19/+19
| | | | | | | | | | configuration file to offer equivalent control to the -N (no session) and -s (subsystem) command-line flags. Part of GHPR#231 by Volker Diels-Grabsch with some minor tweaks; feedback and ok dtucker@ OpenBSD-Commit-ID: 726ee931dd4c5cc7f1d7a187b26f41257f9a2d12
* Move closefrom() to before first malloc.Darren Tucker2021-06-251-6/+6
| | | | | | | | When built against tcmalloc, tcmalloc allocates a descriptor for its internal use, so calling closefrom() afterward causes the descriptor number to be reused resulting in a corrupted connection. Moving the closefrom a little earlier should resolve this. From kircherlike at outlook.com via bz#3321, ok djm@
* upstream: Switch ssh_config parsing to use argv_split()djm@openbsd.org2021-06-081-2/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes a couple of problems with the previous tokeniser, strdelim() 1. strdelim() is permissive wrt accepting '=' characters. This is intended to allow it to tokenise "Option=value" but because it cannot keep state, it will incorrectly split "Opt=val=val2". 2. strdelim() has rudimentry handling of quoted strings, but it is incomplete and inconsistent. E.g. it doesn't handle escaped quotes inside a quoted string. 3. It has no support for stopping on a (unquoted) comment. Because of this readconf.c r1.343 added chopping of lines at '#', but this caused a regression because these characters may legitimately appear inside quoted strings. The new tokeniser is stricter is a number of cases, including #1 above but previously it was also possible for some directives to appear without arguments. AFAIK these were nonsensical in all cases, and the new tokeniser refuses to accept them. The new code handles quotes much better, permitting quoted space as well as escaped closing quotes. Finally, comment handling should be fixed - the tokeniser will terminate only on unquoted # characters. feedback & ok markus@ tested in snaps for the last five or so days - thanks Theo and those who caught bugs OpenBSD-Commit-ID: dc72fd12af9d5398f4d9e159d671f9269c5b14d5
* upstream: allow ssh_config SetEnv to override $TERM, which is otherwisedjm@openbsd.org2021-06-041-3/+6
| | | | | | | | handled specially by the protocol. Useful in ~/.ssh/config to set TERM to something generic (e.g. "xterm" instead of "xterm-256color") for destinations that lack terminfo entries. feedback and ok dtucker@ OpenBSD-Commit-ID: 38b1ef4d5bc159c7d9d589d05e3017433e2d5758
* upstream: restore blocking status on stdio fds before closedjm@openbsd.org2021-05-191-12/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | ssh(1) needs to set file descriptors to non-blocking mode to operate but it was not restoring the original state on exit. This could cause problems with fds shared with other programs via the shell, e.g. > $ cat > test.sh << _EOF > #!/bin/sh > { > ssh -Fnone -oLogLevel=verbose ::1 hostname > cat /usr/share/dict/words > } | sleep 10 > _EOF > $ ./test.sh > Authenticated to ::1 ([::1]:22). > Transferred: sent 2352, received 2928 bytes, in 0.1 seconds > Bytes per second: sent 44338.9, received 55197.4 > cat: stdout: Resource temporarily unavailable This restores the blocking status for fds 0,1,2 (stdio) before ssh(1) abandons/closes them. This was reported as bz3280 and GHPR246; ok dtucker@ OpenBSD-Commit-ID: 8cc67346f05aa85a598bddf2383fcfcc3aae61ce
* upstream: fix breakage of -W forwaring introduced in 1.554; reported bydjm@openbsd.org2021-05-181-2/+3
| | | | | | naddy@ and sthen@, ok sthen@ OpenBSD-Commit-ID: f72558e643a26dc4150cff6e5097b5502f6c85fd
* upstream: fix previous: test saved no_shell_flag, not the one that justdjm@openbsd.org2021-05-141-2/+2
| | | | | | got clobbered OpenBSD-Commit-ID: b8deace085d9d941b2d02f810243b9c302e5355d
* upstream: Fix ssh started with ControlPersist incorrectly executing adjm@openbsd.org2021-05-141-2/+2
| | | | | | | shell when the -N (no shell) option was specified. bz3290 reported by Richard Schwab; patch from markus@ ok me OpenBSD-Commit-ID: ea1ea4af16a95687302f7690bdbe36a6aabf87e1
* polish whitespace for portable filesDamien Miller2021-04-031-1/+1
|
* upstream: ensure that pkcs11_del_provider() is called before exit -djm@openbsd.org2021-04-031-1/+5
| | | | | | | | | some PKCS#11 providers get upset if C_Initialize is not matched with C_Finalize. From Adithya Baglody via GHPR#234; ok markus OpenBSD-Commit-ID: f8e770e03b416ee9a58f9762e162add900f832b6
* upstream: warn when the user specifies a ForwardAgent path that doesdjm@openbsd.org2021-02-231-1/+7
| | | | | | not exist and exit if ExitOnForwardFailure is set; bz3264 OpenBSD-Commit-ID: 72f7875865e723e464c71bf8692e83110699bf26
* upstream: ssh: add PermitRemoteOpen for remote dynamic forwardingmarkus@openbsd.org2021-02-171-1/+42
| | | | | | with SOCKS ok djm@, dtucker@ OpenBSD-Commit-ID: 64fe7b6360acc4ea56aa61b66498b5ecc0a96a7c
* upstream: whitespacedjm@openbsd.org2021-02-051-2/+1
| | | | OpenBSD-Commit-ID: 544bb092e03fcbecb420196cd0f70af13ea868ad
* upstream: remove global variable used to stash compat flags and use thedjm@openbsd.org2021-01-271-2/+2
| | | | | | purpose-built ssh->compat variable instead; feedback/ok markus@ OpenBSD-Commit-ID: 7c4f200e112dae6bcf99f5bae1a5629288378a06
* upstream: Rename HostbasedKeyTypes (ssh) anddtucker@openbsd.org2021-01-261-3/+4
| | | | | | | | | HostbasedAcceptedKeyTypes (sshd) to HostbasedAcceptedAlgorithms, which more accurately reflects its effect. This matches a previous change to PubkeyAcceptedAlgorithms. The previous names are retained as aliases. ok djm@ OpenBSD-Commit-ID: 49451c382adc6e69d3fa0e0663eeef2daa4b199e
* upstream: Rename PubkeyAcceptedKeyTypes keyword todtucker@openbsd.org2021-01-221-2/+3
| | | | | | | | | | PubkeyAcceptedAlgorithms. While the two were originally equivalent, this actually specifies the signature algorithms that are accepted. Some key types (eg RSA) can be used by multiple algorithms (eg ssh-rsa, rsa-sha2-512) so the old name is becoming increasingly misleading. The old name is retained as an alias. Prompted by bz#3253, help & ok djm@, man page help jmc@ OpenBSD-Commit-ID: 0346b2f73f54c43d4e001089759d149bfe402ca5
* upstream: plumb ssh_conn_info through to sshconnect.c; feedback/okdjm@openbsd.org2020-12-211-30/+5
| | | | | | markus@ OpenBSD-Commit-ID: e8d14a09cda3f1dc55df08f8a4889beff74e68b0
* upstream: allow UserKnownHostsFile=none; feedback and ok markus@djm@openbsd.org2020-12-211-12/+30
| | | | OpenBSD-Commit-ID: c46d515eac94a35a1d50d5fd71c4b1ca53334b48
* upstream: refactor client percent_expand() argument passing;djm@openbsd.org2020-12-211-65/+80
| | | | | | | consolidate the common arguments into a single struct and pass that around instead of using a bunch of globals. ok markus@ OpenBSD-Commit-ID: 035e6d7ca9145ad504f6af5a021943f1958cd19b
* upstream: prepare readconf.c for fuzzing; remove fatal calls anddjm@openbsd.org2020-12-211-2/+3
| | | | | | fix some (one-off) memory leaks; ok markus@ OpenBSD-Commit-ID: 91c6aec57b0e7aae9190de188e9fe8933aad5ec5
* upstream: Prevent integer overflow when ridiculously largedtucker@openbsd.org2020-11-131-2/+5
| | | | | | | ConnectTimeout is specified, capping the effective value (for most platforms) at 24 days. bz#3229, ok djm@ OpenBSD-Commit-ID: 62d4c4b7b87d111045f8e9f28b5b532d17ac5bc0
* upstream: Replace WITH_OPENSSL ifdefs in log calls with a macro.dtucker@openbsd.org2020-11-091-15/+3
| | | | | | | | The log calls are themselves now macros, and preprocessor directives inside macro arguments are undefined behaviour which some compilers (eg old GCCs) choke on. It also makes the code tidier. ok deraadt@ OpenBSD-Commit-ID: cc12a9029833d222043aecd252d654965c351a69
* upstream: use the new variant log macros instead of prependingdjm@openbsd.org2020-10-181-56/+50
| | | | | | __func__ and appending ssh_err(r) manually; ok markus@ OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8
* upstream: LogVerbose keyword for ssh and sshddjm@openbsd.org2020-10-171-1/+3
| | | | | | | | | Allows forcing maximum debug logging by file/function/line pattern- lists. ok markus@ OpenBSD-Commit-ID: c294c25732d1b4fe7e345cb3e044df00531a6356
* upstream: Zap unused family parameter from ssh_connect_direct()kn@openbsd.org2020-10-141-2/+2
| | | | | | | | sshconnect.c r1.241 from 2013 made it unused; found while reading code. OK djm OpenBSD-Commit-ID: 219ba6d7f9925d0b7992918612680399d86712b5
* upstream: There are lots of place where we want to redirect stdin,djm@openbsd.org2020-10-031-40/+8
| | | | | | | | stdout and/or stderr to /dev/null. Factor all these out to a single stdfd_devnull() function that allows selection of which of these to redirect. ok markus@ OpenBSD-Commit-ID: 3033ba5a4c47cacfd5def020d42cabc52fad3099
* upstream: close stdin when forking after authentication too; ok markusdjm@openbsd.org2020-09-211-2/+3
| | | | OpenBSD-Commit-ID: 43db17e4abc3e6b4a7b033aa8cdab326a7cb6c24
* upstream: close stdout/stderr after "ssh -f ..." forkingdjm@openbsd.org2020-09-211-6/+21
| | | | | | bz#3137, ok markus OpenBSD-Commit-ID: e2d83cc4dea1665651a7aa924ad1ed6bcaaab3e2
* upstream: Also compare username when checking for JumpHost loops.dtucker@openbsd.org2020-08-031-6/+9
| | | | | | bz#3057, ok djm@ OpenBSD-Commit-ID: 9bbc1d138adb34c54f3c03a15a91f75dbf418782
* upstream: Add a '%k' TOKEN that expands to the effective HostKey ofdtucker@openbsd.org2020-07-171-1/+4
| | | | | | | | the destination. This allows, eg, keeping host keys in individual files using "UserKnownHostsFile ~/.ssh/known_hosts.d/%k". bz#1654, ok djm@, jmc@ (man page bits) OpenBSD-Commit-ID: 7084d723c9cc987a5c47194219efd099af5beadc
* upstream: Add %-TOKEN, environment variable and tilde expansion todtucker@openbsd.org2020-07-171-1/+17
| | | | | | | UserKnownHostsFile, allowing the file to be automagically split up in the configuration (eg bz#1654). ok djm@, man page parts jmc@ OpenBSD-Commit-ID: 7e1b406caf147638bb51558836a72d6cc0bd1b18
* upstream: some language improvements; ok markusdjm@openbsd.org2020-07-151-6/+6
| | | | OpenBSD-Commit-ID: 939d787d571b4d5da50b3b721fd0b2ac236acaa8
* upstream: Defer creation of ~/.ssh by ssh(1) until we attempt todtucker@openbsd.org2020-06-261-18/+2
| | | | | | | | write to it so we don't leave an empty .ssh directory when it's not needed. Use the same function to replace the code in ssh-keygen that does the same thing. bz#3156, ok djm@ OpenBSD-Commit-ID: 59c073b569be1a60f4de36f491a4339bc4ae870f
* upstream: Correct historical comment: provos@ modified OpenSSH todtucker@openbsd.org2020-06-051-2/+2
| | | | | | | work with SSLeay (very quickly replaced by OpenSSL) not SSL in general. ok deraadt, historical context markus@ OpenBSD-Commit-ID: 7209e07a2984b50411ed8ca5a4932da5030d2b90
* upstream: Allow some keywords to expand shell-style ${ENV}dtucker@openbsd.org2020-05-291-7/+33
| | | | | | | | | | environment variables on the client side. The supported keywords are CertificateFile, ControlPath, IdentityAgent and IdentityFile, plus LocalForward and RemoteForward when used for Unix domain socket paths. This would for example allow forwarding of Unix domain socket paths that change at runtime. bz#3140, ok djm@ OpenBSD-Commit-ID: a4a2e801fc2d4df2fe0e58f50d9c81b03822dffa
* upstream: Add TOKEN percent expansion to LocalFoward and RemoteForwarddtucker@openbsd.org2020-04-101-50/+87
| | | | | | | | when used for Unix domain socket forwarding. Factor out the code for the config keywords that use the most common subset of TOKENS into its own function. bz#3014, ok jmc@ (man page bits) djm@ OpenBSD-Commit-ID: bffc9f7e7b5cf420309a057408bef55171fd0b97
* upstream: r1.522 deleted one too many lines; repairdjm@openbsd.org2020-04-031-1/+2
| | | | OpenBSD-Commit-ID: 1af8851fd7a99e4a887b19aa8f4c41a6b3d25477
* upstream: fix debug statementdjm@openbsd.org2020-04-031-2/+2
| | | | OpenBSD-Commit-ID: 42c6edeeda5ce88b51a20d88c93be3729ce6b916
View Lorry Controller Status