| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
OpenBSD-Commit-ID: 39c58f41e0f32d1ff31731fa6f5bbbc3ad25084a
|
|
|
|
|
|
|
|
| |
never write a name with bad characters to a known_hosts file.
reported by David Leadbeater, ok deraadt@
OpenBSD-Commit-ID: ba9b25fa8b5490b49398471e0c9657b0cbc7a5ad
|
|
|
|
| |
OpenBSD-Commit-ID: d6c882c2e8a42ff831a5b3cbc2c961ecb2dd6143
|
|
|
|
|
|
| |
default (022); based on patch from Alex Henrie, ok dtucker@ deraadt@
OpenBSD-Commit-ID: fe1b9e15fc9a4f49fc338e848ce14d8727abe82d
|
|
|
|
|
|
|
|
|
|
|
| |
ssh(1). User authentication keys that fall beneath this limit will be
ignored. If a host presents a host key beneath this limit then the connection
will be terminated (unfortunately there are no fallbacks in the protocol for
host authentication).
feedback deraadt, Dmitry Belyavskiy; ok markus@
OpenBSD-Commit-ID: 430e339b2a79fa9ecc63f2837b06fdd88a7da13a
|
|
|
|
|
|
|
| |
muxclient() which performs operations that could cause one; Reported by Noam
Lewis via bz3454, ok dtucker@
OpenBSD-Commit-ID: 63d8e13276869eebac6d7a05d5a96307f9026e47
|
|
|
|
|
|
| |
remaining remaining available ones in a comment
OpenBSD-Commit-ID: 48d38cef59d6bc8e84c6c066f6d601875d3253fd
|
|
|
|
|
|
|
|
|
|
| |
Historicallly, hpdelim accepted ":" or "/" as a port delimiter between
hosts (or addresses) and ports. These days most of the uses for "/"
are no longer accepted, so there are several places where it checks the
delimiter to disallow it. Make hpdelim accept only ":" and use hpdelim2
in the other cases. ok djm@
OpenBSD-Commit-ID: 7e6420bd1be87590b6840973f5ad5305804e3102
|
|
|
|
|
|
| |
hostbased authn ok markus@
OpenBSD-Commit-ID: da17061fa1f0e58cb31b88478a40643e18233e38
|
|
|
|
| |
OpenBSD-Commit-ID: c63e43087a64d0727af13409c708938e05147b62
|
|
|
|
|
|
| |
^c being unable to kill such a session. bz3360; ok dtucker@
OpenBSD-Commit-ID: 83960c433052303b643b4c380ae2f799ac896f65
|
|
|
|
|
|
|
| |
for unix domain sockets. From peder.stray at gmail.com via github PR#272,
ok deraadt@
OpenBSD-Commit-ID: 8d5ef3fbdcdd29ebb0792b5022a4942db03f017e
|
|
|
|
|
|
| |
markus@
OpenBSD-Commit-ID: 668a82ba8e56d731b26ffc5703213bfe071df623
|
|
|
|
|
|
| |
commands. Prompted by github PR#139 from EvanTheB, feedback & ok djm@ jmc@
OpenBSD-Commit-ID: fc758d1fe0471dfab4304fcad6cd4ecc3d79162a
|
|
|
|
|
|
| |
from goetze at dovetail.com, ok djm@ deraadt@
OpenBSD-Commit-ID: 760320dac1c3b26904284ba417a7d63fccc5e742
|
|
|
|
|
|
|
| |
to ..." message and partial auth success messages (all at LogLevel=verbose)
ok dtucker@
OpenBSD-Commit-ID: 06834b89ceb89f8f16c5321d368a66c08f441984
|
|
|
|
|
|
|
| |
to the ssh(1) -f flag. Last part of GHPR231 from Volker Diels-Grabsch. ok
dtucker
OpenBSD-Commit-ID: b18aeda12efdebe2093d55263c90fe4ea0bce0d3
|
|
|
|
|
|
|
| |
the config file to do the same thing as -n does on the ssh(1) commandline.
Patch from Volker Diels-Grabsch via GHPR231; ok dtucker
OpenBSD-Commit-ID: 66ddf3f15c76796d4dcd22ff464aed1edd62468e
|
|
|
|
| |
OpenBSD-Commit-ID: 4f5186b1466656762dae37d3e569438d900c350d
|
|
|
|
|
|
| |
SessionType change; spotted by sthen@
OpenBSD-Commit-ID: 4c5ddc5698790ae6ff50d2a4f8f832f0eeeaa234
|
|
|
|
|
|
|
|
|
|
| |
configuration file to offer equivalent control to the -N (no session) and -s
(subsystem) command-line flags.
Part of GHPR#231 by Volker Diels-Grabsch with some minor tweaks;
feedback and ok dtucker@
OpenBSD-Commit-ID: 726ee931dd4c5cc7f1d7a187b26f41257f9a2d12
|
|
|
|
|
|
|
|
| |
When built against tcmalloc, tcmalloc allocates a descriptor for its
internal use, so calling closefrom() afterward causes the descriptor
number to be reused resulting in a corrupted connection. Moving the
closefrom a little earlier should resolve this. From kircherlike at
outlook.com via bz#3321, ok djm@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes a couple of problems with the previous tokeniser,
strdelim()
1. strdelim() is permissive wrt accepting '=' characters. This is
intended to allow it to tokenise "Option=value" but because it
cannot keep state, it will incorrectly split "Opt=val=val2".
2. strdelim() has rudimentry handling of quoted strings, but it
is incomplete and inconsistent. E.g. it doesn't handle escaped
quotes inside a quoted string.
3. It has no support for stopping on a (unquoted) comment. Because
of this readconf.c r1.343 added chopping of lines at '#', but
this caused a regression because these characters may legitimately
appear inside quoted strings.
The new tokeniser is stricter is a number of cases, including #1 above
but previously it was also possible for some directives to appear
without arguments. AFAIK these were nonsensical in all cases, and the
new tokeniser refuses to accept them.
The new code handles quotes much better, permitting quoted space as
well as escaped closing quotes. Finally, comment handling should be
fixed - the tokeniser will terminate only on unquoted # characters.
feedback & ok markus@
tested in snaps for the last five or so days - thanks Theo and those who
caught bugs
OpenBSD-Commit-ID: dc72fd12af9d5398f4d9e159d671f9269c5b14d5
|
|
|
|
|
|
|
|
| |
handled specially by the protocol. Useful in ~/.ssh/config to set TERM to
something generic (e.g. "xterm" instead of "xterm-256color") for destinations
that lack terminfo entries. feedback and ok dtucker@
OpenBSD-Commit-ID: 38b1ef4d5bc159c7d9d589d05e3017433e2d5758
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ssh(1) needs to set file descriptors to non-blocking mode to operate
but it was not restoring the original state on exit. This could cause
problems with fds shared with other programs via the shell, e.g.
> $ cat > test.sh << _EOF
> #!/bin/sh
> {
> ssh -Fnone -oLogLevel=verbose ::1 hostname
> cat /usr/share/dict/words
> } | sleep 10
> _EOF
> $ ./test.sh
> Authenticated to ::1 ([::1]:22).
> Transferred: sent 2352, received 2928 bytes, in 0.1 seconds
> Bytes per second: sent 44338.9, received 55197.4
> cat: stdout: Resource temporarily unavailable
This restores the blocking status for fds 0,1,2 (stdio) before ssh(1)
abandons/closes them.
This was reported as bz3280 and GHPR246; ok dtucker@
OpenBSD-Commit-ID: 8cc67346f05aa85a598bddf2383fcfcc3aae61ce
|
|
|
|
|
|
| |
naddy@ and sthen@, ok sthen@
OpenBSD-Commit-ID: f72558e643a26dc4150cff6e5097b5502f6c85fd
|
|
|
|
|
|
| |
got clobbered
OpenBSD-Commit-ID: b8deace085d9d941b2d02f810243b9c302e5355d
|
|
|
|
|
|
|
| |
shell when the -N (no shell) option was specified. bz3290 reported by Richard
Schwab; patch from markus@ ok me
OpenBSD-Commit-ID: ea1ea4af16a95687302f7690bdbe36a6aabf87e1
|
| |
|
|
|
|
|
|
|
|
|
| |
some PKCS#11 providers get upset if C_Initialize is not matched with
C_Finalize.
From Adithya Baglody via GHPR#234; ok markus
OpenBSD-Commit-ID: f8e770e03b416ee9a58f9762e162add900f832b6
|
|
|
|
|
|
| |
not exist and exit if ExitOnForwardFailure is set; bz3264
OpenBSD-Commit-ID: 72f7875865e723e464c71bf8692e83110699bf26
|
|
|
|
|
|
| |
with SOCKS ok djm@, dtucker@
OpenBSD-Commit-ID: 64fe7b6360acc4ea56aa61b66498b5ecc0a96a7c
|
|
|
|
| |
OpenBSD-Commit-ID: 544bb092e03fcbecb420196cd0f70af13ea868ad
|
|
|
|
|
|
| |
purpose-built ssh->compat variable instead; feedback/ok markus@
OpenBSD-Commit-ID: 7c4f200e112dae6bcf99f5bae1a5629288378a06
|
|
|
|
|
|
|
|
|
| |
HostbasedAcceptedKeyTypes (sshd) to HostbasedAcceptedAlgorithms, which more
accurately reflects its effect. This matches a previous change to
PubkeyAcceptedAlgorithms. The previous names are retained as aliases. ok
djm@
OpenBSD-Commit-ID: 49451c382adc6e69d3fa0e0663eeef2daa4b199e
|
|
|
|
|
|
|
|
|
|
| |
PubkeyAcceptedAlgorithms. While the two were originally equivalent, this
actually specifies the signature algorithms that are accepted. Some key
types (eg RSA) can be used by multiple algorithms (eg ssh-rsa, rsa-sha2-512)
so the old name is becoming increasingly misleading. The old name is
retained as an alias. Prompted by bz#3253, help & ok djm@, man page help jmc@
OpenBSD-Commit-ID: 0346b2f73f54c43d4e001089759d149bfe402ca5
|
|
|
|
|
|
| |
markus@
OpenBSD-Commit-ID: e8d14a09cda3f1dc55df08f8a4889beff74e68b0
|
|
|
|
| |
OpenBSD-Commit-ID: c46d515eac94a35a1d50d5fd71c4b1ca53334b48
|
|
|
|
|
|
|
| |
consolidate the common arguments into a single struct and pass that around
instead of using a bunch of globals. ok markus@
OpenBSD-Commit-ID: 035e6d7ca9145ad504f6af5a021943f1958cd19b
|
|
|
|
|
|
| |
fix some (one-off) memory leaks; ok markus@
OpenBSD-Commit-ID: 91c6aec57b0e7aae9190de188e9fe8933aad5ec5
|
|
|
|
|
|
|
| |
ConnectTimeout is specified, capping the effective value (for most platforms)
at 24 days. bz#3229, ok djm@
OpenBSD-Commit-ID: 62d4c4b7b87d111045f8e9f28b5b532d17ac5bc0
|
|
|
|
|
|
|
|
| |
The log calls are themselves now macros, and preprocessor directives inside
macro arguments are undefined behaviour which some compilers (eg old GCCs)
choke on. It also makes the code tidier. ok deraadt@
OpenBSD-Commit-ID: cc12a9029833d222043aecd252d654965c351a69
|
|
|
|
|
|
| |
__func__ and appending ssh_err(r) manually; ok markus@
OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8
|
|
|
|
|
|
|
|
|
| |
Allows forcing maximum debug logging by file/function/line pattern-
lists.
ok markus@
OpenBSD-Commit-ID: c294c25732d1b4fe7e345cb3e044df00531a6356
|
|
|
|
|
|
|
|
| |
sshconnect.c r1.241 from 2013 made it unused; found while reading code.
OK djm
OpenBSD-Commit-ID: 219ba6d7f9925d0b7992918612680399d86712b5
|
|
|
|
|
|
|
|
| |
stdout and/or stderr to /dev/null. Factor all these out to a single
stdfd_devnull() function that allows selection of which of these to redirect.
ok markus@
OpenBSD-Commit-ID: 3033ba5a4c47cacfd5def020d42cabc52fad3099
|
|
|
|
| |
OpenBSD-Commit-ID: 43db17e4abc3e6b4a7b033aa8cdab326a7cb6c24
|
|
|
|
|
|
| |
bz#3137, ok markus
OpenBSD-Commit-ID: e2d83cc4dea1665651a7aa924ad1ed6bcaaab3e2
|
|
|
|
|
|
| |
bz#3057, ok djm@
OpenBSD-Commit-ID: 9bbc1d138adb34c54f3c03a15a91f75dbf418782
|
|
|
|
|
|
|
|
| |
the destination. This allows, eg, keeping host keys in individual files
using "UserKnownHostsFile ~/.ssh/known_hosts.d/%k". bz#1654, ok djm@, jmc@
(man page bits)
OpenBSD-Commit-ID: 7084d723c9cc987a5c47194219efd099af5beadc
|