summaryrefslogtreecommitdiff
path: root/sshconnect2.c
Commit message (Collapse)AuthorAgeFilesLines
* upstream: Re-split the merge of the reorder-hostkeys test.dtucker@openbsd.org2023-03-091-10/+13
| | | | | | | | | In the kex_proposal_populate_entries change I merged the the check for reordering hostkeys with the actual reordering, but kex_assemble_names mutates options.hostkeyalgorithms which renders the check ineffective. Put the check back where it was. Spotted and tested by jsg@, ok djm@ OpenBSD-Commit-ID: a7469f25a738db5567395d1881e32479a7ffc9de
* upstream: Delete obsolete /* ARGSUSED */ lint comments.guenther@openbsd.org2023-03-081-13/+1
| | | | | | ok miod@ millert@ OpenBSD-Commit-ID: 7be168a570264d59e96a7d2d22e927d45fee0e4c
* upstream: Refactor creation of KEX proposal.dtucker@openbsd.org2023-03-061-41/+24
| | | | | | | | | | This adds kex_proposal_populate_entries (and corresponding free) which populates the KEX proposal array with dynamically allocated strings. This replaces the previous mix of static and dynamic that has been the source of previous leaks and bugs. Remove unused compat functions. With & ok djm@. OpenBSD-Commit-ID: f2f99da4aae2233cb18bf9c749320c5e040a9c7b
* upstream: Check return value from fctnl and warn on failure.dtucker@openbsd.org2023-03-031-2/+3
| | | | | | Spotted by Coverity, ok djm@ OpenBSD-Commit-ID: 2097c7db3cf657f1e3a6c5077041bacc63143cab
* upstream: Remove now-unused compat bit SSH_BUG_RSASIGMD5. The codedtucker@openbsd.org2023-02-171-17/+3
| | | | | | | to set this was removed in OpenSSH 7.7 when support for SSH implementations dating back to before RFC standardization were removed. "burn it all" djm@ OpenBSD-Commit-ID: 6330935fbe23dd00be79891505e06d1ffdac7cda
* upstream: add a RequiredRSASize for checking RSA key length indjm@openbsd.org2022-09-171-1/+19
| | | | | | | | | | | ssh(1). User authentication keys that fall beneath this limit will be ignored. If a host presents a host key beneath this limit then the connection will be terminated (unfortunately there are no fallbacks in the protocol for host authentication). feedback deraadt, Dmitry Belyavskiy; ok markus@ OpenBSD-Commit-ID: 430e339b2a79fa9ecc63f2837b06fdd88a7da13a
* upstream: attemp FIDO key signing without PIN and use the errordjm@openbsd.org2022-08-191-22/+20
| | | | | | | code returned to fall back only if necessary. Avoids PIN prompts for FIDO tokens that don't require them; part of GHPR#302 OpenBSD-Commit-ID: 4f752aaf9f2e7c28bcaaf3d4f8fc290131bd038e
* upstream: Don't leak the strings allocated by order_hostkeyalgs()dtucker@openbsd.org2022-07-011-6/+10
| | | | | | | | | | and list_hostkey_types() that are passed to compat_pkalg_proposal(). Part of github PR#324 from ZoltanFridrich, ok djm@ This is a roll-forward of the previous rollback now that the required changes in compat.c have been done. OpenBSD-Commit-ID: c7cd93730b3b9f53cdad3ae32462922834ef73eb
* upstream: Roll back previous KEX changes as they aren't safe untildtucker@openbsd.org2022-06-281-6/+4
| | | | | | | compat_pkalg_proposal and friends always allocate their returned strings. Reported by Qualys. OpenBSD-Commit-ID: 1c7a88a0d5033f42f88ab9bec58ef1cf72c81ad0
* upstream: Don't leak the strings allocated by order_hostkeyalgs()dtucker@openbsd.org2022-06-281-4/+6
| | | | | | | and list_hostkey_types() that are passed to compat_pkalg_proposal(). Part of github PR#324 from ZoltanFridrich, ok djm@ OpenBSD-Commit-ID: b2f6e5f60f2bba293b831654328a8a0035ef4a1b
* upstream: mark const string array contents const too, i.e. staticdjm@openbsd.org2022-02-021-2/+2
| | | | | | const char *array => static const char * const array from Mike Frysinger OpenBSD-Commit-ID: a664e31ea6a795d7c81153274a5f47b22bdc9bc1
* upstream: allow hostbased auth to select RSA keys when onlydjm@openbsd.org2022-01-071-4/+5
| | | | | | RSA/SHA2 are configured (this is the default case); ok markus@ OpenBSD-Commit-ID: 411c18c7bde40c60cc6dfb7017968577b4d4a827
* upstream: PubkeyAuthentication=yes|no|unbound|host-bounddjm@openbsd.org2021-12-201-4/+8
| | | | | | | | | | | | Allow control over which pubkey methods are used. Added out of concern that some hardware devices may have difficulty signing the longer pubkey authentication challenges. This provides a way for them to disable the extension. It's also handy for testing. feedback / ok markus@ OpenBSD-Commit-ID: ee52580db95c355cf6d563ba89974c210e603b1a
* upstream: client side of host-bound pubkey authenticationdjm@openbsd.org2021-12-201-4/+15
| | | | | | | | | | | | | | Add kex->flags member to enable the publickey-hostbound-v00@openssh.com authentication method. Use the new hostbound method in client if the kex->flags flag was set, and include the inital KEX hostkey in the userauth request. Note: nothing in kex.c actually sets the new flag yet ok markus@ OpenBSD-Commit-ID: 5a6fce8c6c8a77a80ee1526dc467d91036a5910d
* upstream: ssh client side of bindingdjm@openbsd.org2021-12-201-12/+35
| | | | | | | | | | send session ID, hostkey, signature and a flag indicating whether the agent connection is being forwarded to ssh agent each time a connection is opened via a new "session-bind@openssh.com" agent extension. ok markus@ OpenBSD-Commit-ID: 2f154844fe13167d3ab063f830d7455fcaa99135
* upstream: note successful authentication method in final "Authenticateddjm@openbsd.org2021-07-231-3/+11
| | | | | | | to ..." message and partial auth success messages (all at LogLevel=verbose) ok dtucker@ OpenBSD-Commit-ID: 06834b89ceb89f8f16c5321d368a66c08f441984
* Sync remaining ChallengeResponse removal.Darren Tucker2021-07-031-3/+1
| | | | These were omitted from commit 88868fd131.
* upstream: fix debug message when finding a private key to match adjm@openbsd.org2021-06-071-3/+3
| | | | | | | | certificate being attempted for user authentication. Previously it would print the certificate's path, whereas it was supposed to be showing the private key's path. Patch from Alex Sherwin via GHPR247 OpenBSD-Commit-ID: d5af3be66d0f22c371dc1fe6195e774a18b2327b
* upstream: Client-side workaround for a bug in OpenSSH 7.4: this releasedjm@openbsd.org2021-06-061-2/+11
| | | | | | | | | | | | allows RSA/SHA2 signatures for public key authentication but fails to advertise this correctly via SSH2_MSG_EXT_INFO. This causes clients of these server to incorrectly match PubkeyAcceptedAlgorithms and potentially refuse to offer valid keys. Reported by and based on patch from Gordon Messmer via bz3213, thanks also for additional analysis by Jakub Jelen. ok dtucker OpenBSD-Commit-ID: d6d0b7351d5d44c45f3daaa26efac65847a564f7
* upstream: highly polished whitespace, mostly fixing spaces-for-tabdjm@openbsd.org2021-04-031-3/+3
| | | | | | and bad indentation on continuation lines. Prompted by GHPR#185 OpenBSD-Commit-ID: e5c81f0cbdcc6144df1ce468ec1bac366d8ad6e9
* upstream: make ssh->kex->session_id a sshbuf instead of u_char*/size_tdjm@openbsd.org2021-01-271-15/+9
| | | | | | | and use that instead of global variables containing copies of it. feedback/ok markus@ OpenBSD-Commit-ID: a4b1b1ca4afd2e37cb9f64f737b30a6a7f96af68
* upstream: remove global variable used to stash compat flags and use thedjm@openbsd.org2021-01-271-14/+14
| | | | | | purpose-built ssh->compat variable instead; feedback/ok markus@ OpenBSD-Commit-ID: 7c4f200e112dae6bcf99f5bae1a5629288378a06
* upstream: Rename HostbasedKeyTypes (ssh) anddtucker@openbsd.org2021-01-261-3/+3
| | | | | | | | | HostbasedAcceptedKeyTypes (sshd) to HostbasedAcceptedAlgorithms, which more accurately reflects its effect. This matches a previous change to PubkeyAcceptedAlgorithms. The previous names are retained as aliases. ok djm@ OpenBSD-Commit-ID: 49451c382adc6e69d3fa0e0663eeef2daa4b199e
* upstream: make ssh hostbased authentication send the signaturedjm@openbsd.org2021-01-251-3/+3
| | | | | | | | | | algorithm in its SSH2_MSG_USERAUTH_REQUEST packets instead of the key type. This make HostbasedAcceptedAlgorithms do what it is supposed to - filter on signature algorithm and not key type. spotted with dtucker@ ok markus@ OpenBSD-Commit-ID: 25bffe19f0326972f5728170f7da81d5f45c78c6
* upstream: Rename PubkeyAcceptedKeyTypes keyword todtucker@openbsd.org2021-01-221-11/+11
| | | | | | | | | | PubkeyAcceptedAlgorithms. While the two were originally equivalent, this actually specifies the signature algorithms that are accepted. Some key types (eg RSA) can be used by multiple algorithms (eg ssh-rsa, rsa-sha2-512) so the old name is becoming increasingly misleading. The old name is retained as an alias. Prompted by bz#3253, help & ok djm@, man page help jmc@ OpenBSD-Commit-ID: 0346b2f73f54c43d4e001089759d149bfe402ca5
* upstream: If a signature operation on a FIDO key fails with adjm@openbsd.org2021-01-081-3/+12
| | | | | | | | | | | | | | | "incorrect PIN" reason and no PIN was initially requested from the user, then request a PIN and retry the operation. This smoothes over a few corner cases including FIDO devices that require PINs for all hosted credentials, biometric FIDO devices that fall back to requiring PIN when reading the biometric failed, devices that don't implement reading credProtect status for downloaded keys and probably a few more cases that I haven't though of yet. ok dtucker@ OpenBSD-Commit-ID: 176db8518933d6a5bbf81a2e3cf62447158dc878
* upstream: Update/replace the experimental post-quantim hybrid keydjm@openbsd.org2020-12-291-2/+2
| | | | | | | | | | | | | | | | | | | | exchange method based on Streamlined NTRU Prime (coupled with X25519). The previous sntrup4591761x25519-sha512@tinyssh.org method is replaced with sntrup761x25519-sha512@openssh.com. Per the authors, sntrup4591761 was replaced almost two years ago by sntrup761. The sntrup761 implementaion, like sntrup4591761 before it, is public domain code extracted from the SUPERCOP cryptography benchmark suite (https://bench.cr.yp.to/supercop.html). Thanks for Daniel J Bernstein for guidance on algorithm selection. Patch from Tobias Heider; feedback & ok markus@ and myself (note this both the updated method and the one that it replaced are disabled by default) OpenBSD-Commit-ID: 2bf582b772d81ee24e911bb6f4b2aecfd39338ae
* upstream: add a ssh_config KnownHostsCommand that allows the clientdjm@openbsd.org2020-12-221-2/+7
| | | | | | | | | | | | | to obtain known_hosts data from a command in addition to the usual files. The command accepts bunch of %-expansions, including details of the connection and the offered server host key. Note that the command may be invoked up to three times per connection (see the manpage for details). ok markus@ OpenBSD-Commit-ID: 2433cff4fb323918ae968da6ff38feb99b4d33d0
* upstream: plumb ssh_conn_info through to sshconnect.c; feedback/okdjm@openbsd.org2020-12-211-7/+12
| | | | | | markus@ OpenBSD-Commit-ID: e8d14a09cda3f1dc55df08f8a4889beff74e68b0
* upstream: load_hostkeys()/hostkeys_foreach() variants for FILE*djm@openbsd.org2020-12-211-5/+6
| | | | | | | | | | | | | | | | | Add load_hostkeys_file() and hostkeys_foreach_file() that accept a FILE* argument instead of opening the file directly. Original load_hostkeys() and hostkeys_foreach() are implemented using these new interfaces. Add a u_int note field to the hostkey_entry and hostkey_foreach_line structs that is passed directly from the load_hostkeys() and hostkeys_foreach() call. This is a lightweight way to annotate results between different invocations of load_hostkeys(). ok markus@ OpenBSD-Commit-ID: 6ff6db13ec9ee4edfa658b2c38baad0f505d8c20
* upstream: scrub keyboard-interactive authentication prompts comingdjm@openbsd.org2020-11-131-3/+5
| | | | | | | from the server through asmprintf() prior to display; suggested by and ok dtucker@ OpenBSD-Commit-ID: 31fe93367645c37fbfe4691596bf6cf1e3972a58
* upstream: prefix keyboard interactive prompts with (user@host) todjm@openbsd.org2020-11-131-7/+12
| | | | | | | make it easier to determine which connection they are associated with in cases like scp -3, ProxyJump, etc. bz#3224 ok dtucker OpenBSD-Commit-ID: 67e6189b04b46c867662f8a6759cf3ecb5f59170
* upstream: when requesting a security key touch on stderr, inform thedjm@openbsd.org2020-11-091-2/+2
| | | | | | user once the touch has been recorded; requested by claudio@ ok markus@ OpenBSD-Commit-ID: 3b76ee444490e546b9ea7f879e4092ee0d256233
* upstream: print reason in fatal error message whendjm@openbsd.org2020-11-041-4/+4
| | | | | | kex_assemble_namelist() fails OpenBSD-Commit-ID: a9975ee8db6c98d6f32233d88051b2077ca63dab
* upstream: whitespace; no code changedjm@openbsd.org2020-10-291-3/+3
| | | | OpenBSD-Commit-ID: efefc1c47e880887bdee8cd2127ca93177eaad79
* upstream: use the new variant log macros instead of prependingdjm@openbsd.org2020-10-181-117/+101
| | | | | | __func__ and appending ssh_err(r) manually; ok markus@ OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8
* upstream: use do_log2 instead of function pointers to different logdjm@openbsd.org2020-10-171-3/+4
| | | | | | functions OpenBSD-Commit-ID: 88077b826d348c58352a6b394755520f4e484480
* upstream: revert kex->flags cert hostkey downgrade back to a plaindjm@openbsd.org2020-10-071-7/+2
| | | | | | | | | key (commitid VtF8vozGOF8DMKVg). We now do this a simpler way that needs less plumbing. ok markus@ OpenBSD-Commit-ID: fb92d25b216bff8c136da818ac2221efaadf18ed
* upstream: when ordering host key algorithms in the client, considerdjm@openbsd.org2020-10-071-3/+5
| | | | | | the ECDSA key subtype; ok markus@ OpenBSD-Commit-ID: 3097686f853c61ff61772ea35f8b699931392ece
* upstream: record when the host key checking code downgrades adjm@openbsd.org2020-10-031-2/+7
| | | | | | | | certificate host key to a plain key. This occurs when the user connects to a host with a certificate host key but no corresponding CA key configured in known_hosts; feedback and ok markus@ OpenBSD-Commit-ID: 2ada81853ff9ee7824c62f440bcf4ad62030c901
* upstream: tweak the client hostkey preference ordering algorithm todjm@openbsd.org2020-09-181-3/+38
| | | | | | | | | prefer the default ordering if the user has a key that matches the best-preference default algorithm. feedback and ok markus@ OpenBSD-Commit-ID: a92dd7d7520ddd95c0a16786a7519e6d0167d35f
* upstream: support for user-verified FIDO keysdjm@openbsd.org2020-08-271-13/+24
| | | | | | | | | | | | | | | | | FIDO2 supports a notion of "user verification" where the user is required to demonstrate their identity to the token before particular operations (e.g. signing). Typically this is done by authenticating themselves using a PIN that has been set on the token. This adds support for generating and using user verified keys where the verification happens via PIN (other options might be added in the future, but none are in common use now). Practically, this adds another key generation option "verify-required" that yields a key that requires a PIN before each authentication. feedback markus@ and Pedro Martelletto; ok markus@ OpenBSD-Commit-ID: 57fd461e4366f87c47502c5614ec08573e6d6a15
* upstream: Replace TAILQ concatenation loops with TAILQ_CONCATbket@openbsd.org2020-07-031-9/+3
| | | | | | OK djm@ OpenBSD-Commit-ID: 454b40e09a117ddb833794358970a65b14c431ef
* upstream: wrap long linedjm@openbsd.org2020-06-051-2/+3
| | | | OpenBSD-Commit-ID: ed405a12bd27bdc9c52e169bc5ff3529b4ebbbb2
* upstream: when ordering the hostkey algorithms to request from adjm@openbsd.org2020-05-271-4/+16
| | | | | | | server, prefer certificate types if the known_hosts files contain a key marked as a @cert-authority; bz#3157 ok markus@ OpenBSD-Commit-ID: 8f194573e5bb7c01b69bbfaabc68f27c9fa5e0db
* upstream: fix reversed test that caused IdentitiesOnly=yes to notdjm@openbsd.org2020-04-171-2/+2
| | | | | | apply to keys loaded from a PKCS11Provider; bz3141, ok dtucker@ OpenBSD-Commit-ID: e3dd6424b94685671fe84c9b9dbe352fb659f677
* upstream: When using HostkeyAlgorithms to merely append or removedjm@openbsd.org2020-02-071-15/+26
| | | | | | | | algorithms from the default set (i.e. HostkeyAlgorithms=+/-...), retain the default behaviour of preferring those algorithms that have existing keys in known_hosts; ok markus OpenBSD-Commit-ID: 040e7fcc38ea00146b5d224ce31ce7a1795ee6ed
* upstream: Replace "security key" with "authenticator" in programnaddy@openbsd.org2020-02-071-6/+7
| | | | | | | | | | | messages. This replaces "security key" in error/usage/verbose messages and distinguishes between "authenticator" and "authenticator-hosted key". ok djm@ OpenBSD-Commit-ID: 7c63800e9c340c59440a054cde9790a78f18592e
* upstream: Make zlib optional. This adds a "ZLIB" build time optiondtucker@openbsd.org2020-01-231-3/+3
| | | | | | | that allows building without zlib compression and associated options. With feedback from markus@, ok djm@ OpenBSD-Commit-ID: 44c6e1133a90fd15a3aa865bdedc53bab28b7910
* upstream: Replace all calls to signal(2) with a wrapper arounddtucker@openbsd.org2020-01-231-4/+4
| | | | | | | | sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations. OpenBSD-Commit-ID: 5e047663fd77a40d7b07bdabe68529df51fd2519
View Lorry Controller Status