| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
accidents happen to the best of us; ok djm
Upstream-ID: b7a9dbd71011ffde95e06f6945fe7197dedd1604
|
| |
|
|
|
|
|
|
| |
Fix segfault when sshd attempts to load RSA1 keys (can
only happen when protocol v.1 support is enabled for the client). Reported by
Jakub Jelen in bz#2686; ok dtucker
Upstream-ID: 8fdaec2ba4b5f65db1d094f6714ce64b25d871d7
|
| |
|
|
|
|
| |
might as well set the listener socket CLOEXEC
Upstream-ID: 9c538433d6a0ca79f5f21decc5620e46fb68ab57
|
| |
|
|
|
|
|
| |
Restore \r\n newline sequence for server ident string. The CR
got lost in the flensing of SSHv1. Pointed out by Stef Bon
Upstream-ID: 5333fd43ce5396bf5999496096fac5536e678fac
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make ssh_packet_set_rekey_limits take u32 for the number of
seconds until rekeying (negative values are rejected at config parse time).
This allows the removal of some casts and a signed vs unsigned comparison
warning.
rekey_time is cast to int64 for the comparison which is a no-op
on OpenBSD, but should also do the right thing in -portable on
anything still using 32bit time_t (until the system time actually
wraps, anyway).
some early guidance deraadt@, ok djm@
Upstream-ID: c9f18613afb994a07e7622eb326f49de3d123b6c
|
| |
|
|
|
|
|
| |
log connections dropped in excess of MaxStartups at
verbose LogLevel; bz#2613 based on diff from Tomas Kuthan; ok dtucker@
Upstream-ID: 703ae690dbf9b56620a6018f8a3b2389ce76d92b
|
| |
|
|
|
|
|
|
|
| |
Unlink PidFile on SIGHUP and always recreate it when the
new sshd starts. Regression tests (and possibly other things) depend on the
pidfile being recreated after SIGHUP, and unlinking it means it won't contain
a stale pid if sshd fails to restart. ok djm@ markus@
Upstream-ID: 132dd6dda0c77dd49d2f15b2573b5794f6160870
|
| |
|
|
|
|
|
|
|
| |
On startup, check to see if sshd is already daemonized
and if so, skip the call to daemon() and do not rewrite the PidFile. This
means that when sshd re-execs itself on SIGHUP the process ID will no longer
change. Should address bz#2641. ok djm@ markus@.
Upstream-ID: 5ea0355580056fb3b25c1fd6364307d9638a37b9
|
| |
|
|
|
|
| |
Add a call to RAND_poll() to ensure than more than pid+time gets
stirred into child processes states. Prompted by analysis from Jann
Horn at Project Zero. ok dtucker@
|
| |
|
|
|
|
|
| |
Factor out code to disconnect from controlling terminal
into its own function. ok djm@
Upstream-ID: 39fd9e8ebd7222615a837312face5cc7ae962885
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove support for pre-authentication compression. Doing
compression early in the protocol probably seemed reasonable in the 1990s,
but today it's clearly a bad idea in terms of both cryptography (cf. multiple
compression oracle attacks in TLS) and attack surface.
Moreover, to support it across privilege-separation zlib needed
the assistance of a complex shared-memory manager that made the
required attack surface considerably larger.
Prompted by Guido Vranken pointing out a compiler-elided security
check in the shared memory manager found by Stack
(http://css.csail.mit.edu/stack/); ok deraadt@ markus@
NB. pre-auth authentication has been disabled by default in sshd
for >10 years.
Upstream-ID: 32af9771788d45a0779693b41d06ec199d849caf
|
| |
|
|
|
|
|
|
| |
fix uninitialised optlen in getsockopt() call; harmless
on Unix/BSD but potentially crashy on Cygwin. Reported by James Slepicka ok
deraadt@
Upstream-ID: 1987ccee508ba5b18f016c85100d7ac3f70ff965
|
| |
|
|
|
|
|
| |
remove UseLogin option and support for having /bin/login
manage login sessions; ok deraadt markus dtucker
Upstream-ID: bea7213fbf158efab7e602d9d844fba4837d2712
|
| |
|
|
|
|
|
|
|
|
| |
Remove more SSH1 server code: * Drop sshd's -k option. *
Retire configuration keywords that only apply to protocol 1, as well as the
"protocol" keyword. * Remove some related vestiges of protocol 1 support.
ok markus@
Upstream-ID: 9402f82886de917779db12f8ee3f03d4decc244d
|
| |
|
|
|
|
| |
remove ssh1 server code; ok djm@
Upstream-ID: c24c0c32c49b91740d5a94ae914fb1898ea5f534
|
| |
|
|
|
|
|
|
|
|
| |
Fix bug introduced in rev 1.467 which causes
"buffer_get_bignum_ret: incomplete message" errors when built with WITH_SSH1
and run such that no Protocol 1 ephemeral host key is generated (eg "Protocol
2", no SSH1 host key supplied). Reported by rainer.laatsch at t-online.de,
ok deraadt@
Upstream-ID: aa6b132da5c325523aed7989cc5a320497c919dc
|
| |
|
|
|
|
|
| |
KNF compression proposal and simplify the client side a
little. ok djm@
Upstream-ID: aa814b694efe9e5af8a26e4c80a05526ae6d6605
|
| |
|
|
|
|
| |
unbreak config parsing on reexec from previous commit
Upstream-ID: bc69932638a291770955bd05ca55a32660a613ab
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
add support for additional fixed DH groups from
draft-ietf-curdle-ssh-kex-sha2-03
diffie-hellman-group14-sha256 (2K group)
diffie-hellman-group16-sha512 (4K group)
diffie-hellman-group18-sha512 (8K group)
based on patch from Mark D. Baushke and Darren Tucker
ok markus@
Upstream-ID: ac00406ada4f0dfec41585ca0839f039545bc46f
|
| |
|
|
|
|
|
|
| |
fix signed/unsigned errors reported by clang-3.7; add
sshbuf_dup_string() to replace a common idiom of strdup(sshbuf_ptr()) with
better safety checking; feedback and ok markus@
Upstream-ID: 71f926d9bb3f1efed51319a6daf37e93d57c8820
|
| |
|
|
|
|
|
|
|
|
| |
refactor canohost.c: move functions that cache results closer
to the places that use them (authn and session code). After this, no state is
cached in canohost.c
feedback and ok markus@
Upstream-ID: 5f2e4df88d4803fc8ec59ec53629105e23ce625e
|
| |
|
|
|
|
|
| |
Add a function to enable security-related malloc_options.
With and ok deraadt@, something similar has been in the snaps for a while.
Upstream-ID: 43a95523b832b7f3b943d2908662191110c380ed
|
| |
|
|
|
|
|
| |
Allow RekeyLimits in excess of 4G up to 2**63 bits
(limited by the return type of scan_scaled). Part of bz#2521, ok djm.
Upstream-ID: 13bea82be566b9704821b1ea05bf7804335c7979
|
| |
|
|
|
|
| |
remove roaming support; ok djm@
Upstream-ID: 2cab8f4b197bc95776fb1c8dc2859dad0c64dc56
|
| |
|
|
|
|
|
|
| |
Remove NULL-checks before free().
ok dtucker@
Upstream-ID: e3d3cb1ce900179906af36517b5eea0fb15e6ef8
|
| |
|
|
|
|
|
|
| |
implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures
(user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and
draft-ssh-ext-info-04.txt; with & ok djm@
Upstream-ID: cf82ce532b2733e5c4b34bb7b7c94835632db309
|
| |
|
|
|
|
|
|
| |
always call privsep_preauth_child() regardless of whether
sshd was started by root; it does important priming before sandboxing and
failing to call it could result in sandbox violations later; ok markus@
Upstream-ID: c8a6d0d56c42f3faab38460dc917ca0d1705d383
|
| |
|
|
|
| |
makes certain libcrypto implementations cache a /dev/urandom fd
in preparation of sandboxing. Based on patch by Greg Hartman.
|
| |
|
|
|
|
|
| |
Plug minor memory leaks when options are used more than
once. bz#2182, patch from Tiago Cunha, ok deraadt djm
Upstream-ID: 5b84d0401e27fe1614c10997010cc55933adb48e
|
| |
|
|
|
|
|
| |
Do not cast result of malloc/calloc/realloc* if stdlib.h
is in scope ok krw millert
Upstream-ID: 5e50ded78cadf3841556649a16cc4b1cb6c58667
|
| |
|
|
|
|
|
|
|
|
| |
Allow ssh_config and sshd_config kex parameters options be
prefixed by a '+' to indicate that the specified items be appended to the
default rather than replacing it.
approach suggested by dtucker@, feedback dlg@, ok markus@
Upstream-ID: 0f901137298fc17095d5756ff1561a7028e8882a
|
| |
|
|
|
|
|
| |
fix incorrect test for SSH1 keys when compiled without SSH1
support
Upstream-ID: 6004d720345b8e481c405e8ad05ce2271726e451
|
| |
|
|
|
|
| |
fix NULL-deref when SSH1 reenabled
Upstream-ID: f22fd805288c92b3e9646782d15b48894b2d5295
|
| |
|
|
|
|
|
|
| |
Turn off DSA by default; add HostKeyAlgorithms to the
server and PubkeyAcceptedKeyTypes to the client side, so it still can be
tested or turned back on; feedback and ok djm@
Upstream-ID: 8450a9e6d83f80c9bfed864ff061dfc9323cec21
|
| |
|
|
|
|
|
| |
refuse to generate or accept RSA keys smaller than 1024
bits; feedback and ok dtucker@
Upstream-ID: 7ea3d31271366ba264f06e34a3539bf1ac30f0ba
|
| |
|
|
|
|
|
|
| |
turn off 1024 bit diffie-hellman-group1-sha1 key
exchange method (already off in server, this turns it off in the client by
default too) ok dtucker@
Upstream-ID: f59b88f449210ab7acf7d9d88f20f1daee97a4fa
|
| |
|
|
|
|
|
| |
delete support for legacy v00 certificates; "sure"
markus@ dtucker@
Upstream-ID: b5b9bb5f9202d09e88f912989d74928601b6636f
|
| |
|
|
|
|
|
| |
add missing 'c' option to getopt(), case statement was
already there; from Felix Bolte
Upstream-ID: 9b19b4e2e0b54d6fefa0dfac707c51cf4bae3081
|
| |
|
|
|
|
|
|
|
|
| |
add AuthorizedPrincipalsCommand that allows getting
authorized_principals from a subprocess rather than a file, which is quite
useful in deployments with large userbases
feedback and ok markus@
Upstream-ID: aa1bdac7b16fc6d2fa3524ef08f04c7258d247f6
|
| |
|
|
|
| |
allow "sshd -f none" to skip reading the config file,
much like "ssh -F none" does. ok dtucker
|
| |
|
|
|
| |
Plug leak of address passed to logging. bz#2373, patch
from jjelen at redhat, ok markus@
|
| |
|
|
|
|
|
| |
Don't send hostkey advertisments
(hostkeys-00@openssh.com) to current versions of Tera Term as they can't
handle them. Newer versions should be OK. Patch from Bryan Drewery and
IWAMOTO Kouichi, ok djm@
|
| |
|
|
|
| |
don't fatal when a !ssh1 sshd is reexeced from a w/ssh1
listener; reported by miod@; ok miod@ markus@
|
| |
|
|
|
| |
Ifdef out the ECC parts when building with an OpenSSL that doesn't have
it.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
UpdateHostKeys fixes:
I accidentally changed the format of the hostkeys@openssh.com messages
last week without changing the extension name, and this has been causing
connection failures for people who are running -current. First reported
by sthen@
s/hostkeys@openssh.com/hostkeys-00@openssh.com/
Change the name of the proof message too, and reorder it a little.
Also, UpdateHostKeys=ask is incompatible with ControlPersist (no TTY
available to read the response) so disable UpdateHostKeys if it is in
ask mode and ControlPersist is active (and document this)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
partial backout of:
revision 1.441
date: 2015/01/31 20:30:05; author: djm; state: Exp; lines: +17 -10; commitid
: x8klYPZMJSrVlt3O;
Let sshd load public host keys even when private keys are missing.
Allows sshd to advertise additional keys for future key rotation.
Also log fingerprint of hostkeys loaded; ok markus@
hostkey updates now require access to the private key, so we can't
load public keys only. The improved log messages (fingerprints of keys
loaded) are kept.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Revise hostkeys@openssh.com hostkey learning extension.
The client will not ask the server to prove ownership of the private
halves of any hitherto-unseen hostkeys it offers to the client.
Allow UpdateHostKeys option to take an 'ask' argument to let the
user manually review keys offered.
ok markus@
|
| |
|
|
|
|
| |
Let sshd load public host keys even when private keys are
missing. Allows sshd to advertise additional keys for future key rotation.
Also log fingerprint of hostkeys loaded; ok markus@
|
| |
|
|
|
|
|
|
|
| |
correctly match ECDSA subtype (== curve) for
offered/recevied host keys. Fixes connection-killing host key mismatches when
a server offers multiple ECDSA keys with different curve type (an extremely
unlikely configuration).
ok markus, "looks mechanical" deraadt@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Host key rotation support.
Add a hostkeys@openssh.com protocol extension (global request) for
a server to inform a client of all its available host key after
authentication has completed. The client may record the keys in
known_hosts, allowing it to upgrade to better host key algorithms
and a server to gracefully rotate its keys.
The client side of this is controlled by a UpdateHostkeys config
option (default on).
ok markus@
|
