summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2018-04-03Install authorized_keys(5) as a symlink to sshd(8)Tomas Pospisek
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1720 Bug-Debian: http://bugs.debian.org/441817 Last-Update: 2013-09-14 Patch-Name: authorized-keys-man-symlink.patch
2018-04-03Add DebianBanner server configuration optionKees Cook
Setting this to "no" causes sshd to omit the Debian revision from its initial protocol handshake, for those scared by package-versioning.patch. Bug-Debian: http://bugs.debian.org/562048 Forwarded: not-needed Last-Update: 2017-10-04 Patch-Name: debian-banner.patch
2018-04-03Include the Debian version in our identificationMatthew Vernon
This makes it easier to audit networks for versions patched against security vulnerabilities. It has little detrimental effect, as attackers will generally just try attacks rather than bothering to scan for vulnerable-looking version strings. (However, see debian-banner.patch.) Forwarded: not-needed Last-Update: 2017-10-04 Patch-Name: package-versioning.patch
2018-04-03Mention ssh-keygen in ssh fingerprint changed warningScott Moser
Author: Chris Lamb <lamby@debian.org> Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1843 Bug-Ubuntu: https://bugs.launchpad.net/bugs/686607 Last-Update: 2017-08-22 Patch-Name: mention-ssh-keygen-on-keychange.patch
2018-04-03Force use of DNSSEC even if "options edns0" isn't in resolv.confColin Watson
This allows SSHFP DNS records to be verified if glibc 2.11 is installed. Origin: vendor, https://cvs.fedoraproject.org/viewvc/F-12/openssh/openssh-5.2p1-edns.patch?revision=1.1&view=markup Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572049 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572049 Last-Update: 2010-04-06 Patch-Name: dnssec-sshfp.patch
2018-04-03Look for $SHELL on the path for ProxyCommand/LocalCommandColin Watson
There's some debate on the upstream bug about whether POSIX requires this. I (Colin Watson) agree with Vincent and think it does. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1494 Bug-Debian: http://bugs.debian.org/492728 Last-Update: 2013-09-14 Patch-Name: shell-path.patch
2018-04-03Adjust scp quoting in verbose modeNicolas Valcárcel
Tweak scp's reporting of filenames in verbose mode to be a bit less confusing with spaces. This should be revised to mimic real shell quoting. Bug-Ubuntu: https://bugs.launchpad.net/bugs/89945 Last-Update: 2010-02-27 Patch-Name: scp-quoting.patch
2018-04-03Allow harmless group-writabilityColin Watson
Allow secure files (~/.ssh/config, ~/.ssh/authorized_keys, etc.) to be group-writable, provided that the group in question contains only the file's owner. Rejected upstream for IMO incorrect reasons (e.g. a misunderstanding about the contents of gr->gr_mem). Given that per-user groups and umask 002 are the default setup in Debian (for good reasons - this makes operating in setgid directories with other groups much easier), we need to permit this by default. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1060 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347 Last-Update: 2017-10-04 Patch-Name: user-group-modes.patch
2018-04-03"LogLevel SILENT" compatibilityJonathan David Amery
"LogLevel SILENT" (-qq) was introduced in Debian openssh 1:3.0.1p1-1 to match the behaviour of non-free SSH, in which -q does not suppress fatal errors. However, this was unintentionally broken in 1:4.6p1-2 and nobody complained, so we've dropped most of it. The parts that remain are basic configuration file compatibility, and an adjustment to "Pseudo-terminal will not be allocated ..." which should be split out into a separate patch. Author: Matthew Vernon <matthew@debian.org> Author: Colin Watson <cjwatson@debian.org> Last-Update: 2013-09-14 Patch-Name: syslog-level-silent.patch
2018-04-03Various keepalive extensionsRichard Kettlewell
Add compatibility aliases for ProtocolKeepAlives and SetupTimeOut, supported in previous versions of Debian's OpenSSH package but since superseded by ServerAliveInterval. (We're probably stuck with this bit for compatibility.) In batch mode, default ServerAliveInterval to five minutes. Adjust documentation to match and to give some more advice on use of keepalives. Author: Ian Jackson <ian@chiark.greenend.org.uk> Author: Matthew Vernon <matthew@debian.org> Author: Colin Watson <cjwatson@debian.org> Last-Update: 2017-10-04 Patch-Name: keepalive-extensions.patch
2018-04-03Accept obsolete ssh-vulnkey configuration optionsColin Watson
These options were used as part of Debian's response to CVE-2008-0166. Nearly six years later, we no longer need to continue carrying the bulk of that patch, but we do need to avoid failing when the associated configuration options are still present. Last-Update: 2014-02-09 Patch-Name: ssh-vulnkey-compat.patch
2018-04-03Handle SELinux authorisation rolesManoj Srivastava
Rejected upstream due to discomfort with magic usernames; a better approach will need an SSH protocol change. In the meantime, this came from Debian's SELinux maintainer, so we'll keep it until we have something better. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641 Bug-Debian: http://bugs.debian.org/394795 Last-Update: 2017-10-04 Patch-Name: selinux-role.patch
2018-04-03Restore TCP wrappers supportColin Watson
Support for TCP wrappers was dropped in OpenSSH 6.7. See this message and thread: https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-April/032497.html It is true that this reduces preauth attack surface in sshd. On the other hand, this support seems to be quite widely used, and abruptly dropping it (from the perspective of users who don't read openssh-unix-dev) could easily cause more serious problems in practice. It's not entirely clear what the right long-term answer for Debian is, but it at least probably doesn't involve dropping this feature shortly before a freeze. Forwarded: not-needed Last-Update: 2014-10-07 Patch-Name: restore-tcp-wrappers.patch
2018-04-03GSSAPI key exchange supportSimon Wilkinson
This patch has been rejected upstream: "None of the OpenSSH developers are in favour of adding this, and this situation has not changed for several years. This is not a slight on Simon's patch, which is of fine quality, but just that a) we don't trust GSSAPI implementations that much and b) we don't like adding new KEX since they are pre-auth attack surface. This one is particularly scary, since it requires hooks out to typically root-owned system resources." However, quite a lot of people rely on this in Debian, and it's better to have it merged into the main openssh package rather than having separate -krb5 packages (as we used to have). It seems to have a generally good security history. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242 Last-Updated: 2017-10-04 Patch-Name: gssapi.patch
2018-04-03Import openssh_7.7p1.orig.tar.gzColin Watson
2018-04-02update versions in .spec filesDamien Miller
2018-04-02update version numberDamien Miller
2018-03-30Disable native strndup and strnlen on AIX.Darren Tucker
On at least some revisions of AIX, strndup returns unterminated strings under some conditions, apparently because strnlen returns incorrect values in those cases. Disable both on AIX and use the replacements from openbsd-compat. Fixes problem with ECDSA keys there, ok djm.
2018-03-26Include ssh_api.h for struct ssh.Darren Tucker
struct ssh is needed by implementations of sys_auth_passwd() that were converted in commit bba02a50. Needed to fix build on AIX, I assume for the other platforms too (although it should be harmless if not needed).
2018-03-26Remove UNICOS code missed during removal.Darren Tucker
Fixes compile error on AIX.
2018-03-26upstream: openssh-7.7markus@openbsd.org
OpenBSD-Commit-ID: 274e614352460b9802c905f38fb5ea7ed5db3d41
2018-03-26Remove authinfo.sh test dependency on printenvDamien Miller
Some platforms lack printenv in the default $PATH. Reported by Tom G. Christensen
2018-03-25 Use libiaf on all sysv5 systemsTim Rice
2018-03-25 modified: auth-sia.cTim Rice
modified: openbsd-compat/port-aix.c modified: openbsd-compat/port-uw.c propogate changes to auth-passwd.c in commit 7c856857607112a3dfe6414696bf4c7ab7fb0cb3 to other providers of sys_auth_passwd()
2018-03-25upstream: openssh-7.7markus@openbsd.org
OpenBSD-Commit-ID: 274e614352460b9802c905f38fb5ea7ed5db3d41
2018-03-25upstream: fix bogus warning when signing cert keys using agent;markus@openbsd.org
from djm; ok deraadt dtucker OpenBSD-Commit-ID: 12e50836ba2040042383a8b71e12d7ea06e9633d
2018-03-25Replace /dev/stdin with "-".Darren Tucker
For some reason sftp -b doesn't work with /dev/stdin on Cygwin, as noted and suggested by vinschen at redhat.com.
2018-03-23Provide $OBJ to paths in PuTTY interop tests.Darren Tucker
2018-03-23upstream: Tell puttygen to use /dev/urandom instead of /dev/random. Ondtucker@openbsd.org
OpenBSD they are both non-blocking, but on many other -portable platforms it blocks, stalling tests. OpenBSD-Regress-ID: 397d0d4c719c353f24d79f5b14775e0cfdf0e1cc
2018-03-23upstream: ssh/xmss: fix build; ok djm@markus@openbsd.org
OpenBSD-Commit-ID: c9374ca41d4497f1c673ab681cc33f6e7c5dd186
2018-03-23upstream: ssh/xmss: fix deserialize for certs; ok djm@markus@openbsd.org
OpenBSD-Commit-ID: f44c41636c16ec83502039828beaf521c057dddc
2018-03-22Save $? before case statement.Darren Tucker
In some shells (FreeBSD 9, ash) the case statement resets $?, so save for later testing.
2018-03-14upstream: rename recently-added "valid-before" key restriction todjm@openbsd.org
"expiry-time" as the former is confusing wrt similar terminology in X.509; pointed out by jsing@ OpenBSD-Regress-ID: ac8b41dbfd90cffd525d58350c327195b0937793
2018-03-14upstream: check valid-before option in authorized_keysdjm@openbsd.org
OpenBSD-Regress-ID: 7e1e4a84f7f099a290e5a4cbf4196f90ff2d7e11
2018-03-14upstream: explicitly specify RSA/SHA-2 keytype here toodjm@openbsd.org
OpenBSD-Regress-ID: 74d7b24e8c72c27af6b481198344eb077e993a62
2018-03-14upstream: exlicitly include RSA/SHA-2 keytypes indjm@openbsd.org
PubkeyAcceptedKeyTypes here OpenBSD-Regress-ID: 954d19e0032a74e31697fb1dc7e7d3d1b2d65fe9
2018-03-14upstream: sort expiry-time;jmc@openbsd.org
OpenBSD-Commit-ID: 8c7d82ee1e63e26ceb2b3d3a16514019f984f6bf
2018-03-14upstream: rename recently-added "valid-before" key restriction todjm@openbsd.org
"expiry-time" as the former is confusing wrt similar terminology in X.509; pointed out by jsing@ OpenBSD-Commit-ID: 376939466a1f562f3950a22314bc6505733aaae6
2018-03-14upstream: add valid-before="[time]" authorized_keys option. Adjm@openbsd.org
simple way of giving a key an expiry date. ok markus@ OpenBSD-Commit-ID: 1793b4dd5184fa87f42ed33c7b0f4f02bc877947
2018-03-12Add AC_LANG_PROGRAM to AC_COMPILE_IFELSE.Darren Tucker
The recently added MIPS ABI tests need AC_LANG_PROGRAM to prevent warnings from autoconf. Pointed out by klausz at haus-gisela.de.
2018-03-12upstream: revert recent strdelim() change, it causes problems withdjm@openbsd.org
some configs. revision 1.124 date: 2018/03/02 03:02:11; author: djm; state: Exp; lines: +19 -8; commitid: nNRsCijZiGG6SUTT; Allow escaped quotes \" and \' in ssh_config and sshd_config quotes option strings. bz#1596 ok markus@ OpenBSD-Commit-ID: 59c40b1b81206d713c06b49d8477402c86babda5
2018-03-12upstream: move the input format details to -f; remove the outputjmc@openbsd.org
format details and point to sshd(8), where it is documented; ok dtucker OpenBSD-Commit-ID: 95f17e47dae02a6ac7329708c8c893d4cad0004a
2018-03-08configure.ac: properly set seccomp_audit_arch for MIPS64Vicente Olivert Riera
Currently seccomp_audit_arch is set to AUDIT_ARCH_MIPS64 or AUDIT_ARCH_MIPSEL64 (depending on the endinness) when openssh is built for MIPS64. However, that's only valid for n64 ABI. The right macros for n32 ABI defined in seccomp.h are AUDIT_ARCH_MIPS64N32 and AUDIT_ARCH_MIPSEL64N32, for big and little endian respectively. Because of that an sshd built for MIPS64 n32 rejects connection attempts and the output of strace reveals that the problem is related to seccomp audit: [pid 194] prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, {len=57, filter=0x555d5da0}) = 0 [pid 194] write(7, "\0\0\0]\0\0\0\5\0\0\0Ulist_hostkey_types: "..., 97) = ? [pid 193] <... poll resumed> ) = 2 ([{fd=5, revents=POLLIN|POLLHUP}, {fd=6, revents=POLLHUP}]) [pid 194] +++ killed by SIGSYS +++ This patch fixes that problem by setting the right value to seccomp_audit_arch taking into account the MIPS64 ABI. Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
2018-03-08configure.ac: detect MIPS ABIVicente Olivert Riera
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
2018-03-08Use https URLs for links that support it.Alan Yee
2018-03-05Disable UTMPX on SunOS4.Darren Tucker
2018-03-05Check for and work around buggy fflush(NULL).Darren Tucker
Some really old platforms (eg SunOS4) segfault on fflush(NULL) so check for and work around. With klausz at haus-gisela.de.
2018-03-05Remove extra XMSS #endifDarren Tucker
Extra #endif breaks compile with -DWITH_XMSS. Pointed out by Jack Schmidt via github.
2018-03-04upstream: Update RSA minimum modulus size to 1024. sshkey.h rev 1.18dtucker@openbsd.org
bumped the minimum from 768 to 1024, update man page accordingly. OpenBSD-Commit-ID: 27563ab4e866cd2aac40a5247876f6787c08a338
2018-03-04upstream: for the pty control tests, just check that the PTY pathdjm@openbsd.org
points to something in /dev (rather than checking the device node itself); makes life easier for portable, where systems with dynamic ptys can delete nodes before we get around to testing their existence. OpenBSD-Regress-ID: b1e455b821e62572bccd98102f8dd9d09bb94994