Age | Commit message (Collapse) | Author |
|
- Introduce sandboxing of the pre-auth privsep child using an optional
sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables
mandatory restrictions on the syscalls the privsep child can perform.
- Add new SHA256-based HMAC transport integrity modes from
http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt.
- The pre-authentication sshd(8) privilege separation slave process now
logs via a socket shared with the master process, avoiding the need to
maintain /dev/log inside the chroot (closes: #75043, #429243,
#599240).
- ssh(1) now warns when a server refuses X11 forwarding (closes:
#504757).
- sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths,
separated by whitespace (closes: #76312). The authorized_keys2
fallback is deprecated but documented (closes: #560156).
- ssh(1) and sshd(8): set IPv6 traffic class from IPQoS, as well as IPv4
ToS/DSCP (closes: #498297).
- ssh-add(1) now accepts keys piped from standard input. E.g. "ssh-add
- < /path/to/key" (closes: #229124).
- Clean up lost-passphrase text in ssh-keygen(1) (closes: #444691).
- Say "required" rather than "recommended" in unprotected-private-key
warning (LP: #663455).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
[contrib/suse/openssh.spec] Update version numbers.
|
|
ofsh-pkcs11.cpkcs_init and pkcs_terminate for building without dlopen support.
|
|
regress errors for the sandbox to warnings. ok tim dtucker
|
|
to switch SELinux context away from unconfined_t, based on patch from
Jan Chadima; bz#1919 ok dtucker@
|
|
|
|
|
|
MAC tests for platforms that hack EVP_SHA2 support
|
|
[regress/cipher-speed.sh regress/try-ciphers.sh]
add SHA256/SHA512 based HMAC modes
|
|
[connect-privsep.sh]
test with sandbox enabled; ok djm@
|
|
[regress/cfgmatch.sh]
use OBJ to find test configs, patch from Tim Rice
|
|
bisson AT archlinux.org
|
|
an explicitly requested sandbox type
|
|
binary_pipe is no longer required on Cygwin; patch from Corinna Vinschen
|
|
OpenSSL 0.9.7. ok djm
|
|
identify file contained whitespace. bz#1828 patch from gwenael.lambrouin
AT gmail.com; ok dtucker@
|
|
[contrib/suse/openssh.spec contrib/suse/rc.sshd] Updated RHEL and SLES
init scrips from imorgan AT nas.nasa.gov
|
|
change error by reporting old and new context names Patch from
jchadima at redhat.
|
|
[sftp.1]
typo, fix from Laurent Gautrot
|
|
[moduli.5]
probabalistic -> probabilistic; from naddy
|
|
[moduli.5]
"Diffie-Hellman" is the usual spelling for the cryptographic protocol
first published by Whitfield Diffie and Martin Hellman in 1976.
ok jmc@
|
|
- jmc@cvs.openbsd.org 2008/06/26 06:59:39
[moduli.5]
tweak previous;
|
|
[ssh.c]
typo in comment
|
|
[version.h]
crank now, release later
|
|
[mac.c myproposal.h ssh.1 ssh_config.5 sshd.8 sshd_config.5]
Add new SHA256 and SHA512 based HMAC modes from
http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt
Patch from mdb AT juniper.net; feedback and ok markus@
|
|
[gss-serv.c]
prevent post-auth resource exhaustion (int overflow leading to 4GB malloc);
report Adam Zabrock; ok djm@, deraadt@
|
|
[sandbox-systrace.c]
fail open(2) with EPERM rather than SIGKILLing the whole process. libc
will call open() to do strerror() when NLS is enabled;
feedback and ok markus@
|
|
[authfd.c]
bzero the agent address. the kernel was for a while very cranky about
these things. evne though that's fixed, always good to initialize
memory. ok deraadt djm
|
|
[monitor.c]
ignore EINTR errors from poll()
|
|
|
|
than 'lsb_release -is' so that Ubuntu derivatives behave the same way as
Ubuntu itself.
|
|
|
|
|
|
- openssh-server Recommends: ssh-import-id (no-op in Debian since that
package doesn't exist there, but this reduces the Ubuntu delta).
|
|
authorized_keys lines for the same key; it's still not ideal, but at
least you'll only get one log entry per key (closes: #630606).
|
|
|
|
|
|
- Make hostbased auth with ECDSA keys work correctly (closes: #633368).
|
|
Darwin/OS X using sandbox_init() + setrlimit(); feedback and testing
markus@
|
|
[sshd.c ssh-sandbox.h sandbox.h sandbox-rlimit.c sandbox-systrace.c]
[sandbox-null.c]
rename sandbox.h => ssh-sandbox.h to make things easier for portable
|
|
setrlimit(2)
|
|
[channels.c channels.h clientloop.c clientloop.h mux.c ssh.c]
hook up a channel confirm callback to warn the user then requested X11
forwarding was refused by the server; ok markus@
|
|
[servconf.c servconf.h sshd.c sshd_config.5 sandbox-rlimit.c]
[sandbox-systrace.c sandbox.h configure.ac Makefile.in]
introduce sandboxing of the pre-auth privsep child using systrace(4).
This introduces a new "UsePrivilegeSeparation=sandbox" option for
sshd_config that applies mandatory restrictions on the syscalls the
privsep child can perform. This prevents a compromised privsep child
from being used to attack other hosts (by opening sockets and proxying)
or probing local kernel attack surface.
The sandbox is implemented using systrace(4) in unsupervised "fast-path"
mode, where a list of permitted syscalls is supplied. Any syscall not
on the list results in SIGKILL being sent to the privsep child. Note
that this requires a kernel with the new SYSTR_POLICY_KILL option.
UsePrivilegeSeparation=sandbox will become the default in the future
so please start testing it now.
feedback dtucker@; ok markus@
|